3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
11 LUSTRE=${LUSTRE:-$(dirname $0)/..}
12 . $LUSTRE/tests/test-framework.sh
17 ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT "
18 # bug number for skipped test:
20 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
22 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
24 NODEMAP_TESTS=$(seq 7 26)
26 if ! check_versions; then
27 echo "It is NOT necessary to test nodemap under interoperation mode"
28 EXCEPT="$EXCEPT $NODEMAP_TESTS"
33 RUNAS_CMD=${RUNAS_CMD:-runas}
35 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
38 PERM_CONF=$CONFDIR/perm.conf
40 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
41 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
43 require_dsh_mds || exit 0
44 require_dsh_ost || exit 0
46 clients=${CLIENTS//,/ }
47 num_clients=$(get_node_count ${clients})
48 clients_arr=($clients)
50 echo "was USER0=$(getent passwd | grep :${ID0:-500}:)"
51 echo "was USER1=$(getent passwd | grep :${ID1:-501}:)"
56 echo "now USER0=$USER0=$ID0:$(id -g $USER0), USER1=$USER1=$ID1:$(id -g $USER1)"
58 if [ "$SLOW" == "yes" ]; then
61 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
66 NODEMAP_IPADDR_LIST="1 250"
69 NODEMAP_MAX_ID=$((ID0 + NODEMAP_ID_COUNT))
72 skip "need to add user0 ($ID0:$ID0)" && exit 0
75 skip "need to add user1 ($ID1:$ID1)" && exit 0
77 IDBASE=${IDBASE:-60000}
79 # changes to mappings must be reflected in test 23
81 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
82 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
85 check_and_setup_lustre
90 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
91 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
93 echo "with GSS support"
96 echo "without GSS support"
99 MDT=$(mdtname_from_index 0 $MOUNT)
100 [[ -z "$MDT" ]] && error "fail to get MDT0000 device name" && exit 1
101 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
102 IDENTITY_FLUSH=mdt.$MDT.identity_flush
111 if ! $RUNAS_CMD -u $user krb5_login.sh; then
112 error "$user login kerberos failed."
116 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
117 $RUNAS_CMD -u $user lfs flushctx -k
118 $RUNAS_CMD -u $user krb5_login.sh
119 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
120 error "init $user $group failed."
126 declare -a identity_old
129 for ((num = 1; num <= $MDSCOUNT; num++)); do
130 switch_identity $num true || identity_old[$num]=$?
133 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
134 sec_login $USER0 $USER0
137 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
138 sec_login $USER1 $USER1
143 # run as different user
147 chmod 0755 $DIR || error "chmod (1)"
148 rm -rf $DIR/$tdir || error "rm (1)"
149 mkdir -p $DIR/$tdir || error "mkdir (1)"
150 chown $USER0 $DIR/$tdir || error "chown (2)"
151 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
152 rm -f $DIR/f0 || error "rm (2)"
153 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
154 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
155 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
156 touch $DIR/$tdir/f3 || error "touch (4)"
157 chown root $DIR/$tdir || error "chown (3)"
158 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
159 chmod 0775 $DIR/$tdir || error "chmod (2)"
160 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
161 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
162 touch $DIR/$tdir/f6 || error "touch (7)"
163 rm -rf $DIR/$tdir || error "rm (3)"
165 run_test 0 "uid permission ============================="
169 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
172 mkdir_on_mdt0 $DIR/$tdir
174 chown $USER0 $DIR/$tdir || error "chown (1)"
175 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
176 echo "enable uid $ID1 setuid"
177 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
178 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
179 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
181 chown root $DIR/$tdir || error "chown (4)"
182 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
183 chmod 0770 $DIR/$tdir || error "chmod (6)"
184 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
185 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
186 echo "enable uid $ID1 setuid,setgid"
187 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
188 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
189 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
191 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
196 do_facet $SINGLEMDS "rm -f $PERM_CONF"
197 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
199 run_test 1 "setuid/gid ============================="
201 # bug 3285 - supplementary group should always succeed.
202 # NB: the supplementary groups are set for local client only,
203 # as for remote client, the groups of the specified uid on MDT
204 # will be obtained by upcall /usr/sbin/l_getidentity and used.
206 [[ "$MDS1_VERSION" -ge $(version_code 2.6.93) ]] ||
207 [[ "$MDS1_VERSION" -ge $(version_code 2.5.35) &&
208 "$MDS1_VERSION" -lt $(version_code 2.5.50) ]] ||
209 skip "Need MDS version at least 2.6.93 or 2.5.35"
212 mkdir_on_mdt0 -p $DIR/$tdir
213 chmod 0771 $DIR/$tdir
214 chgrp $ID0 $DIR/$tdir
215 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
216 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
217 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
218 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
219 error "setgroups (2)"
220 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
223 do_facet $SINGLEMDS "rm -f $PERM_CONF"
224 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
226 run_test 4 "set supplementary group ==============="
232 squash_id default 99 0
233 wait_nm_sync default squash_uid '' inactive
234 squash_id default 99 1
235 wait_nm_sync default squash_gid '' inactive
236 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
237 local csum=${HOSTNAME_CHECKSUM}_${i}
239 do_facet mgs $LCTL nodemap_add $csum
241 if [ $rc -ne 0 ]; then
242 echo "nodemap_add $csum failed with $rc"
246 wait_update_facet --verbose mgs \
247 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
248 grep -c $csum || true" 1 30 ||
251 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
252 local csum=${HOSTNAME_CHECKSUM}_${i}
254 wait_nm_sync $csum id '' inactive
262 for ((i = 0; i < NODEMAP_COUNT; i++)); do
263 local csum=${HOSTNAME_CHECKSUM}_${i}
265 if ! do_facet mgs $LCTL nodemap_del $csum; then
266 error "nodemap_del $csum failed with $?"
270 wait_update_facet --verbose mgs \
271 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
272 grep -c $csum || true" 0 30 ||
275 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
276 local csum=${HOSTNAME_CHECKSUM}_${i}
278 wait_nm_sync $csum id '' inactive
285 local cmd="$LCTL nodemap_add_range"
289 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
290 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
291 if ! do_facet mgs $cmd --name $1 --range $range; then
300 local cmd="$LCTL nodemap_del_range"
304 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
305 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
306 if ! do_facet mgs $cmd --name $1 --range $range; then
316 local cmd="$LCTL nodemap_add_idmap"
320 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
322 echo "Start to add idmaps ..."
323 for ((i = 0; i < NODEMAP_COUNT; i++)); do
326 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
327 local csum=${HOSTNAME_CHECKSUM}_${i}
329 local fs_id=$((j + 1))
331 if ! do_facet mgs $cmd --name $csum --idtype uid \
332 --idmap $client_id:$fs_id; then
335 if ! do_facet mgs $cmd --name $csum --idtype gid \
336 --idmap $client_id:$fs_id; then
340 if ! do_facet mgs $cmd --name $csum \
341 --idtype projid --idmap \
342 $client_id:$fs_id; then
352 update_idmaps() { #LU-10040
353 [ "$MGS_VERSION" -lt $(version_code 2.10.55) ] &&
354 skip "Need MGS >= 2.10.55"
356 local csum=${HOSTNAME_CHECKSUM}_0
357 local old_id_client=$ID0
358 local old_id_fs=$((ID0 + 1))
359 local new_id=$((ID0 + 100))
364 echo "Start to update idmaps ..."
366 #Inserting an existed idmap should return error
367 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
369 $cmd --idmap $old_id_client:$old_id_fs 2>/dev/null; then
370 error "insert idmap {$old_id_client:$old_id_fs} " \
371 "should return error"
376 #Update id_fs and check it
377 if ! do_facet mgs $cmd --idmap $old_id_client:$new_id; then
378 error "$cmd --idmap $old_id_client:$new_id failed"
382 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
383 awk '{ print $7 }' | sed -n '2p')
384 [ $tmp_id != $new_id ] && { error "new id_fs $tmp_id != $new_id"; \
385 rc=$((rc + 1)); return $rc; }
387 #Update id_client and check it
388 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
389 error "$cmd --idmap $new_id:$new_id failed"
393 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
394 awk '{ print $5 }' | sed -n "$((NODEMAP_ID_COUNT + 1)) p")
395 tmp_id=$(echo ${tmp_id%,*}) #e.g. "501,"->"501"
396 [ $tmp_id != $new_id ] && { error "new id_client $tmp_id != $new_id"; \
397 rc=$((rc + 1)); return $rc; }
399 #Delete above updated idmap
400 cmd="$LCTL nodemap_del_idmap --name $csum --idtype uid"
401 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
402 error "$cmd --idmap $new_id:$new_id failed"
407 #restore the idmaps to make delete_idmaps work well
408 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
409 if ! do_facet mgs $cmd --idmap $old_id_client:$old_id_fs; then
410 error "$cmd --idmap $old_id_client:$old_id_fs failed"
420 local cmd="$LCTL nodemap_del_idmap"
424 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
426 echo "Start to delete idmaps ..."
427 for ((i = 0; i < NODEMAP_COUNT; i++)); do
430 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
431 local csum=${HOSTNAME_CHECKSUM}_${i}
433 local fs_id=$((j + 1))
435 if ! do_facet mgs $cmd --name $csum --idtype uid \
436 --idmap $client_id:$fs_id; then
439 if ! do_facet mgs $cmd --name $csum --idtype gid \
440 --idmap $client_id:$fs_id; then
444 if ! do_facet mgs $cmd --name $csum \
445 --idtype projid --idmap \
446 $client_id:$fs_id; then
460 local cmd="$LCTL nodemap_modify"
463 proc[0]="admin_nodemap"
464 proc[1]="trusted_nodemap"
468 for ((idx = 0; idx < 2; idx++)); do
469 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
474 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
484 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
485 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
489 cmd[0]="$LCTL nodemap_modify --property squash_uid"
490 cmd[1]="$LCTL nodemap_modify --property squash_gid"
491 cmd[2]="$LCTL nodemap_modify --property squash_projid"
493 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
498 # ensure that the squash defaults are the expected defaults
499 squash_id default 99 0
500 wait_nm_sync default squash_uid '' inactive
501 squash_id default 99 1
502 wait_nm_sync default squash_gid '' inactive
503 if [ "$MDS1_VERSION" -ge $(version_code 2.14.50) ]; then
504 squash_id default 99 2
505 wait_nm_sync default squash_projid '' inactive
511 cmd="$LCTL nodemap_test_nid"
513 nid=$(do_facet mgs $cmd $1)
515 if [ $nid == $2 ]; then
523 # restore activation state
524 do_facet mgs $LCTL nodemap_activate 0
530 local cmd="$LCTL nodemap_test_id"
533 echo "Start to test idmaps ..."
534 ## nodemap deactivated
535 if ! do_facet mgs $LCTL nodemap_activate 0; then
538 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
541 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
542 local nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
543 local fs_id=$(do_facet mgs $cmd --nid $nid \
544 --idtype uid --id $id)
545 if [ $fs_id != $id ]; then
546 echo "expected $id, got $fs_id"
553 if ! do_facet mgs $LCTL nodemap_activate 1; then
557 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
558 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
559 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
560 fs_id=$(do_facet mgs $cmd --nid $nid \
561 --idtype uid --id $id)
562 expected_id=$((id + 1))
563 if [ $fs_id != $expected_id ]; then
564 echo "expected $expected_id, got $fs_id"
571 for ((i = 0; i < NODEMAP_COUNT; i++)); do
572 local csum=${HOSTNAME_CHECKSUM}_${i}
574 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
575 --property trusted --value 1; then
576 error "nodemap_modify $csum failed with $?"
581 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
582 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
583 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
584 fs_id=$(do_facet mgs $cmd --nid $nid \
585 --idtype uid --id $id)
586 if [ $fs_id != $id ]; then
587 echo "expected $id, got $fs_id"
593 ## ensure allow_root_access is enabled
594 for ((i = 0; i < NODEMAP_COUNT; i++)); do
595 local csum=${HOSTNAME_CHECKSUM}_${i}
597 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
598 --property admin --value 1; then
599 error "nodemap_modify $csum failed with $?"
604 ## check that root allowed
605 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
606 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
607 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
608 if [ $fs_id != 0 ]; then
609 echo "root allowed expected 0, got $fs_id"
614 ## ensure allow_root_access is disabled
615 for ((i = 0; i < NODEMAP_COUNT; i++)); do
616 local csum=${HOSTNAME_CHECKSUM}_${i}
618 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
619 --property admin --value 0; then
620 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
626 ## check that root is mapped to 99
627 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
628 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
629 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
630 if [ $fs_id != 99 ]; then
631 error "root squash expected 99, got $fs_id"
636 ## reset client trust to 0
637 for ((i = 0; i < NODEMAP_COUNT; i++)); do
638 if ! do_facet mgs $LCTL nodemap_modify \
639 --name ${HOSTNAME_CHECKSUM}_${i} \
640 --property trusted --value 0; then
641 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
653 remote_mgs_nodsh && skip "remote MGS with nodsh"
654 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
655 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
659 [[ $rc != 0 ]] && error "nodemap_add failed with $rc"
663 [[ $rc != 0 ]] && error "nodemap_del failed with $rc"
667 run_test 7 "nodemap create and delete"
672 remote_mgs_nodsh && skip "remote MGS with nodsh"
673 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
674 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
680 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
686 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
692 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
696 run_test 8 "nodemap reject duplicates"
702 remote_mgs_nodsh && skip "remote MGS with nodsh"
703 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
704 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
709 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
712 for ((i = 0; i < NODEMAP_COUNT; i++)); do
713 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
717 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
720 for ((i = 0; i < NODEMAP_COUNT; i++)); do
721 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
725 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
730 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
734 run_test 9 "nodemap range add"
739 remote_mgs_nodsh && skip "remote MGS with nodsh"
740 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
741 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
746 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
749 for ((i = 0; i < NODEMAP_COUNT; i++)); do
750 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
754 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
757 for ((i = 0; i < NODEMAP_COUNT; i++)); do
758 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
762 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
767 for ((i = 0; i < NODEMAP_COUNT; i++)); do
768 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
772 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
776 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 5
780 run_test 10a "nodemap reject duplicate ranges"
783 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
784 skip "Need MGS >= 2.10.53"
788 local nids="192.168.19.[0-255]@o2ib20"
790 do_facet mgs $LCTL nodemap_del $nm1 2>/dev/null
791 do_facet mgs $LCTL nodemap_del $nm2 2>/dev/null
793 do_facet mgs $LCTL nodemap_add $nm1 || error "Add $nm1 failed"
794 do_facet mgs $LCTL nodemap_add $nm2 || error "Add $nm2 failed"
795 do_facet mgs $LCTL nodemap_add_range --name $nm1 --range $nids ||
796 error "Add range $nids to $nm1 failed"
797 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
798 grep start_nid)" ] || error "No range was found"
799 do_facet mgs $LCTL nodemap_del_range --name $nm2 --range $nids &&
800 error "Deleting range $nids from $nm2 should fail"
801 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
802 grep start_nid)" ] || error "Range $nids should be there"
804 do_facet mgs $LCTL nodemap_del $nm1 || error "Delete $nm1 failed"
805 do_facet mgs $LCTL nodemap_del $nm2 || error "Delete $nm2 failed"
808 run_test 10b "delete range from the correct nodemap"
810 test_10c() { #LU-8912
811 [ "$MGS_VERSION" -lt $(version_code 2.10.57) ] &&
812 skip "Need MGS >= 2.10.57"
814 local nm="nodemap_lu8912"
815 local nid_range="10.210.[32-47].[0-255]@o2ib3"
816 local start_nid="10.210.32.0@o2ib3"
817 local end_nid="10.210.47.255@o2ib3"
818 local start_nid_found
821 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
822 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
823 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
824 error "Add range $nid_range to $nm failed"
826 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
827 awk -F '[,: ]' /start_nid/'{ print $9 }')
828 [ "$start_nid" == "$start_nid_found" ] ||
829 error "start_nid: $start_nid_found != $start_nid"
830 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
831 awk -F '[,: ]' /end_nid/'{ print $13 }')
832 [ "$end_nid" == "$end_nid_found" ] ||
833 error "end_nid: $end_nid_found != $end_nid"
835 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
838 run_test 10c "verfify contiguous range support"
840 test_10d() { #LU-8913
841 [ "$MGS_VERSION" -lt $(version_code 2.10.59) ] &&
842 skip "Need MGS >= 2.10.59"
844 local nm="nodemap_lu8913"
845 local nid_range="*@o2ib3"
846 local start_nid="0.0.0.0@o2ib3"
847 local end_nid="255.255.255.255@o2ib3"
848 local start_nid_found
851 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
852 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
853 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
854 error "Add range $nid_range to $nm failed"
856 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
857 awk -F '[,: ]' /start_nid/'{ print $9 }')
858 [ "$start_nid" == "$start_nid_found" ] ||
859 error "start_nid: $start_nid_found != $start_nid"
860 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
861 awk -F '[,: ]' /end_nid/'{ print $13 }')
862 [ "$end_nid" == "$end_nid_found" ] ||
863 error "end_nid: $end_nid_found != $end_nid"
865 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
868 run_test 10d "verfify nodemap range format '*@<net>' support"
873 remote_mgs_nodsh && skip "remote MGS with nodsh"
874 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
875 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
880 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
883 for ((i = 0; i < NODEMAP_COUNT; i++)); do
884 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
888 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
893 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
897 run_test 11 "nodemap modify"
902 remote_mgs_nodsh && skip "remote MGS with nodsh"
903 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
904 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
909 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
912 for ((i = 0; i < NODEMAP_COUNT; i++)); do
913 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
917 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
920 for ((i = 0; i < NODEMAP_COUNT; i++)); do
921 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
925 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
928 if (( $MDS1_VERSION >= $(version_code 2.14.52) )); then
929 for ((i = 0; i < NODEMAP_COUNT; i++)); do
930 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 2; then
935 [[ $rc != 0 ]] && error "nodemap squash_projid with $rc" && return 5
940 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
944 run_test 12 "nodemap set squash ids"
949 remote_mgs_nodsh && skip "remote MGS with nodsh"
950 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
951 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
956 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
959 for ((i = 0; i < NODEMAP_COUNT; i++)); do
960 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
964 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
967 for ((i = 0; i < NODEMAP_COUNT; i++)); do
968 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
969 for k in $NODEMAP_IPADDR_LIST; do
970 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
971 ${HOSTNAME_CHECKSUM}_${i}; then
977 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
982 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
986 run_test 13 "test nids"
991 remote_mgs_nodsh && skip "remote MGS with nodsh"
992 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
993 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
998 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1001 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1002 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
1003 for k in $NODEMAP_IPADDR_LIST; do
1004 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
1011 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
1016 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
1020 run_test 14 "test default nodemap nid lookup"
1025 remote_mgs_nodsh && skip "remote MGS with nodsh"
1026 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1027 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1032 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1034 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
1035 local csum=${HOSTNAME_CHECKSUM}_${i}
1037 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1038 --property admin --value 0; then
1041 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1042 --property trusted --value 0; then
1046 [[ $rc != 0 ]] && error "nodemap_modify failed with $rc" && return 1
1049 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1050 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
1054 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
1059 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
1061 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
1062 if [[ "$activedefault" != "1" ]]; then
1063 stack_trap cleanup_active EXIT
1069 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
1074 [[ $rc != 0 ]] && error "update_idmaps failed with $rc" && return 5
1079 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 6
1084 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 7
1088 run_test 15 "test id mapping"
1090 create_fops_nodemaps() {
1093 for client in $clients; do
1094 local client_ip=$(host_nids_address $client $NETTYPE)
1095 local client_nid=$(h2nettype $client_ip)
1096 do_facet mgs $LCTL nodemap_add c${i} || return 1
1097 do_facet mgs $LCTL nodemap_add_range \
1098 --name c${i} --range $client_nid || return 1
1099 for map in ${FOPS_IDMAPS[i]}; do
1100 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1101 --idtype uid --idmap ${map} || return 1
1102 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1103 --idtype gid --idmap ${map} || return 1
1106 wait_nm_sync c$i idmap
1113 delete_fops_nodemaps() {
1116 for client in $clients; do
1117 do_facet mgs $LCTL nodemap_del c${i} || return 1
1125 if [ $MDSCOUNT -le 1 ]; then
1126 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1128 # round-robin MDTs to test DNE nodemap support
1129 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1130 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1131 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1132 ((fops_mds_index++))
1136 # acl test directory needs to be initialized on a privileged client
1138 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1139 local trust=$(do_facet mgs $LCTL get_param -n \
1140 nodemap.c0.trusted_nodemap)
1142 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1143 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1145 wait_nm_sync c0 admin_nodemap
1146 wait_nm_sync c0 trusted_nodemap
1148 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1150 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1152 do_facet mgs $LCTL nodemap_modify --name c0 \
1153 --property admin --value $admin
1154 do_facet mgs $LCTL nodemap_modify --name c0 \
1155 --property trusted --value $trust
1157 # flush MDT locks to make sure they are reacquired before test
1158 do_node ${clients_arr[0]} $LCTL set_param \
1159 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1161 wait_nm_sync c0 admin_nodemap
1162 wait_nm_sync c0 trusted_nodemap
1165 # fileset test directory needs to be initialized on a privileged client
1166 fileset_test_setup() {
1169 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1170 cleanup_mount $MOUNT
1171 FILESET="" zconf_mount_clients $CLIENTS $MOUNT
1174 local admin=$(do_facet mgs $LCTL get_param -n \
1175 nodemap.${nm}.admin_nodemap)
1176 local trust=$(do_facet mgs $LCTL get_param -n \
1177 nodemap.${nm}.trusted_nodemap)
1179 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1180 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1183 wait_nm_sync $nm admin_nodemap
1184 wait_nm_sync $nm trusted_nodemap
1186 # create directory and populate it for subdir mount
1187 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir ||
1188 error "unable to create dir $MOUNT/$subdir"
1189 do_node ${clients_arr[0]} touch $MOUNT/$subdir/this_is_$subdir ||
1190 error "unable to create file $MOUNT/$subdir/this_is_$subdir"
1191 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir/$subsubdir ||
1192 error "unable to create dir $MOUNT/$subdir/$subsubdir"
1193 do_node ${clients_arr[0]} touch \
1194 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir ||
1195 error "unable to create file \
1196 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir"
1198 do_facet mgs $LCTL nodemap_modify --name $nm \
1199 --property admin --value $admin
1200 do_facet mgs $LCTL nodemap_modify --name $nm \
1201 --property trusted --value $trust
1203 # flush MDT locks to make sure they are reacquired before test
1204 do_node ${clients_arr[0]} $LCTL set_param \
1205 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1207 wait_nm_sync $nm admin_nodemap
1208 wait_nm_sync $nm trusted_nodemap
1211 # fileset test directory needs to be initialized on a privileged client
1212 fileset_test_cleanup() {
1214 local admin=$(do_facet mgs $LCTL get_param -n \
1215 nodemap.${nm}.admin_nodemap)
1216 local trust=$(do_facet mgs $LCTL get_param -n \
1217 nodemap.${nm}.trusted_nodemap)
1219 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1220 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1223 wait_nm_sync $nm admin_nodemap
1224 wait_nm_sync $nm trusted_nodemap
1226 # cleanup directory created for subdir mount
1227 do_node ${clients_arr[0]} rm -rf $MOUNT/$subdir ||
1228 error "unable to remove dir $MOUNT/$subdir"
1230 do_facet mgs $LCTL nodemap_modify --name $nm \
1231 --property admin --value $admin
1232 do_facet mgs $LCTL nodemap_modify --name $nm \
1233 --property trusted --value $trust
1235 # flush MDT locks to make sure they are reacquired before test
1236 do_node ${clients_arr[0]} $LCTL set_param \
1237 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1239 wait_nm_sync $nm admin_nodemap
1240 wait_nm_sync $nm trusted_nodemap
1241 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1242 cleanup_mount $MOUNT
1243 zconf_mount_clients $CLIENTS $MOUNT
1247 do_create_delete() {
1250 local testfile=$DIR/$tdir/$tfile
1254 if $run_u touch $testfile >& /dev/null; then
1256 $run_u rm $testfile && d=1
1260 local expected=$(get_cr_del_expected $key)
1261 [ "$res" != "$expected" ] &&
1262 error "test $key, wanted $expected, got $res" && rc=$((rc + 1))
1266 nodemap_check_quota() {
1268 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1271 do_fops_quota_test() {
1273 # fuzz quota used to account for possible indirect blocks, etc
1274 local quota_fuzz=$(fs_log_size)
1275 local qused_orig=$(nodemap_check_quota "$run_u")
1276 local qused_high=$((qused_orig + quota_fuzz))
1277 local qused_low=$((qused_orig - quota_fuzz))
1278 local testfile=$DIR/$tdir/$tfile
1279 $run_u dd if=/dev/zero of=$testfile oflag=sync bs=1M count=1 \
1280 >& /dev/null || error "unable to write quota test file"
1281 sync; sync_all_data || true
1283 local qused_new=$(nodemap_check_quota "$run_u")
1284 [ $((qused_new)) -lt $((qused_low + 1024)) -o \
1285 $((qused_new)) -gt $((qused_high + 1024)) ] &&
1286 error "$qused_new != $qused_orig + 1M after write, " \
1287 "fuzz is $quota_fuzz"
1288 $run_u rm $testfile || error "unable to remove quota test file"
1289 wait_delete_completed_mds
1291 qused_new=$(nodemap_check_quota "$run_u")
1292 [ $((qused_new)) -lt $((qused_low)) \
1293 -o $((qused_new)) -gt $((qused_high)) ] &&
1294 error "quota not reclaimed, expect $qused_orig, " \
1295 "got $qused_new, fuzz $quota_fuzz"
1298 get_fops_mapped_user() {
1301 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1302 for map in ${FOPS_IDMAPS[i]}; do
1303 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1304 cut -d: -f2 <<< "$map"
1312 get_cr_del_expected() {
1314 IFS=":" read -a key <<< "$1"
1315 local mapmode="${key[0]}"
1316 local mds_user="${key[1]}"
1317 local cluster="${key[2]}"
1318 local cli_user="${key[3]}"
1319 local mode="0${key[4]}"
1326 [[ $mapmode == *mapped* ]] && mapped=1
1327 # only c1 is mapped in these test cases
1328 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1329 [[ $mapmode == *noadmin* ]] && noadmin=1
1331 # o+wx works as long as the user isn't mapped
1332 if [ $((mode & 3)) -eq 3 ]; then
1336 # if client user is root, check if root is squashed
1337 if [ "$cli_user" == "0" ]; then
1338 # squash root succeed, if other bit is on
1341 1) [ "$other" == "1" ] && echo $SUCCESS
1342 [ "$other" == "0" ] && echo $FAILURE;;
1346 if [ "$mapped" == "0" ]; then
1347 [ "$other" == "1" ] && echo $SUCCESS
1348 [ "$other" == "0" ] && echo $FAILURE
1352 # if mapped user is mds user, check for u+wx
1353 mapped_user=$(get_fops_mapped_user $cli_user)
1354 [ "$mapped_user" == "-1" ] &&
1355 error "unable to find mapping for client user $cli_user"
1357 if [ "$mapped_user" == "$mds_user" -a \
1358 $(((mode & 0300) == 0300)) -eq 1 ]; then
1362 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1369 test_fops_admin_cli_i=""
1370 test_fops_chmod_dir() {
1371 local current_cli_i=$1
1373 local dir_to_chmod=$3
1374 local new_admin_cli_i=""
1376 # do we need to set up a new admin client?
