3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
11 LUSTRE=${LUSTRE:-$(dirname $0)/..}
12 . $LUSTRE/tests/test-framework.sh
17 ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT "
18 # bug number for skipped test:
20 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
22 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
24 NODEMAP_TESTS=$(seq 7 26)
26 if ! check_versions; then
27 echo "It is NOT necessary to test nodemap under interoperation mode"
28 EXCEPT="$EXCEPT $NODEMAP_TESTS"
33 RUNAS_CMD=${RUNAS_CMD:-runas}
35 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
38 PERM_CONF=$CONFDIR/perm.conf
40 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
41 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
43 require_dsh_mds || exit 0
44 require_dsh_ost || exit 0
46 clients=${CLIENTS//,/ }
47 num_clients=$(get_node_count ${clients})
48 clients_arr=($clients)
50 echo "was USER0=$(getent passwd | grep :${ID0:-500}:)"
51 echo "was USER1=$(getent passwd | grep :${ID1:-501}:)"
56 echo "now USER0=$USER0=$ID0:$(id -g $USER0), USER1=$USER1=$ID1:$(id -g $USER1)"
58 if [ "$SLOW" == "yes" ]; then
61 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
66 NODEMAP_IPADDR_LIST="1 250"
69 NODEMAP_MAX_ID=$((ID0 + NODEMAP_ID_COUNT))
72 skip "need to add user0 ($ID0:$ID0)" && exit 0
75 skip "need to add user1 ($ID1:$ID1)" && exit 0
77 IDBASE=${IDBASE:-60000}
79 # changes to mappings must be reflected in test 23
81 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
82 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
85 check_and_setup_lustre
90 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
91 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
93 echo "with GSS support"
96 echo "without GSS support"
99 MDT=$(mdtname_from_index 0 $MOUNT)
100 [[ -z "$MDT" ]] && error "fail to get MDT0000 device name" && exit 1
101 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
102 IDENTITY_FLUSH=mdt.$MDT.identity_flush
111 if ! $RUNAS_CMD -u $user krb5_login.sh; then
112 error "$user login kerberos failed."
116 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
117 $RUNAS_CMD -u $user lfs flushctx -k
118 $RUNAS_CMD -u $user krb5_login.sh
119 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
120 error "init $user $group failed."
126 declare -a identity_old
129 for ((num = 1; num <= $MDSCOUNT; num++)); do
130 switch_identity $num true || identity_old[$num]=$?
133 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
134 sec_login $USER0 $USER0
137 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
138 sec_login $USER1 $USER1
143 # run as different user
147 chmod 0755 $DIR || error "chmod (1)"
148 rm -rf $DIR/$tdir || error "rm (1)"
149 mkdir -p $DIR/$tdir || error "mkdir (1)"
150 chown $USER0 $DIR/$tdir || error "chown (2)"
151 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
152 rm -f $DIR/f0 || error "rm (2)"
153 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
154 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
155 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
156 touch $DIR/$tdir/f3 || error "touch (4)"
157 chown root $DIR/$tdir || error "chown (3)"
158 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
159 chmod 0775 $DIR/$tdir || error "chmod (2)"
160 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
161 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
162 touch $DIR/$tdir/f6 || error "touch (7)"
163 rm -rf $DIR/$tdir || error "rm (3)"
165 run_test 0 "uid permission ============================="
169 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
172 mkdir_on_mdt0 $DIR/$tdir
174 chown $USER0 $DIR/$tdir || error "chown (1)"
175 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
176 echo "enable uid $ID1 setuid"
177 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
178 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
179 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
181 chown root $DIR/$tdir || error "chown (4)"
182 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
183 chmod 0770 $DIR/$tdir || error "chmod (6)"
184 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
185 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
186 echo "enable uid $ID1 setuid,setgid"
187 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
188 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
189 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
191 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
196 do_facet $SINGLEMDS "rm -f $PERM_CONF"
197 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
199 run_test 1 "setuid/gid ============================="
201 # bug 3285 - supplementary group should always succeed.
202 # NB: the supplementary groups are set for local client only,
203 # as for remote client, the groups of the specified uid on MDT
204 # will be obtained by upcall /usr/sbin/l_getidentity and used.
206 [[ "$MDS1_VERSION" -ge $(version_code 2.6.93) ]] ||
207 [[ "$MDS1_VERSION" -ge $(version_code 2.5.35) &&
208 "$MDS1_VERSION" -lt $(version_code 2.5.50) ]] ||
209 skip "Need MDS version at least 2.6.93 or 2.5.35"
212 mkdir_on_mdt0 -p $DIR/$tdir
213 chmod 0771 $DIR/$tdir
214 chgrp $ID0 $DIR/$tdir
215 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
216 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
217 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
218 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
219 error "setgroups (2)"
220 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
223 do_facet $SINGLEMDS "rm -f $PERM_CONF"
224 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
226 run_test 4 "set supplementary group ==============="
232 squash_id default 99 0
233 wait_nm_sync default squash_uid '' inactive
234 squash_id default 99 1
235 wait_nm_sync default squash_gid '' inactive
236 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
237 local csum=${HOSTNAME_CHECKSUM}_${i}
239 do_facet mgs $LCTL nodemap_add $csum
241 if [ $rc -ne 0 ]; then
242 echo "nodemap_add $csum failed with $rc"
246 wait_update_facet --verbose mgs \
247 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
248 grep -c $csum || true" 1 30 ||
251 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
252 local csum=${HOSTNAME_CHECKSUM}_${i}
254 wait_nm_sync $csum id '' inactive
262 for ((i = 0; i < NODEMAP_COUNT; i++)); do
263 local csum=${HOSTNAME_CHECKSUM}_${i}
265 if ! do_facet mgs $LCTL nodemap_del $csum; then
266 error "nodemap_del $csum failed with $?"
270 wait_update_facet --verbose mgs \
271 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
272 grep -c $csum || true" 0 30 ||
275 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
276 local csum=${HOSTNAME_CHECKSUM}_${i}
278 wait_nm_sync $csum id '' inactive
285 local cmd="$LCTL nodemap_add_range"
289 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
290 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
291 if ! do_facet mgs $cmd --name $1 --range $range; then
300 local cmd="$LCTL nodemap_del_range"
304 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
305 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
306 if ! do_facet mgs $cmd --name $1 --range $range; then
316 local cmd="$LCTL nodemap_add_idmap"
320 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
322 echo "Start to add idmaps ..."
323 for ((i = 0; i < NODEMAP_COUNT; i++)); do
326 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
327 local csum=${HOSTNAME_CHECKSUM}_${i}
329 local fs_id=$((j + 1))
331 if ! do_facet mgs $cmd --name $csum --idtype uid \
332 --idmap $client_id:$fs_id; then
335 if ! do_facet mgs $cmd --name $csum --idtype gid \
336 --idmap $client_id:$fs_id; then
340 if ! do_facet mgs $cmd --name $csum \
341 --idtype projid --idmap \
342 $client_id:$fs_id; then
352 update_idmaps() { #LU-10040
353 [ "$MGS_VERSION" -lt $(version_code 2.10.55) ] &&
354 skip "Need MGS >= 2.10.55"
356 local csum=${HOSTNAME_CHECKSUM}_0
357 local old_id_client=$ID0
358 local old_id_fs=$((ID0 + 1))
359 local new_id=$((ID0 + 100))
364 echo "Start to update idmaps ..."
366 #Inserting an existed idmap should return error
367 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
369 $cmd --idmap $old_id_client:$old_id_fs 2>/dev/null; then
370 error "insert idmap {$old_id_client:$old_id_fs} " \
371 "should return error"
376 #Update id_fs and check it
377 if ! do_facet mgs $cmd --idmap $old_id_client:$new_id; then
378 error "$cmd --idmap $old_id_client:$new_id failed"
382 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
383 awk '{ print $7 }' | sed -n '2p')
384 [ $tmp_id != $new_id ] && { error "new id_fs $tmp_id != $new_id"; \
385 rc=$((rc + 1)); return $rc; }
387 #Update id_client and check it
388 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
389 error "$cmd --idmap $new_id:$new_id failed"
393 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
394 awk '{ print $5 }' | sed -n "$((NODEMAP_ID_COUNT + 1)) p")
395 tmp_id=$(echo ${tmp_id%,*}) #e.g. "501,"->"501"
396 [ $tmp_id != $new_id ] && { error "new id_client $tmp_id != $new_id"; \
397 rc=$((rc + 1)); return $rc; }
399 #Delete above updated idmap
400 cmd="$LCTL nodemap_del_idmap --name $csum --idtype uid"
401 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
402 error "$cmd --idmap $new_id:$new_id failed"
407 #restore the idmaps to make delete_idmaps work well
408 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
409 if ! do_facet mgs $cmd --idmap $old_id_client:$old_id_fs; then
410 error "$cmd --idmap $old_id_client:$old_id_fs failed"
420 local cmd="$LCTL nodemap_del_idmap"
424 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
426 echo "Start to delete idmaps ..."
427 for ((i = 0; i < NODEMAP_COUNT; i++)); do
430 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
431 local csum=${HOSTNAME_CHECKSUM}_${i}
433 local fs_id=$((j + 1))
435 if ! do_facet mgs $cmd --name $csum --idtype uid \
436 --idmap $client_id:$fs_id; then
439 if ! do_facet mgs $cmd --name $csum --idtype gid \
440 --idmap $client_id:$fs_id; then
444 if ! do_facet mgs $cmd --name $csum \
445 --idtype projid --idmap \
446 $client_id:$fs_id; then
460 local cmd="$LCTL nodemap_modify"
463 proc[0]="admin_nodemap"
464 proc[1]="trusted_nodemap"
468 for ((idx = 0; idx < 2; idx++)); do
469 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
474 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
484 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
485 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
489 cmd[0]="$LCTL nodemap_modify --property squash_uid"
490 cmd[1]="$LCTL nodemap_modify --property squash_gid"
491 cmd[2]="$LCTL nodemap_modify --property squash_projid"
493 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
498 # ensure that the squash defaults are the expected defaults
499 squash_id default 99 0
500 wait_nm_sync default squash_uid '' inactive
501 squash_id default 99 1
502 wait_nm_sync default squash_gid '' inactive
503 if [ "$MDS1_VERSION" -ge $(version_code 2.14.50) ]; then
504 squash_id default 99 2
505 wait_nm_sync default squash_projid '' inactive
511 cmd="$LCTL nodemap_test_nid"
513 nid=$(do_facet mgs $cmd $1)
515 if [ $nid == $2 ]; then
523 # restore activation state
524 do_facet mgs $LCTL nodemap_activate 0
530 local cmd="$LCTL nodemap_test_id"
533 echo "Start to test idmaps ..."
534 ## nodemap deactivated
535 if ! do_facet mgs $LCTL nodemap_activate 0; then
538 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
541 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
542 local nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
543 local fs_id=$(do_facet mgs $cmd --nid $nid \
544 --idtype uid --id $id)
545 if [ $fs_id != $id ]; then
546 echo "expected $id, got $fs_id"
553 if ! do_facet mgs $LCTL nodemap_activate 1; then
557 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
558 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
559 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
560 fs_id=$(do_facet mgs $cmd --nid $nid \
561 --idtype uid --id $id)
562 expected_id=$((id + 1))
563 if [ $fs_id != $expected_id ]; then
564 echo "expected $expected_id, got $fs_id"
571 for ((i = 0; i < NODEMAP_COUNT; i++)); do
572 local csum=${HOSTNAME_CHECKSUM}_${i}
574 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
575 --property trusted --value 1; then
576 error "nodemap_modify $csum failed with $?"
