2 # vim:expandtab:shiftwidth=4:softtabstop=4:tabstop=4:
4 # Run select tests by setting ONLY, or as arguments to the script.
5 # Skip specific tests by setting EXCEPT.
7 # e.g. ONLY="22 23" or ONLY="`seq 32 39`" or EXCEPT="31"
11 # bug number for skipped test:
12 ALWAYS_EXCEPT=${ALWAYS_EXCEPT:-"$SANITY_GSS_EXCEPT"}
13 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
15 # Tests that fail on uml
16 CPU=`awk '/model/ {print $4}' /proc/cpuinfo`
17 [ "$CPU" = "UML" ] && EXCEPT="$EXCEPT"
20 2.6*) FSTYPE=${FSTYPE:-ldiskfs}; ALWAYS_EXCEPT="$ALWAYS_EXCEPT " ;;
21 *) error "unsupported kernel (gss only works with 2.6.x)" ;;
25 export PATH=$PWD/$SRCDIR:$SRCDIR:$SRCDIR/../utils:$SRCDIR/../utils/gss:$PATH:/sbin
26 export NAME=${NAME:-local}
29 CLEANUP=${CLEANUP:-""}
32 LUSTRE=${LUSTRE:-`dirname $0`/..}
33 . $LUSTRE/tests/test-framework.sh
35 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
38 require_dsh_mds || exit 0
40 [ "$SLOW" = "no" ] && EXCEPT_SLOW="100 101"
42 # $RUNAS_ID may get set incorrectly somewhere else
43 [ $UID -eq 0 -a $RUNAS_ID -eq 0 ] && error "\$RUNAS_ID set to 0, but \$UID is also 0!"
45 # remove $SEC, we'd like to control everything by ourselves
49 # global variables of this sanity
52 KRB5_CRED=$KRB5_CCACHE_DIR/krb5cc_$RUNAS_ID
53 KRB5_CRED_SAVE=$KRB5_CCACHE_DIR/krb5cc.sanity.save
60 prepare_krb5_creds() {
61 echo prepare krb5 cred
64 $RUNAS krb5_login.sh || exit 1
65 [ -f $KRB5_CRED ] || exit 2
67 cp $KRB5_CRED $KRB5_CRED_SAVE
72 # we want double mount
73 MOUNT_2=${MOUNT_2:-"yes"}
74 check_and_setup_lustre
76 rm -rf $DIR/[df][0-9]*
78 check_runas_id $RUNAS_ID $RUNAS_ID $RUNAS
84 NPROC=`cat /proc/cpuinfo 2>/dev/null | grep ^processor | wc -l`
85 [ $NPROC -gt 2 ] && NPROC=2
86 sh rundbench $NPROC 1>/dev/null &
90 num=`ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l`
91 if [ $num -ne 1 ]; then
92 error "failed to start dbench $NPROC"
94 echo "started dbench with $NPROC processes at background"
102 num=`ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l`
103 if [ $num -eq 0 ]; then
104 echo "dbench $DBENCH_PID already finished"
105 wait $DBENCH_PID || error "dbench $PID exit with error"
107 elif [ $num -ne 1 ]; then
109 error "found $num instance of pid $DBENCH_PID ???"
118 killall dbench 2>/dev/null
119 num=`ps --no-headers -p $DBENCH_PID | wc -l`
120 if [ $num -eq 0 ]; then
121 echo "dbench finished"
124 echo "dbench $DBENCH_PID is still running, waiting 2s..."
128 wait $DBENCH_PID || true
132 restore_krb5_cred() {
133 cp $KRB5_CRED_SAVE $KRB5_CRED
134 chown $RUNAS_ID:$RUNAS_ID $KRB5_CRED
135 chmod 0600 $KRB5_CRED
138 check_multiple_gss_daemons() {
141 local gssd_name=`basename $gssd`
143 for ((i=0;i<10;i++)); do
144 do_facet $facet "$gssd -v &"
147 # wait daemons entering "stable" status
150 num=`do_facet $facet ps -o cmd -C $gssd_name | grep $gssd_name | wc -l`
151 echo "$num instance(s) of $gssd_name are running"
153 if [ $num -ne 1 ]; then
154 error "$gssd_name not unique"
164 echo "bring up gss daemons..."
167 echo "check with someone already running..."
168 check_multiple_gss_daemons $my_facet $LSVCGSSD
170 check_multiple_gss_daemons $my_facet $LGSSD
173 echo "check with someone run & finished..."