1377 [ "$current_cli_i" == "0" ] && [ "$test_fops_admin_cli_i" != "1" ] &&
1379 [ "$current_cli_i" != "0" ] && [ "$test_fops_admin_cli_i" != "0" ] &&
1382 # if only one client, and non-admin, need to flip admin everytime
1383 if [ "$num_clients" == "1" ]; then
1384 test_fops_admin_client=$clients
1385 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1386 nodemap.c0.admin_nodemap)
1387 if [ "$test_fops_admin_val" != "1" ]; then
1388 do_facet mgs $LCTL nodemap_modify \
1392 wait_nm_sync c0 admin_nodemap
1394 elif [ "$new_admin_cli_i" != "" ]; then
1395 # restore admin val to old admin client
1396 if [ "$test_fops_admin_cli_i" != "" ] &&
1397 [ "$test_fops_admin_val" != "1" ]; then
1398 do_facet mgs $LCTL nodemap_modify \
1399 --name c${test_fops_admin_cli_i} \
1401 --value $test_fops_admin_val
1402 wait_nm_sync c${test_fops_admin_cli_i} admin_nodemap
1405 test_fops_admin_cli_i=$new_admin_cli_i
1406 test_fops_admin_client=${clients_arr[$new_admin_cli_i]}
1407 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1408 nodemap.c${new_admin_cli_i}.admin_nodemap)
1410 if [ "$test_fops_admin_val" != "1" ]; then
1411 do_facet mgs $LCTL nodemap_modify \
1412 --name c${new_admin_cli_i} \
1415 wait_nm_sync c${new_admin_cli_i} admin_nodemap
1419 do_node $test_fops_admin_client chmod $perm_bits $DIR/$tdir || return 1
1421 # remove admin for single client if originally non-admin
1422 if [ "$num_clients" == "1" ] && [ "$test_fops_admin_val" != "1" ]; then
1423 do_facet mgs $LCTL nodemap_modify --name c0 --property admin \
1425 wait_nm_sync c0 admin_nodemap
1433 local single_client="$2"
1434 local client_user_list=([0]="0 $((IDBASE+3))"
1435 [1]="0 $((IDBASE+5))")
1436 local mds_users="-1 0"
1439 local perm_bit_list="3 $((0300))"
1440 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1441 if [ "$SLOW" == "yes" ]; then
1442 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1444 client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1445 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1446 mds_users="-1 0 1 2"
1449 # force single_client to speed up test
1450 [ "$SLOW" == "yes" ] ||
1452 # step through mds users. -1 means root
1453 for mds_i in $mds_users; do
1454 local user=$((mds_i + IDBASE))
1458 [ "$mds_i" == "-1" ] && user=0
1460 echo mkdir -p $DIR/$tdir
1463 for client in $clients; do
1465 for u in ${client_user_list[$cli_i]}; do
1466 local run_u="do_node $client \
1467 $RUNAS_CMD -u$u -g$u -G$u"
1468 for perm_bits in $perm_bit_list; do
1469 local mode=$(printf %03o $perm_bits)
1471 key="$mapmode:$user:c$cli_i:$u:$mode"
1472 test_fops_chmod_dir $cli_i $mode \
1474 error cannot chmod $key
1475 do_create_delete "$run_u" "$key"
1479 test_fops_chmod_dir $cli_i 777 $DIR/$tdir ||
1480 error cannot chmod $key
1481 do_fops_quota_test "$run_u"
1484 cli_i=$((cli_i + 1))
1485 [ "$single_client" == "1" ] && break
1492 nodemap_version_check () {
1493 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1494 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1495 skip "No nodemap on $MGS_VERSION MGS < 2.5.53" &&
1500 nodemap_test_setup() {
1502 local active_nodemap=1
1504 [ "$1" == "0" ] && active_nodemap=0
1506 do_nodes $(comma_list $(all_mdts_nodes)) \
1507 $LCTL set_param mdt.*.identity_upcall=NONE
1510 create_fops_nodemaps
1512 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1514 do_facet mgs $LCTL nodemap_activate $active_nodemap
1517 do_facet mgs $LCTL nodemap_modify --name default \
1518 --property admin --value 1
1519 wait_nm_sync default admin_nodemap
1520 do_facet mgs $LCTL nodemap_modify --name default \
1521 --property trusted --value 1
1522 wait_nm_sync default trusted_nodemap
1525 nodemap_test_cleanup() {
1527 delete_fops_nodemaps
1529 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1531 do_facet mgs $LCTL nodemap_modify --name default \
1532 --property admin --value 0
1533 wait_nm_sync default admin_nodemap
1534 do_facet mgs $LCTL nodemap_modify --name default \
1535 --property trusted --value 0
1536 wait_nm_sync default trusted_nodemap
1538 do_facet mgs $LCTL nodemap_activate 0
1539 wait_nm_sync active 0
1541 export SK_UNIQUE_NM=false
1545 nodemap_clients_admin_trusted() {
1549 for client in $clients; do
1550 do_facet mgs $LCTL nodemap_modify --name c0 \
1551 --property admin --value $admin
1552 do_facet mgs $LCTL nodemap_modify --name c0 \
1553 --property trusted --value $tr
1556 wait_nm_sync c$((i - 1)) admin_nodemap
1557 wait_nm_sync c$((i - 1)) trusted_nodemap
1561 nodemap_version_check || return 0
1562 nodemap_test_setup 0
1564 trap nodemap_test_cleanup EXIT
1566 nodemap_test_cleanup
1568 run_test 16 "test nodemap all_off fileops"
1572 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1573 skip "Need MDS >= 2.11.55"
1575 local check_proj=true
1577 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || check_proj=false
1579 nodemap_version_check || return 0
1582 trap nodemap_test_cleanup EXIT
1583 nodemap_clients_admin_trusted 0 1
1584 test_fops trusted_noadmin 1
1585 if $check_proj; then
1586 do_facet mgs $LCTL nodemap_modify --name c0 \
1587 --property map_mode --value projid
1588 wait_nm_sync c0 map_mode
1590 test_fops trusted_noadmin 1
1591 nodemap_test_cleanup
1593 run_test 17 "test nodemap trusted_noadmin fileops"
1597 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1598 skip "Need MDS >= 2.11.55"
1601 nodemap_version_check || return 0
1604 trap nodemap_test_cleanup EXIT
1605 nodemap_clients_admin_trusted 0 0
1606 test_fops mapped_noadmin 1
1607 nodemap_test_cleanup
1609 run_test 18 "test nodemap mapped_noadmin fileops"
1613 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1614 skip "Need MDS >= 2.11.55"
1617 nodemap_version_check || return 0
1620 trap nodemap_test_cleanup EXIT
1621 nodemap_clients_admin_trusted 1 1
1622 test_fops trusted_admin 1
1623 nodemap_test_cleanup
1625 run_test 19 "test nodemap trusted_admin fileops"
1629 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1630 skip "Need MDS >= 2.11.55"
1633 nodemap_version_check || return 0
1636 trap nodemap_test_cleanup EXIT
1637 nodemap_clients_admin_trusted 1 0
1638 test_fops mapped_admin 1
1639 nodemap_test_cleanup
1641 run_test 20 "test nodemap mapped_admin fileops"
1645 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1646 skip "Need MDS >= 2.11.55"
1649 nodemap_version_check || return 0
1652 trap nodemap_test_cleanup EXIT
1655 for client in $clients; do
1656 do_facet mgs $LCTL nodemap_modify --name c${i} \
1657 --property admin --value 0
1658 do_facet mgs $LCTL nodemap_modify --name c${i} \
1659 --property trusted --value $x
1663 wait_nm_sync c$((i - 1)) trusted_nodemap
1665 test_fops mapped_trusted_noadmin
1666 nodemap_test_cleanup
1668 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1672 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1673 skip "Need MDS >= 2.11.55"
1676 nodemap_version_check || return 0
1679 trap nodemap_test_cleanup EXIT
1682 for client in $clients; do
1683 do_facet mgs $LCTL nodemap_modify --name c${i} \
1684 --property admin --value 1
1685 do_facet mgs $LCTL nodemap_modify --name c${i} \
1686 --property trusted --value $x
1690 wait_nm_sync c$((i - 1)) trusted_nodemap
1692 test_fops mapped_trusted_admin
1693 nodemap_test_cleanup
1695 run_test 22 "test nodemap mapped_trusted_admin fileops"
1697 # acl test directory needs to be initialized on a privileged client
1698 nodemap_acl_test_setup() {
1699 local admin=$(do_facet mgs $LCTL get_param -n \
1700 nodemap.c0.admin_nodemap)
1701 local trust=$(do_facet mgs $LCTL get_param -n \
1702 nodemap.c0.trusted_nodemap)
1704 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1705 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1707 wait_nm_sync c0 admin_nodemap
1708 wait_nm_sync c0 trusted_nodemap
1710 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1712 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1713 error unable to chmod a+rwx test dir $DIR/$tdir
1715 do_facet mgs $LCTL nodemap_modify --name c0 \
1716 --property admin --value $admin
1717 do_facet mgs $LCTL nodemap_modify --name c0 \
1718 --property trusted --value $trust
1720 wait_nm_sync c0 trusted_nodemap
1723 # returns 0 if the number of ACLs does not change on the second (mapped) client
1724 # after being set on the first client
1725 nodemap_acl_test() {
1727 local set_client="$2"
1728 local get_client="$3"
1729 local check_setfacl="$4"
1730 local setfacl_error=0
1731 local testfile=$DIR/$tdir/$tfile
1732 local RUNAS_USER="$RUNAS_CMD -u $user"
1734 local acl_count_post=0
1736 nodemap_acl_test_setup
1739 do_node $set_client $RUNAS_USER touch $testfile
1741 # ACL masks aren't filtered by nodemap code, so we ignore them
1742 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1744 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1747 # if check setfacl is set to 1, then it's supposed to error
1748 if [ "$check_setfacl" == "1" ]; then
1749 [ "$setfacl_error" != "1" ] && return 1
1752 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1754 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1756 [ $acl_count -eq $acl_count_post ] && return 0
1761 [ $num_clients -lt 2 ] && skip "Need 2 clients at least" && return
1762 nodemap_version_check || return 0
1765 trap nodemap_test_cleanup EXIT
1766 # 1 trusted cluster, 1 mapped cluster
1767 local unmapped_fs=$((IDBASE+0))
1768 local unmapped_c1=$((IDBASE+5))
1769 local mapped_fs=$((IDBASE+2))
1770 local mapped_c0=$((IDBASE+4))
1771 local mapped_c1=$((IDBASE+6))
1773 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1774 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1776 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1777 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1779 wait_nm_sync c1 trusted_nodemap
1781 # setfacl on trusted cluster to unmapped user, verify it's not seen
1782 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1783 error "acl count (1)"
1785 # setfacl on trusted cluster to mapped user, verify it's seen
1786 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1787 error "acl count (2)"
1789 # setfacl on mapped cluster to mapped user, verify it's seen
1790 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1791 error "acl count (3)"
1793 # setfacl on mapped cluster to unmapped user, verify error
1794 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1795 error "acl count (4)"
1798 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1799 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1801 wait_nm_sync c0 trusted_nodemap
1803 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1804 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1805 error "acl count (5)"
1807 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1808 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1809 error "acl count (6)"
1811 nodemap_test_cleanup
1813 run_test 23a "test mapped regular ACLs"
1815 test_23b() { #LU-9929
1816 [ $num_clients -lt 2 ] && skip "Need 2 clients at least"
1817 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
1818 skip "Need MGS >= 2.10.53"
1820 export SK_UNIQUE_NM=true
1822 trap nodemap_test_cleanup EXIT
1824 local testdir=$DIR/$tdir
1825 local fs_id=$((IDBASE+10))
1830 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1831 wait_nm_sync c0 admin_nodemap
1832 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 1
1833 wait_nm_sync c1 admin_nodemap
1834 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 1
1835 wait_nm_sync c1 trusted_nodemap
1837 # Add idmap $ID0:$fs_id (500:60010)
1838 do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
1839 --idmap $ID0:$fs_id ||
1840 error "add idmap $ID0:$fs_id to nodemap c0 failed"
1841 wait_nm_sync c0 idmap
1843 # set/getfacl default acl on client 1 (unmapped gid=500)
1844 do_node ${clients_arr[0]} rm -rf $testdir
1845 do_node ${clients_arr[0]} mkdir -p $testdir
1846 # Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
1847 do_node ${clients_arr[0]} setfacl -R -d -m group:$USER0:rwx $testdir ||
1848 error "setfacl $testdir on ${clients_arr[0]} failed"
1849 unmapped_id=$(do_node ${clients_arr[0]} getfacl $testdir |
1850 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1851 [ "$unmapped_id" = "$USER0" ] ||
1852 error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
1854 # getfacl default acl on client 2 (mapped gid=60010)
1855 mapped_id=$(do_node ${clients_arr[1]} getfacl $testdir |
1856 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1857 fs_user=$(do_node ${clients_arr[1]} getent passwd |
1858 grep :$fs_id:$fs_id: | cut -d: -f1)
1859 [ -z "$fs_user" ] && fs_user=$fs_id
1860 [ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
1861 error "Should return gid=$fs_id or $fs_user on client2"
1864 nodemap_test_cleanup
1865 export SK_UNIQUE_NM=false
1867 run_test 23b "test mapped default ACLs"
1872 trap nodemap_test_cleanup EXIT
1873 do_nodes $(comma_list $(all_server_nodes)) $LCTL get_param -R nodemap
1875 nodemap_test_cleanup
1877 run_test 24 "check nodemap proc files for LBUGs and Oopses"
1880 local tmpfile=$(mktemp)
1881 local tmpfile2=$(mktemp)
1882 local tmpfile3=$(mktemp)
1883 local tmpfile4=$(mktemp)
1887 nodemap_version_check || return 0
1889 # stop clients for this test
1890 zconf_umount_clients $CLIENTS $MOUNT ||
1891 error "unable to umount clients $CLIENTS"
1893 export SK_UNIQUE_NM=true
1896 # enable trusted/admin for setquota call in cleanup_and_setup_lustre()
1898 for client in $clients; do
1899 do_facet mgs $LCTL nodemap_modify --name c${i} \
1900 --property admin --value 1
1901 do_facet mgs $LCTL nodemap_modify --name c${i} \
1902 --property trusted --value 1
1905 wait_nm_sync c$((i - 1)) trusted_nodemap
1907 trap nodemap_test_cleanup EXIT
1909 # create a new, empty nodemap, and add fileset info to it
1910 do_facet mgs $LCTL nodemap_add test25 ||
1911 error "unable to create nodemap $testname"
1912 do_facet mgs $LCTL set_param -P nodemap.$testname.fileset=/$subdir ||
1913 error "unable to add fileset info to nodemap test25"
1915 wait_nm_sync test25 id
1917 do_facet mgs $LCTL nodemap_info > $tmpfile
1918 do_facet mds $LCTL nodemap_info > $tmpfile2
1920 if ! $SHARED_KEY; then
1921 # will conflict with SK's nodemaps
1922 cleanup_and_setup_lustre
1924 # stop clients for this test
1925 zconf_umount_clients $CLIENTS $MOUNT ||
1926 error "unable to umount clients $CLIENTS"
1928 do_facet mgs $LCTL nodemap_info > $tmpfile3
1929 diff -q $tmpfile3 $tmpfile >& /dev/null ||
1930 error "nodemap_info diff on MGS after remount"
1932 do_facet mds $LCTL nodemap_info > $tmpfile4
1933 diff -q $tmpfile4 $tmpfile2 >& /dev/null ||
1934 error "nodemap_info diff on MDS after remount"
1937 do_facet mgs $LCTL nodemap_del test25 ||
1938 error "cannot delete nodemap test25 from config"
1939 nodemap_test_cleanup
1940 # restart clients previously stopped
1941 zconf_mount_clients $CLIENTS $MOUNT ||
1942 error "unable to mount clients $CLIENTS"
1944 rm -f $tmpfile $tmpfile2
1945 export SK_UNIQUE_NM=false
1947 run_test 25 "test save and reload nodemap config"
1950 nodemap_version_check || return 0
1954 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_add"
1955 wait_nm_sync c$large_i admin_nodemap
1957 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_del"
1958 wait_nm_sync c$large_i admin_nodemap
1960 run_test 26 "test transferring very large nodemap"
1962 nodemap_exercise_fileset() {
1965 local check_proj=true
1967 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || check_proj=false
1970 if [ "$nm" == "default" ]; then
1971 do_facet mgs $LCTL nodemap_activate 1
1973 do_facet mgs $LCTL nodemap_modify --name default \
1974 --property admin --value 1
1975 do_facet mgs $LCTL nodemap_modify --name default \
1976 --property trusted --value 1
1977 wait_nm_sync default admin_nodemap
1978 wait_nm_sync default trusted_nodemap
1983 if $SHARED_KEY; then
1984 export SK_UNIQUE_NM=true
1986 # will conflict with SK's nodemaps
1987 trap "fileset_test_cleanup $nm" EXIT
1989 fileset_test_setup "$nm"
1991 # add fileset info to $nm nodemap
1992 if ! combined_mgs_mds; then
1993 do_facet mgs $LCTL set_param nodemap.${nm}.fileset=/$subdir ||
1994 error "unable to add fileset info to $nm nodemap on MGS"
1996 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=/$subdir ||
1997 error "unable to add fileset info to $nm nodemap for servers"
1998 wait_nm_sync $nm fileset "nodemap.${nm}.fileset=/$subdir"
2000 if $check_proj; then
2001 do_facet mgs $LCTL nodemap_modify --name $nm \
2002 --property admin --value 1
2003 wait_nm_sync $nm admin_nodemap
2004 do_facet mgs $LCTL nodemap_modify --name $nm \
2005 --property trusted --value 0
2006 wait_nm_sync $nm trusted_nodemap
2007 do_facet mgs $LCTL nodemap_modify --name $nm \
2008 --property map_mode --value projid
2009 wait_nm_sync $nm map_mode
2010 do_facet mgs $LCTL nodemap_add_idmap --name $nm \
2011 --idtype projid --idmap 1:1
2012 do_facet mgs $LCTL nodemap_modify --name $nm \
2013 --property deny_unknown --value 1
2014 wait_nm_sync $nm deny_unknown
2018 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2019 error "unable to umount client ${clients_arr[0]}"
2020 # set some generic fileset to trigger SSK code
2022 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2023 error "unable to remount client ${clients_arr[0]}"
2026 # test mount point content
2027 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subdir ||
2028 error "fileset not taken into account"
2030 if $check_proj; then
2031 do_node ${clients_arr[0]} $LFS setquota -p 1 -b 10000 -B 11000 \
2032 -i 0 -I 0 $MOUNT || error "setquota -p 1 failed"
2033 do_node ${clients_arr[0]} $LFS setquota -p 2 -b 10000 -B 11000 \
2034 -i 0 -I 0 $MOUNT && error "setquota -p 2 should fail"
2037 # re-mount client with sub-subdir
2038 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2039 error "unable to umount client ${clients_arr[0]}"
2040 export FILESET=/$subsubdir
2041 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2042 error "unable to remount client ${clients_arr[0]}"
2045 # test mount point content
2046 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subsubdir ||
2047 error "subdir of fileset not taken into account"
2049 # remove fileset info from nodemap
2050 do_facet mgs $LCTL nodemap_set_fileset --name $nm --fileset clear ||
2051 error "unable to delete fileset info on $nm nodemap"
2052 wait_update_facet mgs "$LCTL get_param nodemap.${nm}.fileset" \
2053 "nodemap.${nm}.fileset=" ||
2054 error "fileset info still not cleared on $nm nodemap"
2055 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=clear ||
2056 error "unable to reset fileset info on $nm nodemap"
2057 wait_nm_sync $nm fileset "nodemap.${nm}.fileset="
2060 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2061 error "unable to umount client ${clients_arr[0]}"
2062 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2063 error "unable to remount client ${clients_arr[0]}"
2065 # test mount point content
2066 if ! $(do_node ${clients_arr[0]} test -d $MOUNT/$subdir); then
2068 error "fileset not cleared on $nm nodemap"
2071 # back to non-nodemap setup
2072 if $SHARED_KEY; then
2073 export SK_UNIQUE_NM=false
2074 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2075 error "unable to umount client ${clients_arr[0]}"