581 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
582 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
583 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
584 fs_id=$(do_facet mgs $cmd --nid $nid \
585 --idtype uid --id $id)
586 if [ $fs_id != $id ]; then
587 echo "expected $id, got $fs_id"
593 ## ensure allow_root_access is enabled
594 for ((i = 0; i < NODEMAP_COUNT; i++)); do
595 local csum=${HOSTNAME_CHECKSUM}_${i}
597 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
598 --property admin --value 1; then
599 error "nodemap_modify $csum failed with $?"
604 ## check that root allowed
605 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
606 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
607 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
608 if [ $fs_id != 0 ]; then
609 echo "root allowed expected 0, got $fs_id"
614 ## ensure allow_root_access is disabled
615 for ((i = 0; i < NODEMAP_COUNT; i++)); do
616 local csum=${HOSTNAME_CHECKSUM}_${i}
618 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
619 --property admin --value 0; then
620 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
626 ## check that root is mapped to 99
627 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
628 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
629 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
630 if [ $fs_id != 99 ]; then
631 error "root squash expected 99, got $fs_id"
636 ## reset client trust to 0
637 for ((i = 0; i < NODEMAP_COUNT; i++)); do
638 if ! do_facet mgs $LCTL nodemap_modify \
639 --name ${HOSTNAME_CHECKSUM}_${i} \
640 --property trusted --value 0; then
641 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
653 remote_mgs_nodsh && skip "remote MGS with nodsh"
654 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
655 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
659 [[ $rc != 0 ]] && error "nodemap_add failed with $rc"
663 [[ $rc != 0 ]] && error "nodemap_del failed with $rc"
667 run_test 7 "nodemap create and delete"
672 remote_mgs_nodsh && skip "remote MGS with nodsh"
673 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
674 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
680 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
686 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
692 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
696 run_test 8 "nodemap reject duplicates"
702 remote_mgs_nodsh && skip "remote MGS with nodsh"
703 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
704 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
709 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
712 for ((i = 0; i < NODEMAP_COUNT; i++)); do
713 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
717 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
720 for ((i = 0; i < NODEMAP_COUNT; i++)); do
721 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
725 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
730 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
734 run_test 9 "nodemap range add"
739 remote_mgs_nodsh && skip "remote MGS with nodsh"
740 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
741 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
746 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
749 for ((i = 0; i < NODEMAP_COUNT; i++)); do
750 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
754 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
757 for ((i = 0; i < NODEMAP_COUNT; i++)); do
758 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
762 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
767 for ((i = 0; i < NODEMAP_COUNT; i++)); do
768 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
772 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
776 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 5
780 run_test 10a "nodemap reject duplicate ranges"
783 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
784 skip "Need MGS >= 2.10.53"
788 local nids="192.168.19.[0-255]@o2ib20"
790 do_facet mgs $LCTL nodemap_del $nm1 2>/dev/null
791 do_facet mgs $LCTL nodemap_del $nm2 2>/dev/null
793 do_facet mgs $LCTL nodemap_add $nm1 || error "Add $nm1 failed"
794 do_facet mgs $LCTL nodemap_add $nm2 || error "Add $nm2 failed"
795 do_facet mgs $LCTL nodemap_add_range --name $nm1 --range $nids ||
796 error "Add range $nids to $nm1 failed"
797 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
798 grep start_nid)" ] || error "No range was found"
799 do_facet mgs $LCTL nodemap_del_range --name $nm2 --range $nids &&
800 error "Deleting range $nids from $nm2 should fail"
801 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
802 grep start_nid)" ] || error "Range $nids should be there"
804 do_facet mgs $LCTL nodemap_del $nm1 || error "Delete $nm1 failed"
805 do_facet mgs $LCTL nodemap_del $nm2 || error "Delete $nm2 failed"
808 run_test 10b "delete range from the correct nodemap"
810 test_10c() { #LU-8912
811 [ "$MGS_VERSION" -lt $(version_code 2.10.57) ] &&
812 skip "Need MGS >= 2.10.57"
814 local nm="nodemap_lu8912"
815 local nid_range="10.210.[32-47].[0-255]@o2ib3"
816 local start_nid="10.210.32.0@o2ib3"
817 local end_nid="10.210.47.255@o2ib3"
818 local start_nid_found
821 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
822 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
823 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
824 error "Add range $nid_range to $nm failed"
826 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
827 awk -F '[,: ]' /start_nid/'{ print $9 }')
828 [ "$start_nid" == "$start_nid_found" ] ||
829 error "start_nid: $start_nid_found != $start_nid"
830 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
831 awk -F '[,: ]' /end_nid/'{ print $13 }')
832 [ "$end_nid" == "$end_nid_found" ] ||
833 error "end_nid: $end_nid_found != $end_nid"
835 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
838 run_test 10c "verfify contiguous range support"
840 test_10d() { #LU-8913
841 [ "$MGS_VERSION" -lt $(version_code 2.10.59) ] &&
842 skip "Need MGS >= 2.10.59"
844 local nm="nodemap_lu8913"
845 local nid_range="*@o2ib3"
846 local start_nid="0.0.0.0@o2ib3"
847 local end_nid="255.255.255.255@o2ib3"
848 local start_nid_found
851 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
852 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
853 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
854 error "Add range $nid_range to $nm failed"
856 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
857 awk -F '[,: ]' /start_nid/'{ print $9 }')
858 [ "$start_nid" == "$start_nid_found" ] ||
859 error "start_nid: $start_nid_found != $start_nid"
860 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
861 awk -F '[,: ]' /end_nid/'{ print $13 }')
862 [ "$end_nid" == "$end_nid_found" ] ||
863 error "end_nid: $end_nid_found != $end_nid"
865 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
868 run_test 10d "verfify nodemap range format '*@<net>' support"
873 remote_mgs_nodsh && skip "remote MGS with nodsh"
874 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
875 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
880 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
883 for ((i = 0; i < NODEMAP_COUNT; i++)); do
884 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
888 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
893 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
897 run_test 11 "nodemap modify"
902 remote_mgs_nodsh && skip "remote MGS with nodsh"
903 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
904 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
909 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
912 for ((i = 0; i < NODEMAP_COUNT; i++)); do
913 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
917 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
920 for ((i = 0; i < NODEMAP_COUNT; i++)); do
921 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
925 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
928 if (( $MDS1_VERSION >= $(version_code 2.14.52) )); then
929 for ((i = 0; i < NODEMAP_COUNT; i++)); do
930 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 2; then
935 [[ $rc != 0 ]] && error "nodemap squash_projid with $rc" && return 5
940 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
944 run_test 12 "nodemap set squash ids"
949 remote_mgs_nodsh && skip "remote MGS with nodsh"
950 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
951 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
956 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
959 for ((i = 0; i < NODEMAP_COUNT; i++)); do
960 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
964 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
967 for ((i = 0; i < NODEMAP_COUNT; i++)); do
968 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
969 for k in $NODEMAP_IPADDR_LIST; do
970 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
971 ${HOSTNAME_CHECKSUM}_${i}; then
977 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
982 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
986 run_test 13 "test nids"
991 remote_mgs_nodsh && skip "remote MGS with nodsh"
992 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
993 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
998 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1001 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1002 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
1003 for k in $NODEMAP_IPADDR_LIST; do
1004 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
1011 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
1016 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
1020 run_test 14 "test default nodemap nid lookup"
1025 remote_mgs_nodsh && skip "remote MGS with nodsh"
1026 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1027 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1032 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1034 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
1035 local csum=${HOSTNAME_CHECKSUM}_${i}
1037 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1038 --property admin --value 0; then
1041 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1042 --property trusted --value 0; then
1046 [[ $rc != 0 ]] && error "nodemap_modify failed with $rc" && return 1
1049 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1050 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
1054 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
1059 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
1061 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
1062 if [[ "$activedefault" != "1" ]]; then
1063 stack_trap cleanup_active EXIT
1069 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
1074 [[ $rc != 0 ]] && error "update_idmaps failed with $rc" && return 5
1079 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 6
1084 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 7
1088 run_test 15 "test id mapping"
1090 create_fops_nodemaps() {
1093 for client in $clients; do
1094 local client_ip=$(host_nids_address $client $NETTYPE)
1095 local client_nid=$(h2nettype $client_ip)
1096 do_facet mgs $LCTL nodemap_add c${i} || return 1
1097 do_facet mgs $LCTL nodemap_add_range \
1098 --name c${i} --range $client_nid || return 1
1099 for map in ${FOPS_IDMAPS[i]}; do
1100 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1101 --idtype uid --idmap ${map} || return 1
1102 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1103 --idtype gid --idmap ${map} || return 1
1106 wait_nm_sync c$i idmap
1113 delete_fops_nodemaps() {