174 do_facet $my_facet killall -q -2 lgssd lsvcgssd || true
175 sleep 5 # wait fully exit
176 check_multiple_gss_daemons $my_facet $LSVCGSSD
178 check_multiple_gss_daemons $my_facet $LGSSD
181 echo "check refresh..."
182 do_facet $my_facet killall -q -2 lgssd lsvcgssd || true
183 sleep 5 # wait fully exit
184 do_facet $my_facet ipcrm -S 0x3b92d473
185 check_multiple_gss_daemons $my_facet $LSVCGSSD
187 do_facet $my_facet ipcrm -S 0x3a92d473
188 check_multiple_gss_daemons $my_facet $LGSSD
191 run_test 0 "start multiple gss daemons"
196 local file=$DIR/$tfile
198 chmod 0777 $DIR || error "chmod $DIR failed"
202 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
203 $RUNAS touch $file && error "unexpected success"
207 $RUNAS touch $file || error "should not fail"
208 [ -f $file ] || error "$file not found"
210 run_test 1 "access with or without krb5 credential"
213 local file1=$DIR/$tfile-1
214 local file2=$DIR/$tfile-2
216 chmod 0777 $DIR || error "chmod $DIR failed"
217 # current access should be ok
218 $RUNAS touch $file1 || error "can't touch $file1"
219 [ -f $file1 ] || error "$file1 not found"
221 # cleanup all cred/ctx and touch
223 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
224 $RUNAS touch $file2 && error "unexpected success"
228 $RUNAS touch $file2 || error "should not fail"
229 [ -f $file2 ] || error "$file2 not found"
231 run_test 2 "lfs flushctx"
234 local file=$DIR/$tfile
237 echo "aaaaaaaaaaaaaaaaa" > $file
239 $CHECKSTAT -p 0666 $file || error "$UID checkstat error"
240 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat error"
241 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat error"
244 $RUNAS multiop $file o_r &
246 # wait multiop finish its open()
249 # cleanup all cred/ctx and check
250 # metadata check should fail, but file data check should success
251 # because we always use root credential to OSTs
253 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
254 echo "destroied credentials/contexs for $RUNAS_ID"
255 $RUNAS $CHECKSTAT -p 0666 $file && error "checkstat succeed"
257 wait $OPPID || error "read file data failed"
258 echo "read file data OK"
260 # restore and check again
262 echo "restored credentials for $RUNAS_ID"
263 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat (2) error"
264 echo "$RUNAS_ID checkstat OK"
265 $CHECKSTAT -p 0666 $file || error "$UID checkstat (2) error"
266 echo "$UID checkstat OK"
267 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat (2) error"
268 echo "$RUNAS_ID read file data OK"
270 run_test 3 "local cache under DLM lock"
273 local file1=$DIR/$tfile-1
274 local file2=$DIR/$tfile-2
276 ! $GSS_PIPEFS && skip "pipefs not used" && return
278 chmod 0777 $DIR || error "chmod $DIR failed"
279 # current access should be ok
280 $RUNAS touch $file1 || error "can't touch $file1"
281 [ -f $file1 ] || error "$file1 not found"
284 send_sigint client lgssd
286 check_gss_daemon_facet client lgssd && error "lgssd still running"
288 # flush context, and touch
289 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
290 $RUNAS touch $file2 &
292 echo "waiting touch pid $TOUCHPID"
293 wait $TOUCHPID && error "touch should fail"
296 do_facet client "$LGSSD -v"
298 check_gss_daemon_facet client lgssd
300 # touch new should succeed
301 $RUNAS touch $file2 || error "can't touch $file2"
302 [ -f $file2 ] || error "$file2 not found"
304 run_test 4 "lgssd dead, operations should wait timeout and fail"
307 local file1=$DIR/$tfile-1
308 local file2=$DIR/$tfile-2
309 local wait_time=$((TIMEOUT + TIMEOUT / 2))
311 chmod 0777 $DIR || error "chmod $DIR failed"
312 # current access should be ok