2077 fileset_test_cleanup "$nm"
2078 if [ "$nm" == "default" ]; then
2079 do_facet mgs $LCTL nodemap_modify --name default \
2080 --property admin --value 0
2081 do_facet mgs $LCTL nodemap_modify --name default \
2082 --property trusted --value 0
2083 wait_nm_sync default admin_nodemap
2084 wait_nm_sync default trusted_nodemap
2085 do_facet mgs $LCTL nodemap_activate 0
2086 wait_nm_sync active 0
2088 export SK_UNIQUE_NM=false
2090 nodemap_test_cleanup
2092 if $SHARED_KEY; then
2093 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2094 error "unable to remount client ${clients_arr[0]}"
2099 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2100 skip "Need MDS >= 2.11.50"
2102 for nm in "default" "c0"; do
2103 local subdir="subdir_${nm}"
2104 local subsubdir="subsubdir_${nm}"
2106 if [ "$nm" == "default" ] && [ "$SHARED_KEY" == "true" ]; then
2107 echo "Skipping nodemap $nm with SHARED_KEY";
2111 echo "Exercising fileset for nodemap $nm"
2112 nodemap_exercise_fileset "$nm"
2115 run_test 27a "test fileset in various nodemaps"
2117 test_27b() { #LU-10703
2118 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2119 skip "Need MDS >= 2.11.50"
2120 [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs"
2123 trap nodemap_test_cleanup EXIT
2125 # Add the nodemaps and set their filesets
2126 for i in $(seq 1 $MDSCOUNT); do
2127 do_facet mgs $LCTL nodemap_del nm$i 2>/dev/null
2128 do_facet mgs $LCTL nodemap_add nm$i ||
2129 error "add nodemap nm$i failed"
2130 wait_nm_sync nm$i "" "" "-N"
2132 if ! combined_mgs_mds; then
2134 $LCTL set_param nodemap.nm$i.fileset=/dir$i ||
2135 error "set nm$i.fileset=/dir$i failed on MGS"
2137 do_facet mgs $LCTL set_param -P nodemap.nm$i.fileset=/dir$i ||
2138 error "set nm$i.fileset=/dir$i failed on servers"
2139 wait_nm_sync nm$i fileset "nodemap.nm$i.fileset=/dir$i"
2142 # Check if all the filesets are correct
2143 for i in $(seq 1 $MDSCOUNT); do
2144 fileset=$(do_facet mds$i \
2145 $LCTL get_param -n nodemap.nm$i.fileset)
2146 [ "$fileset" = "/dir$i" ] ||
2147 error "nm$i.fileset $fileset != /dir$i on mds$i"
2148 do_facet mgs $LCTL nodemap_del nm$i ||
2149 error "delete nodemap nm$i failed"
2152 nodemap_test_cleanup
2154 run_test 27b "The new nodemap won't clear the old nodemap's fileset"
2157 if ! $SHARED_KEY; then
2158 skip "need shared key feature for this test" && return
2160 mkdir -p $DIR/$tdir || error "mkdir failed"
2161 touch $DIR/$tdir/$tdir.out || error "touch failed"
2162 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2163 error "read before rotation failed"
2165 # store top key identity to ensure rotation has occurred
2166 SK_IDENTITY_OLD=$(lctl get_param *.*.*srpc* | grep "expire" |
2167 head -1 | awk '{print $15}' | cut -c1-8)
2168 do_facet $SINGLEMDS lfs flushctx ||
2169 error "could not run flushctx on $SINGLEMDS"
2171 lfs flushctx || error "could not run flushctx on client"
2173 # verify new key is in place
2174 SK_IDENTITY_NEW=$(lctl get_param *.*.*srpc* | grep "expire" |
2175 head -1 | awk '{print $15}' | cut -c1-8)
2176 if [ $SK_IDENTITY_OLD == $SK_IDENTITY_NEW ]; then
2177 error "key did not rotate correctly"
2179 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2180 error "read after rotation failed"
2183 run_test 28 "check shared key rotation method"
2186 if ! $SHARED_KEY; then
2187 skip "need shared key feature for this test" && return
2189 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2190 skip "test only valid if integrity is active"
2193 mkdir $DIR/$tdir || error "mkdir"
2194 touch $DIR/$tdir/$tfile || error "touch"
2195 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2196 error "unable to umount clients"
2197 do_node ${clients_arr[0]} "keyctl show |
2198 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2199 OLD_SK_PATH=$SK_PATH
2200 export SK_PATH=/dev/null
2201 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2202 export SK_PATH=$OLD_SK_PATH
2203 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tfile"
2204 if [ $? -eq 0 ]; then
2205 error "able to mount and read without key"
2207 error "able to mount without key"
2210 export SK_PATH=$OLD_SK_PATH
2211 do_node ${clients_arr[0]} "keyctl show |
2212 awk '/lustre/ { print \\\$1 }' |
2213 xargs -IX keyctl unlink X"
2215 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2216 error "unable to mount clients"
2218 run_test 29 "check for missing shared key"
2221 if ! $SHARED_KEY; then
2222 skip "need shared key feature for this test" && return
2224 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2225 skip "test only valid if integrity is active"
2227 mkdir -p $DIR/$tdir || error "mkdir failed"
2228 touch $DIR/$tdir/$tdir.out || error "touch failed"
2229 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2230 error "unable to umount clients"
2231 # unload keys from ring
2232 do_node ${clients_arr[0]} "keyctl show |
2233 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2234 # generate key with bogus filesystem name
2235 do_node ${clients_arr[0]} "$LGSS_SK -w $SK_PATH/$FSNAME-bogus.key \
2236 -f $FSNAME.bogus -t client -d /dev/urandom" ||
2237 error "lgss_sk failed (1)"
2238 do_facet $SINGLEMDS lfs flushctx || error "could not run flushctx"
2239 OLD_SK_PATH=$SK_PATH
2240 export SK_PATH=$SK_PATH/$FSNAME-bogus.key
2241 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2242 SK_PATH=$OLD_SK_PATH
2243 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tdir.out"
2244 if [ $? -eq 0 ]; then
2245 error "mount and read file with invalid key"
2247 error "mount with invalid key"
2250 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2251 error "unable to umount clients"
2252 # unload keys from ring
2253 do_node ${clients_arr[0]} "keyctl show |
2254 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2256 SK_PATH=$OLD_SK_PATH
2257 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2258 error "unable to mount clients"
2260 run_test 30 "check for invalid shared key"
2265 mkdir -p $DIR/$tdir || error "mkdir $flvr"
2266 touch $DIR/$tdir/f0 || error "touch $flvr"
2267 ls $DIR/$tdir || error "ls $flvr"
2268 dd if=/dev/zero of=$DIR/$tdir/f0 conv=fsync bs=1M count=10 \
2269 >& /dev/null || error "dd $flvr"
2270 rm -f $DIR/$tdir/f0 || error "rm $flvr"
2271 rmdir $DIR/$tdir || error "rmdir $flvr"
2274 echo 3 > /proc/sys/vm/drop_caches
2278 local save_flvr=$SK_FLAVOR
2280 if ! $SHARED_KEY; then
2281 skip "need shared key feature for this test"
2284 stack_trap restore_to_default_flavor EXIT
2286 for flvr in skn ska ski skpi; do
2289 restore_to_default_flavor || error "cannot set $flvr flavor"
2290 SK_FLAVOR=$save_flvr
2295 run_test 30b "basic test of all different SSK flavors"
2298 local failover_mds1=$1
2301 zconf_umount $HOSTNAME $MOUNT || error "unable to umount client"
2303 # remove ${NETTYPE}999 network on all nodes
2304 do_nodes $(comma_list $(all_nodes)) \
2305 "$LNETCTL net del --net ${NETTYPE}999 && \
2306 $LNETCTL lnet unconfigure 2>/dev/null || true"
2308 # necessary to do writeconf in order to de-register
2309 # @${NETTYPE}999 nid for targets
2311 export KEEP_ZPOOL="true"
2314 do_facet mds1 $TUNEFS --erase-param failover.node $(mdsdevname 1)
2315 if [ -n "$failover_mds1" ]; then
2316 do_facet mds1 $TUNEFS \
2317 --servicenode=$failover_mds1 $(mdsdevname 1)
2319 # If no service node previously existed, setting one in test_31
2320 # added the no_primnode flag to the target. To remove everything
2321 # and clear the flag, add a meaningless failnode and remove it.
2322 do_facet mds1 $TUNEFS \
2323 --failnode=$(do_facet mds1 $LCTL list_nids | head -1) \
2325 do_facet mds1 $TUNEFS \
2326 --erase-param failover.node $(mdsdevname 1)
2329 export SK_MOUNTED=false
2332 export KEEP_ZPOOL="$KZPOOL"
2336 local nid=$(lctl list_nids | grep ${NETTYPE} | head -n1)
2337 local addr=${nid%@*}
2339 local net2=${NETTYPE}999
2340 local mdsnid=$(do_facet mds1 $LCTL list_nids | head -1)
2341 local addr1=${mdsnid%@*}
2342 local addr2=${addr1%.*}.$(((${addr1##*.} + 11) % 256))
2345 export LNETCTL=$(which lnetctl 2> /dev/null)
2347 [ -z "$LNETCTL" ] && skip "without lnetctl support." && return
2348 local_mode && skip "in local mode."
2350 # save mds failover nids for restore at cleanup
2351 failover_mds1=$(do_facet mds1 $TUNEFS --dryrun $(mdsdevname 1))
2352 if [ -n "$failover_mds1" ]; then
2353 failover_mds1=${failover_mds1##*Parameters:}
2354 failover_mds1=${failover_mds1%%exiting*}
2355 failover_mds1=$(echo $failover_mds1 | tr ' ' '\n' |
2356 grep failover.node | cut -d'=' -f2-)
2358 stack_trap "cleanup_31 $failover_mds1" EXIT
2361 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2362 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2364 if $(grep -q $MOUNT' ' /proc/mounts); then
2365 umount_client $MOUNT || error "umount $MOUNT failed"
2368 # check exports on servers are empty for client
2369 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2370 grep -q -" && error "export on MGS should be empty"
2371 do_nodes $(comma_list $(mdts_nodes) $(osts_nodes)) \
2372 "lctl get_param -n *.${FSNAME}*.exports.'$nid'.uuid \
2373 2>/dev/null | grep -q -" &&
2374 error "export on servers should be empty"
2376 # add network $net2 on all nodes
2377 do_nodes $(comma_list $(all_nodes)) \
2378 "$LNETCTL lnet configure && $LNETCTL net add --if \
2379 \$($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2380 {if (inf==1) print \$2; fi; inf=0} /interfaces/{inf=1}') \
2382 error "unable to configure NID $net2"
2384 # necessary to do writeconf in order to register
2385 # new @$net2 nid for targets
2387 export KEEP_ZPOOL="true"
2389 export SK_MOUNTED=false
2392 nids="${addr1}@$net,${addr1}@$net2:${addr2}@$net,${addr2}@$net2"
2393 do_facet mds1 "$TUNEFS --servicenode="$nids" $(mdsdevname 1)" ||
2394 error "tunefs failed"
2396 setupall server_only || echo 1
2397 export KEEP_ZPOOL="$KZPOOL"
2400 local mgsnid_orig=$MGSNID
2401 # compute new MGSNID
2402 MGSNID=$(do_facet mgs "$LCTL list_nids | grep $net2")
2404 # on client, turn LNet Dynamic Discovery on
2405 lnetctl set discovery 1
2407 # mount client with -o network=$net2 option:
2408 # should fail because of LNet Dynamic Discovery
2409 mount_client $MOUNT ${MOUNT_OPTS},network=$net2 &&
2410 error "client mount with '-o network' option should be refused"
2412 # on client, reconfigure LNet and turn LNet Dynamic Discovery off
2413 $LNETCTL net del --net $net2 && lnetctl lnet unconfigure
2416 lnetctl set discovery 0
2418 $LNETCTL lnet configure && $LNETCTL net add --if \
2419 $($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2420 {if (inf==1) print $2; fi; inf=0} /interfaces/{inf=1}') \
2422 error "unable to configure NID $net2 on client"
2424 # mount client with -o network=$net2 option
2425 mount_client $MOUNT ${MOUNT_OPTS},network=$net2 ||
2426 error "unable to remount client"
2431 # check export on MGS
2432 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2434 [ $? -ne 0 ] || error "export for $nid on MGS should not exist"
2437 "lctl get_param -n *.MGS*.exports.'${addr}@$net2'.uuid \
2438 2>/dev/null | grep -"
2440 error "export for ${addr}@$net2 on MGS should exist"
2442 # check {mdc,osc} imports
2443 lctl get_param mdc.${FSNAME}-*.import | grep current_connection |
2446 error "import for mdc should use ${addr1}@$net2"
2447 lctl get_param osc.${FSNAME}-*.import | grep current_connection |
2450 error "import for osc should use ${addr1}@$net2"
2452 # no NIDs on other networks should be listed
2453 lctl get_param mdc.${FSNAME}-*.import | grep failover_nids |
2454 grep -w ".*@$net" &&
2455 error "MDC import shouldn't have failnids at @$net"
2457 # failover NIDs on net999 should be listed
2458 lctl get_param mdc.${FSNAME}-*.import | grep failover_nids |
2459 grep ${addr2}@$net2 ||
2460 error "MDC import should have failnid ${addr2}@$net2"
2462 run_test 31 "client mount option '-o network'"
2466 zconf_umount_clients ${clients_arr[0]} $MOUNT
2468 # disable sk flavor enforcement on MGS
2469 set_rule _mgs any any null
2471 # stop gss daemon on MGS
2472 if ! combined_mgs_mds ; then
2473 send_sigint $mgs_HOST lsvcgssd
2477 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2480 restore_to_default_flavor
2484 if ! $SHARED_KEY; then
2485 skip "need shared key feature for this test"
2488 stack_trap cleanup_32 EXIT
2490 # restore to default null flavor
2491 save_flvr=$SK_FLAVOR
2493 restore_to_default_flavor || error "cannot set null flavor"
2494 SK_FLAVOR=$save_flvr
2497 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2498 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2500 if $(grep -q $MOUNT' ' /proc/mounts); then
2501 umount_client $MOUNT || error "umount $MOUNT failed"
2504 # start gss daemon on MGS
2505 if combined_mgs_mds ; then
2506 send_sigint $mds_HOST lsvcgssd
2508 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2510 # add mgs key type and MGS NIDs in key on MGS
2511 do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
2512 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2513 error "could not modify keyfile on MGS"
2515 # load modified key file on MGS
2516 do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2517 error "could not load keyfile on MGS"
2519 # add MGS NIDs in key on client
2520 do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
2521 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2522 error "could not modify keyfile on MGS"
2524 # set perms for per-nodemap keys else permission denied
2525 do_nodes $(comma_list $(all_nodes)) \
2526 "keyctl show | grep lustre | cut -c1-11 |
2528 xargs -IX keyctl setperm X 0x3f3f3f3f"
2530 # re-mount client with mgssec=skn
2531 save_opts=$MOUNT_OPTS
2532 if [ -z "$MOUNT_OPTS" ]; then
2533 MOUNT_OPTS="-o mgssec=skn"
2535 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2537 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2538 error "mount ${clients_arr[0]} with mgssec=skn failed"
2539 MOUNT_OPTS=$save_opts
2542 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2543 error "umount ${clients_arr[0]} failed"
2545 # enforce ska flavor on MGS
2546 set_rule _mgs any any ska
2548 # re-mount client without mgssec
2549 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2550 error "mount ${clients_arr[0]} without mgssec should fail"
2552 # re-mount client with mgssec=skn
2553 save_opts=$MOUNT_OPTS
2554 if [ -z "$MOUNT_OPTS" ]; then
2555 MOUNT_OPTS="-o mgssec=skn"
2557 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2559 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2560 error "mount ${clients_arr[0]} with mgssec=skn should fail"
2561 MOUNT_OPTS=$save_opts
2563 # re-mount client with mgssec=ska
2564 save_opts=$MOUNT_OPTS
2565 if [ -z "$MOUNT_OPTS" ]; then
2566 MOUNT_OPTS="-o mgssec=ska"
2568 MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
2570 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2571 error "mount ${clients_arr[0]} with mgssec=ska failed"
2572 MOUNT_OPTS=$save_opts
2576 run_test 32 "check for mgssec"
2579 # disable sk flavor enforcement
2580 set_rule $FSNAME any cli2mdt null
2581 wait_flavor cli2mdt null
2584 zconf_umount_clients ${clients_arr[0]} $MOUNT
2586 # stop gss daemon on MGS
2587 if ! combined_mgs_mds ; then
2588 send_sigint $mgs_HOST lsvcgssd
2592 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2595 restore_to_default_flavor
2599 if ! $SHARED_KEY; then
2600 skip "need shared key feature for this test"
2603 stack_trap cleanup_33 EXIT
2605 # restore to default null flavor
2606 save_flvr=$SK_FLAVOR
2608 restore_to_default_flavor || error "cannot set null flavor"
2609 SK_FLAVOR=$save_flvr
2612 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2613 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2615 if $(grep -q $MOUNT' ' /proc/mounts); then
2616 umount_client $MOUNT || error "umount $MOUNT failed"
2619 # start gss daemon on MGS
2620 if combined_mgs_mds ; then
2621 send_sigint $mds_HOST lsvcgssd
2623 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2625 # add mgs key type and MGS NIDs in key on MGS
2626 do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
2627 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2628 error "could not modify keyfile on MGS"
2630 # load modified key file on MGS
2631 do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2632 error "could not load keyfile on MGS"
2634 # add MGS NIDs in key on client
2635 do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
2636 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2637 error "could not modify keyfile on MGS"
2639 # set perms for per-nodemap keys else permission denied
2640 do_nodes $(comma_list $(all_nodes)) \
2641 "keyctl show | grep lustre | cut -c1-11 |
2643 xargs -IX keyctl setperm X 0x3f3f3f3f"
2645 # re-mount client with mgssec=skn
2646 save_opts=$MOUNT_OPTS
2647 if [ -z "$MOUNT_OPTS" ]; then
2648 MOUNT_OPTS="-o mgssec=skn"
2650 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2652 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2653 error "mount ${clients_arr[0]} with mgssec=skn failed"
2654 MOUNT_OPTS=$save_opts
2656 # enforce ska flavor for cli2mdt
2657 set_rule $FSNAME any cli2mdt ska
2658 wait_flavor cli2mdt ska
2660 # check error message
2661 $LCTL dk | grep "faked source" &&
2662 error "MGS connection srpc flags incorrect"
2666 run_test 33 "correct srpc flags for MGS connection"
2669 # restore deny_unknown
2670 do_facet mgs $LCTL nodemap_modify --name default \
2671 --property deny_unknown --value $denydefault
2672 if [ $? -ne 0 ]; then
2673 error_noexit "cannot reset deny_unknown on default nodemap"
2677 wait_nm_sync default deny_unknown
2684 [ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
2685 skip "deny_unknown on default nm not supported before 2.12.51"
2687 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
2689 if [[ "$activedefault" != "1" ]]; then
2690 do_facet mgs $LCTL nodemap_activate 1
2692 stack_trap cleanup_active EXIT
2695 denydefault=$(do_facet mgs $LCTL get_param -n \
2696 nodemap.default.deny_unknown)
2697 [ -z "$denydefault" ] &&
2698 error "cannot get deny_unknown on default nodemap"
2699 if [ "$denydefault" -eq 0 ]; then
2705 do_facet mgs $LCTL nodemap_modify --name default \
2706 --property deny_unknown --value $denynew ||
2707 error "cannot set deny_unknown on default nodemap"
2709 [ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
2711 error "setting deny_unknown on default nodemap did not work"
2713 stack_trap cleanup_34_deny EXIT
2715 wait_nm_sync default deny_unknown
2717 run_test 34 "deny_unknown on default nodemap"
2720 (( $MDS1_VERSION >= $(version_code 2.13.50) )) ||
2721 skip "Need MDS >= 2.13.50"
2723 # activate changelogs
2724 changelog_register || error "changelog_register failed"
2725 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
2726 changelog_users $SINGLEMDS | grep -q $cl_user ||
2727 error "User $cl_user not found in changelog_users"
2728 changelog_chmask ALL
2731 mkdir $DIR/$tdir || error "failed to mkdir $tdir"
2732 touch $DIR/$tdir/$tfile || error "failed to touch $tfile"
2734 # access changelogs with root
2735 changelog_dump || error "failed to dump changelogs"
2736 changelog_clear 0 || error "failed to clear changelogs"
2738 # put clients in non-admin nodemap