1116 for client in $clients; do
1117 do_facet mgs $LCTL nodemap_del c${i} || return 1
1125 if [ $MDSCOUNT -le 1 ]; then
1126 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1128 # round-robin MDTs to test DNE nodemap support
1129 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1130 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1131 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1132 ((fops_mds_index++))
1136 # acl test directory needs to be initialized on a privileged client
1138 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1139 local trust=$(do_facet mgs $LCTL get_param -n \
1140 nodemap.c0.trusted_nodemap)
1142 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1143 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1145 wait_nm_sync c0 admin_nodemap
1146 wait_nm_sync c0 trusted_nodemap
1148 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1150 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1152 do_facet mgs $LCTL nodemap_modify --name c0 \
1153 --property admin --value $admin
1154 do_facet mgs $LCTL nodemap_modify --name c0 \
1155 --property trusted --value $trust
1157 # flush MDT locks to make sure they are reacquired before test
1158 do_node ${clients_arr[0]} $LCTL set_param \
1159 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1161 wait_nm_sync c0 admin_nodemap
1162 wait_nm_sync c0 trusted_nodemap
1165 # fileset test directory needs to be initialized on a privileged client
1166 fileset_test_setup() {
1169 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1170 cleanup_mount $MOUNT
1171 FILESET="" zconf_mount_clients $CLIENTS $MOUNT
1174 local admin=$(do_facet mgs $LCTL get_param -n \
1175 nodemap.${nm}.admin_nodemap)
1176 local trust=$(do_facet mgs $LCTL get_param -n \
1177 nodemap.${nm}.trusted_nodemap)
1179 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1180 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1183 wait_nm_sync $nm admin_nodemap
1184 wait_nm_sync $nm trusted_nodemap
1186 # create directory and populate it for subdir mount
1187 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir ||
1188 error "unable to create dir $MOUNT/$subdir"
1189 do_node ${clients_arr[0]} touch $MOUNT/$subdir/this_is_$subdir ||
1190 error "unable to create file $MOUNT/$subdir/this_is_$subdir"
1191 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir/$subsubdir ||
1192 error "unable to create dir $MOUNT/$subdir/$subsubdir"
1193 do_node ${clients_arr[0]} touch \
1194 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir ||
1195 error "unable to create file \
1196 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir"
1198 do_facet mgs $LCTL nodemap_modify --name $nm \
1199 --property admin --value $admin
1200 do_facet mgs $LCTL nodemap_modify --name $nm \
1201 --property trusted --value $trust
1203 # flush MDT locks to make sure they are reacquired before test
1204 do_node ${clients_arr[0]} $LCTL set_param \
1205 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1207 wait_nm_sync $nm admin_nodemap
1208 wait_nm_sync $nm trusted_nodemap
1211 # fileset test directory needs to be initialized on a privileged client
1212 fileset_test_cleanup() {
1214 local admin=$(do_facet mgs $LCTL get_param -n \
1215 nodemap.${nm}.admin_nodemap)
1216 local trust=$(do_facet mgs $LCTL get_param -n \
1217 nodemap.${nm}.trusted_nodemap)
1219 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1220 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1223 wait_nm_sync $nm admin_nodemap
1224 wait_nm_sync $nm trusted_nodemap
1226 # cleanup directory created for subdir mount
1227 do_node ${clients_arr[0]} rm -rf $MOUNT/$subdir ||
1228 error "unable to remove dir $MOUNT/$subdir"
1230 do_facet mgs $LCTL nodemap_modify --name $nm \
1231 --property admin --value $admin
1232 do_facet mgs $LCTL nodemap_modify --name $nm \
1233 --property trusted --value $trust
1235 # flush MDT locks to make sure they are reacquired before test
1236 do_node ${clients_arr[0]} $LCTL set_param \
1237 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1239 wait_nm_sync $nm admin_nodemap
1240 wait_nm_sync $nm trusted_nodemap
1241 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1242 cleanup_mount $MOUNT
1243 zconf_mount_clients $CLIENTS $MOUNT
1247 do_create_delete() {
1250 local testfile=$DIR/$tdir/$tfile
1254 if $run_u touch $testfile >& /dev/null; then
1256 $run_u rm $testfile && d=1
1260 local expected=$(get_cr_del_expected $key)
1261 [ "$res" != "$expected" ] &&
1262 error "test $key, wanted $expected, got $res" && rc=$((rc + 1))
1266 nodemap_check_quota() {
1268 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1271 do_fops_quota_test() {
1273 # fuzz quota used to account for possible indirect blocks, etc
1274 local quota_fuzz=$(fs_log_size)
1275 local qused_orig=$(nodemap_check_quota "$run_u")
1276 local qused_high=$((qused_orig + quota_fuzz))
1277 local qused_low=$((qused_orig - quota_fuzz))
1278 local testfile=$DIR/$tdir/$tfile
1279 $run_u dd if=/dev/zero of=$testfile oflag=sync bs=1M count=1 \
1280 >& /dev/null || error "unable to write quota test file"
1281 sync; sync_all_data || true
1283 local qused_new=$(nodemap_check_quota "$run_u")
1284 [ $((qused_new)) -lt $((qused_low + 1024)) -o \
1285 $((qused_new)) -gt $((qused_high + 1024)) ] &&
1286 error "$qused_new != $qused_orig + 1M after write, " \
1287 "fuzz is $quota_fuzz"
1288 $run_u rm $testfile || error "unable to remove quota test file"
1289 wait_delete_completed_mds
1291 qused_new=$(nodemap_check_quota "$run_u")
1292 [ $((qused_new)) -lt $((qused_low)) \
1293 -o $((qused_new)) -gt $((qused_high)) ] &&
1294 error "quota not reclaimed, expect $qused_orig, " \
1295 "got $qused_new, fuzz $quota_fuzz"
1298 get_fops_mapped_user() {
1301 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1302 for map in ${FOPS_IDMAPS[i]}; do
1303 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1304 cut -d: -f2 <<< "$map"
1312 get_cr_del_expected() {
1314 IFS=":" read -a key <<< "$1"
1315 local mapmode="${key[0]}"
1316 local mds_user="${key[1]}"
1317 local cluster="${key[2]}"
1318 local cli_user="${key[3]}"
1319 local mode="0${key[4]}"
1326 [[ $mapmode == *mapped* ]] && mapped=1
1327 # only c1 is mapped in these test cases
1328 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1329 [[ $mapmode == *noadmin* ]] && noadmin=1
1331 # o+wx works as long as the user isn't mapped
1332 if [ $((mode & 3)) -eq 3 ]; then
1336 # if client user is root, check if root is squashed
1337 if [ "$cli_user" == "0" ]; then
1338 # squash root succeed, if other bit is on
1341 1) [ "$other" == "1" ] && echo $SUCCESS
1342 [ "$other" == "0" ] && echo $FAILURE;;
1346 if [ "$mapped" == "0" ]; then
1347 [ "$other" == "1" ] && echo $SUCCESS
1348 [ "$other" == "0" ] && echo $FAILURE
1352 # if mapped user is mds user, check for u+wx
1353 mapped_user=$(get_fops_mapped_user $cli_user)
1354 [ "$mapped_user" == "-1" ] &&
1355 error "unable to find mapping for client user $cli_user"
1357 if [ "$mapped_user" == "$mds_user" -a \
1358 $(((mode & 0300) == 0300)) -eq 1 ]; then
1362 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1369 test_fops_admin_cli_i=""
1370 test_fops_chmod_dir() {
1371 local current_cli_i=$1
1373 local dir_to_chmod=$3
1374 local new_admin_cli_i=""
1376 # do we need to set up a new admin client?
1377 [ "$current_cli_i" == "0" ] && [ "$test_fops_admin_cli_i" != "1" ] &&
1379 [ "$current_cli_i" != "0" ] && [ "$test_fops_admin_cli_i" != "0" ] &&
1382 # if only one client, and non-admin, need to flip admin everytime
1383 if [ "$num_clients" == "1" ]; then
1384 test_fops_admin_client=$clients
1385 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1386 nodemap.c0.admin_nodemap)
1387 if [ "$test_fops_admin_val" != "1" ]; then
1388 do_facet mgs $LCTL nodemap_modify \
1392 wait_nm_sync c0 admin_nodemap
1394 elif [ "$new_admin_cli_i" != "" ]; then
1395 # restore admin val to old admin client
1396 if [ "$test_fops_admin_cli_i" != "" ] &&
1397 [ "$test_fops_admin_val" != "1" ]; then
1398 do_facet mgs $LCTL nodemap_modify \
1399 --name c${test_fops_admin_cli_i} \
1401 --value $test_fops_admin_val
1402 wait_nm_sync c${test_fops_admin_cli_i} admin_nodemap
1405 test_fops_admin_cli_i=$new_admin_cli_i
1406 test_fops_admin_client=${clients_arr[$new_admin_cli_i]}
1407 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1408 nodemap.c${new_admin_cli_i}.admin_nodemap)
1410 if [ "$test_fops_admin_val" != "1" ]; then
1411 do_facet mgs $LCTL nodemap_modify \
1412 --name c${new_admin_cli_i} \
1415 wait_nm_sync c${new_admin_cli_i} admin_nodemap
1419 do_node $test_fops_admin_client chmod $perm_bits $DIR/$tdir || return 1
1421 # remove admin for single client if originally non-admin
1422 if [ "$num_clients" == "1" ] && [ "$test_fops_admin_val" != "1" ]; then
1423 do_facet mgs $LCTL nodemap_modify --name c0 --property admin \
1425 wait_nm_sync c0 admin_nodemap
1433 local single_client="$2"
1434 local client_user_list=([0]="0 $((IDBASE+3))"
1435 [1]="0 $((IDBASE+5))")
1436 local mds_users="-1 0"
1439 local perm_bit_list="3 $((0300))"
1440 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1441 if [ "$SLOW" == "yes" ]; then
1442 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1444 client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1445 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1446 mds_users="-1 0 1 2"
1449 # force single_client to speed up test
1450 [ "$SLOW" == "yes" ] ||
1452 # step through mds users. -1 means root
1453 for mds_i in $mds_users; do
1454 local user=$((mds_i + IDBASE))
1458 [ "$mds_i" == "-1" ] && user=0
1460 echo mkdir -p $DIR/$tdir
1463 for client in $clients; do
1465 for u in ${client_user_list[$cli_i]}; do
1466 local run_u="do_node $client \
1467 $RUNAS_CMD -u$u -g$u -G$u"
1468 for perm_bits in $perm_bit_list; do
1469 local mode=$(printf %03o $perm_bits)
1471 key="$mapmode:$user:c$cli_i:$u:$mode"
1472 test_fops_chmod_dir $cli_i $mode \
1474 error cannot chmod $key
1475 do_create_delete "$run_u" "$key"
1479 test_fops_chmod_dir $cli_i 777 $DIR/$tdir ||
1480 error cannot chmod $key
1481 do_fops_quota_test "$run_u"
1484 cli_i=$((cli_i + 1))
1485 [ "$single_client" == "1" ] && break
1492 nodemap_version_check () {
1493 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1494 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1495 skip "No nodemap on $MGS_VERSION MGS < 2.5.53" &&
1500 nodemap_test_setup() {
1502 local active_nodemap=1
1504 [ "$1" == "0" ] && active_nodemap=0
1506 do_nodes $(comma_list $(all_mdts_nodes)) \
1507 $LCTL set_param mdt.*.identity_upcall=NONE
1510 create_fops_nodemaps
1512 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1514 do_facet mgs $LCTL nodemap_activate $active_nodemap
1517 do_facet mgs $LCTL nodemap_modify --name default \
1518 --property admin --value 1
1519 wait_nm_sync default admin_nodemap
1520 do_facet mgs $LCTL nodemap_modify --name default \
1521 --property trusted --value 1
1522 wait_nm_sync default trusted_nodemap
1525 nodemap_test_cleanup() {
1527 delete_fops_nodemaps
1529 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1531 do_facet mgs $LCTL nodemap_modify --name default \
1532 --property admin --value 0
1533 wait_nm_sync default admin_nodemap
1534 do_facet mgs $LCTL nodemap_modify --name default \
1535 --property trusted --value 0
1536 wait_nm_sync default trusted_nodemap
1538 do_facet mgs $LCTL nodemap_activate 0
1539 wait_nm_sync active 0
1541 export SK_UNIQUE_NM=false
1545 nodemap_clients_admin_trusted() {
1549 for client in $clients; do
1550 do_facet mgs $LCTL nodemap_modify --name c0 \
1551 --property admin --value $admin