313 $RUNAS touch $file1 || error "can't touch $file1"
314 [ -f $file1 ] || error "$file1 not found"
317 send_sigint $(comma_list $(mdts_nodes)) lsvcgssd
319 check_gss_daemon_nodes $(comma_list $(mdts_nodes)) lsvcgssd && error "lsvcgssd still running"
321 # flush context, and touch
322 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
323 $RUNAS touch $file2 &
327 echo "waiting $wait_time seconds for touch pid $TOUCHPID"
329 num=`ps --no-headers -p $TOUCHPID | wc -l`
330 [ $num -eq 1 ] || error "touch already ended ($num)"
331 echo "process $TOUCHPID still hanging there... OK"
333 # restart lsvcgssd, expect touch suceed
334 echo "restart lsvcgssd and recovering"
335 start_gss_daemons $(comma_list $(mdts_nodes)) "$LSVCGSSD -v"
337 check_gss_daemon_nodes $(comma_list $(mdts_nodes)) lsvcgssd
338 wait $TOUCHPID || error "touch fail"
339 [ -f $file2 ] || error "$file2 not found"
341 run_test 5 "lsvcgssd dead, operations lead to recovery"
346 mkdir $DIR/d6 || error "mkdir $DIR/d6 failed"
347 for ((i=0; i<$nfile; i++)); do
348 dd if=/dev/zero of=$DIR/d6/file$i bs=8k count=1 || error "dd file$i failed"
350 ls -l $DIR/d6/* > /dev/null || error "ls failed"
351 rm -rf $DIR2/d6/* || error "rm failed"
352 rmdir $DIR2/d6/ || error "rmdir failed"
354 run_test 6 "test basic DLM callback works"
361 # for open(), client only reserve space for default stripe count lovea,
362 # and server may return larger lovea in reply (because of larger stripe
363 # count), client need call enlarge_reqbuf() and save the replied lovea
364 # in request for future possible replay.
366 # Note: current script does NOT guarantee enlarge_reqbuf() will be in
367 # the path, however it does work in local test which has 2 OSTs and
368 # default stripe count is 1.
370 num_osts=`$LFS getstripe $MOUNT | egrep "^[0-9]*:.*ACTIVE" | wc -l`
371 echo "found $num_osts active OSTs"
372 [ $num_osts -lt 2 ] && echo "skipping $TESTNAME (must have >= 2 OSTs)" && return
375 $LFS setstripe -c $num_osts $tdir || error
378 for ((i=0;i<20;i++)); do
379 dd if=/dev/zero of=$tdir/f$i bs=4k count=16 2>/dev/null
382 for ((i=0;i<20;i++)); do
383 dd if=$tdir/f$i of=/dev/null bs=4k count=16 2>/dev/null
387 run_test 7 "exercise enlarge_reqbuf()"
391 local ATHISTORY=$(do_facet mds "find /sys/ -name at_history")
392 local ATOLDBASE=$(do_facet mds "cat $ATHISTORY")
393 do_facet mds "echo 8 >> $ATHISTORY"
397 sysctl -w lnet.debug="+other"
402 REQ_DELAY=`lctl get_param -n mdc.${FSNAME}-MDT0000-mdc-*.timeouts |
403 awk '/portal 12/ {print $5}' | tail -1`
404 REQ_DELAY=$((${REQ_DELAY} + ${REQ_DELAY} / 4 + 5))
406 # sleep sometime in ctx handle
407 do_facet mds lctl set_param fail_val=$REQ_DELAY
408 #define OBD_FAIL_SEC_CTX_HDL_PAUSE 0x1204
409 do_facet mds lctl set_param fail_loc=0x1204
411 $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
413 $RUNAS touch $DIR/d8/f &
415 echo "waiting for touch (pid $TOUCHPID) to finish..."
416 sleep 2 # give it a chance to really trigger context init rpc
417 do_facet mds sysctl -w lustre.fail_loc=0
418 wait $TOUCHPID || error "touch should have succeeded"
420 $LCTL dk | grep "Early reply #" || error "No early reply"
423 do_facet mds "echo $ATOLDBASE >> $ATHISTORY" || true
425 run_test 8 "Early reply sent for slow gss context negotiation"
428 # following tests will manipulate flavors and may end with any flavor set,
429 # so each test should not assume any start flavor.
433 if [ "$SLOW" = "no" ]; then
439 restore_to_default_flavor
440 set_rule $FSNAME any any krb5p
441 wait_flavor all2all krb5p
445 for ((n=0;n<$total;n++)); do
448 echo "flush ctx ($n/$total) ..."