2740 stack_trap nodemap_test_cleanup EXIT
2741 for i in $(seq 0 $((num_clients-1))); do
2742 do_facet mgs $LCTL nodemap_modify --name c${i} \
2743 --property admin --value 0
2745 for i in $(seq 0 $((num_clients-1))); do
2746 wait_nm_sync c${i} admin_nodemap
2749 # access with mapped root
2750 changelog_dump && error "dump changelogs should have failed"
2751 changelog_clear 0 && error "clear changelogs should have failed"
2755 run_test 35 "Check permissions when accessing changelogs"
2758 local mode='\x00\x00\x00\x00'
2759 local raw="$(printf ""\\\\x%02x"" {0..63})"
2763 [[ $(lscpu) =~ Byte\ Order.*Little ]] && size='\x40\x00\x00\x00' ||
2764 size='\x00\x00\x00\x40'
2765 key="${mode}${raw}${size}"
2766 echo -n -e "${key}" | keyctl padd logon fscrypt:4242424242424242 @s
2771 sync ; echo 3 > /proc/sys/vm/drop_caches
2778 $LCTL set_param -n ldlm.namespaces.*.lru_size=clear
2779 sync ; echo 3 > /proc/sys/vm/drop_caches
2780 dummy_key=$(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
2781 if [ -n "$dummy_key" ]; then
2782 keyctl revoke $dummy_key
2788 # wait for SSK flavor to be applied if necessary
2791 wait_flavor all2all $SK_FLAVOR
2793 wait_flavor cli2mdt $SK_FLAVOR
2794 wait_flavor cli2ost $SK_FLAVOR
2799 remount_client_normally() {
2800 # remount client without dummy encryption key
2801 if is_mounted $MOUNT; then
2802 umount_client $MOUNT || error "umount $MOUNT failed"
2804 mount_client $MOUNT ${MOUNT_OPTS} ||
2805 error "remount failed"
2807 if is_mounted $MOUNT2; then
2808 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2810 if [ "$MOUNT_2" ]; then
2811 mount_client $MOUNT2 ${MOUNT_OPTS} ||
2812 error "remount failed"
2819 remount_client_dummykey() {
2822 # remount client with dummy encryption key
2823 if is_mounted $MOUNT; then
2824 umount_client $MOUNT || error "umount $MOUNT failed"
2826 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2827 error "remount failed"
2832 setup_for_enc_tests() {
2833 # remount client with test_dummy_encryption option
2834 if is_mounted $MOUNT; then
2835 umount_client $MOUNT || error "umount $MOUNT failed"
2837 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2838 error "mount with '-o test_dummy_encryption' failed"
2842 # this directory will be encrypted, because of dummy mode
2846 cleanup_for_enc_tests() {
2847 rm -rf $DIR/$tdir $*
2849 remount_client_normally
2852 cleanup_nodemap_after_enc_tests() {
2853 umount_client $MOUNT || true
2855 if (( MGS_VERSION >= $(version_code 2.13.55) )); then
2856 do_facet mgs $LCTL nodemap_modify --name default \
2857 --property forbid_encryption --value 0
2858 if (( MGS_VERSION >= $(version_code 2.15.51) )); then
2859 do_facet mgs $LCTL nodemap_modify --name default \
2860 --property readonly_mount --value 0
2863 do_facet mgs $LCTL nodemap_modify --name default \
2864 --property trusted --value 0
2865 do_facet mgs $LCTL nodemap_modify --name default \
2866 --property admin --value 0
2867 do_facet mgs $LCTL nodemap_activate 0
2869 if (( MGS_VERSION >= $(version_code 2.13.55) )); then
2870 wait_nm_sync default forbid_encryption '' inactive
2871 if (( MGS_VERSION >= $(version_code 2.15.51) )); then
2872 wait_nm_sync default readonly_mount '' inactive
2875 wait_nm_sync default trusted_nodemap '' inactive
2876 wait_nm_sync default admin_nodemap '' inactive
2879 mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
2884 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2885 skip "client encryption not supported"
2887 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2888 skip "need dummy encryption support"
2890 stack_trap cleanup_for_enc_tests EXIT
2892 # first make sure it is possible to enable encryption
2893 # when nodemap is not active
2896 umount_client $MOUNT || error "umount $MOUNT failed (1)"
2898 # then activate nodemap, and retry
2899 # should succeed as encryption is not forbidden on default nodemap
2901 stack_trap cleanup_nodemap_after_enc_tests EXIT
2902 do_facet mgs $LCTL nodemap_activate 1
2904 forbid=$(do_facet mgs lctl get_param -n nodemap.default.forbid_encryption)
2905 [ $forbid -eq 0 ] || error "wrong default value for forbid_encryption"
2906 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2907 error "mount '-o test_dummy_encryption' failed with default"
2908 umount_client $MOUNT || error "umount $MOUNT failed (2)"
2910 # then forbid encryption, and retry
2911 do_facet mgs $LCTL nodemap_modify --name default \
2912 --property forbid_encryption --value 1
2913 wait_nm_sync default forbid_encryption
2914 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption &&
2915 error "mount '-o test_dummy_encryption' should have failed"
2918 run_test 36 "control if clients can use encryption"
2921 local testfile=$DIR/$tdir/$tfile
2922 local tmpfile=$TMP/abc
2923 local objdump=$TMP/objdump
2925 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2926 skip "client encryption not supported"
2928 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2929 skip "need dummy encryption support"
2931 [ "$ost1_FSTYPE" = ldiskfs ] || skip "ldiskfs only test (using debugfs)"
2933 stack_trap cleanup_for_enc_tests EXIT
2936 # write a few bytes in file
2937 echo "abc" > $tmpfile
2938 $LFS setstripe -c1 -i0 $testfile
2939 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2940 do_facet ost1 "sync; sync"
2942 # check that content on ost is encrypted
2943 local fid=($($LFS getstripe $testfile | grep 0x))
2944 local seq=${fid[3]#0x}
2948 if [ $seq == 0 ]; then
2951 oid_hex=${fid[2]#0x}
2953 do_facet ost1 "$DEBUGFS -c -R 'cat O/$seq/d$(($oid % 32))/$oid_hex' \
2954 $(ostdevname 1)" > $objdump
2955 cmp -s $objdump $tmpfile &&
2956 error "file $testfile is not encrypted on ost"
2958 # check that in-memory representation of file is correct
2959 cmp -bl ${tmpfile} ${testfile} ||
2960 error "file $testfile is corrupted in memory"
2962 cancel_lru_locks osc ; cancel_lru_locks mdc
2964 # check that file read from server is correct
2965 cmp -bl ${tmpfile} ${testfile} ||
2966 error "file $testfile is corrupted on server"
2968 rm -f $tmpfile $objdump
2970 run_test 37 "simple encrypted file"
2973 local testfile=$DIR/$tdir/$tfile
2974 local tmpfile=$TMP/abc
2978 local pagesz=$(getconf PAGE_SIZE)
2980 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2981 skip "client encryption not supported"
2983 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2984 skip "need dummy encryption support"
2986 stack_trap cleanup_for_enc_tests EXIT
2989 # get block size on ost
2990 blksz=$($LCTL get_param osc.$FSNAME*.import |
2991 awk '/grant_block_size:/ { print $2; exit; }')
2992 # write a few bytes in file at offset $blksz
2993 echo "abc" > $tmpfile
2994 $LFS setstripe -c1 -i0 $testfile
2995 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$blksz \
2996 oflag=seek_bytes conv=fsync
2998 blksz=$(($blksz > $pagesz ? $blksz : $pagesz))
2999 # check that in-memory representation of file is correct
3000 bsize=$(stat --format=%B $testfile)
3001 filesz=$(stat --format=%b $testfile)
3002 filesz=$((filesz*bsize))
3003 [ $filesz -le $blksz ] ||
3004 error "file $testfile is $filesz long in memory"
3006 cancel_lru_locks osc ; cancel_lru_locks mdc
3008 # check that file read from server is correct
3009 bsize=$(stat --format=%B $testfile)
3010 filesz=$(stat --format=%b $testfile)
3011 filesz=$((filesz*bsize))
3012 [ $filesz -le $blksz ] ||
3013 error "file $testfile is $filesz long on server"
3017 run_test 38 "encrypted file with hole"
3020 local testfile=$DIR/$tdir/$tfile
3021 local tmpfile=$TMP/abc
3023 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3024 skip "client encryption not supported"
3026 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3027 skip "need dummy encryption support"
3029 stack_trap cleanup_for_enc_tests EXIT
3032 # write a few bytes in file
3033 echo "abc" > $tmpfile
3034 $LFS setstripe -c1 -i0 $testfile
3035 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
3037 # write a few more bytes in the same page
3038 dd if=$tmpfile of=$testfile bs=4 count=1 seek=1024 oflag=seek_bytes \
3041 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=1024 oflag=seek_bytes \
3044 # check that in-memory representation of file is correct
3045 cmp -bl $tmpfile $testfile ||
3046 error "file $testfile is corrupted in memory"
3048 cancel_lru_locks osc ; cancel_lru_locks mdc
3050 # check that file read from server is correct
3051 cmp -bl $tmpfile $testfile ||
3052 error "file $testfile is corrupted on server"
3056 run_test 39 "rewrite data in already encrypted page"
3059 local testfile=$DIR/$tdir/$tfile
3060 local tmpfile=$TMP/abc
3061 local tmpfile2=$TMP/abc2
3064 #define LUSTRE_ENCRYPTION_UNIT_SIZE (1 << 12)
3065 local UNIT_SIZE=$((1 << 12))
3068 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3069 skip "client encryption not supported"
3071 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3072 skip "need dummy encryption support"
3074 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
3076 stack_trap cleanup_for_enc_tests EXIT
3079 # write a few bytes in file
3080 echo "abc" > $tmpfile
3081 $LFS setstripe -c1 -i0 $testfile
3082 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
3084 # check that in-memory representation of file is correct
3085 cmp -bl $tmpfile $testfile ||
3086 error "file $testfile is corrupted in memory (1)"
3088 cancel_lru_locks osc ; cancel_lru_locks mdc
3090 # check that file read from server is correct
3091 cmp -bl $tmpfile $testfile ||
3092 error "file $testfile is corrupted on server (1)"
3094 # write a few other bytes in same page
3095 dd if=$tmpfile of=$testfile bs=4 count=1 seek=256 oflag=seek_bytes \
3098 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=256 oflag=seek_bytes \
3101 # check that in-memory representation of file is correct
3102 cmp -bl $tmpfile $testfile ||
3103 error "file $testfile is corrupted in memory (2)"
3105 cancel_lru_locks osc ; cancel_lru_locks mdc
3107 # check that file read from server is correct
3108 cmp -bl $tmpfile $testfile ||
3109 error "file $testfile is corrupted on server (2)"
3111 rm -f $testfile $tmpfile
3112 cancel_lru_locks osc ; cancel_lru_locks mdc
3114 # write a few bytes in file, at end of first page
3115 echo "abc" > $tmpfile
3116 $LFS setstripe -c1 -i0 $testfile
3117 seek=$(getconf PAGESIZE)
3119 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3122 # write a few other bytes at beginning of first page
3123 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3125 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3128 # check that in-memory representation of file is correct
3129 cmp -bl $tmpfile $testfile ||
3130 error "file $testfile is corrupted in memory (3)"
3132 cancel_lru_locks osc ; cancel_lru_locks mdc
3134 # check that file read from server is correct
3135 cmp -bl $tmpfile $testfile ||
3136 error "file $testfile is corrupted on server (3)"
3138 rm -f $testfile $tmpfile
3139 cancel_lru_locks osc ; cancel_lru_locks mdc
3141 # write a few bytes in file, at beginning of second page
3142 echo "abc" > $tmpfile
3143 $LFS setstripe -c1 -i0 $testfile
3144 seek=$(getconf PAGESIZE)
3145 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3147 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3150 # write a few other bytes at end of first page
3152 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3154 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3157 # check that in-memory representation of file is correct
3158 cmp -bl $tmpfile2 $testfile ||
3159 error "file $testfile is corrupted in memory (4)"
3161 cancel_lru_locks osc ; cancel_lru_locks mdc
3163 # check that file read from server is correct
3164 cmp -bl $tmpfile2 $testfile ||
3165 error "file $testfile is corrupted on server (4)"
3167 rm -f $testfile $tmpfile $tmpfile2
3168 cancel_lru_locks osc ; cancel_lru_locks mdc
3170 # write a few bytes in file, at beginning of first stripe
3171 echo "abc" > $tmpfile
3172 $LFS setstripe -S 256k -c2 $testfile
3173 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3175 # write a few other bytes, at beginning of second stripe
3176 dd if=$tmpfile of=$testfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3178 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3181 # check that in-memory representation of file is correct
3182 cmp -bl $tmpfile $testfile ||
3183 error "file $testfile is corrupted in memory (5)"
3185 cancel_lru_locks osc ; cancel_lru_locks mdc
3187 # check that file read from server is correct
3188 cmp -bl $tmpfile $testfile ||
3189 error "file $testfile is corrupted on server (5)"
3191 filesz=$(stat --format=%s $testfile)
3192 filesz=$(((filesz+UNIT_SIZE-1)/UNIT_SIZE * UNIT_SIZE))
3194 # remount without dummy encryption key
3195 remount_client_normally
3197 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
3198 [ $(stat --format=%s $scrambledfile) -eq $filesz ] ||
3199 error "file size without key should be rounded up"
3203 run_test 40 "exercise size of encrypted file"
3206 local testfile=$DIR/$tdir/$tfile
3207 local tmpfile=$TMP/abc
3208 local tmpfile2=$TMP/abc2
3211 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3212 skip "client encryption not supported"
3214 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3215 skip "need dummy encryption support"
3217 stack_trap cleanup_for_enc_tests EXIT
3220 echo "abc" > $tmpfile
3221 seek=$(getconf PAGESIZE)
3222 seek=$((seek - 204))
3223 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3225 seek=$(getconf PAGESIZE)
3226 seek=$((seek + 1092))
3227 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3230 # write a few bytes in file
3231 $LFS setstripe -c1 -i0 -S 256k $testfile
3232 seek=$(getconf PAGESIZE)
3233 seek=$((seek - 204))
3234 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3235 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3236 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3240 # write a few other bytes, at a different offset
3241 seek=$(getconf PAGESIZE)
3242 seek=$((seek + 1092))
3243 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3244 conv=fsync,notrunc &
3246 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3248 # check that in-memory representation of file is correct
3249 cmp -bl $tmpfile2 $testfile ||
3250 error "file $testfile is corrupted in memory (1)"
3252 cancel_lru_locks osc ; cancel_lru_locks mdc
3254 # check that file read from server is correct
3255 cmp -bl $tmpfile2 $testfile ||
3256 error "file $testfile is corrupted on server (1)"
3258 rm -f $tmpfile $tmpfile2
3260 run_test 41 "test race on encrypted file size (1)"
3263 local testfile=$DIR/$tdir/$tfile
3264 local testfile2=$DIR2/$tdir/$tfile
3265 local tmpfile=$TMP/abc
3266 local tmpfile2=$TMP/abc2
3267 local pagesz=$(getconf PAGESIZE)
3270 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3271 skip "client encryption not supported"
3273 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3274 skip "need dummy encryption support"
3276 stack_trap cleanup_for_enc_tests EXIT
3279 if is_mounted $MOUNT2; then
3280 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3282 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3283 error "mount2 with '-o test_dummy_encryption' failed"
3285 # create file by writting one whole page
3286 $LFS setstripe -c1 -i0 -S 256k $testfile
3287 dd if=/dev/zero of=$testfile bs=$pagesz count=1 conv=fsync
3289 # read file from 2nd mount point
3290 cat $testfile2 > /dev/null
3292 echo "abc" > $tmpfile
3293 dd if=/dev/zero of=$tmpfile2 bs=$pagesz count=1 conv=fsync
3294 seek=$((2*pagesz - 204))
3295 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3297 seek=$((2*pagesz + 1092))
3298 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3301 # write a few bytes in file from 1st mount point
3302 seek=$((2*pagesz - 204))
3303 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3304 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3305 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3306 conv=fsync,notrunc &
3309 # write a few other bytes, at a different offset from 2nd mount point
3310 seek=$((2*pagesz + 1092))
3311 dd if=$tmpfile of=$testfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3312 conv=fsync,notrunc &
3314 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3316 # check that in-memory representation of file is correct
3317 cmp -bl $tmpfile2 $testfile ||
3318 error "file $testfile is corrupted in memory (1)"
3320 # check that in-memory representation of file is correct
3321 cmp -bl $tmpfile2 $testfile2 ||
3322 error "file $testfile is corrupted in memory (2)"
3324 cancel_lru_locks osc ; cancel_lru_locks mdc
3326 # check that file read from server is correct
3327 cmp -bl $tmpfile2 $testfile ||
3328 error "file $testfile is corrupted on server (1)"
3330 rm -f $tmpfile $tmpfile2
3332 run_test 42 "test race on encrypted file size (2)"
3335 local testfile=$DIR/$tdir/$tfile
3336 local testfile2=$DIR2/$tdir/$tfile
3337 local tmpfile=$TMP/abc
3338 local tmpfile2=$TMP/abc2
3339 local resfile=$TMP/res
3340 local pagesz=$(getconf PAGESIZE)
3343 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3344 skip "client encryption not supported"
3346 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3347 skip "need dummy encryption support"
3349 stack_trap cleanup_for_enc_tests EXIT
3352 if is_mounted $MOUNT2; then
3353 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3355 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3356 error "mount2 with '-o test_dummy_encryption' failed"
3359 tr '\0' '1' < /dev/zero |
3360 dd of=$tmpfile bs=1 count=$pagesz conv=fsync
3361 $LFS setstripe -c1 -i0 -S 256k $testfile
3362 cp $tmpfile $testfile
3364 # read file from 2nd mount point
3365 cat $testfile2 > /dev/null
3367 # write a few bytes in file from 1st mount point
3368 echo "abc" > $tmpfile2
3369 seek=$((2*pagesz - 204))
3370 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3371 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3372 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3373 conv=fsync,notrunc &
3376 # read file from 2nd mount point
3377 dd if=$testfile2 of=$resfile bs=$pagesz count=1 conv=fsync,notrunc
3378 cmp -bl $tmpfile $resfile ||
3379 error "file $testfile is corrupted in memory (1)"
3382 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3384 # check that in-memory representation of file is correct
3385 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3387 cmp -bl $tmpfile $testfile2 ||
3388 error "file $testfile is corrupted in memory (2)"
3390 cancel_lru_locks osc ; cancel_lru_locks mdc
3392 # check that file read from server is correct
3393 cmp -bl $tmpfile $testfile ||
3394 error "file $testfile is corrupted on server (1)"
3396 rm -f $tmpfile $tmpfile2
3398 run_test 43 "test race on encrypted file size (3)"
3401 local testfile=$DIR/$tdir/$tfile
3402 local tmpfile=$TMP/abc
3403 local resfile=$TMP/resfile
3404 local pagesz=$(getconf PAGESIZE)
3407 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3408 skip "client encryption not supported"
3410 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3411 skip "need dummy encryption support"
3413 which vmtouch || skip "This test needs vmtouch utility"
3415 # Direct I/O is now supported on encrypted files.