1552 do_facet mgs $LCTL nodemap_modify --name c0 \
1553 --property trusted --value $tr
1556 wait_nm_sync c$((i - 1)) admin_nodemap
1557 wait_nm_sync c$((i - 1)) trusted_nodemap
1561 nodemap_version_check || return 0
1562 nodemap_test_setup 0
1564 trap nodemap_test_cleanup EXIT
1566 nodemap_test_cleanup
1568 run_test 16 "test nodemap all_off fileops"
1572 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1573 skip "Need MDS >= 2.11.55"
1575 local check_proj=true
1577 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || check_proj=false
1579 nodemap_version_check || return 0
1582 trap nodemap_test_cleanup EXIT
1583 nodemap_clients_admin_trusted 0 1
1584 test_fops trusted_noadmin 1
1585 if $check_proj; then
1586 do_facet mgs $LCTL nodemap_modify --name c0 \
1587 --property map_mode --value projid
1588 wait_nm_sync c0 map_mode
1590 test_fops trusted_noadmin 1
1591 nodemap_test_cleanup
1593 run_test 17 "test nodemap trusted_noadmin fileops"
1597 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1598 skip "Need MDS >= 2.11.55"
1601 nodemap_version_check || return 0
1604 trap nodemap_test_cleanup EXIT
1605 nodemap_clients_admin_trusted 0 0
1606 test_fops mapped_noadmin 1
1607 nodemap_test_cleanup
1609 run_test 18 "test nodemap mapped_noadmin fileops"
1613 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1614 skip "Need MDS >= 2.11.55"
1617 nodemap_version_check || return 0
1620 trap nodemap_test_cleanup EXIT
1621 nodemap_clients_admin_trusted 1 1
1622 test_fops trusted_admin 1
1623 nodemap_test_cleanup
1625 run_test 19 "test nodemap trusted_admin fileops"
1629 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1630 skip "Need MDS >= 2.11.55"
1633 nodemap_version_check || return 0
1636 trap nodemap_test_cleanup EXIT
1637 nodemap_clients_admin_trusted 1 0
1638 test_fops mapped_admin 1
1639 nodemap_test_cleanup
1641 run_test 20 "test nodemap mapped_admin fileops"
1645 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1646 skip "Need MDS >= 2.11.55"
1649 nodemap_version_check || return 0
1652 trap nodemap_test_cleanup EXIT
1655 for client in $clients; do
1656 do_facet mgs $LCTL nodemap_modify --name c${i} \
1657 --property admin --value 0
1658 do_facet mgs $LCTL nodemap_modify --name c${i} \
1659 --property trusted --value $x
1663 wait_nm_sync c$((i - 1)) trusted_nodemap
1665 test_fops mapped_trusted_noadmin
1666 nodemap_test_cleanup
1668 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1672 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1673 skip "Need MDS >= 2.11.55"
1676 nodemap_version_check || return 0
1679 trap nodemap_test_cleanup EXIT
1682 for client in $clients; do
1683 do_facet mgs $LCTL nodemap_modify --name c${i} \
1684 --property admin --value 1
1685 do_facet mgs $LCTL nodemap_modify --name c${i} \
1686 --property trusted --value $x
1690 wait_nm_sync c$((i - 1)) trusted_nodemap
1692 test_fops mapped_trusted_admin
1693 nodemap_test_cleanup
1695 run_test 22 "test nodemap mapped_trusted_admin fileops"
1697 # acl test directory needs to be initialized on a privileged client
1698 nodemap_acl_test_setup() {
1699 local admin=$(do_facet mgs $LCTL get_param -n \
1700 nodemap.c0.admin_nodemap)
1701 local trust=$(do_facet mgs $LCTL get_param -n \
1702 nodemap.c0.trusted_nodemap)
1704 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1705 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1707 wait_nm_sync c0 admin_nodemap
1708 wait_nm_sync c0 trusted_nodemap
1710 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1712 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1713 error unable to chmod a+rwx test dir $DIR/$tdir
1715 do_facet mgs $LCTL nodemap_modify --name c0 \
1716 --property admin --value $admin
1717 do_facet mgs $LCTL nodemap_modify --name c0 \
1718 --property trusted --value $trust
1720 wait_nm_sync c0 trusted_nodemap
1723 # returns 0 if the number of ACLs does not change on the second (mapped) client
1724 # after being set on the first client
1725 nodemap_acl_test() {
1727 local set_client="$2"
1728 local get_client="$3"
1729 local check_setfacl="$4"
1730 local setfacl_error=0
1731 local testfile=$DIR/$tdir/$tfile
1732 local RUNAS_USER="$RUNAS_CMD -u $user"
1734 local acl_count_post=0
1736 nodemap_acl_test_setup
1739 do_node $set_client $RUNAS_USER touch $testfile
1741 # ACL masks aren't filtered by nodemap code, so we ignore them
1742 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1744 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1747 # if check setfacl is set to 1, then it's supposed to error
1748 if [ "$check_setfacl" == "1" ]; then
1749 [ "$setfacl_error" != "1" ] && return 1
1752 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1754 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1756 [ $acl_count -eq $acl_count_post ] && return 0
1761 [ $num_clients -lt 2 ] && skip "Need 2 clients at least" && return
1762 nodemap_version_check || return 0
1765 trap nodemap_test_cleanup EXIT
1766 # 1 trusted cluster, 1 mapped cluster
1767 local unmapped_fs=$((IDBASE+0))
1768 local unmapped_c1=$((IDBASE+5))
1769 local mapped_fs=$((IDBASE+2))
1770 local mapped_c0=$((IDBASE+4))
1771 local mapped_c1=$((IDBASE+6))
1773 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1774 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1776 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1777 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1779 wait_nm_sync c1 trusted_nodemap
1781 # setfacl on trusted cluster to unmapped user, verify it's not seen
1782 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1783 error "acl count (1)"
1785 # setfacl on trusted cluster to mapped user, verify it's seen
1786 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1787 error "acl count (2)"
1789 # setfacl on mapped cluster to mapped user, verify it's seen
1790 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1791 error "acl count (3)"
1793 # setfacl on mapped cluster to unmapped user, verify error
1794 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1795 error "acl count (4)"
1798 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1799 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1801 wait_nm_sync c0 trusted_nodemap
1803 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1804 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1805 error "acl count (5)"
1807 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1808 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1809 error "acl count (6)"
1811 nodemap_test_cleanup
1813 run_test 23a "test mapped regular ACLs"
1815 test_23b() { #LU-9929
1816 [ $num_clients -lt 2 ] && skip "Need 2 clients at least"
1817 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
1818 skip "Need MGS >= 2.10.53"
1820 export SK_UNIQUE_NM=true
1822 trap nodemap_test_cleanup EXIT
1824 local testdir=$DIR/$tdir
1825 local fs_id=$((IDBASE+10))
1830 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1831 wait_nm_sync c0 admin_nodemap
1832 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 1
1833 wait_nm_sync c1 admin_nodemap
1834 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 1
1835 wait_nm_sync c1 trusted_nodemap
1837 # Add idmap $ID0:$fs_id (500:60010)
1838 do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
1839 --idmap $ID0:$fs_id ||
1840 error "add idmap $ID0:$fs_id to nodemap c0 failed"
1841 wait_nm_sync c0 idmap
1843 # set/getfacl default acl on client 1 (unmapped gid=500)
1844 do_node ${clients_arr[0]} rm -rf $testdir
1845 do_node ${clients_arr[0]} mkdir -p $testdir
1846 # Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
1847 do_node ${clients_arr[0]} setfacl -R -d -m group:$USER0:rwx $testdir ||
1848 error "setfacl $testdir on ${clients_arr[0]} failed"
1849 unmapped_id=$(do_node ${clients_arr[0]} getfacl $testdir |
1850 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1851 [ "$unmapped_id" = "$USER0" ] ||
1852 error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
1854 # getfacl default acl on client 2 (mapped gid=60010)
1855 mapped_id=$(do_node ${clients_arr[1]} getfacl $testdir |
1856 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1857 fs_user=$(do_node ${clients_arr[1]} getent passwd |
1858 grep :$fs_id:$fs_id: | cut -d: -f1)
1859 [ -z "$fs_user" ] && fs_user=$fs_id
1860 [ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
1861 error "Should return gid=$fs_id or $fs_user on client2"
1864 nodemap_test_cleanup
1865 export SK_UNIQUE_NM=false
1867 run_test 23b "test mapped default ACLs"
1872 trap nodemap_test_cleanup EXIT
1873 do_nodes $(comma_list $(all_server_nodes)) $LCTL get_param -R nodemap
1875 nodemap_test_cleanup
1877 run_test 24 "check nodemap proc files for LBUGs and Oopses"
1880 local tmpfile=$(mktemp)
1881 local tmpfile2=$(mktemp)
1882 local tmpfile3=$(mktemp)
1883 local tmpfile4=$(mktemp)
1887 nodemap_version_check || return 0
1889 # stop clients for this test
1890 zconf_umount_clients $CLIENTS $MOUNT ||
1891 error "unable to umount clients $CLIENTS"
1893 export SK_UNIQUE_NM=true
1896 # enable trusted/admin for setquota call in cleanup_and_setup_lustre()
1898 for client in $clients; do
1899 do_facet mgs $LCTL nodemap_modify --name c${i} \
1900 --property admin --value 1
1901 do_facet mgs $LCTL nodemap_modify --name c${i} \
1902 --property trusted --value 1
1905 wait_nm_sync c$((i - 1)) trusted_nodemap
1907 trap nodemap_test_cleanup EXIT
1909 # create a new, empty nodemap, and add fileset info to it
1910 do_facet mgs $LCTL nodemap_add test25 ||
1911 error "unable to create nodemap $testname"
1912 do_facet mgs $LCTL set_param -P nodemap.$testname.fileset=/$subdir ||
1913 error "unable to add fileset info to nodemap test25"
1915 wait_nm_sync test25 id
1917 do_facet mgs $LCTL nodemap_info > $tmpfile
1918 do_facet mds $LCTL nodemap_info > $tmpfile2
1920 if ! $SHARED_KEY; then
1921 # will conflict with SK's nodemaps
1922 cleanup_and_setup_lustre
1924 # stop clients for this test
1925 zconf_umount_clients $CLIENTS $MOUNT ||
1926 error "unable to umount clients $CLIENTS"
1928 do_facet mgs $LCTL nodemap_info > $tmpfile3
1929 diff -q $tmpfile3 $tmpfile >& /dev/null ||
1930 error "nodemap_info diff on MGS after remount"
1932 do_facet mds $LCTL nodemap_info > $tmpfile4
1933 diff -q $tmpfile4 $tmpfile2 >& /dev/null ||
1934 error "nodemap_info diff on MDS after remount"
1937 do_facet mgs $LCTL nodemap_del test25 ||
1938 error "cannot delete nodemap test25 from config"
1939 nodemap_test_cleanup
1940 # restart clients previously stopped
1941 zconf_mount_clients $CLIENTS $MOUNT ||
1942 error "unable to mount clients $CLIENTS"
1944 rm -f $tmpfile $tmpfile2
1945 export SK_UNIQUE_NM=false
1947 run_test 25 "test save and reload nodemap config"
1950 nodemap_version_check || return 0
1954 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_add"
1955 wait_nm_sync c$large_i admin_nodemap
1957 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_del"
1958 wait_nm_sync c$large_i admin_nodemap
1960 run_test 26 "test transferring very large nodemap"
1962 nodemap_exercise_fileset() {
1965 local check_proj=true
1967 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || check_proj=false
1970 if [ "$nm" == "default" ]; then
1971 do_facet mgs $LCTL nodemap_activate 1
1973 do_facet mgs $LCTL nodemap_modify --name default \
1974 --property admin --value 1
1975 do_facet mgs $LCTL nodemap_modify --name default \
1976 --property trusted --value 1
1977 wait_nm_sync default admin_nodemap
1978 wait_nm_sync default trusted_nodemap
1983 if $SHARED_KEY; then
1984 export SK_UNIQUE_NM=true
1986 # will conflict with SK's nodemaps
1987 trap "fileset_test_cleanup $nm" EXIT
1989 fileset_test_setup "$nm"