449 $LFS flushctx $MOUNT || error "can't flush context on $MOUNT"
452 #sleep to let ctxs be re-established
456 run_test 90 "recoverable from losing contexts under load"
466 nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
467 | grep "$FSNAME.srpc.flavor." | wc -l`
468 echo "original general rules: $nrule_old"
470 for ((i = $nrule_old; i < $max; i++)); do
471 set_rule $FSNAME elan$i any krb5n || error "set rule $i"
473 for ((i = $nrule_old; i < $max; i++)); do
474 set_rule $FSNAME elan$i any || error "remove rule $i"
477 nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
478 | grep "$FSNAME.srpc.flavor." | wc -l`
479 if [ $nrule_new != $nrule_old ]; then
480 error "general rule: $nrule_new != $nrule_old"
484 # target-specific rules
486 nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
487 | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l`
488 echo "original target rules: $nrule_old"
490 for ((i = $nrule_old; i < $max; i++)); do
491 set_rule $FSNAME-MDT0000 elan$i any krb5i || error "set rule $i"
493 for ((i = $nrule_old; i < $max; i++)); do
494 set_rule $FSNAME-MDT0000 elan$i any || error "remove rule $i"
497 nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
498 | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l`
499 if [ $nrule_new != $nrule_old ]; then
500 error "general rule: $nrule_new != $nrule_old"
503 run_test 99 "set large number of sptlrpc rules"
516 # started from default flavors
517 restore_to_default_flavor
519 # running dbench background
523 # all: null -> krb5n -> krb5a -> krb5i -> krb5p -> plain
525 set_rule $FSNAME any any krb5n
526 wait_flavor all2all krb5n || error_dbench "1"
529 set_rule $FSNAME any any krb5a
530 wait_flavor all2all krb5a || error_dbench "2"
533 set_rule $FSNAME any any krb5i
534 wait_flavor all2all krb5i || error_dbench "3"
537 set_rule $FSNAME any any krb5p
538 wait_flavor all2all krb5p || error_dbench "4"
541 set_rule $FSNAME any any plain
542 wait_flavor all2all plain || error_dbench "5"
551 set_rule $FSNAME any mdt2mdt krb5a
552 wait_flavor mdt2mdt krb5a || error_dbench "6"
555 set_rule $FSNAME any cli2mdt krb5i
556 wait_flavor cli2mdt krb5i || error_dbench "7"
559 set_rule $FSNAME any mdt2ost krb5p
560 wait_flavor mdt2ost krb5p || error_dbench "8"
563 set_rule $FSNAME any cli2ost krb5n
564 wait_flavor cli2ost krb5n || error_dbench "9"
571 # nothing should be changed because they are override by above dir rules
573 set_rule $FSNAME-MDT0000 any any krb5p
574 set_rule $FSNAME-OST0000 any any krb5i
575 wait_flavor mdt2mdt krb5a || error_dbench "10"
576 wait_flavor cli2mdt krb5i || error_dbench "11"
578 wait_flavor mdt2ost krb5p || error_dbench "12"
579 wait_flavor cli2ost krb5n || error_dbench "13"
582 # delete all dir-specific rules
584 set_rule $FSNAME any mdt2mdt
585 set_rule $FSNAME any cli2mdt
586 set_rule $FSNAME any mdt2ost
587 set_rule $FSNAME any cli2ost
588 wait_flavor mdt2mdt krb5p $((MDSCOUNT - 1)) || error_dbench "14"
589 wait_flavor cli2mdt krb5p $(get_clients_mount_count) || error_dbench "15"
591 wait_flavor mdt2ost krb5i $MDSCOUNT || error_dbench "16"
592 wait_flavor cli2ost krb5i $(get_clients_mount_count) || error_dbench "17"
600 set_rule $FSNAME-MDT0000 any any
601 set_rule $FSNAME-OST0000 any any || error_dbench "18"
602 wait_flavor all2all plain || error_dbench "19"
607 run_test 100 "change security flavor on the fly under load"
613 local filename=$DIR/$tfile
618 # after set to flavor0, start multop which use flavor0 rpc, and let
619 # server drop the reply; then switch to flavor1, the resend should be
620 # completed using flavor1. To exercise the code of switching ctx/sec
621 # for a resend request.