3417 stack_trap cleanup_for_enc_tests EXIT
3420 $LFS setstripe -c1 -i0 $testfile
3421 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=2 conv=fsync
3422 dd if=$tmpfile of=$testfile bs=$pagesz count=2 oflag=direct ||
3423 error "could not write to file with O_DIRECT (1)"
3425 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3426 [ "$respage" == "0/2" ] ||
3427 error "write to enc file fell back to buffered IO"
3431 dd if=$testfile of=$resfile bs=$pagesz count=2 iflag=direct ||
3432 error "could not read from file with O_DIRECT (1)"
3434 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3435 [ "$respage" == "0/2" ] ||
3436 error "read from enc file fell back to buffered IO"
3438 cmp -bl $tmpfile $resfile ||
3439 error "file $testfile is corrupted (1)"
3443 $TRUNCATE $tmpfile $pagesz
3444 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=13 oflag=direct ||
3445 error "could not write to file with O_DIRECT (2)"
3449 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=13 iflag=direct ||
3450 error "could not read from file with O_DIRECT (2)"
3451 cmp -bl $tmpfile $resfile ||
3452 error "file $testfile is corrupted (2)"
3454 rm -f $testfile $resfile
3455 $LFS setstripe -c1 -i0 $testfile
3457 $TRUNCATE $tmpfile $((pagesz/2 - 5))
3458 cp $tmpfile $testfile
3462 dd if=$testfile of=$resfile bs=$pagesz count=1 iflag=direct ||
3463 error "could not read from file with O_DIRECT (3)"
3464 cmp -bl $tmpfile $resfile ||
3465 error "file $testfile is corrupted (3)"
3467 rm -f $tmpfile $resfile $testfile
3469 if [ $OSTCOUNT -ge 2 ]; then
3470 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=1 conv=fsync
3471 $LFS setstripe -S 256k -c2 $testfile
3473 # write in file, at beginning of first stripe, buffered IO
3474 dd if=$tmpfile of=$testfile bs=$pagesz count=1 \
3477 # write at beginning of second stripe, direct IO
3478 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=256k \
3479 oflag=seek_bytes,direct conv=fsync,notrunc
3483 # read at beginning of first stripe, direct IO
3484 dd if=$testfile of=$resfile bs=$pagesz count=1 \
3485 iflag=direct conv=fsync
3487 cmp -bl $tmpfile $resfile ||
3488 error "file $testfile is corrupted (4)"
3490 # read at beginning of second stripe, buffered IO
3491 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=256k \
3492 iflag=skip_bytes conv=fsync
3494 cmp -bl $tmpfile $resfile ||
3495 error "file $testfile is corrupted (5)"
3497 rm -f $tmpfile $resfile
3500 run_test 44 "encrypted file access semantics: direct IO"
3503 local testfile=$DIR/$tdir/$tfile
3504 local tmpfile=$TMP/junk
3506 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3507 skip "client encryption not supported"
3509 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3510 skip "need dummy encryption support"
3512 stack_trap cleanup_for_enc_tests EXIT
3515 $LFS setstripe -c1 -i0 $testfile
3516 dd if=/dev/zero of=$testfile bs=512K count=1
3517 $MULTIOP $testfile OSMRUc || error "$MULTIOP $testfile failed (1)"
3518 $MULTIOP $testfile OSMWUc || error "$MULTIOP $testfile failed (2)"
3520 dd if=/dev/zero of=$tmpfile bs=512K count=1
3521 $MULTIOP $tmpfile OSMWUc || error "$MULTIOP $tmpfile failed"
3522 $MMAP_CAT $tmpfile > ${tmpfile}2
3526 $MULTIOP $testfile OSMRUc
3527 $MMAP_CAT $testfile > ${testfile}2
3528 cmp -bl ${tmpfile}2 ${testfile}2 ||
3529 error "file $testfile is corrupted"
3531 rm -f $tmpfile ${tmpfile}2
3533 run_test 45 "encrypted file access semantics: MMAP"
3536 local testdir=$DIR/$tdir/mydir
3537 local testfile=$testdir/myfile
3538 local testdir2=$DIR/$tdir/mydirwithaveryverylongnametotestcodebehaviour0
3539 local testfile2=$testdir/myfilewithaveryverylongnametotestcodebehaviour0
3540 # testdir3, testfile3, testhl3 and testsl3 names are 255 bytes long
3541 local testdir3=$testdir2/dir_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz012345678
3542 local testfile3=$testdir2/file_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01234567
3543 local testhl3=$testdir2/hl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3544 local testsl3=$testdir2/sl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3545 local lsfile=$TMP/lsfile
3550 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3551 skip "client encryption not supported"
3553 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3554 skip "need dummy encryption support"
3556 stack_trap cleanup_for_enc_tests EXIT
3559 touch $DIR/$tdir/$tfile
3561 echo test > $testfile
3562 echo othertest > $testfile2
3563 if [[ $MDSCOUNT -gt 1 ]]; then
3564 $LFS setdirstripe -c1 -i1 $testdir2
3568 inum=$(stat -c %i $testdir2)
3569 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3570 # For now, restrict this part of the test to ldiskfs backend,
3571 # as osd-zfs does not support 255 byte-long encrypted names.
3572 mkdir $testdir3 || error "cannot mkdir $testdir3"
3573 touch $testfile3 || error "cannot touch $testfile3"
3574 ln $testfile3 $testhl3 || error "cannot ln $testhl3"
3575 ln -s $testfile3 $testsl3 || error "cannot ln $testsl3"
3577 sync ; echo 3 > /proc/sys/vm/drop_caches
3579 # remount without dummy encryption key
3580 remount_client_normally
3583 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -inum $inum)
3584 stat $scrambleddir || error "stat $scrambleddir failed"
3585 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3586 stat $scrambleddir/* || error "cannot stat in $scrambleddir"
3587 rm -rf $scrambleddir/* || error "cannot clean in $scrambleddir"
3589 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3591 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3592 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (1)"
3594 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3595 stat $scrambledfile || error "stat $scrambledfile failed (1)"
3598 cat $scrambledfile && error "cat $scrambledfile should have failed (1)"
3599 rm -f $scrambledfile || error "rm $scrambledfile failed (1)"
3601 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (2)"
3602 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3603 stat $scrambledfile || error "stat $scrambledfile failed (2)"
3605 cat $scrambledfile && error "cat $scrambledfile should have failed (2)"
3607 touch $scrambleddir/otherfile &&
3608 error "touch otherfile should have failed"
3609 ls $scrambleddir/otherfile && error "otherfile should not exist"
3610 mkdir $scrambleddir/otherdir &&
3611 error "mkdir otherdir should have failed"
3612 ls -d $scrambleddir/otherdir && error "otherdir should not exist"
3615 rm -f $scrambledfile || error "rm $scrambledfile failed (2)"
3616 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3619 run_test 46 "encrypted file access semantics without key"
3622 local testfile=$DIR/$tdir/$tfile
3623 local testfile2=$DIR/$tdir/${tfile}.2
3624 local tmpfile=$DIR/junk
3629 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3630 skip "client encryption not supported"
3632 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3633 skip "need dummy encryption support"
3635 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption ||
3638 stack_trap cleanup_for_enc_tests EXIT
3641 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3642 mrename $tmpfile $testfile &&
3643 error "rename from unencrypted to encrypted dir should fail"
3645 ln $tmpfile $testfile &&
3646 error "link from encrypted to unencrypted dir should fail"
3648 cp $tmpfile $testfile ||
3649 error "cp from unencrypted to encrypted dir should succeed"
3652 mrename $testfile $testfile2 ||
3653 error "rename from within encrypted dir should succeed"
3655 ln $testfile2 $testfile ||
3656 error "link from within encrypted dir should succeed"
3657 cmp -bl $testfile2 $testfile ||
3658 error "cannot read from hard link (1.1)"
3659 echo a >> $testfile || error "cannot write to hard link (1)"
3661 cmp -bl $testfile2 $testfile ||
3662 error "cannot read from hard link (1.2)"
3665 ln $testfile2 $tmpfile ||
3666 error "link from unencrypted to encrypted dir should succeed"
3668 cmp -bl $testfile2 $tmpfile ||
3669 error "cannot read from hard link (2.1)"
3670 echo a >> $tmpfile || error "cannot write to hard link (2)"
3672 cmp -bl $testfile2 $tmpfile ||
3673 error "cannot read from hard link (2.2)"
3676 if [ $name_enc -eq 1 ]; then
3677 # check we are limited in the number of hard links
3678 # we can create for encrypted files, to what can fit into LinkEA
3679 for i in $(seq 1 160); do
3680 ln $testfile2 ${testfile}_$i || break
3682 [ $i -lt 160 ] || error "hard link $i should fail"
3686 mrename $testfile2 $tmpfile &&
3687 error "rename from encrypted to unencrypted dir should fail"
3689 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3691 dd if=/dev/urandom of=$testfile bs=512K count=1
3692 mkdir $DIR/$tdir/mydir
3694 ln -s $testfile ${testfile}.sym ||
3695 error "symlink from within encrypted dir should succeed"
3697 cmp -bl $testfile ${testfile}.sym ||
3698 error "cannot read from sym link (1.1)"
3699 echo a >> ${testfile}.sym || error "cannot write to sym link (1)"
3701 cmp -bl $testfile ${testfile}.sym ||
3702 error "cannot read from sym link (1.2)"
3703 [ $(stat -c %s ${testfile}.sym) -eq ${#testfile} ] ||
3704 error "wrong symlink size (1)"
3706 ln -s $tmpfile ${testfile}.sl ||
3707 error "symlink from encrypted to unencrypted dir should succeed"
3709 cmp -bl $tmpfile ${testfile}.sl ||
3710 error "cannot read from sym link (2.1)"
3711 echo a >> ${testfile}.sl || error "cannot write to sym link (2)"
3713 cmp -bl $tmpfile ${testfile}.sl ||
3714 error "cannot read from sym link (2.2)"
3715 [ $(stat -c %s ${testfile}.sl) -eq ${#tmpfile} ] ||
3716 error "wrong symlink size (2)"
3717 rm -f ${testfile}.sl
3719 sync ; echo 3 > /proc/sys/vm/drop_caches
3721 # remount without dummy encryption key
3722 remount_client_normally
3724 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3725 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3726 scrambledlink=$(find $DIR/$tdir/ -maxdepth 1 -type l)
3727 ln $scrambledfile $scrambleddir/linkfile &&
3728 error "ln linkfile should have failed"
3729 mrename $scrambledfile $DIR/onefile2 &&
3730 error "mrename from $scrambledfile should have failed"
3732 mrename $DIR/onefile $scrambleddir/otherfile &&
3733 error "mrename to $scrambleddir should have failed"
3734 readlink $scrambledlink ||
3735 error "link should be read without key"
3736 [ $(stat -c %s $scrambledlink) -eq \
3737 $(expr length "$(readlink $scrambledlink)") ] ||
3738 error "wrong symlink size without key"
3739 if [ $name_enc -eq 1 ]; then
3740 readlink -e $scrambledlink &&
3741 error "link should not point to anywhere useful"
3743 ln -s $scrambledfile ${scrambledfile}.sym &&
3744 error "symlink without key should fail (1)"
3745 ln -s $tmpfile ${scrambledfile}.sl &&
3746 error "symlink without key should fail (2)"
3748 rm -f $tmpfile $DIR/onefile
3750 run_test 47 "encrypted file access semantics: rename/link"
3753 local save="$TMP/$TESTSUITE-$TESTNAME.parameters"
3754 local testfile=$DIR/$tdir/$tfile
3755 local tmpfile=$TMP/111
3756 local tmpfile2=$TMP/abc
3757 local pagesz=$(getconf PAGESIZE)
3762 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3763 skip "client encryption not supported"
3765 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3766 skip "need dummy encryption support"
3768 stack_trap cleanup_for_enc_tests EXIT
3771 # create file, 4 x PAGE_SIZE long
3772 tr '\0' '1' < /dev/zero |
3773 dd of=$tmpfile bs=1 count=4x$pagesz conv=fsync
3774 $LFS setstripe -c1 -i0 $testfile
3775 cp $tmpfile $testfile
3776 echo "abc" > $tmpfile2
3778 # decrease size: truncate to PAGE_SIZE
3779 $TRUNCATE $tmpfile $pagesz
3780 $TRUNCATE $testfile $pagesz
3781 cancel_lru_locks osc ; cancel_lru_locks mdc
3782 cmp -bl $tmpfile $testfile ||
3783 error "file $testfile is corrupted (1)"
3785 # increase size: truncate to 2 x PAGE_SIZE
3787 $TRUNCATE $tmpfile $sz
3788 $TRUNCATE $testfile $sz
3789 cancel_lru_locks osc ; cancel_lru_locks mdc
3790 cmp -bl $tmpfile $testfile ||
3791 error "file $testfile is corrupted (2)"
3794 seek=$((pagesz+100))
3795 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3797 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3799 cancel_lru_locks osc ; cancel_lru_locks mdc
3800 cmp -bl $tmpfile $testfile ||
3801 error "file $testfile is corrupted (3)"
3803 # truncate to PAGE_SIZE / 2
3805 $TRUNCATE $tmpfile $sz
3806 $TRUNCATE $testfile $sz
3807 cancel_lru_locks osc ; cancel_lru_locks mdc
3808 cmp -bl $tmpfile $testfile ||
3809 error "file $testfile is corrupted (4)"
3811 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3813 $TRUNCATE $tmpfile $sz
3814 $TRUNCATE $testfile $sz
3815 cancel_lru_locks osc ; cancel_lru_locks mdc
3816 cmp -bl $tmpfile $testfile ||
3817 error "file $testfile is corrupted (5)"
3819 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3821 $TRUNCATE $tmpfile $sz
3822 $TRUNCATE $testfile $sz
3823 cancel_lru_locks osc ; cancel_lru_locks mdc
3824 cmp -bl $tmpfile $testfile ||
3825 error "file $testfile is corrupted (6)"
3827 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3828 sz=$((sz+pagesz+30))
3829 $TRUNCATE $tmpfile $sz
3830 $TRUNCATE $testfile $sz
3831 cancel_lru_locks osc ; cancel_lru_locks mdc
3832 cmp -bl $tmpfile $testfile ||
3833 error "file $testfile is corrupted (7)"
3835 sync ; echo 3 > /proc/sys/vm/drop_caches
3837 # remount without dummy encryption key
3838 remount_client_normally
3840 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3841 $TRUNCATE $scrambledfile 0 &&
3842 error "truncate $scrambledfile should have failed without key"
3844 rm -f $tmpfile $tmpfile2
3846 run_test 48a "encrypted file access semantics: truncate"
3848 cleanup_for_enc_tests_othercli() {
3851 # remount othercli normally
3852 zconf_umount $othercli $MOUNT ||
3853 error "umount $othercli $MOUNT failed"
3854 zconf_mount $othercli $MOUNT ||
3855 error "remount $othercli $MOUNT failed"
3861 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3862 skip "client encryption not supported"
3864 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3865 skip "need dummy encryption support"
3867 [ "$num_clients" -ge 2 ] || skip "Need at least 2 clients"
3869 if [ "$HOSTNAME" == ${clients_arr[0]} ]; then
3870 othercli=${clients_arr[1]}
3872 othercli=${clients_arr[0]}
3875 stack_trap cleanup_for_enc_tests EXIT
3876 stack_trap "cleanup_for_enc_tests_othercli $othercli" EXIT
3878 zconf_umount $othercli $MOUNT ||
3879 error "umount $othercli $MOUNT failed"
3881 cp /bin/sleep $DIR/$tdir/
3882 cancel_lru_locks osc ; cancel_lru_locks mdc
3883 $DIR/$tdir/sleep 30 &
3884 # mount and IOs must be done in the same shell session, otherwise
3885 # encryption key in session keyring is missing
3886 do_node $othercli "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3887 $MGSNID:/$FSNAME $MOUNT && \
3888 $TRUNCATE $DIR/$tdir/sleep 7"
3889 wait || error "wait error"
3890 cmp --silent /bin/sleep $DIR/$tdir/sleep ||
3891 error "/bin/sleep and $DIR/$tdir/sleep differ"
3893 run_test 48b "encrypted file: concurrent truncate"
3899 $LCTL set_param debug=+info
3904 [ $? -eq 0 ] || error "$cmd failed"
3906 if [ -z "$MATCHING_STRING" ]; then
3907 $LCTL dk | grep -E "get xattr 'encryption.c'|get xattrs"
3909 $LCTL dk | grep -E "$MATCHING_STRING"
3911 [ $? -ne 0 ] || error "get xattr event was triggered"
3915 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3916 skip "client encryption not supported"
3918 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3919 skip "need dummy encryption support"
3921 stack_trap cleanup_for_enc_tests EXIT
3924 local dirname=$DIR/$tdir/subdir
3928 trace_cmd stat $dirname
3929 trace_cmd echo a > $dirname/f1
3930 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3931 trace_cmd stat $dirname/f1
3932 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3933 trace_cmd cat $dirname/f1
3934 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3935 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3936 MATCHING_STRING="get xattr 'encryption.c'" \
3937 trace_cmd $TRUNCATE $dirname/f1 10240
3938 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3939 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3940 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3942 if [[ $MDSCOUNT -gt 1 ]]; then
3943 trace_cmd $LFS setdirstripe -i 1 $dirname/d2
3944 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3945 trace_cmd $LFS migrate -m 0 $dirname/d2
3946 echo b > $dirname/d2/subf
3947 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3948 if (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )); then
3949 # migrate a non-empty encrypted dir
3950 trace_cmd $LFS migrate -m 1 $dirname/d2
3951 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3952 [ -f $dirname/d2/subf ] || error "migrate failed (1)"
3953 [ $(cat $dirname/d2/subf) == "b" ] ||
3954 error "migrate failed (2)"
3957 $LFS setdirstripe -i 1 -c 1 $dirname/d3
3958 dirname=$dirname/d3/subdir
3960 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3961 trace_cmd stat $dirname
3962 trace_cmd echo c > $dirname/f1
3963 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3964 trace_cmd stat $dirname/f1
3965 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3966 trace_cmd cat $dirname/f1
3967 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3968 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3969 MATCHING_STRING="get xattr 'encryption.c'" \
3970 trace_cmd $TRUNCATE $dirname/f1 10240
3971 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3972 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3973 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3975 skip_noexit "2nd part needs >= 2 MDTs"
3978 run_test 49 "Avoid getxattr for encryption context"
3981 local testfile=$DIR/$tdir/$tfile
3982 local tmpfile=$TMP/abc
3983 local pagesz=$(getconf PAGESIZE)
3986 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3987 skip "client encryption not supported"
3989 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3990 skip "need dummy encryption support"
3992 stack_trap cleanup_for_enc_tests EXIT
3995 # write small file, data on MDT only
3996 tr '\0' '1' < /dev/zero |
3997 dd of=$tmpfile bs=1 count=5000 conv=fsync
3998 $LFS setstripe -E 1M -L mdt -E EOF $testfile
3999 cp $tmpfile $testfile
4001 # check that in-memory representation of file is correct
4002 cmp -bl $tmpfile $testfile ||
4003 error "file $testfile is corrupted in memory"
4005 remove_enc_key ; insert_enc_key
4007 # check that file read from server is correct
4008 cmp -bl $tmpfile $testfile ||
4009 error "file $testfile is corrupted on server"
4011 # decrease size: truncate to PAGE_SIZE
4012 $TRUNCATE $tmpfile $pagesz
4013 $TRUNCATE $testfile $pagesz
4014 remove_enc_key ; insert_enc_key
4015 cmp -bl $tmpfile $testfile ||
4016 error "file $testfile is corrupted (1)"
4018 # increase size: truncate to 2 x PAGE_SIZE
4020 $TRUNCATE $tmpfile $sz
4021 $TRUNCATE $testfile $sz
4022 remove_enc_key ; insert_enc_key
4023 cmp -bl $tmpfile $testfile ||
4024 error "file $testfile is corrupted (2)"
4026 # truncate to PAGE_SIZE / 2
4028 $TRUNCATE $tmpfile $sz
4029 $TRUNCATE $testfile $sz
4030 remove_enc_key ; insert_enc_key
4031 cmp -bl $tmpfile $testfile ||
4032 error "file $testfile is corrupted (3)"
4034 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
4036 $TRUNCATE $tmpfile $sz
4037 $TRUNCATE $testfile $sz
4038 remove_enc_key ; insert_enc_key
4039 cmp -bl $tmpfile $testfile ||
4040 error "file $testfile is corrupted (4)"
4042 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
4044 $TRUNCATE $tmpfile $sz
4045 $TRUNCATE $testfile $sz
4046 remove_enc_key ; insert_enc_key
4047 cmp -bl $tmpfile $testfile ||
4048 error "file $testfile is corrupted (5)"
4050 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
4051 sz=$((sz+pagesz+30))
4052 $TRUNCATE $tmpfile $sz
4053 $TRUNCATE $testfile $sz
4054 remove_enc_key ; insert_enc_key
4055 cmp -bl $tmpfile $testfile ||
4056 error "file $testfile is corrupted (6)"
4059 remove_enc_key ; insert_enc_key
4061 # write hole in file, data spread on MDT and OST
4062 tr '\0' '2' < /dev/zero |
4063 dd of=$tmpfile bs=1 count=1539 seek=1539074 conv=fsync,notrunc
4064 $LFS setstripe -E 1M -L mdt -E EOF $testfile
4065 cp --sparse=always $tmpfile $testfile
4067 # check that in-memory representation of file is correct
4068 cmp -bl $tmpfile $testfile ||