1991 # add fileset info to $nm nodemap
1992 if ! combined_mgs_mds; then
1993 do_facet mgs $LCTL set_param nodemap.${nm}.fileset=/$subdir ||
1994 error "unable to add fileset info to $nm nodemap on MGS"
1996 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=/$subdir ||
1997 error "unable to add fileset info to $nm nodemap for servers"
1998 wait_nm_sync $nm fileset "nodemap.${nm}.fileset=/$subdir"
2000 if $check_proj; then
2001 do_facet mgs $LCTL nodemap_modify --name $nm \
2002 --property admin --value 1
2003 wait_nm_sync $nm admin_nodemap
2004 do_facet mgs $LCTL nodemap_modify --name $nm \
2005 --property trusted --value 0
2006 wait_nm_sync $nm trusted_nodemap
2007 do_facet mgs $LCTL nodemap_modify --name $nm \
2008 --property map_mode --value projid
2009 wait_nm_sync $nm map_mode
2010 do_facet mgs $LCTL nodemap_add_idmap --name $nm \
2011 --idtype projid --idmap 1:1
2012 do_facet mgs $LCTL nodemap_modify --name $nm \
2013 --property deny_unknown --value 1
2014 wait_nm_sync $nm deny_unknown
2018 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2019 error "unable to umount client ${clients_arr[0]}"
2020 # set some generic fileset to trigger SSK code
2022 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2023 error "unable to remount client ${clients_arr[0]}"
2026 # test mount point content
2027 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subdir ||
2028 error "fileset not taken into account"
2030 if $check_proj; then
2031 do_node ${clients_arr[0]} $LFS setquota -p 1 -b 10000 -B 11000 \
2032 -i 0 -I 0 $MOUNT || error "setquota -p 1 failed"
2033 do_node ${clients_arr[0]} $LFS setquota -p 2 -b 10000 -B 11000 \
2034 -i 0 -I 0 $MOUNT && error "setquota -p 2 should fail"
2037 # re-mount client with sub-subdir
2038 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2039 error "unable to umount client ${clients_arr[0]}"
2040 export FILESET=/$subsubdir
2041 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2042 error "unable to remount client ${clients_arr[0]}"
2045 # test mount point content
2046 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subsubdir ||
2047 error "subdir of fileset not taken into account"
2049 # remove fileset info from nodemap
2050 do_facet mgs $LCTL nodemap_set_fileset --name $nm --fileset clear ||
2051 error "unable to delete fileset info on $nm nodemap"
2052 wait_update_facet mgs "$LCTL get_param nodemap.${nm}.fileset" \
2053 "nodemap.${nm}.fileset=" ||
2054 error "fileset info still not cleared on $nm nodemap"
2055 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=clear ||
2056 error "unable to reset fileset info on $nm nodemap"
2057 wait_nm_sync $nm fileset "nodemap.${nm}.fileset="
2058 do_facet mgs $LCTL set_param -P -d nodemap.${nm}.fileset ||
2059 error "unable to remove fileset rule on $nm nodemap"
2062 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2063 error "unable to umount client ${clients_arr[0]}"
2064 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2065 error "unable to remount client ${clients_arr[0]}"
2067 # test mount point content
2068 if ! $(do_node ${clients_arr[0]} test -d $MOUNT/$subdir); then
2070 error "fileset not cleared on $nm nodemap"
2073 # back to non-nodemap setup
2074 if $SHARED_KEY; then
2075 export SK_UNIQUE_NM=false
2076 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2077 error "unable to umount client ${clients_arr[0]}"
2079 fileset_test_cleanup "$nm"
2080 if [ "$nm" == "default" ]; then
2081 do_facet mgs $LCTL nodemap_modify --name default \
2082 --property admin --value 0
2083 do_facet mgs $LCTL nodemap_modify --name default \
2084 --property trusted --value 0
2085 wait_nm_sync default admin_nodemap
2086 wait_nm_sync default trusted_nodemap
2087 do_facet mgs $LCTL nodemap_activate 0
2088 wait_nm_sync active 0
2090 export SK_UNIQUE_NM=false
2092 nodemap_test_cleanup
2094 if $SHARED_KEY; then
2095 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2096 error "unable to remount client ${clients_arr[0]}"
2101 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2102 skip "Need MDS >= 2.11.50"
2104 # if servers run on the same node, it is impossible to tell if they get
2105 # synced with the mgs, so this test needs to be skipped
2106 if [ $(facet_active_host mgs) == $(facet_active_host mds) ] &&
2107 [ $(facet_active_host mgs) == $(facet_active_host ost1) ]; then
2108 skip "local mode not supported"
2111 for nm in "default" "c0"; do
2112 local subdir="subdir_${nm}"
2113 local subsubdir="subsubdir_${nm}"
2115 if [ "$nm" == "default" ] && [ "$SHARED_KEY" == "true" ]; then
2116 echo "Skipping nodemap $nm with SHARED_KEY";
2120 echo "Exercising fileset for nodemap $nm"
2121 nodemap_exercise_fileset "$nm"
2124 run_test 27a "test fileset in various nodemaps"
2126 test_27b() { #LU-10703
2127 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2128 skip "Need MDS >= 2.11.50"
2129 [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs"
2131 # if servers run on the same node, it is impossible to tell if they get
2132 # synced with the mgs, so this test needs to be skipped
2133 if [ $(facet_active_host mgs) == $(facet_active_host mds) ] &&
2134 [ $(facet_active_host mgs) == $(facet_active_host ost1) ]; then
2135 skip "local mode not supported"
2139 trap nodemap_test_cleanup EXIT
2141 # Add the nodemaps and set their filesets
2142 for i in $(seq 1 $MDSCOUNT); do
2143 do_facet mgs $LCTL nodemap_del nm$i 2>/dev/null
2144 do_facet mgs $LCTL nodemap_add nm$i ||
2145 error "add nodemap nm$i failed"
2146 wait_nm_sync nm$i "" "" "-N"
2148 if ! combined_mgs_mds; then
2150 $LCTL set_param nodemap.nm$i.fileset=/dir$i ||
2151 error "set nm$i.fileset=/dir$i failed on MGS"
2153 do_facet mgs $LCTL set_param -P nodemap.nm$i.fileset=/dir$i ||
2154 error "set nm$i.fileset=/dir$i failed on servers"
2155 wait_nm_sync nm$i fileset "nodemap.nm$i.fileset=/dir$i"
2158 # Check if all the filesets are correct
2159 for i in $(seq 1 $MDSCOUNT); do
2160 fileset=$(do_facet mds$i \
2161 $LCTL get_param -n nodemap.nm$i.fileset)
2162 [ "$fileset" = "/dir$i" ] ||
2163 error "nm$i.fileset $fileset != /dir$i on mds$i"
2164 do_facet mgs $LCTL set_param -P -d nodemap.nm$i.fileset ||
2165 error "unable to remove fileset rule for nm$i nodemap"
2166 do_facet mgs $LCTL nodemap_del nm$i ||
2167 error "delete nodemap nm$i failed"
2170 nodemap_test_cleanup
2172 run_test 27b "The new nodemap won't clear the old nodemap's fileset"
2175 if ! $SHARED_KEY; then
2176 skip "need shared key feature for this test" && return
2178 mkdir -p $DIR/$tdir || error "mkdir failed"
2179 touch $DIR/$tdir/$tdir.out || error "touch failed"
2180 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2181 error "read before rotation failed"
2183 # store top key identity to ensure rotation has occurred
2184 SK_IDENTITY_OLD=$(lctl get_param *.*.*srpc* | grep "expire" |
2185 head -1 | awk '{print $15}' | cut -c1-8)
2186 do_facet $SINGLEMDS lfs flushctx ||
2187 error "could not run flushctx on $SINGLEMDS"
2189 lfs flushctx || error "could not run flushctx on client"
2191 # verify new key is in place
2192 SK_IDENTITY_NEW=$(lctl get_param *.*.*srpc* | grep "expire" |
2193 head -1 | awk '{print $15}' | cut -c1-8)
2194 if [ $SK_IDENTITY_OLD == $SK_IDENTITY_NEW ]; then
2195 error "key did not rotate correctly"
2197 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2198 error "read after rotation failed"
2201 run_test 28 "check shared key rotation method"
2204 if ! $SHARED_KEY; then
2205 skip "need shared key feature for this test" && return
2207 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2208 skip "test only valid if integrity is active"
2211 mkdir $DIR/$tdir || error "mkdir"
2212 touch $DIR/$tdir/$tfile || error "touch"
2213 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2214 error "unable to umount clients"
2215 do_node ${clients_arr[0]} "keyctl show |
2216 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2217 OLD_SK_PATH=$SK_PATH
2218 export SK_PATH=/dev/null
2219 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2220 export SK_PATH=$OLD_SK_PATH
2221 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tfile"
2222 if [ $? -eq 0 ]; then
2223 error "able to mount and read without key"
2225 error "able to mount without key"
2228 export SK_PATH=$OLD_SK_PATH
2229 do_node ${clients_arr[0]} "keyctl show |
2230 awk '/lustre/ { print \\\$1 }' |
2231 xargs -IX keyctl unlink X"
2233 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2234 error "unable to mount clients"
2236 run_test 29 "check for missing shared key"
2239 if ! $SHARED_KEY; then
2240 skip "need shared key feature for this test" && return
2242 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2243 skip "test only valid if integrity is active"
2245 mkdir -p $DIR/$tdir || error "mkdir failed"
2246 touch $DIR/$tdir/$tdir.out || error "touch failed"
2247 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2248 error "unable to umount clients"
2249 # unload keys from ring
2250 do_node ${clients_arr[0]} "keyctl show |
2251 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2252 # generate key with bogus filesystem name
2253 do_node ${clients_arr[0]} "$LGSS_SK -w $SK_PATH/$FSNAME-bogus.key \
2254 -f $FSNAME.bogus -t client -d /dev/urandom" ||
2255 error "lgss_sk failed (1)"
2256 do_facet $SINGLEMDS lfs flushctx || error "could not run flushctx"
2257 OLD_SK_PATH=$SK_PATH
2258 export SK_PATH=$SK_PATH/$FSNAME-bogus.key
2259 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2260 SK_PATH=$OLD_SK_PATH
2261 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tdir.out"
2262 if [ $? -eq 0 ]; then
2263 error "mount and read file with invalid key"
2265 error "mount with invalid key"
2268 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2269 error "unable to umount clients"
2270 # unload keys from ring
2271 do_node ${clients_arr[0]} "keyctl show |
2272 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2274 SK_PATH=$OLD_SK_PATH
2275 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2276 error "unable to mount clients"
2278 run_test 30 "check for invalid shared key"
2283 mkdir -p $DIR/$tdir || error "mkdir $flvr"
2284 touch $DIR/$tdir/f0 || error "touch $flvr"
2285 ls $DIR/$tdir || error "ls $flvr"
2286 dd if=/dev/zero of=$DIR/$tdir/f0 conv=fsync bs=1M count=10 \
2287 >& /dev/null || error "dd $flvr"
2288 rm -f $DIR/$tdir/f0 || error "rm $flvr"
2289 rmdir $DIR/$tdir || error "rmdir $flvr"
2292 echo 3 > /proc/sys/vm/drop_caches
2296 local save_flvr=$SK_FLAVOR
2298 if ! $SHARED_KEY; then
2299 skip "need shared key feature for this test"
2302 stack_trap restore_to_default_flavor EXIT
2304 for flvr in skn ska ski skpi; do
2307 restore_to_default_flavor || error "cannot set $flvr flavor"
2308 SK_FLAVOR=$save_flvr
2313 run_test 30b "basic test of all different SSK flavors"
2316 local failover_mds1=$1
2319 zconf_umount $HOSTNAME $MOUNT || error "unable to umount client"
2321 # remove ${NETTYPE}999 network on all nodes
2322 do_nodes $(comma_list $(all_nodes)) \
2323 "$LNETCTL net del --net ${NETTYPE}999 && \
2324 $LNETCTL lnet unconfigure 2>/dev/null || true"
2326 # necessary to do writeconf in order to de-register
2327 # @${NETTYPE}999 nid for targets
2329 export KEEP_ZPOOL="true"
2332 do_facet mds1 $TUNEFS --erase-param failover.node $(mdsdevname 1)
2333 if [ -n "$failover_mds1" ]; then
2334 do_facet mds1 $TUNEFS \
2335 --servicenode=$failover_mds1 $(mdsdevname 1)
2337 # If no service node previously existed, setting one in test_31
2338 # added the no_primnode flag to the target. To remove everything
2339 # and clear the flag, add a meaningless failnode and remove it.