623 log ">>>>>>>>>>>>>>> Testing $flavor0 -> $flavor1 <<<<<<<<<<<<<<<<<<<"
625 set_rule $FSNAME any cli2mdt $flavor0
626 wait_flavor cli2mdt $flavor0
627 rm -f $filename || error "remove old $filename failed"
630 #define OBD_FAIL_PTLRPC_DROP_REQ_OPC 0x513
631 do_facet $SINGLEMDS lctl set_param fail_val=36
632 do_facet $SINGLEMDS lctl set_param fail_loc=0x513
633 log "starting multiop"
634 multiop $filename m &
636 echo "multiop pid=$multiop_pid"
639 set_rule $FSNAME any cli2mdt $flavor1
640 wait_flavor cli2mdt $flavor1
642 num=`ps --no-headers -p $multiop_pid 2>/dev/null | wc -l`
643 [ $num -eq 1 ] || error "multiop($multiop_pid) already ended ($num)"
644 echo "process $multiop_pid is still hanging there... OK"
646 do_facet $SINGLEMDS lctl set_param fail_loc=0
647 log "waiting for multiop ($multiop_pid) to finish"
648 wait $multiop_pid || error "multiop returned error"
653 # started from default flavors
654 restore_to_default_flavor
656 switch_sec_test null plain
657 switch_sec_test plain krb5n
658 switch_sec_test krb5n krb5a
659 switch_sec_test krb5a krb5i
660 switch_sec_test krb5i krb5p
661 switch_sec_test krb5p null
662 switch_sec_test null krb5p
663 switch_sec_test krb5p krb5i
664 switch_sec_test krb5i plain
665 switch_sec_test plain krb5p
667 run_test 101 "switch ctx/sec for resending request"
680 # started from default flavors
681 restore_to_default_flavor
683 # run dbench background
686 echo "Testing null->krb5n->krb5a->krb5i->krb5p->plain->null"
687 set_rule $FSNAME any any krb5n
688 set_rule $FSNAME any any krb5a
689 set_rule $FSNAME any any krb5i
690 set_rule $FSNAME any any krb5p
691 set_rule $FSNAME any any plain
692 set_rule $FSNAME any any null
695 wait_flavor all2all null || error_dbench "1"
698 echo "waiting for 15s and check again"
702 echo "Testing null->krb5i->null->krb5i->null..."
703 for ((i=0; i<10; i++)); do
704 set_rule $FSNAME any any krb5i
705 set_rule $FSNAME any any null
707 set_rule $FSNAME any any krb5i
710 wait_flavor all2all krb5i || error_dbench "2"
713 echo "waiting for 15s and check again"
719 run_test 102 "survive from insanely fast flavor switch"
724 local clients=$CLIENTS
726 [ -z $clients ] && clients=$HOSTNAME
728 # started from default flavors
729 restore_to_default_flavor
731 # at this time no rules has been set on mgs; mgc use null
732 # flavor connect to mgs.
733 count=`flvr_cnt_mgc2mgs null`
734 [ $count -eq 1 ] || error "$count mgc connection use null flavor"
736 zconf_umount_clients $clients $MOUNT || return 1
738 # mount client with conflict flavor - should fail
740 MOUNTOPT="$MOUNTOPT,mgssec=krb5p"
741 zconf_mount_clients $clients $MOUNT && \
742 error "mount with conflict flavor should have failed"
745 # mount client with same flavor - should succeed
747 MOUNTOPT="$MOUNTOPT,mgssec=null"
748 zconf_mount_clients $clients $MOUNT || \
749 error "mount with same flavor should have succeeded"
751 zconf_umount_clients $clients $MOUNT || return 2
753 # mount client with default flavor - should succeed
754 zconf_mount_clients $clients $MOUNT || \
755 error "mount with default flavor should have succeeded"
757 run_test 150 "secure mgs connection: client flavor setting"
762 # set mgs only accept krb5p
763 set_rule _mgs any any krb5p
765 # umount everything, modules still loaded
768 # mount mgs with default flavor, in current framework it means mgs+mdt1.
769 # the connection of mgc of mdt1 to mgs is expected fail.
770 DEVNAME=$(mdsdevname 1)
771 start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with default flavor should have failed"
773 # mount with unauthorized flavor should fail
774 save_opts=$MDS_MOUNT_OPTS
775 MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=null"
776 start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with unauthorized flavor should have failed"
777 MDS_MOUNT_OPTS=$save_opts
779 # mount with designated flavor should succeed
780 save_opts=$MDS_MOUNT_OPTS
781 MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=krb5p"
782 start mds1 $DEVNAME $MDS_MOUNT_OPTS || error "mount with designated flavor should have succeeded"
783 MDS_MOUNT_OPTS=$save_opts
787 run_test 151 "secure mgs connection: server flavor control"
789 equals_msg `basename $0`: test complete, cleaning up
790 check_and_cleanup_lustre
791 [ -f "$TESTSUITELOG" ] && cat $TESTSUITELOG && grep -q FAIL $TESTSUITELOG && exit 1 || true