4069 error "file $testfile is corrupted in memory"
4071 remove_enc_key ; insert_enc_key
4073 # check that file read from server is correct
4074 cmp -bl $tmpfile $testfile ||
4075 error "file $testfile is corrupted on server"
4077 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4078 # inside OST part of data
4079 sz=$((1024*1024+13))
4080 $TRUNCATE $tmpfile $sz
4081 $TRUNCATE $testfile $sz
4082 remove_enc_key ; insert_enc_key
4083 cmp -bl $tmpfile $testfile ||
4084 error "file $testfile is corrupted (7)"
4086 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4087 # inside MDT part of data
4089 $TRUNCATE $tmpfile $sz
4090 $TRUNCATE $testfile $sz
4091 remove_enc_key ; insert_enc_key
4092 cmp -bl $tmpfile $testfile ||
4093 error "file $testfile is corrupted (8)"
4095 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4096 # inside MDT part of data
4097 sz=$((1024*1024-13))
4098 $TRUNCATE $tmpfile $sz
4099 $TRUNCATE $testfile $sz
4100 remove_enc_key ; insert_enc_key
4101 cmp -bl $tmpfile $testfile ||
4102 error "file $testfile is corrupted (9)"
4104 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4105 # inside OST part of data
4107 $TRUNCATE $tmpfile $sz
4108 $TRUNCATE $testfile $sz
4109 remove_enc_key ; insert_enc_key
4110 cmp -bl $tmpfile $testfile ||
4111 error "file $testfile is corrupted (10)"
4115 run_test 50 "DoM encrypted file"
4118 [ "$MDS1_VERSION" -gt $(version_code 2.13.53) ] ||
4119 skip "Need MDS version at least 2.13.53"
4121 mkdir $DIR/$tdir || error "mkdir $tdir"
4123 touch $DIR/$tdir/$tfile || error "touch $tfile"
4124 cp $(which chown) $DIR/$tdir || error "cp chown"
4125 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile &&
4126 error "chown $tfile should fail"
4127 setcap 'CAP_CHOWN=ep' $DIR/$tdir/chown || error "setcap CAP_CHOWN"
4128 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile ||
4129 error "chown $tfile"
4130 rm $DIR/$tdir/$tfile || error "rm $tfile"
4132 touch $DIR/$tdir/$tfile || error "touch $tfile"
4133 cp $(which touch) $DIR/$tdir || error "cp touch"
4134 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile &&
4135 error "touch should fail"
4136 setcap 'CAP_FOWNER=ep' $DIR/$tdir/touch || error "setcap CAP_FOWNER"
4137 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile ||
4138 error "touch $tfile"
4139 rm $DIR/$tdir/$tfile || error "rm $tfile"
4142 for cap in "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"; do
4143 touch $DIR/$tdir/$tfile || error "touch $tfile"
4144 chmod 600 $DIR/$tdir/$tfile || error "chmod $tfile"
4145 cp $(which cat) $DIR/$tdir || error "cp cat"
4146 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile &&
4147 error "cat should fail"
4148 setcap $cap=ep $DIR/$tdir/cat || error "setcap $cap"
4149 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile ||
4151 rm $DIR/$tdir/$tfile || error "rm $tfile"
4154 run_test 51 "FS capabilities ==============="
4157 local testfile=$DIR/$tdir/$tfile
4158 local tmpfile=$TMP/$tfile
4159 local mirror1=$TMP/$tfile.mirror1
4160 local mirror2=$TMP/$tfile.mirror2
4162 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4163 skip "client encryption not supported"
4165 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4166 skip "need dummy encryption support"
4168 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4170 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4173 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4175 $LFS mirror create -N -i0 -N -i1 $testfile ||
4176 error "could not create mirror"
4178 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4179 error "could not write to $testfile"
4181 $LFS mirror resync $testfile ||
4182 error "could not resync mirror"
4184 $LFS mirror verify -v $testfile ||
4185 error "verify mirror failed"
4187 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4188 error "could not read from mirror 1"
4190 cmp -bl $tmpfile $mirror1 ||
4191 error "mirror 1 is corrupted"
4193 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4194 error "could not read from mirror 2"
4196 cmp -bl $tmpfile $mirror2 ||
4197 error "mirror 2 is corrupted"
4199 tr '\0' '2' < /dev/zero |
4200 dd of=$tmpfile bs=1 count=9000 conv=fsync
4202 $LFS mirror write -N 1 -i $tmpfile $testfile ||
4203 error "could not write to mirror 1"
4205 $LFS mirror verify -v $testfile &&
4206 error "mirrors should be different"
4208 rm -f $testfile $mirror1 $mirror2
4210 $LFS setstripe -c1 -i0 $testfile
4211 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
4212 error "write to $testfile failed"
4213 $LFS getstripe $testfile
4216 $LFS migrate -i1 $testfile ||
4217 error "migrate $testfile failed"
4218 $LFS getstripe $testfile
4219 stripe=$($LFS getstripe -i $testfile)
4220 [ $stripe -eq 1 ] || error "migrate file $testfile failed"
4223 cmp -bl $tmpfile $testfile ||
4224 error "migrated file is corrupted"
4226 $LFS mirror extend -N -i0 $testfile ||
4227 error "mirror extend $testfile failed"
4228 $LFS getstripe $testfile
4229 mirror_count=$($LFS getstripe -N $testfile)
4230 [ $mirror_count -eq 2 ] ||
4231 error "mirror extend file $testfile failed (1)"
4232 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4233 [ $stripe -eq 1 ] || error "mirror extend file $testfile failed (2)"
4234 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4235 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4238 $LFS mirror verify -v $testfile ||
4239 error "mirror verify failed"
4240 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4241 error "read from mirror 1 failed"
4242 cmp -bl $tmpfile $mirror1 ||
4243 error "corruption of mirror 1"
4244 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4245 error "read from mirror 2 failed"
4246 cmp -bl $tmpfile $mirror2 ||
4247 error "corruption of mirror 2"
4249 $LFS mirror split --mirror-id 1 -f ${testfile}.mirror $testfile &&
4250 error "mirror split -f should fail"
4252 $LFS mirror split --mirror-id 1 $testfile &&
4253 error "mirror split without -d should fail"
4255 $LFS mirror split --mirror-id 1 -d $testfile ||
4256 error "mirror split failed"
4257 $LFS getstripe $testfile
4258 mirror_count=$($LFS getstripe -N $testfile)
4259 [ $mirror_count -eq 1 ] ||
4260 error "mirror split file $testfile failed (1)"
4261 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4262 [ -z "$stripe" ] || error "mirror extend file $testfile failed (2)"
4263 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4264 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4267 cmp -bl $tmpfile $testfile ||
4268 error "extended/split file is corrupted"
4270 run_test 52 "Mirrored encrypted file"
4273 local testfile=$DIR/$tdir/$tfile
4274 local testfile2=$DIR2/$tdir/$tfile
4275 local tmpfile=$TMP/$tfile.tmp
4276 local resfile=$TMP/$tfile.res
4280 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4281 skip "client encryption not supported"
4283 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4284 skip "need dummy encryption support"
4286 pagesz=$(getconf PAGESIZE)
4287 [[ $pagesz == 65536 ]] || skip "Need 64K PAGE_SIZE client"
4289 do_node $mds1_HOST \
4290 "mount.lustre --help |& grep -q 'test_dummy_encryption:'" ||
4291 skip "need dummy encryption support on MDS client mount"
4293 # this test is probably useless now, but may turn out to be useful when
4294 # Lustre supports servers with PAGE_SIZE != 4KB
4295 pagesz=$(do_node $mds1_HOST getconf PAGESIZE)
4296 [[ $pagesz == 4096 ]] || skip "Need 4K PAGE_SIZE MDS client"
4298 stack_trap cleanup_for_enc_tests EXIT
4299 stack_trap "zconf_umount $mds1_HOST $MOUNT2" EXIT
4302 $LFS setstripe -c1 -i0 $testfile
4304 # write from 1st client
4305 cat /dev/urandom | tr -dc 'a-zA-Z0-9' |
4306 dd of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4307 dd if=$tmpfile of=$testfile bs=$((pagesz+3)) count=2 conv=fsync ||
4308 error "could not write to $testfile (1)"
4310 # read from 2nd client
4311 # mount and IOs must be done in the same shell session, otherwise
4312 # encryption key in session keyring is missing
4313 do_node $mds1_HOST "mkdir -p $MOUNT2"
4314 do_node $mds1_HOST \
4315 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4316 $MGSNID:/$FSNAME $MOUNT2 && \
4317 dd if=$testfile2 of=$resfile bs=$((pagesz+3)) count=2" ||
4318 error "could not read from $testfile2 (1)"
4321 filemd5=$(do_node $mds1_HOST md5sum $resfile | awk '{print $1}')
4322 [ $filemd5 = $(md5sum $tmpfile | awk '{print $1}') ] ||
4323 error "file is corrupted (1)"
4324 do_node $mds1_HOST rm -f $resfile
4327 # truncate from 2nd client
4328 $TRUNCATE $tmpfile $((pagesz+3))
4329 zconf_umount $mds1_HOST $MOUNT2 ||
4330 error "umount $mds1_HOST $MOUNT2 failed (1)"
4331 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4332 $MGSNID:/$FSNAME $MOUNT2 && \
4333 $TRUNCATE $testfile2 $((pagesz+3))" ||
4334 error "could not truncate $testfile2 (1)"
4337 cmp -bl $tmpfile $testfile ||
4338 error "file is corrupted (2)"
4339 rm -f $tmpfile $testfile
4341 zconf_umount $mds1_HOST $MOUNT2 ||
4342 error "umount $mds1_HOST $MOUNT2 failed (2)"
4345 do_node $mds1_HOST \
4346 dd if=/dev/urandom of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4347 # write from 2nd client
4348 do_node $mds1_HOST \
4349 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4350 $MGSNID:/$FSNAME $MOUNT2 && \
4351 dd if=$tmpfile of=$testfile2 bs=$((pagesz+3)) count=2 conv=fsync" ||
4352 error "could not write to $testfile2 (2)"
4354 # read from 1st client
4355 dd if=$testfile of=$resfile bs=$((pagesz+3)) count=2 ||
4356 error "could not read from $testfile (2)"
4359 filemd5=$(do_node $mds1_HOST md5sum -b $tmpfile | awk '{print $1}')
4360 [ $filemd5 = $(md5sum -b $resfile | awk '{print $1}') ] ||
4361 error "file is corrupted (3)"
4365 # truncate from 1st client
4366 do_node $mds1_HOST "$TRUNCATE $tmpfile $((pagesz+3))"
4367 $TRUNCATE $testfile $((pagesz+3)) ||
4368 error "could not truncate $testfile (2)"
4371 zconf_umount $mds1_HOST $MOUNT2 ||
4372 error "umount $mds1_HOST $MOUNT2 failed (3)"
4373 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4374 $MGSNID:/$FSNAME $MOUNT2 && \
4375 cmp -bl $tmpfile $testfile2" ||
4376 error "file is corrupted (4)"
4378 do_node $mds1_HOST rm -f $tmpfile
4381 run_test 53 "Mixed PAGE_SIZE clients"
4384 local testdir=$DIR/$tdir/$ID0
4385 local testdir2=$DIR2/$tdir/$ID0
4386 local testfile=$testdir/$tfile
4387 local testfile2=$testdir/${tfile}withveryverylongnametoexercisecode
4388 local testfile3=$testdir/_${tfile}
4389 local tmpfile=$TMP/${tfile}.tmp
4390 local resfile=$TMP/${tfile}.res
4395 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4396 skip "client encryption not supported"
4398 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4399 skip "need dummy encryption support"
4401 which fscrypt || skip "This test needs fscrypt userspace tool"
4403 yes | fscrypt setup --force --verbose ||
4404 error "fscrypt global setup failed"
4405 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
4407 yes | fscrypt setup --verbose $MOUNT ||
4408 error "fscrypt setup $MOUNT failed"
4410 chown -R $ID0:$ID0 $testdir
4412 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4413 --source=custom_passphrase --name=protector $testdir" ||
4414 error "fscrypt encrypt failed"
4416 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4417 --source=custom_passphrase --name=protector2 $testdir" &&
4418 error "second fscrypt encrypt should have failed"
4420 mkdir -p ${testdir}2 || error "mkdir ${testdir}2 failed"
4421 touch ${testdir}2/f || error "mkdir ${testdir}2/f failed"
4424 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
4425 --source=custom_passphrase --name=protector3 ${testdir}2 &&
4426 error "fscrypt encrypt on non-empty dir should have failed"
4428 $RUNAS dd if=/dev/urandom of=$testfile bs=127 count=1 conv=fsync ||
4429 error "write to encrypted file $testfile failed"
4430 cp $testfile $tmpfile
4431 $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
4432 error "write to encrypted file $testfile2 failed"
4433 $RUNAS dd if=/dev/urandom of=$testfile3 bs=127 count=1 conv=fsync ||
4434 error "write to encrypted file $testfile3 failed"
4435 $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
4436 $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
4438 $RUNAS fscrypt lock --verbose $testdir ||
4439 error "fscrypt lock $testdir failed (1)"
4441 $RUNAS ls -R $testdir || error "ls -R $testdir failed"
4442 local filecount=$($RUNAS find $testdir -type f | wc -l)
4443 [ $filecount -eq 4 ] || error "found $filecount files"
4445 # check enable_filename_encryption default value
4446 # tunable only available for client built against embedded llcrypt
4447 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
4448 nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
4450 # If client is built against in-kernel fscrypt, it is not possible
4451 # to decide to encrypt file names or not: they are always encrypted.
4452 if [ -n "$nameenc" ]; then
4453 [ $nameenc -eq 0 ] ||
4454 error "enable_filename_encryption should be 0 by default"
4456 # $testfile, $testfile2 and $testfile3 should exist because
4457 # names are not encrypted
4459 error "$testfile should exist because name not encrypted"
4460 [ -f $testfile2 ] ||
4461 error "$testfile2 should exist because name not encrypted"
4462 [ -f $testfile3 ] ||
4463 error "$testfile3 should exist because name not encrypted"
4465 [ $? -eq 0 ] || error "cannot stat $testfile3 without key"
4468 scrambledfiles=( $(find $testdir/ -maxdepth 1 -type f) )
4469 $RUNAS hexdump -C ${scrambledfiles[0]} &&
4470 error "reading ${scrambledfiles[0]} should fail without key"
4472 $RUNAS touch ${testfile}.nokey &&
4473 error "touch ${testfile}.nokey should have failed without key"
4475 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4476 error "fscrypt unlock $testdir failed (1)"
4478 $RUNAS cat $testfile > $resfile ||
4479 error "reading $testfile failed"
4481 cmp -bl $tmpfile $resfile || error "file read differs from file written"
4483 [ $? -eq 0 ] || error "cannot stat $testfile3 with key"
4485 $RUNAS fscrypt lock --verbose $testdir ||
4486 error "fscrypt lock $testdir failed (2)"
4488 $RUNAS hexdump -C ${scrambledfiles[1]} &&
4489 error "reading ${scrambledfiles[1]} should fail without key"
4491 # server local client incompatible with SSK keys installed
4492 if [ "$SHARED_KEY" != true ]; then
4494 stack_trap umount_mds_client EXIT
4495 do_facet $SINGLEMDS touch $DIR2/$tdir/newfile
4496 mdsscrambledfile=$(do_facet $SINGLEMDS find $testdir2/ \
4497 -maxdepth 1 -type f | head -n1)
4498 [ -n "$mdsscrambledfile" ] || error "could not find file"
4499 do_facet $SINGLEMDS cat "$mdsscrambledfile" &&
4500 error "reading $mdsscrambledfile should fail on MDS"
4501 do_facet $SINGLEMDS "echo aaa >> \"$mdsscrambledfile\"" &&
4502 error "writing $mdsscrambledfile should fail on MDS"
4503 do_facet $SINGLEMDS $MULTIOP $testdir2/fileA m &&
4504 error "creating $testdir2/fileA should fail on MDS"
4505 do_facet $SINGLEMDS mkdir $testdir2/dirA &&
4506 error "mkdir $testdir2/dirA should fail on MDS"
4507 do_facet $SINGLEMDS ln -s $DIR2/$tdir/newfile $testdir2/sl1 &&
4508 error "ln -s $testdir2/sl1 should fail on MDS"
4509 do_facet $SINGLEMDS ln $DIR2/$tdir/newfile $testdir2/hl1 &&
4510 error "ln $testdir2/hl1 should fail on MDS"
4511 do_facet $SINGLEMDS mv "$mdsscrambledfile" $testdir2/fB &&
4512 error "mv $mdsscrambledfile should fail on MDS"
4513 do_facet $SINGLEMDS mrename "$mdsscrambledfile" $testdir2/fB &&
4514 error "mrename $mdsscrambledfile should fail on MDS"
4515 do_facet $SINGLEMDS rm -f $DIR2/$tdir/newfile
4518 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4519 error "fscrypt unlock $testdir failed (2)"
4522 $RUNAS fscrypt lock --verbose $testdir ||
4523 error "fscrypt lock $testdir failed (3)"
4525 rm -rf $tmpfile $resfile $testdir ${testdir}2 $MOUNT/.fscrypt
4527 # remount client with subdirectory mount
4528 umount_client $MOUNT || error "umount $MOUNT failed (1)"
4529 export FILESET=/$tdir
4530 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (1)"
4534 # setup encryption from inside this subdir mount
4535 # the .fscrypt directory is going to be created at the real fs root
4536 yes | fscrypt setup --verbose $MOUNT ||
4537 error "fscrypt setup $MOUNT failed (2)"
4538 testdir=$MOUNT/vault
4540 chown -R $ID0:$ID0 $testdir
4541 fid1=$(path2fid $MOUNT/.fscrypt)
4542 echo "With FILESET $tdir, .fscrypt FID is $fid1"
4544 # enable name encryption, only valid if built against embedded llcrypt
4545 if [ -n "$nameenc" ]; then
4546 do_facet mgs $LCTL set_param -P \
4547 llite.*.enable_filename_encryption=1
4549 error "set_param -P \
4550 llite.*.enable_filename_encryption failed"
4552 wait_update_facet --verbose client \
4553 "$LCTL get_param -n llite.*.enable_filename_encryption \
4555 error "enable_filename_encryption not set on client"
4558 # encrypt 'vault' dir inside the subdir mount
4559 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4560 --source=custom_passphrase --name=protector $testdir" ||
4561 error "fscrypt encrypt failed"
4565 $RUNAS cp $tmpfile $testdir/encfile
4567 $RUNAS fscrypt lock --verbose $testdir ||
4568 error "fscrypt lock $testdir failed (4)"
4570 # encfile should actually have its name encrypted
4571 if [ -n "$nameenc" ]; then
4572 [ -f $testdir/encfile ] &&
4573 error "encfile name should be encrypted"
4575 filecount=$(find $testdir -type f | wc -l)
4576 [ $filecount -eq 1 ] || error "found $filecount files instead of 1"
4578 # remount client with encrypted dir as subdirectory mount
4579 umount_client $MOUNT || error "umount $MOUNT failed (2)"
4580 export FILESET=/$tdir/vault
4581 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (2)"
4585 fid2=$(path2fid $MOUNT/.fscrypt)
4586 echo "With FILESET $tdir/vault, .fscrypt FID is $fid2"
4587 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (1)"
4589 # all content seen by this mount is encrypted, but .fscrypt is virtually
4590 # presented, letting us call fscrypt lock/unlock
4591 echo mypass | $RUNAS fscrypt unlock --verbose $MOUNT ||
4592 error "fscrypt unlock $MOUNT failed (3)"
4595 [ $(cat $MOUNT/encfile) == "abc" ] || error "cat encfile failed"
4597 # remount client without subdir mount
4598 umount_client $MOUNT || error "umount $MOUNT failed (3)"
4599 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (3)"
4602 fid2=$(path2fid $MOUNT/.fscrypt)
4603 echo "Without FILESET, .fscrypt FID is $fid2"
4604 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (2)"
4606 # because .fscrypt was actually created at the real root of the fs,
4607 # we can call fscrypt lock/unlock on the encrypted dir
4608 echo mypass | $RUNAS fscrypt unlock --verbose $DIR/$tdir/vault ||
4609 error "fscrypt unlock $$DIR/$tdir/vault failed (4)"
4612 echo c >> $DIR/$tdir/vault/encfile || error "write to encfile failed"
4614 rm -rf $DIR/$tdir/vault/*
4615 $RUNAS fscrypt lock --verbose $DIR/$tdir/vault ||
4616 error "fscrypt lock $DIR/$tdir/vault failed (5)"
4618 # disable name encryption, only valid if built against embedded llcrypt
4619 if [ -n "$nameenc" ]; then
4620 do_facet mgs $LCTL set_param -P \
4621 llite.*.enable_filename_encryption=0
4623 error "set_param -P \
4624 llite.*.enable_filename_encryption failed"
4626 wait_update_facet --verbose client \
4627 "$LCTL get_param -n llite.*.enable_filename_encryption \
4629 error "enable_filename_encryption not set back to default"
4632 rm -rf $tmpfile $MOUNT/.fscrypt
4634 run_test 54 "Encryption policies with fscrypt"
4638 if is_mounted $MOUNT; then
4639 umount_client $MOUNT || error "umount $MOUNT failed"
4642 do_facet mgs $LCTL nodemap_del c0
4643 do_facet mgs $LCTL nodemap_modify --name default \
4644 --property admin --value 0
4645 do_facet mgs $LCTL nodemap_modify --name default \
4646 --property trusted --value 0
4647 wait_nm_sync default admin_nodemap
4648 wait_nm_sync default trusted_nodemap
4650 do_facet mgs $LCTL nodemap_activate 0
4651 wait_nm_sync active 0
4653 if $SHARED_KEY; then
4654 export SK_UNIQUE_NM=false
4658 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
4659 if [ "$MOUNT_2" ]; then
4660 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
4666 (( $MDS1_VERSION > $(version_code 2.12.6.2) )) ||
4667 skip "Need MDS version at least 2.12.6.3"
4672 mkdir -p $DIR/$tdir/$USER0/testdir_groups
4673 chown root:$USER0 $DIR/$tdir/$USER0