2340 do_facet mds1 $TUNEFS \
2341 --failnode=$(do_facet mds1 $LCTL list_nids | head -1) \
2343 do_facet mds1 $TUNEFS \
2344 --erase-param failover.node $(mdsdevname 1)
2347 export SK_MOUNTED=false
2350 export KEEP_ZPOOL="$KZPOOL"
2354 local nid=$(lctl list_nids | grep ${NETTYPE} | head -n1)
2355 local addr=${nid%@*}
2357 local net2=${NETTYPE}999
2358 local mdsnid=$(do_facet mds1 $LCTL list_nids | head -1)
2359 local addr1=${mdsnid%@*}
2360 local addr2=${addr1%.*}.$(((${addr1##*.} + 11) % 256))
2363 export LNETCTL=$(which lnetctl 2> /dev/null)
2365 [ -z "$LNETCTL" ] && skip "without lnetctl support." && return
2366 local_mode && skip "in local mode."
2368 if $SHARED_KEY; then
2369 skip "Conflicting test with SSK"
2372 # save mds failover nids for restore at cleanup
2373 failover_mds1=$(do_facet mds1 $TUNEFS --dryrun $(mdsdevname 1))
2374 if [ -n "$failover_mds1" ]; then
2375 failover_mds1=${failover_mds1##*Parameters:}
2376 failover_mds1=${failover_mds1%%exiting*}
2377 failover_mds1=$(echo $failover_mds1 | tr ' ' '\n' |
2378 grep failover.node | cut -d'=' -f2-)
2380 stack_trap "cleanup_31 $failover_mds1" EXIT
2383 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2384 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2386 if $(grep -q $MOUNT' ' /proc/mounts); then
2387 umount_client $MOUNT || error "umount $MOUNT failed"
2390 # check exports on servers are empty for client
2391 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2392 grep -q -" && error "export on MGS should be empty"
2393 do_nodes $(comma_list $(mdts_nodes) $(osts_nodes)) \
2394 "lctl get_param -n *.${FSNAME}*.exports.'$nid'.uuid \
2395 2>/dev/null | grep -q -" &&
2396 error "export on servers should be empty"
2398 # add network $net2 on all nodes
2399 do_nodes $(comma_list $(all_nodes)) \
2400 "$LNETCTL lnet configure && $LNETCTL net add --if \
2401 \$($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2402 {if (inf==1) print \$2; fi; inf=0} /interfaces/{inf=1}') \
2404 error "unable to configure NID $net2"
2406 # necessary to do writeconf in order to register
2407 # new @$net2 nid for targets
2409 export KEEP_ZPOOL="true"
2411 export SK_MOUNTED=false
2414 nids="${addr1}@$net,${addr1}@$net2:${addr2}@$net,${addr2}@$net2"
2415 do_facet mds1 "$TUNEFS --servicenode="$nids" $(mdsdevname 1)" ||
2416 error "tunefs failed"
2418 setupall server_only || echo 1
2419 export KEEP_ZPOOL="$KZPOOL"
2422 local mgsnid_orig=$MGSNID
2423 # compute new MGSNID
2424 MGSNID=$(do_facet mgs "$LCTL list_nids | grep $net2")
2426 # on client, turn LNet Dynamic Discovery on
2427 lnetctl set discovery 1
2429 # mount client with -o network=$net2 option:
2430 # should fail because of LNet Dynamic Discovery
2431 mount_client $MOUNT ${MOUNT_OPTS},network=$net2 &&
2432 error "client mount with '-o network' option should be refused"
2434 # on client, reconfigure LNet and turn LNet Dynamic Discovery off
2435 $LNETCTL net del --net $net2 && lnetctl lnet unconfigure
2438 lnetctl set discovery 0
2440 $LNETCTL lnet configure && $LNETCTL net add --if \
2441 $($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2442 {if (inf==1) print $2; fi; inf=0} /interfaces/{inf=1}') \
2444 error "unable to configure NID $net2 on client"
2446 # mount client with -o network=$net2 option
2447 mount_client $MOUNT ${MOUNT_OPTS},network=$net2 ||
2448 error "unable to remount client"
2453 # check export on MGS
2454 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2456 [ $? -ne 0 ] || error "export for $nid on MGS should not exist"
2459 "lctl get_param -n *.MGS*.exports.'${addr}@$net2'.uuid \
2460 2>/dev/null | grep -"
2462 error "export for ${addr}@$net2 on MGS should exist"
2464 # check {mdc,osc} imports
2465 lctl get_param mdc.${FSNAME}-*.import | grep current_connection |
2468 error "import for mdc should use ${addr1}@$net2"
2469 lctl get_param osc.${FSNAME}-*.import | grep current_connection |
2472 error "import for osc should use ${addr1}@$net2"
2474 # no NIDs on other networks should be listed
2475 lctl get_param mdc.${FSNAME}-*.import | grep failover_nids |
2476 grep -w ".*@$net" &&
2477 error "MDC import shouldn't have failnids at @$net"
2479 # failover NIDs on net999 should be listed
2480 lctl get_param mdc.${FSNAME}-*.import | grep failover_nids |
2481 grep ${addr2}@$net2 ||
2482 error "MDC import should have failnid ${addr2}@$net2"
2484 run_test 31 "client mount option '-o network'"
2488 zconf_umount_clients ${clients_arr[0]} $MOUNT
2490 # disable sk flavor enforcement on MGS
2491 set_rule _mgs any any null
2493 # stop gss daemon on MGS
2494 send_sigint $mgs_HOST lsvcgssd
2496 # re-start gss daemon on MDS if necessary
2497 if combined_mgs_mds ; then
2498 start_gss_daemons $mds_HOST "$LSVCGSSD -vvv -s -m -o -z"
2502 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2505 restore_to_default_flavor
2509 if ! $SHARED_KEY; then
2510 skip "need shared key feature for this test"
2513 stack_trap cleanup_32 EXIT
2515 # restore to default null flavor
2516 save_flvr=$SK_FLAVOR
2518 restore_to_default_flavor || error "cannot set null flavor"
2519 SK_FLAVOR=$save_flvr
2522 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2523 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2525 if $(grep -q $MOUNT' ' /proc/mounts); then
2526 umount_client $MOUNT || error "umount $MOUNT failed"
2529 # kill daemon on MGS to start afresh
2530 send_sigint $mgs_HOST lsvcgssd
2532 # start gss daemon on MGS
2533 if combined_mgs_mds ; then
2534 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g -m -o -z"
2536 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2539 # add mgs key type and MGS NIDs in key on MGS
2540 do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
2541 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2542 error "could not modify keyfile on MGS"
2544 # load modified key file on MGS
2545 do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2546 error "could not load keyfile on MGS"
2548 # add MGS NIDs in key on client
2549 do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
2550 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2551 error "could not modify keyfile on MGS"
2553 # set perms for per-nodemap keys else permission denied
2554 do_nodes $(comma_list $(all_nodes)) \
2555 "keyctl show | grep lustre | cut -c1-11 |
2557 xargs -IX keyctl setperm X 0x3f3f3f3f"
2559 # re-mount client with mgssec=skn
2560 save_opts=$MOUNT_OPTS
2561 if [ -z "$MOUNT_OPTS" ]; then
2562 MOUNT_OPTS="-o mgssec=skn"
2564 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2566 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2567 error "mount ${clients_arr[0]} with mgssec=skn failed"
2568 MOUNT_OPTS=$save_opts
2571 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2572 error "umount ${clients_arr[0]} failed"
2574 # enforce ska flavor on MGS
2575 set_rule _mgs any any ska
2577 # re-mount client without mgssec
2578 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2579 error "mount ${clients_arr[0]} without mgssec should fail"
2581 # re-mount client with mgssec=skn
2582 save_opts=$MOUNT_OPTS
2583 if [ -z "$MOUNT_OPTS" ]; then
2584 MOUNT_OPTS="-o mgssec=skn"
2586 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2588 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2589 error "mount ${clients_arr[0]} with mgssec=skn should fail"
2590 MOUNT_OPTS=$save_opts
2592 # re-mount client with mgssec=ska
2593 save_opts=$MOUNT_OPTS
2594 if [ -z "$MOUNT_OPTS" ]; then
2595 MOUNT_OPTS="-o mgssec=ska"
2597 MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
2599 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2600 error "mount ${clients_arr[0]} with mgssec=ska failed"
2601 MOUNT_OPTS=$save_opts
2605 run_test 32 "check for mgssec"
2608 # disable sk flavor enforcement
2609 set_rule $FSNAME any cli2mdt null
2610 wait_flavor cli2mdt null
2613 zconf_umount_clients ${clients_arr[0]} $MOUNT
2615 # stop gss daemon on MGS
2616 send_sigint $mgs_HOST lsvcgssd
2618 # re-start gss daemon on MDS if necessary
2619 if combined_mgs_mds ; then
2620 start_gss_daemons $mds_HOST "$LSVCGSSD -vvv -s -m -o -z"
2624 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2627 restore_to_default_flavor
2631 if ! $SHARED_KEY; then
2632 skip "need shared key feature for this test"
2635 stack_trap cleanup_33 EXIT
2637 # restore to default null flavor
2638 save_flvr=$SK_FLAVOR
2640 restore_to_default_flavor || error "cannot set null flavor"
2641 SK_FLAVOR=$save_flvr
2644 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2645 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2647 if $(grep -q $MOUNT' ' /proc/mounts); then
2648 umount_client $MOUNT || error "umount $MOUNT failed"
2651 # kill daemon on MGS to start afresh
2652 send_sigint $mgs_HOST lsvcgssd
2654 # start gss daemon on MGS
2655 if combined_mgs_mds ; then
2656 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g -m -o -z"
2658 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2661 # add mgs key type and MGS NIDs in key on MGS
2662 do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
2663 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2664 error "could not modify keyfile on MGS"
2666 # load modified key file on MGS
2667 do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2668 error "could not load keyfile on MGS"
2670 # add MGS NIDs in key on client
2671 do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
2672 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2673 error "could not modify keyfile on MGS"
2675 # set perms for per-nodemap keys else permission denied
2676 do_nodes $(comma_list $(all_nodes)) \
2677 "keyctl show | grep lustre | cut -c1-11 |
2679 xargs -IX keyctl setperm X 0x3f3f3f3f"
2681 # re-mount client with mgssec=skn
2682 save_opts=$MOUNT_OPTS
2683 if [ -z "$MOUNT_OPTS" ]; then
2684 MOUNT_OPTS="-o mgssec=skn"
2686 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2688 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2689 error "mount ${clients_arr[0]} with mgssec=skn failed"
2690 MOUNT_OPTS=$save_opts
2692 # enforce ska flavor for cli2mdt
2693 set_rule $FSNAME any cli2mdt ska
2694 wait_flavor cli2mdt ska
2696 # check error message
2697 $LCTL dk | grep "faked source" &&
2698 error "MGS connection srpc flags incorrect"
2702 run_test 33 "correct srpc flags for MGS connection"
2705 # restore deny_unknown
2706 do_facet mgs $LCTL nodemap_modify --name default \
2707 --property deny_unknown --value $denydefault
2708 if [ $? -ne 0 ]; then
2709 error_noexit "cannot reset deny_unknown on default nodemap"
2713 wait_nm_sync default deny_unknown
2720 [ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
2721 skip "deny_unknown on default nm not supported before 2.12.51"
2723 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
2725 if [[ "$activedefault" != "1" ]]; then
2726 do_facet mgs $LCTL nodemap_activate 1
2728 stack_trap cleanup_active EXIT
2731 denydefault=$(do_facet mgs $LCTL get_param -n \
2732 nodemap.default.deny_unknown)
2733 [ -z "$denydefault" ] &&
2734 error "cannot get deny_unknown on default nodemap"
2735 if [ "$denydefault" -eq 0 ]; then
2741 do_facet mgs $LCTL nodemap_modify --name default \
2742 --property deny_unknown --value $denynew ||
2743 error "cannot set deny_unknown on default nodemap"
2745 [ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
2747 error "setting deny_unknown on default nodemap did not work"
2749 stack_trap cleanup_34_deny EXIT
2751 wait_nm_sync default deny_unknown
2753 run_test 34 "deny_unknown on default nodemap"
2756 (( $MDS1_VERSION >= $(version_code 2.13.50) )) ||
2757 skip "Need MDS >= 2.13.50"
2759 # activate changelogs
2760 changelog_register || error "changelog_register failed"
2761 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
2762 changelog_users $SINGLEMDS | grep -q $cl_user ||
2763 error "User $cl_user not found in changelog_users"
2764 changelog_chmask ALL
2767 mkdir $DIR/$tdir || error "failed to mkdir $tdir"
2768 touch $DIR/$tdir/$tfile || error "failed to touch $tfile"
2770 # access changelogs with root
2771 changelog_dump || error "failed to dump changelogs"
2772 changelog_clear 0 || error "failed to clear changelogs"
2774 # put clients in non-admin nodemap
2776 stack_trap nodemap_test_cleanup EXIT
2777 for i in $(seq 0 $((num_clients-1))); do
2778 do_facet mgs $LCTL nodemap_modify --name c${i} \
2779 --property admin --value 0
2781 for i in $(seq 0 $((num_clients-1))); do
2782 wait_nm_sync c${i} admin_nodemap
2785 # access with mapped root
2786 changelog_dump && error "dump changelogs should have failed"
2787 changelog_clear 0 && error "clear changelogs should have failed"
2791 run_test 35 "Check permissions when accessing changelogs"
2794 local mode='\x00\x00\x00\x00'
2795 local raw="$(printf ""\\\\x%02x"" {0..63})"
2799 [[ $(lscpu) =~ Byte\ Order.*Little ]] && size='\x40\x00\x00\x00' ||
2800 size='\x00\x00\x00\x40'
2801 key="${mode}${raw}${size}"
2802 echo -n -e "${key}" | keyctl padd logon fscrypt:4242424242424242 @s
2807 sync ; echo 3 > /proc/sys/vm/drop_caches
2814 $LCTL set_param -n ldlm.namespaces.*.lru_size=clear
2815 sync ; echo 3 > /proc/sys/vm/drop_caches
2816 dummy_key=$(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
2817 if [ -n "$dummy_key" ]; then
2818 keyctl revoke $dummy_key
2824 # wait for SSK flavor to be applied if necessary
2827 wait_flavor all2all $SK_FLAVOR
2829 wait_flavor cli2mdt $SK_FLAVOR
2830 wait_flavor cli2ost $SK_FLAVOR
2835 remount_client_normally() {
2836 # remount client without dummy encryption key
2837 if is_mounted $MOUNT; then
2838 umount_client $MOUNT || error "umount $MOUNT failed"
2840 mount_client $MOUNT ${MOUNT_OPTS} ||
2841 error "remount failed"
2843 if is_mounted $MOUNT2; then
2844 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2846 if [ "$MOUNT_2" ]; then
2847 mount_client $MOUNT2 ${MOUNT_OPTS} ||
2848 error "remount failed"
2855 remount_client_dummykey() {
2858 # remount client with dummy encryption key
2859 if is_mounted $MOUNT; then
2860 umount_client $MOUNT || error "umount $MOUNT failed"
2862 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2863 error "remount failed"
2868 setup_for_enc_tests() {
2869 # remount client with test_dummy_encryption option
2870 if is_mounted $MOUNT; then
2871 umount_client $MOUNT || error "umount $MOUNT failed"
2873 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2874 error "mount with '-o test_dummy_encryption' failed"
2878 # this directory will be encrypted, because of dummy mode
2882 cleanup_for_enc_tests() {
2883 rm -rf $DIR/$tdir $*
2885 remount_client_normally
2888 cleanup_nodemap_after_enc_tests() {
2889 umount_client $MOUNT || true
2891 if (( MGS_VERSION >= $(version_code 2.13.55) )); then
2892 do_facet mgs $LCTL nodemap_modify --name default \
2893 --property forbid_encryption --value 0
2894 if (( MGS_VERSION >= $(version_code 2.15.51) )); then
2895 do_facet mgs $LCTL nodemap_modify --name default \
2896 --property readonly_mount --value 0
2899 do_facet mgs $LCTL nodemap_modify --name default \
2900 --property trusted --value 0
2901 do_facet mgs $LCTL nodemap_modify --name default \
2902 --property admin --value 0
2903 do_facet mgs $LCTL nodemap_activate 0
2905 if (( MGS_VERSION >= $(version_code 2.13.55) )); then
2906 wait_nm_sync default forbid_encryption '' inactive
2907 if (( MGS_VERSION >= $(version_code 2.15.51) )); then
2908 wait_nm_sync default readonly_mount '' inactive
2911 wait_nm_sync default trusted_nodemap '' inactive
2912 wait_nm_sync default admin_nodemap '' inactive
2915 mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
2920 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2921 skip "client encryption not supported"
2923 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2924 skip "need dummy encryption support"
2926 stack_trap cleanup_for_enc_tests EXIT
2928 # first make sure it is possible to enable encryption
2929 # when nodemap is not active
2932 umount_client $MOUNT || error "umount $MOUNT failed (1)"
2934 # then activate nodemap, and retry
2935 # should succeed as encryption is not forbidden on default nodemap
2937 stack_trap cleanup_nodemap_after_enc_tests EXIT
2938 do_facet mgs $LCTL nodemap_activate 1
2940 forbid=$(do_facet mgs lctl get_param -n nodemap.default.forbid_encryption)
2941 [ $forbid -eq 0 ] || error "wrong default value for forbid_encryption"
2942 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2943 error "mount '-o test_dummy_encryption' failed with default"
2944 umount_client $MOUNT || error "umount $MOUNT failed (2)"
2946 # then forbid encryption, and retry
2947 do_facet mgs $LCTL nodemap_modify --name default \
2948 --property forbid_encryption --value 1
2949 wait_nm_sync default forbid_encryption
2950 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption &&
2951 error "mount '-o test_dummy_encryption' should have failed"
2954 run_test 36 "control if clients can use encryption"
2957 local testfile=$DIR/$tdir/$tfile
2958 local tmpfile=$TMP/abc
2959 local objdump=$TMP/objdump
2961 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2962 skip "client encryption not supported"
2964 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2965 skip "need dummy encryption support"
2967 [ "$ost1_FSTYPE" = ldiskfs ] || skip "ldiskfs only test (using debugfs)"
2969 stack_trap cleanup_for_enc_tests EXIT
2972 # write a few bytes in file
2973 echo "abc" > $tmpfile
2974 $LFS setstripe -c1 -i0 $testfile
2975 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2976 do_facet ost1 "sync; sync"
2978 # check that content on ost is encrypted
2979 local fid=($($LFS getstripe $testfile | grep 0x))
2980 local seq=${fid[3]#0x}
2984 if [ $seq == 0 ]; then
2987 oid_hex=${fid[2]#0x}
2989 do_facet ost1 "$DEBUGFS -c -R 'cat O/$seq/d$(($oid % 32))/$oid_hex' \
2990 $(ostdevname 1)" > $objdump
2991 cmp -s $objdump $tmpfile &&
2992 error "file $testfile is not encrypted on ost"
2994 # check that in-memory representation of file is correct
2995 cmp -bl ${tmpfile} ${testfile} ||
2996 error "file $testfile is corrupted in memory"
2998 cancel_lru_locks osc ; cancel_lru_locks mdc
3000 # check that file read from server is correct
3001 cmp -bl ${tmpfile} ${testfile} ||
3002 error "file $testfile is corrupted on server"
3004 rm -f $tmpfile $objdump
3006 run_test 37 "simple encrypted file"
3009 local testfile=$DIR/$tdir/$tfile
3010 local tmpfile=$TMP/abc
3014 local pagesz=$(getconf PAGE_SIZE)
3016 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3017 skip "client encryption not supported"
3019 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3020 skip "need dummy encryption support"
3022 stack_trap cleanup_for_enc_tests EXIT
3025 # get block size on ost
3026 blksz=$($LCTL get_param osc.$FSNAME*.import |
3027 awk '/grant_block_size:/ { print $2; exit; }')
3028 # write a few bytes in file at offset $blksz
3029 echo "abc" > $tmpfile
3030 $LFS setstripe -c1 -i0 $testfile
3031 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$blksz \
3032 oflag=seek_bytes conv=fsync
3034 blksz=$(($blksz > $pagesz ? $blksz : $pagesz))
3035 # check that in-memory representation of file is correct
3036 bsize=$(stat --format=%B $testfile)
3037 filesz=$(stat --format=%b $testfile)
3038 filesz=$((filesz*bsize))
3039 [ $filesz -le $blksz ] ||
3040 error "file $testfile is $filesz long in memory"
3042 cancel_lru_locks osc ; cancel_lru_locks mdc
3044 # check that file read from server is correct
3045 bsize=$(stat --format=%B $testfile)
3046 filesz=$(stat --format=%b $testfile)
3047 filesz=$((filesz*bsize))
3048 [ $filesz -le $blksz ] ||
3049 error "file $testfile is $filesz long on server"
3053 run_test 38 "encrypted file with hole"
3056 local testfile=$DIR/$tdir/$tfile
3057 local tmpfile=$TMP/abc
3059 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3060 skip "client encryption not supported"
3062 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3063 skip "need dummy encryption support"
3065 stack_trap cleanup_for_enc_tests EXIT
3068 # write a few bytes in file
3069 echo "abc" > $tmpfile
3070 $LFS setstripe -c1 -i0 $testfile
3071 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
3073 # write a few more bytes in the same page
3074 dd if=$tmpfile of=$testfile bs=4 count=1 seek=1024 oflag=seek_bytes \
3077 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=1024 oflag=seek_bytes \
3080 # check that in-memory representation of file is correct
3081 cmp -bl $tmpfile $testfile ||
3082 error "file $testfile is corrupted in memory"
3084 cancel_lru_locks osc ; cancel_lru_locks mdc
3086 # check that file read from server is correct
3087 cmp -bl $tmpfile $testfile ||
3088 error "file $testfile is corrupted on server"