4674 chmod 770 $DIR/$tdir/$USER0
4675 chmod g+s $DIR/$tdir/$USER0
4676 chown $USER0:$USER0 $DIR/$tdir/$USER0/testdir_groups
4677 chmod 770 $DIR/$tdir/$USER0/testdir_groups
4678 chmod g+s $DIR/$tdir/$USER0/testdir_groups
4680 # unmount client completely
4681 umount_client $MOUNT || error "umount $MOUNT failed"
4682 if is_mounted $MOUNT2; then
4683 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
4686 do_nodes $(comma_list $(all_mdts_nodes)) \
4687 $LCTL set_param mdt.*.identity_upcall=NONE
4689 stack_trap cleanup_55 EXIT
4691 do_facet mgs $LCTL nodemap_activate 1
4694 do_facet mgs $LCTL nodemap_del c0 || true
4695 wait_nm_sync c0 id ''
4697 do_facet mgs $LCTL nodemap_modify --name default \
4698 --property admin --value 1
4699 do_facet mgs $LCTL nodemap_modify --name default \
4700 --property trusted --value 1
4701 wait_nm_sync default admin_nodemap
4702 wait_nm_sync default trusted_nodemap
4704 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
4705 client_nid=$(h2nettype $client_ip)
4706 do_facet mgs $LCTL nodemap_add c0
4707 do_facet mgs $LCTL nodemap_add_range \
4708 --name c0 --range $client_nid
4709 do_facet mgs $LCTL nodemap_modify --name c0 \
4710 --property admin --value 0
4711 do_facet mgs $LCTL nodemap_modify --name c0 \
4712 --property trusted --value 1
4713 wait_nm_sync c0 admin_nodemap
4714 wait_nm_sync c0 trusted_nodemap
4716 if $SHARED_KEY; then
4717 export SK_UNIQUE_NM=true
4718 # set some generic fileset to trigger SSK code
4722 # remount client to take nodemap into account
4723 zconf_mount_clients $HOSTNAME $MOUNT $MOUNT_OPTS ||
4724 error "remount failed"
4728 euid_access $USER0 $DIR/$tdir/$USER0/testdir_groups/file
4730 run_test 55 "access with seteuid"
4733 local testfile=$DIR/$tdir/$tfile
4735 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4737 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4738 skip "client encryption not supported"
4740 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4741 skip "need dummy encryption support"
4743 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4745 stack_trap cleanup_for_enc_tests EXIT
4748 $LFS setstripe -c1 $testfile
4749 dd if=/dev/urandom of=$testfile bs=1M count=3 conv=fsync
4750 filefrag -v $testfile || error "filefrag $testfile failed"
4751 (( $(filefrag -v $testfile | grep -c encrypted) >= 1 )) ||
4752 error "filefrag $testfile does not show encrypted flag"
4753 (( $(filefrag -v $testfile | grep -c encoded) >= 1 )) ||
4754 error "filefrag $testfile does not show encoded flag"
4756 run_test 56 "FIEMAP on encrypted file"
4759 local testdir=$DIR/$tdir/mytestdir
4760 local testfile=$DIR/$tdir/$tfile
4762 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4764 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4765 skip "client encryption not supported"
4767 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4768 skip "need dummy encryption support"
4772 setfattr -n security.c -v myval $testdir &&
4773 error "setting xattr on $testdir should have failed (1.1)"
4774 setfattr -n encryption.c -v myval $testdir &&
4775 error "setting xattr on $testdir should have failed (1.2)"
4777 setfattr -n security.c -v myval $testfile &&
4778 error "setting xattr on $testfile should have failed (1.1)"
4779 setfattr -n encryption.c -v myval $testfile &&
4780 error "setting xattr on $testfile should have failed (1.2)"
4784 stack_trap cleanup_for_enc_tests EXIT
4788 if [ $(getfattr -n security.c $testdir 2>&1 |
4789 grep -ci "Operation not permitted") -eq 0 ]; then
4790 error "getting xattr on $testdir should have failed (1.1)"
4792 if [ $(getfattr -n encryption.c $testdir 2>&1 |
4793 grep -ci "Operation not supported") -eq 0 ]; then
4794 error "getting xattr on $testdir should have failed (1.2)"
4796 getfattr -d -m - $testdir 2>&1 | grep security\.c &&
4797 error "listing xattrs on $testdir should not expose security.c"
4798 getfattr -d -m - $testdir 2>&1 | grep encryption\.c &&
4799 error "listing xattrs on $testdir should not expose encryption.c"
4800 if [ $(setfattr -n security.c -v myval $testdir 2>&1 |
4801 grep -ci "Operation not permitted") -eq 0 ]; then
4802 error "setting xattr on $testdir should have failed (2.1)"
4804 if [ $(setfattr -n encryption.c -v myval $testdir 2>&1 |
4805 grep -ci "Operation not supported") -eq 0 ]; then
4806 error "setting xattr on $testdir should have failed (2.2)"
4809 if [ $(getfattr -n security.c $testfile 2>&1 |
4810 grep -ci "Operation not permitted") -eq 0 ]; then
4811 error "getting xattr on $testfile should have failed (1.1)"
4813 if [ $(getfattr -n encryption.c $testfile 2>&1 |
4814 grep -ci "Operation not supported") -eq 0 ]; then
4815 error "getting xattr on $testfile should have failed (1.2)"
4817 getfattr -d -m - $testfile 2>&1 | grep security\.c &&
4818 error "listing xattrs on $testfile should not expose security.c"
4819 getfattr -d -m - $testfile 2>&1 | grep encryption\.c &&
4820 error "listing xattrs on $testfile should not expose encryption.c"
4821 if [ $(setfattr -n security.c -v myval $testfile 2>&1 |
4822 grep -ci "Operation not permitted") -eq 0 ]; then
4823 error "setting xattr on $testfile should have failed (2.1)"
4825 if [ $(setfattr -n encryption.c -v myval $testfile 2>&1 |
4826 grep -ci "Operation not supported") -eq 0 ]; then
4827 error "setting xattr on $testfile should have failed (2.2)"
4831 run_test 57 "security.c/encryption.c xattr protection"
4834 local testdir=$DIR/$tdir/mytestdir
4835 local testfile=$DIR/$tdir/$tfile
4837 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4839 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4840 skip "client encryption not supported"
4842 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4843 skip "need dummy encryption support"
4845 stack_trap cleanup_for_enc_tests EXIT
4848 touch $DIR/$tdir/$tfile
4849 mkdir $DIR/$tdir/subdir
4853 echo 3 > /proc/sys/vm/drop_caches
4855 ll_decode_linkea $DIR/$tdir/$tfile || error "cannot read $tfile linkea"
4856 ll_decode_linkea $DIR/$tdir/subdir || error "cannot read subdir linkea"
4858 for ((i = 0; i < 1000; i = $((i+1)))); do
4859 mkdir -p $DIR/$tdir/d${i}
4860 touch $DIR/$tdir/f${i}
4861 createmany -m $DIR/$tdir/d${i}/f 5 > /dev/null
4866 echo 3 > /proc/sys/vm/drop_caches
4869 ls -ailR $DIR/$tdir > /dev/null || error "fail to ls"
4871 run_test 58 "access to enc file's xattrs"
4874 local mirror1=$TMP/$tfile.mirror1
4875 local mirror2=$TMP/$tfile.mirror2
4879 $LFS mirror verify -vvv $testfile ||
4880 error "verifying mirror failed (1)"
4881 if [ $($LFS mirror verify -v $testfile 2>&1 |
4882 grep -ci "only valid") -ne 0 ]; then
4883 error "verifying mirror failed (2)"
4886 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4887 error "read from mirror 1 failed"
4888 cmp -bl $reffile $mirror1 ||
4889 error "corruption of mirror 1"
4890 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4891 error "read from mirror 2 failed"
4892 cmp -bl $reffile $mirror2 ||
4893 error "corruption of mirror 2"
4897 local testfile=$DIR/$tdir/$tfile
4898 local tmpfile=$TMP/$tfile
4899 local mirror1=$TMP/$tfile.mirror1
4900 local mirror2=$TMP/$tfile.mirror2
4903 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4904 skip "client encryption not supported"
4906 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4907 skip "need dummy encryption support"
4909 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4911 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4914 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4916 $LFS mirror create -N -i0 -N -i1 $testfile ||
4917 error "could not create mirror"
4918 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4919 error "could not write to $testfile"
4920 $LFS getstripe $testfile
4922 # remount without dummy encryption key
4923 remount_client_normally
4925 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
4926 $LFS mirror resync $scrambledfile ||
4927 error "could not resync mirror"
4929 $LFS mirror verify -vvv $scrambledfile ||
4930 error "mirror verify failed (1)"
4931 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
4932 grep -ci "only valid") -ne 0 ]; then
4933 error "mirror verify failed (2)"
4936 $LFS mirror read -N 1 -o $mirror1 $scrambledfile &&
4937 error "read from mirror should fail"
4940 remount_client_dummykey
4941 verify_mirror $testfile $tmpfile
4943 run_test 59a "mirror resync of encrypted files without key"
4946 local testfile=$DIR/$tdir/$tfile
4947 local tmpfile=$TMP/$tfile
4948 local mirror1=$TMP/$tfile.mirror1
4949 local mirror2=$TMP/$tfile.mirror2
4952 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4953 skip "client encryption not supported"
4955 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4956 skip "need dummy encryption support"
4958 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4960 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4963 tr '\0' '2' < /dev/zero |
4964 dd of=$tmpfile bs=1 count=9000 conv=fsync
4966 $LFS setstripe -c1 -i0 $testfile
4967 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
4968 error "write to $testfile failed"
4969 $LFS getstripe $testfile
4971 # remount without dummy encryption key
4972 remount_client_normally
4974 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
4975 $LFS migrate -i1 $scrambledfile ||
4976 error "migrate $scrambledfile failed"
4977 $LFS getstripe $scrambledfile
4978 stripe=$($LFS getstripe -i $scrambledfile)
4979 [ $stripe -eq 1 ] || error "migrate file $scrambledfile failed"
4983 remount_client_dummykey
4984 cmp -bl $tmpfile $testfile ||
4985 error "migrated file is corrupted"
4987 # remount without dummy encryption key
4988 remount_client_normally
4990 $LFS mirror extend -N -i0 $scrambledfile ||
4991 error "mirror extend $scrambledfile failed (1)"
4992 $LFS getstripe $scrambledfile
4993 mirror_count=$($LFS getstripe -N $scrambledfile)
4994 [ $mirror_count -eq 2 ] ||
4995 error "mirror extend file $scrambledfile failed (2)"
4996 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
4997 [ $stripe -eq 1 ] ||
4998 error "mirror extend file $scrambledfile failed (3)"
4999 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
5000 [ $stripe -eq 0 ] ||
5001 error "mirror extend file $scrambledfile failed (4)"
5003 $LFS mirror verify -vvv $scrambledfile ||
5004 error "mirror verify failed (1)"
5005 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
5006 grep -ci "only valid") -ne 0 ]; then
5007 error "mirror verify failed (2)"
5011 remount_client_dummykey
5012 verify_mirror $testfile $tmpfile
5014 # remount without dummy encryption key
5015 remount_client_normally
5017 $LFS mirror split --mirror-id 1 -d $scrambledfile ||
5018 error "mirror split file $scrambledfile failed (1)"
5019 $LFS getstripe $scrambledfile
5020 mirror_count=$($LFS getstripe -N $scrambledfile)
5021 [ $mirror_count -eq 1 ] ||
5022 error "mirror split file $scrambledfile failed (2)"
5023 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
5024 [ -z "$stripe" ] || error "mirror split file $scrambledfile failed (3)"
5025 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
5026 [ $stripe -eq 0 ] || error "mirror split file $scrambledfile failed (4)"
5029 remount_client_dummykey
5031 cmp -bl $tmpfile $testfile ||
5032 error "extended/split file is corrupted"
5034 run_test 59b "migrate/extend/split of encrypted files without key"
5037 local dirname=$DIR/$tdir/subdir
5040 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5041 skip "client encryption not supported"
5043 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5044 skip "need dummy encryption support"
5046 [[ $MDSCOUNT -ge 2 ]] || skip_env "needs >= 2 MDTs"
5048 (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )) ||
5049 skip "MDT migration not supported with older server"
5051 stack_trap cleanup_for_enc_tests EXIT
5054 $LFS setdirstripe -i 0 $dirname
5055 echo b > $dirname/subf
5057 # remount without dummy encryption key
5058 remount_client_normally
5060 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
5062 # migrate a non-empty encrypted dir
5063 $LFS migrate -m 1 $scrambleddir ||
5064 error "migrate $scrambleddir between MDTs failed (1)"
5066 stripe=$($LFS getdirstripe -i $scrambleddir)
5067 [ $stripe -eq 1 ] ||
5068 error "migrate $scrambleddir between MDTs failed (2)"
5072 [ -f $dirname/subf ] ||
5073 error "migrate $scrambleddir between MDTs failed (3)"
5074 [ $(cat $dirname/subf) == "b" ] ||
5075 error "migrate $scrambleddir between MDTs failed (4)"
5077 run_test 59c "MDT migrate of encrypted files without key"
5080 local testdir=$DIR/$tdir/mytestdir
5081 local testfile=$DIR/$tdir/$tfile
5083 (( $MDS1_VERSION > $(version_code 2.14.53) )) ||
5084 skip "Need MDS version at least 2.14.53"
5086 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5087 skip "client encryption not supported"
5089 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5090 skip "need dummy encryption support"
5092 stack_trap cleanup_for_enc_tests EXIT
5095 echo a > $DIR/$tdir/file1
5096 mkdir $DIR/$tdir/subdir
5097 echo b > $DIR/$tdir/subdir/subfile1
5100 # unmount client completely
5101 umount_client $MOUNT || error "umount $MOUNT failed"
5102 if is_mounted $MOUNT2; then
5103 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
5106 # remount client with subdirectory mount
5107 export FILESET=/$tdir
5108 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
5109 if [ "$MOUNT_2" ]; then
5110 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
5114 ls -Rl $DIR || error "ls -Rl $DIR failed (1)"
5117 remount_client_dummykey
5120 ls -Rl $DIR || error "ls -Rl $DIR failed (2)"
5121 cat $DIR/file1 || error "cat $DIR/$tdir/file1 failed"
5122 cat $DIR/subdir/subfile1 ||
5123 error "cat $DIR/$tdir/subdir/subfile1 failed"
5125 run_test 60 "Subdirmount of encrypted dir"
5128 if $SHARED_KEY; then
5129 export SK_UNIQUE_NM=true
5133 do_facet mgs $LCTL nodemap_activate 1
5136 do_facet mgs $LCTL nodemap_del c0 || true
5137 wait_nm_sync c0 id ''
5139 do_facet mgs $LCTL nodemap_modify --name default \
5140 --property admin --value 1
5141 do_facet mgs $LCTL nodemap_modify --name default \
5142 --property trusted --value 1
5143 wait_nm_sync default admin_nodemap
5144 wait_nm_sync default trusted_nodemap
5146 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
5147 client_nid=$(h2nettype $client_ip)
5148 do_facet mgs $LCTL nodemap_add c0
5149 do_facet mgs $LCTL nodemap_add_range \
5150 --name c0 --range $client_nid
5151 do_facet mgs $LCTL nodemap_modify --name c0 \
5152 --property admin --value 1
5153 do_facet mgs $LCTL nodemap_modify --name c0 \
5154 --property trusted --value 1
5155 wait_nm_sync c0 admin_nodemap
5156 wait_nm_sync c0 trusted_nodemap
5160 do_facet mgs $LCTL nodemap_del c0
5161 do_facet mgs $LCTL nodemap_modify --name default \
5162 --property admin --value 0
5163 do_facet mgs $LCTL nodemap_modify --name default \
5164 --property trusted --value 0
5165 wait_nm_sync default admin_nodemap
5166 wait_nm_sync default trusted_nodemap
5168 do_facet mgs $LCTL nodemap_activate 0
5169 wait_nm_sync active 0
5171 if $SHARED_KEY; then
5173 export SK_UNIQUE_NM=false
5176 mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
5181 local testfile=$DIR/$tdir/$tfile
5184 readonly=$(do_facet mgs \
5185 lctl get_param -n nodemap.default.readonly_mount)
5186 [ -n "$readonly" ] ||
5187 skip "Server does not have readonly_mount nodemap flag"
5189 stack_trap cleanup_61 EXIT
5190 for idx in $(seq 1 $MDSCOUNT); do
5191 wait_recovery_complete mds$idx
5193 umount_client $MOUNT || error "umount $MOUNT failed (1)"
5195 # Activate nodemap, and mount rw.
5196 # Should succeed as rw mount is not forbidden by default.
5198 readonly=$(do_facet mgs \
5199 lctl get_param -n nodemap.default.readonly_mount)
5200 [ $readonly -eq 0 ] ||
5201 error "wrong default value for readonly_mount on default nodemap"
5202 readonly=$(do_facet mgs \
5203 lctl get_param -n nodemap.c0.readonly_mount)
5204 [ $readonly -eq 0 ] ||
5205 error "wrong default value for readonly_mount on nodemap c0"
5207 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
5208 error "mount '-o rw' failed with default"
5210 findmnt $MOUNT --output=options -n -f | grep -q "rw," ||
5211 error "should be rw mount"
5212 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5213 echo a > $testfile || error "write $testfile failed"
5214 umount_client $MOUNT || error "umount $MOUNT failed (2)"
5216 # Now enforce read-only, and retry.
5217 do_facet mgs $LCTL nodemap_modify --name c0 \
5218 --property readonly_mount --value 1
5219 wait_nm_sync c0 readonly_mount
5220 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS} ||
5221 error "mount failed"
5222 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5223 error "mount should have been turned into ro"
5224 cat $testfile || error "read $testfile failed (1)"
5225 echo b > $testfile && error "write $testfile should fail (1)"
5226 umount_client $MOUNT || error "umount $MOUNT failed (3)"
5227 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
5228 error "mount '-o rw' failed"
5229 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5230 error "mount rw should have been turned into ro"
5231 cat $testfile || error "read $testfile failed (2)"
5232 echo b > $testfile && error "write $testfile should fail (2)"
5233 umount_client $MOUNT || error "umount $MOUNT failed (4)"
5234 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},ro ||
5235 error "mount '-o ro' failed"
5237 cat $testfile || error "read $testfile failed (3)"
5238 echo b > $testfile && error "write $testfile should fail (3)"
5239 umount_client $MOUNT || error "umount $MOUNT failed (5)"
5241 run_test 61 "Nodemap enforces read-only mount"
5244 local testdir=$DIR/$tdir/mytestdir
5245 local testfile=$DIR/$tdir/$tfile
5247 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
5249 (( $MDS1_VERSION > $(version_code 2.15.51) )) ||
5250 skip "Need MDS version at least 2.15.51"
5252 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5253 skip "client encryption not supported"
5255 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5256 skip "need dummy encryption support"
5258 stack_trap cleanup_for_enc_tests EXIT
5261 lfs setstripe -c -1 $DIR/$tdir
5262 touch $DIR/$tdir/${tfile}_1 || error "touch ${tfile}_1 failed"
5263 dd if=/dev/zero of=$DIR/$tdir/${tfile}_2 bs=1 count=1 conv=fsync ||
5264 error "dd ${tfile}_2 failed"
5266 # unmount the Lustre filesystem
5267 stopall || error "stopping for e2fsck run"
5269 # run e2fsck on the MDT and OST devices
5270 local mds_host=$(facet_active_host $SINGLEMDS)
5271 local ost_host=$(facet_active_host ost1)
5272 local mds_dev=$(mdsdevname ${SINGLEMDS//mds/})
5273 local ost_dev=$(ostdevname 1)
5275 run_e2fsck $mds_host $mds_dev "-n"
5276 run_e2fsck $ost_host $ost_dev "-n"
5278 # mount the Lustre filesystem
5279 setupall || error "remounting the filesystem failed"
5281 run_test 62 "e2fsck with encrypted files"
5286 for path in "${paths[@]}"; do
5294 for path in "${paths[@]}"; do
5295 fids+=("$(lfs path2fid $path)")
5300 for fid in "${fids[@]}"; do
5302 respath=$(lfs fid2path $MOUNT $fid)
5303 echo -e "\t" $respath
5304 ls -li $respath >/dev/null
5305 [ $? -eq 0 ] || error "fid2path $fid failed"
5312 local vaultdir1=$DIR/$tdir/vault1==dir
5313 local vaultdir2=$DIR/$tdir/vault2==dir
5314 local longfname1="longfilenamewitha=inthemiddletotestbehaviorregardingthedigestedform"
5315 local longdname="longdirectorynamewitha=inthemiddletotestbehaviorregardingthedigestedform"
5316 local longfname2="$longdname/${longfname1}2"
5318 (( $MDS1_VERSION > $(version_code 2.15.53) )) ||
5319 skip "Need MDS version at least 2.15.53"
5321 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5322 skip "client encryption not supported"
5324 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5325 skip "need dummy encryption support"
5327 which fscrypt || skip "This test needs fscrypt userspace tool"
5329 yes | fscrypt setup --force --verbose ||
5330 echo "fscrypt global setup already done"
5331 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
5333 yes | fscrypt setup --verbose $MOUNT ||
5334 echo "fscrypt setup $MOUNT already done"
5336 # enable_filename_encryption tunable only available for client
5337 # built against embedded llcrypt. If client is built against in-kernel
5338 # fscrypt, file names are always encrypted.
5339 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
5340 nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
5342 if [ -n "$nameenc" ]; then
5343 do_facet mgs $LCTL set_param -P \
5344 llite.*.enable_filename_encryption=1
5346 error "set_param -P \
5347 llite.*.enable_filename_encryption=1 failed"
5349 wait_update_facet --verbose client \
5350 "$LCTL get_param -n llite.*.enable_filename_encryption \
5352 error "enable_filename_encryption not set on client"
5356 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5357 --source=custom_passphrase --name=protector_63_1 $vaultdir1 ||
5358 error "fscrypt encrypt $vaultdir1 failed"
5360 mkdir $vaultdir1/dirA
5361 mkdir $vaultdir1/$longdname
5362 paths=("$vaultdir1/fileA")
5363 paths+=("$vaultdir1/dirA/fileB")
5364 paths+=("$vaultdir1/$longfname1")
5365 paths+=("$vaultdir1/$longfname2")
5368 paths+=("$vaultdir1/dirA")
5369 paths+=("$vaultdir1/$longdname")
5374 fscrypt lock --verbose $vaultdir1 ||
5375 error "fscrypt lock $vaultdir1 failed (1)"
5379 if [ -z "$nameenc" ]; then
5380 echo "Rest of the test requires disabling name encryption"
5384 # disable name encryption
5385 do_facet mgs $LCTL set_param -P llite.*.enable_filename_encryption=0
5387 error "set_param -P llite.*.enable_filename_encryption=0 failed"
5389 wait_update_facet --verbose client \
5390 "$LCTL get_param -n llite.*.enable_filename_encryption \
5392 error "enable_filename_encryption not set back to default"
5395 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5396 --source=custom_passphrase --name=protector_63_2 $vaultdir2 ||
5397 error "fscrypt encrypt $vaultdir2 failed"
5399 mkdir $vaultdir2/dirA
5400 mkdir $vaultdir2/$longdname
5403 paths=("$vaultdir2/fileA")
5404 paths+=("$vaultdir2/dirA/fileB")
5405 paths+=("$vaultdir2/$longfname1")
5406 paths+=("$vaultdir2/$longfname2")
5409 paths+=("$vaultdir2/dirA")
5410 paths+=("$vaultdir2/$longdname")
5415 fscrypt lock --verbose $vaultdir2 ||
5416 error "fscrypt lock $vaultdir2 failed (2)"
5420 rm -rf $MOUNT/.fscrypt
5422 run_test 63 "fid2path with encrypted files"
5425 do_facet mgs $LCTL nodemap_activate 1
5428 do_facet mgs $LCTL nodemap_del c0 || true
5429 wait_nm_sync c0 id ''
5431 do_facet mgs $LCTL nodemap_modify --name default \
5432 --property admin --value 1
5433 do_facet mgs $LCTL nodemap_modify --name default \
5434 --property trusted --value 1
5435 wait_nm_sync default admin_nodemap
5436 wait_nm_sync default trusted_nodemap
5438 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
5439 client_nid=$(h2nettype $client_ip)
5440 do_facet mgs $LCTL nodemap_add c0
5441 do_facet mgs $LCTL nodemap_add_range \
5442 --name c0 --range $client_nid
5443 do_facet mgs $LCTL nodemap_modify --name c0 \
5444 --property admin --value 1
5445 do_facet mgs $LCTL nodemap_modify --name c0 \
5446 --property trusted --value 1
5447 wait_nm_sync c0 admin_nodemap
5448 wait_nm_sync c0 trusted_nodemap
5452 do_facet mgs $LCTL nodemap_del c0
5453 do_facet mgs $LCTL nodemap_modify --name default \
5454 --property admin --value 0
5455 do_facet mgs $LCTL nodemap_modify --name default \
5456 --property trusted --value 0
5457 wait_nm_sync default admin_nodemap
5458 wait_nm_sync default trusted_nodemap
5460 do_facet mgs $LCTL nodemap_activate 0
5461 wait_nm_sync active 0
5465 local testfile=$DIR/$tdir/$tfile
5468 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5469 skip "Need MDS >= 2.15.54 for role-based controls"
5471 stack_trap cleanup_64 EXIT
5472 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5475 # check default value for rbac is all
5476 rbac=$(do_facet mds $LCTL get_param -n nodemap.c0.rbac)
5477 for role in file_perms \
5485 [[ "$rbac" =~ "$role" ]] ||
5486 error "role '$role' not in default '$rbac'"
5489 do_facet mgs $LCTL nodemap_modify --name c0 \
5490 --property rbac --value file_perms
5491 wait_nm_sync c0 rbac
5493 stack_trap "set +vx"
5495 chmod 777 $testfile || error "chmod failed"
5496 chown $TSTUSR:$TSTUSR $testfile || error "chown failed"
5497 chgrp $TSTUSR $testfile || error "chgrp failed"
5498 $LFS project -p 1000 $testfile || error "setting project failed"
5501 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5502 wait_nm_sync c0 rbac
5505 chmod 777 $testfile && error "chmod should fail"
5506 chown $TSTUSR:$TSTUSR $testfile && error "chown should fail"
5507 chgrp $TSTUSR $testfile && error "chgrp should fail"
5508 $LFS project -p 1000 $testfile && error "setting project should fail"
5511 run_test 64a "Nodemap enforces file_perms RBAC roles"
5514 local testdir=$DIR/$tdir/${tfile}.d
5517 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5518 skip "Need MDS >= 2.15.54 for role-based controls"
5520 (( MDSCOUNT >= 2 )) || skip "mdt count $MDSCOUNT, skipping dne_ops role"
5522 stack_trap cleanup_64 EXIT
5523 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5526 dir_restripe=$(do_node $mds1_HOST \
5527 "$LCTL get_param -n mdt.*MDT0000.enable_dir_restripe")
5528 [ -n "$dir_restripe" ] || dir_restripe=0
5529 do_nodes $(comma_list $(all_mdts_nodes)) \
5530 $LCTL set_param mdt.*.enable_dir_restripe=1 ||
5531 error "enabling dir_restripe failed"
5532 stack_trap "do_nodes $(comma_list $(all_mdts_nodes)) \
5533 $LCTL set_param mdt.*.enable_dir_restripe=$dir_restripe" EXIT
5534 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5536 wait_nm_sync c0 rbac
5537 $LFS mkdir -i 0 ${testdir}_for_migr ||
5538 error "$LFS mkdir ${testdir}_for_migr failed (1)"
5539 touch ${testdir}_for_migr/file001 ||
5540 error "touch ${testdir}_for_migr/file001 failed (1)"
5541 $LFS mkdir -i 0 ${testdir}_mdt0 ||
5542 error "$LFS mkdir ${testdir}_mdt0 failed (1)"
5543 $LFS mkdir -i 1 ${testdir}_mdt1 ||
5544 error "$LFS mkdir ${testdir}_mdt1 failed (1)"
5546 $LFS mkdir -i 1 $testdir || error "$LFS mkdir failed (1)"
5548 $LFS mkdir -c 2 $testdir || error "$LFS mkdir failed (2)"
5551 $LFS setdirstripe -c 2 $testdir || error "$LFS setdirstripe failed"
5553 $LFS migrate -m 1 ${testdir}_for_migr || error "$LFS migrate failed"
5554 touch ${testdir}_mdt0/fileA || error "touch fileA failed (1)"
5555 mv ${testdir}_mdt0/fileA ${testdir}_mdt1/ || error "mv failed (1)"
5558 $LFS mkdir -i 0 ${testdir}_for_migr ||
5559 error "$LFS mkdir ${testdir}_for_migr failed (2)"
5560 touch ${testdir}_for_migr/file001 ||
5561 error "touch ${testdir}_for_migr/file001 failed (2)"
5562 $LFS mkdir -i 0 ${testdir}_mdt0 ||
5563 error "$LFS mkdir ${testdir}_mdt0 failed (2)"
5564 $LFS mkdir -i 1 ${testdir}_mdt1 ||
5565 error "$LFS mkdir ${testdir}_mdt1 failed (2)"
5567 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5568 wait_nm_sync c0 rbac
5570 $LFS mkdir -i 1 $testdir && error "$LFS mkdir should fail (1)"
5571 $LFS mkdir -c 2 $testdir && error "$LFS mkdir should fail (2)"
5573 $LFS setdirstripe -c 2 $testdir && error "$LFS setdirstripe should fail"
5575 $LFS migrate -m 1 ${testdir}_for_migr &&
5576 error "$LFS migrate should fail"
5577 touch ${testdir}_mdt0/fileA || error "touch fileA failed (2)"
5578 mv ${testdir}_mdt0/fileA ${testdir}_mdt1/ || error "mv failed (2)"
5581 run_test 64b "Nodemap enforces dne_ops RBAC roles"
5584 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5585 skip "Need MDS >= 2.15.54 for role-based controls"
5587 stack_trap cleanup_64 EXIT
5588 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5591 do_facet mgs $LCTL nodemap_modify --name c0 \
5592 --property rbac --value quota_ops
5593 wait_nm_sync c0 rbac
5595 $LFS setquota -u $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5596 error "lfs setquota -u failed"
5597 $LFS setquota -u $USER0 --delete $MOUNT
5598 $LFS setquota -g $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5599 error "lfs setquota -g failed"
5600 $LFS setquota -g $USER0 --delete $MOUNT
5601 $LFS setquota -p 1000 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5602 error "lfs setquota -p failed"
5603 $LFS setquota -p 1000 --delete $MOUNT
5605 $LFS setquota -U -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5606 error "lfs setquota -U failed"
5607 $LFS setquota -U -b 0 -B 0 -i 0 -I 0 $MOUNT
5608 $LFS setquota -G -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5609 error "lfs setquota -G failed"
5610 $LFS setquota -G -b 0 -B 0 -i 0 -I 0 $MOUNT
5611 $LFS setquota -P -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5612 error "lfs setquota -P failed"
5613 $LFS setquota -P -b 0 -B 0 -i 0 -I 0 $MOUNT
5614 $LFS setquota -u $USER0 -D $MOUNT ||
5615 error "lfs setquota -u -D failed"
5616 $LFS setquota -u $USER0 --delete $MOUNT
5617 $LFS setquota -g $USER0 -D $MOUNT ||
5618 error "lfs setquota -g -D failed"
5619 $LFS setquota -g $USER0 --delete $MOUNT
5620 $LFS setquota -p 1000 -D $MOUNT ||
5621 error "lfs setquota -p -D failed"
5622 $LFS setquota -p 1000 --delete $MOUNT
5625 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5626 wait_nm_sync c0 rbac
5629 $LFS setquota -u $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5630 error "lfs setquota -u should fail"
5631 $LFS setquota -u $USER0 --delete $MOUNT
5632 $LFS setquota -g $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5633 error "lfs setquota -g should fail"
5634 $LFS setquota -g $USER0 --delete $MOUNT
5635 $LFS setquota -p 1000 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5636 error "lfs setquota -p should fail"
5637 $LFS setquota -p 1000 --delete $MOUNT
5639 $LFS setquota -U -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5640 error "lfs setquota -U should fail"
5641 $LFS setquota -G -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5642 error "lfs setquota -G should fail"
5643 $LFS setquota -P -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5644 error "lfs setquota -P should fail"
5645 $LFS setquota -u $USER0 -D $MOUNT &&
5646 error "lfs setquota -u -D should fail"
5647 $LFS setquota -u $USER0 --delete $MOUNT
5648 $LFS setquota -g $USER0 -D $MOUNT &&
5649 error "lfs setquota -g -D should fail"
5650 $LFS setquota -g $USER0 --delete $MOUNT
5651 $LFS setquota -p 1000 -D $MOUNT &&
5652 error "lfs setquota -p -D should fail"
5653 $LFS setquota -p 1000 --delete $MOUNT
5656 run_test 64c "Nodemap enforces quota_ops RBAC roles"
5659 local testfile=$DIR/$tdir/$tfile
5662 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5663 skip "Need MDS >= 2.15.54 for role-based controls"
5665 stack_trap cleanup_64 EXIT
5666 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5669 do_facet mgs $LCTL nodemap_modify --name c0 \
5670 --property rbac --value byfid_ops
5671 wait_nm_sync c0 rbac
5674 fid=$(lfs path2fid $testfile)
5676 $LFS fid2path $MOUNT $fid || error "fid2path $fid failed (1)"
5677 cat $MOUNT/.lustre/fid/$fid || error "cat by fid failed"
5678 lfs rmfid $MOUNT $fid || error "lfs rmfid failed"
5681 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5682 wait_nm_sync c0 rbac
5685 fid=$(lfs path2fid $testfile)
5687 $LFS fid2path $MOUNT $fid || error "fid2path $fid failed (2)"
5688 cat $MOUNT/.lustre/fid/$fid && error "cat by fid should fail"
5689 lfs rmfid $MOUNT $fid && error "lfs rmfid should fail"
5693 run_test 64d "Nodemap enforces byfid_ops RBAC roles"
5696 local testfile=$DIR/$tdir/$tfile
5697 local testdir=$DIR/$tdir/${tfile}.d
5699 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5700 skip "Need MDS >= 2.15.54 for role-based controls"
5702 stack_trap cleanup_64 EXIT
5703 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5706 # activate changelogs
5707 changelog_register || error "changelog_register failed"
5708 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
5709 changelog_users $SINGLEMDS | grep -q $cl_user ||
5710 error "User $cl_user not found in changelog_users"
5711 changelog_chmask ALL
5714 mkdir $testdir || error "failed to mkdir $testdir"
5715 touch $testfile || error "failed to touch $testfile"
5717 do_facet mgs $LCTL nodemap_modify --name c0 \
5718 --property rbac --value chlg_ops
5719 wait_nm_sync c0 rbac
5722 echo "changelogs dump"
5723 changelog_dump || error "failed to dump changelogs"
5724 echo "changelogs clear"
5725 changelog_clear 0 || error "failed to clear changelogs"
5727 rm -rf $testdir $testfile || error "rm -rf $testdir $testfile failed"
5729 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5730 wait_nm_sync c0 rbac
5733 mkdir $testdir || error "failed to mkdir $testdir"
5734 touch $testfile || error "failed to touch $testfile"
5737 echo "changelogs dump"
5738 changelog_dump && error "dump changelogs should fail"
5739 echo "changelogs clear"
5740 changelog_clear 0 && error "clear changelogs should fail"
5741 rm -rf $testdir $testfile
5743 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value all
5744 wait_nm_sync c0 rbac
5746 run_test 64e "Nodemap enforces chlg_ops RBAC roles"
5749 local vaultdir=$DIR/$tdir/vault
5754 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5755 skip "Need MDS >= 2.15.54 for role-based controls"
5757 cli_enc=$($LCTL get_param mdc.*.import | grep client_encryption)
5758 [ -n "$cli_enc" ] || skip "Need enc support, skip fscrypt_admin role"
5759 which fscrypt || skip "Need fscrypt, skip fscrypt_admin role"
5761 stack_trap cleanup_64 EXIT
5762 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5765 yes | fscrypt setup --force --verbose ||
5766 echo "fscrypt global setup already done"
5767 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
5769 yes | fscrypt setup --verbose $MOUNT ||
5770 echo "fscrypt setup $MOUNT already done"
5771 stack_trap "rm -rf $MOUNT/.fscrypt"
5773 # file_perms is required because fscrypt uses chmod/chown
5774 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5775 --value fscrypt_admin,file_perms
5776 wait_nm_sync c0 rbac
5780 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5781 --source=custom_passphrase --name=protector_64 $vaultdir ||
5782 error "fscrypt encrypt $vaultdir failed"
5783 fscrypt lock $vaultdir || error "fscrypt lock $vaultdir failed (1)"
5784 policy=$(fscrypt status $vaultdir | awk '$1 == "Policy:"{print $2}')
5785 [ -n "$policy" ] || error "could not get enc policy"
5786 protector=$(fscrypt status $vaultdir |
5787 awk 'BEGIN {found=0} { if (found == 1) { print $1 }} \
5788 $1 == "PROTECTOR" {found=1}')
5789 [ -n "$protector" ] || error "could not get enc protector"
5793 # file_perms is required because fscrypt uses chmod/chown
5794 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5796 wait_nm_sync c0 rbac
5799 echo mypass | fscrypt unlock $vaultdir ||
5800 error "fscrypt unlock $vaultdir failed"
5801 fscrypt lock $vaultdir || error "fscrypt lock $vaultdir failed (2)"
5802 fscrypt metadata destroy --protector=$MOUNT:$protector --force &&
5803 error "destroy protector should fail"
5804 fscrypt metadata destroy --policy=$MOUNT:$policy --force &&
5805 error "destroy policy should fail"
5806 mkdir -p ${vaultdir}2
5807 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5808 --source=custom_passphrase \
5809 --name=protector_64bis ${vaultdir}2 &&
5810 error "fscrypt encrypt ${vaultdir}2 should fail"
5814 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value all
5815 wait_nm_sync c0 rbac
5818 fscrypt metadata destroy --protector=$MOUNT:$protector --force ||
5819 error "destroy protector failed"
5820 fscrypt metadata destroy --policy=$MOUNT:$policy --force ||
5821 error "destroy policy failed"
5826 run_test 64f "Nodemap enforces fscrypt_admin RBAC roles"
5835 (( neg == 1 )) || neg=""
5836 $LFS find -type f ${neg:+"!"} --attrs $pattern $path > $TMP/res
5838 res=$(cat $TMP/res | wc -l)
5839 (( res == $expected )) ||
5840 error "Find $pattern $path: found $res, expected $expected"
5844 local dirbis=$DIR/${tdir}_bis
5845 local testfile=$DIR/$tdir/$tfile
5848 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5849 skip "client encryption not supported"
5851 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5852 skip "need dummy encryption support"
5854 # $dirbis is not going to be encrypted, as client
5855 # is not mounted with -o test_dummy_encryption yet
5857 stack_trap "rm -rf $dirbis" EXIT
5858 touch $dirbis/$tfile.1
5859 touch $dirbis/$tfile.2
5860 chattr +i $dirbis/$tfile.2
5861 stack_trap "chattr -i $dirbis/$tfile.2" EXIT
5863 stack_trap cleanup_for_enc_tests EXIT
5866 # All files/dirs under $DIR/$tdir are encrypted
5869 chattr +i $testfile.2
5870 stack_trap "chattr -i $testfile.2" EXIT
5872 $LFS find -printf "%p %LA\n" $dirbis/$tfile.1
5873 res=$($LFS find -printf "%LA" $dirbis/$tfile.1)
5874 [ "$res" == "---" ] ||
5875 error "$dirbis/$tfile.1 should have no attr, showed $res (1)"
5876 $LFS find -printf "%p %La\n" $dirbis/$tfile.1
5877 res=$($LFS find -printf "%La" $dirbis/$tfile.1)
5878 [ "$res" == "---" ] ||
5879 error "$dirbis/$tfile.1 should have no attr, showed $res (2)"
5880 $LFS find -printf "%p %LA\n" $dirbis/$tfile.2
5881 res=$($LFS find -printf "%LA" $dirbis/$tfile.2)
5882 [ "$res" == "Immutable" ] ||
5883 error "$dirbis/$tfile.2 should be Immutable, showed $res"
5884 $LFS find -printf "%p %La\n" $dirbis/$tfile.2
5885 res=$($LFS find -printf "%La" $dirbis/$tfile.2)
5886 [ "$res" == "i" ] ||
5887 error "$dirbis/$tfile.2 should be 'i', showed $res"
5888 $LFS find -printf "%p %LA\n" $testfile.1
5889 res=$($LFS find -printf "%LA" $testfile.1)
5890 [ "$res" == "Encrypted" ] ||
5891 error "$testfile.1 should be Encrypted, showed $res"
5892 $LFS find -printf "%p %La\n" $testfile.1
5893 res=$($LFS find -printf "%La" $testfile.1)
5894 [ "$res" == "E" ] ||
5895 error "$testfile.1 should be 'E', showed $res"
5896 $LFS find -printf "%p %LA\n" $testfile.2
5897 res=$($LFS find -printf "%LA" $testfile.2)
5898 [ "$res" == "Immutable,Encrypted" ] ||
5899 error "$testfile.2 should be Immutable,Encrypted, showed $res"
5900 $LFS find -printf "%p %La\n" $testfile.2
5901 res=$($LFS find -printf "%La" $testfile.2)
5902 [ "$res" == "iE" ] ||
5903 error "$testfile.2 should be 'iE', showed $res"
5905 echo Expecting to find 2 encrypted files
5906 look_for_files Encrypted 0 "$DIR/${tdir}*" 2
5907 echo Expecting to find 2 encrypted files
5908 look_for_files E 0 "$DIR/${tdir}*" 2
5910 echo Expecting to find 2 non-encrypted files
5911 look_for_files Encrypted 1 "$DIR/${tdir}*" 2
5912 echo Expecting to find 2 non-encrypted files
5913 look_for_files E 1 "$DIR/${tdir}*" 2
5915 echo Expecting to find 1 encrypted+immutable file
5916 look_for_files "Encrypted,Immutable" 0 "$DIR/${tdir}*" 1
5917 echo Expecting to find 1 encrypted+immutable file
5918 look_for_files "Ei" 0 "$DIR/${tdir}*" 1
5920 echo Expecting to find 1 encrypted+^immutable file
5921 look_for_files "Encrypted,^Immutable" 0 "$DIR/${tdir}*" 1
5922 echo Expecting to find 1 encrypted+^immutable file
5923 look_for_files "E^i" 0 "$DIR/${tdir}*" 1
5925 echo Expecting to find 1 ^encrypted+immutable file
5926 look_for_files "^Encrypted,Immutable" 0 "$DIR/${tdir}*" 1
5927 echo Expecting to find 1 ^encrypted+immutable file
5928 look_for_files "^Ei" 0 "$DIR/${tdir}*" 1
5930 echo Expecting to find 1 ^encrypted+^immutable file
5931 look_for_files "^Encrypted,^Immutable" 0 "$DIR/${tdir}*" 1
5932 echo Expecting to find 1 ^encrypted+^immutable file
5933 look_for_files "^E^i" 0 "$DIR/${tdir}*" 1
5935 run_test 65 "lfs find -printf %La and --attrs support"
5937 log "cleanup: ======================================================"
5940 for ((num = 1; num <= $MDSCOUNT; num++)); do
5941 if [[ "${identity_old[$num]}" == 1 ]]; then
5942 switch_identity $num false || identity_old[$num]=$?
5946 $RUNAS_CMD -u $ID0 ls $DIR
5947 $RUNAS_CMD -u $ID1 ls $DIR
5951 complete_test $SECONDS
5952 check_and_cleanup_lustre