3092 run_test 39 "rewrite data in already encrypted page"
3095 local testfile=$DIR/$tdir/$tfile
3096 local tmpfile=$TMP/abc
3097 local tmpfile2=$TMP/abc2
3100 #define LUSTRE_ENCRYPTION_UNIT_SIZE (1 << 12)
3101 local UNIT_SIZE=$((1 << 12))
3104 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3105 skip "client encryption not supported"
3107 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3108 skip "need dummy encryption support"
3110 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
3112 stack_trap cleanup_for_enc_tests EXIT
3115 # write a few bytes in file
3116 echo "abc" > $tmpfile
3117 $LFS setstripe -c1 -i0 $testfile
3118 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
3120 # check that in-memory representation of file is correct
3121 cmp -bl $tmpfile $testfile ||
3122 error "file $testfile is corrupted in memory (1)"
3124 cancel_lru_locks osc ; cancel_lru_locks mdc
3126 # check that file read from server is correct
3127 cmp -bl $tmpfile $testfile ||
3128 error "file $testfile is corrupted on server (1)"
3130 # write a few other bytes in same page
3131 dd if=$tmpfile of=$testfile bs=4 count=1 seek=256 oflag=seek_bytes \
3134 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=256 oflag=seek_bytes \
3137 # check that in-memory representation of file is correct
3138 cmp -bl $tmpfile $testfile ||
3139 error "file $testfile is corrupted in memory (2)"
3141 cancel_lru_locks osc ; cancel_lru_locks mdc
3143 # check that file read from server is correct
3144 cmp -bl $tmpfile $testfile ||
3145 error "file $testfile is corrupted on server (2)"
3147 rm -f $testfile $tmpfile
3148 cancel_lru_locks osc ; cancel_lru_locks mdc
3150 # write a few bytes in file, at end of first page
3151 echo "abc" > $tmpfile
3152 $LFS setstripe -c1 -i0 $testfile
3153 seek=$(getconf PAGESIZE)
3155 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3158 # write a few other bytes at beginning of first page
3159 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3161 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3164 # check that in-memory representation of file is correct
3165 cmp -bl $tmpfile $testfile ||
3166 error "file $testfile is corrupted in memory (3)"
3168 cancel_lru_locks osc ; cancel_lru_locks mdc
3170 # check that file read from server is correct
3171 cmp -bl $tmpfile $testfile ||
3172 error "file $testfile is corrupted on server (3)"
3174 rm -f $testfile $tmpfile
3175 cancel_lru_locks osc ; cancel_lru_locks mdc
3177 # write a few bytes in file, at beginning of second page
3178 echo "abc" > $tmpfile
3179 $LFS setstripe -c1 -i0 $testfile
3180 seek=$(getconf PAGESIZE)
3181 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3183 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3186 # write a few other bytes at end of first page
3188 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3190 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3193 # check that in-memory representation of file is correct
3194 cmp -bl $tmpfile2 $testfile ||
3195 error "file $testfile is corrupted in memory (4)"
3197 cancel_lru_locks osc ; cancel_lru_locks mdc
3199 # check that file read from server is correct
3200 cmp -bl $tmpfile2 $testfile ||
3201 error "file $testfile is corrupted on server (4)"
3203 rm -f $testfile $tmpfile $tmpfile2
3204 cancel_lru_locks osc ; cancel_lru_locks mdc
3206 # write a few bytes in file, at beginning of first stripe
3207 echo "abc" > $tmpfile
3208 $LFS setstripe -S 256k -c2 $testfile
3209 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3211 # write a few other bytes, at beginning of second stripe
3212 dd if=$tmpfile of=$testfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3214 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3217 # check that in-memory representation of file is correct
3218 cmp -bl $tmpfile $testfile ||
3219 error "file $testfile is corrupted in memory (5)"
3221 cancel_lru_locks osc ; cancel_lru_locks mdc
3223 # check that file read from server is correct
3224 cmp -bl $tmpfile $testfile ||
3225 error "file $testfile is corrupted on server (5)"
3227 filesz=$(stat --format=%s $testfile)
3228 filesz=$(((filesz+UNIT_SIZE-1)/UNIT_SIZE * UNIT_SIZE))
3230 # remount without dummy encryption key
3231 remount_client_normally
3233 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
3234 [ $(stat --format=%s $scrambledfile) -eq $filesz ] ||
3235 error "file size without key should be rounded up"
3239 run_test 40 "exercise size of encrypted file"
3242 local testfile=$DIR/$tdir/$tfile
3243 local tmpfile=$TMP/abc
3244 local tmpfile2=$TMP/abc2
3247 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3248 skip "client encryption not supported"
3250 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3251 skip "need dummy encryption support"
3253 stack_trap cleanup_for_enc_tests EXIT
3256 echo "abc" > $tmpfile
3257 seek=$(getconf PAGESIZE)
3258 seek=$((seek - 204))
3259 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3261 seek=$(getconf PAGESIZE)
3262 seek=$((seek + 1092))
3263 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3266 # write a few bytes in file
3267 $LFS setstripe -c1 -i0 -S 256k $testfile
3268 seek=$(getconf PAGESIZE)
3269 seek=$((seek - 204))
3270 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3271 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3272 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3276 # write a few other bytes, at a different offset
3277 seek=$(getconf PAGESIZE)
3278 seek=$((seek + 1092))
3279 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3280 conv=fsync,notrunc &
3282 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3284 # check that in-memory representation of file is correct
3285 cmp -bl $tmpfile2 $testfile ||
3286 error "file $testfile is corrupted in memory (1)"
3288 cancel_lru_locks osc ; cancel_lru_locks mdc
3290 # check that file read from server is correct
3291 cmp -bl $tmpfile2 $testfile ||
3292 error "file $testfile is corrupted on server (1)"
3294 rm -f $tmpfile $tmpfile2
3296 run_test 41 "test race on encrypted file size (1)"
3299 local testfile=$DIR/$tdir/$tfile
3300 local testfile2=$DIR2/$tdir/$tfile
3301 local tmpfile=$TMP/abc
3302 local tmpfile2=$TMP/abc2
3303 local pagesz=$(getconf PAGESIZE)
3306 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3307 skip "client encryption not supported"
3309 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3310 skip "need dummy encryption support"
3312 stack_trap cleanup_for_enc_tests EXIT
3315 if is_mounted $MOUNT2; then
3316 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3318 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3319 error "mount2 with '-o test_dummy_encryption' failed"
3321 # create file by writting one whole page
3322 $LFS setstripe -c1 -i0 -S 256k $testfile
3323 dd if=/dev/zero of=$testfile bs=$pagesz count=1 conv=fsync
3325 # read file from 2nd mount point
3326 cat $testfile2 > /dev/null
3328 echo "abc" > $tmpfile
3329 dd if=/dev/zero of=$tmpfile2 bs=$pagesz count=1 conv=fsync
3330 seek=$((2*pagesz - 204))
3331 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3333 seek=$((2*pagesz + 1092))
3334 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3337 # write a few bytes in file from 1st mount point
3338 seek=$((2*pagesz - 204))
3339 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3340 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3341 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3342 conv=fsync,notrunc &
3345 # write a few other bytes, at a different offset from 2nd mount point
3346 seek=$((2*pagesz + 1092))
3347 dd if=$tmpfile of=$testfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3348 conv=fsync,notrunc &
3350 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3352 # check that in-memory representation of file is correct
3353 cmp -bl $tmpfile2 $testfile ||
3354 error "file $testfile is corrupted in memory (1)"
3356 # check that in-memory representation of file is correct
3357 cmp -bl $tmpfile2 $testfile2 ||
3358 error "file $testfile is corrupted in memory (2)"
3360 cancel_lru_locks osc ; cancel_lru_locks mdc
3362 # check that file read from server is correct
3363 cmp -bl $tmpfile2 $testfile ||
3364 error "file $testfile is corrupted on server (1)"
3366 rm -f $tmpfile $tmpfile2
3368 run_test 42 "test race on encrypted file size (2)"
3371 local testfile=$DIR/$tdir/$tfile
3372 local testfile2=$DIR2/$tdir/$tfile
3373 local tmpfile=$TMP/abc
3374 local tmpfile2=$TMP/abc2
3375 local resfile=$TMP/res
3376 local pagesz=$(getconf PAGESIZE)
3379 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3380 skip "client encryption not supported"
3382 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3383 skip "need dummy encryption support"
3385 stack_trap cleanup_for_enc_tests EXIT
3388 if is_mounted $MOUNT2; then
3389 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3391 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3392 error "mount2 with '-o test_dummy_encryption' failed"
3395 tr '\0' '1' < /dev/zero |
3396 dd of=$tmpfile bs=1 count=$pagesz conv=fsync
3397 $LFS setstripe -c1 -i0 -S 256k $testfile
3398 cp $tmpfile $testfile
3400 # read file from 2nd mount point
3401 cat $testfile2 > /dev/null
3403 # write a few bytes in file from 1st mount point
3404 echo "abc" > $tmpfile2
3405 seek=$((2*pagesz - 204))
3406 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3407 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3408 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3409 conv=fsync,notrunc &
3412 # read file from 2nd mount point
3413 dd if=$testfile2 of=$resfile bs=$pagesz count=1 conv=fsync,notrunc
3414 cmp -bl $tmpfile $resfile ||
3415 error "file $testfile is corrupted in memory (1)"
3418 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3420 # check that in-memory representation of file is correct
3421 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3423 cmp -bl $tmpfile $testfile2 ||
3424 error "file $testfile is corrupted in memory (2)"
3426 cancel_lru_locks osc ; cancel_lru_locks mdc
3428 # check that file read from server is correct
3429 cmp -bl $tmpfile $testfile ||
3430 error "file $testfile is corrupted on server (1)"
3432 rm -f $tmpfile $tmpfile2
3434 run_test 43 "test race on encrypted file size (3)"
3437 local testfile=$DIR/$tdir/$tfile
3438 local tmpfile=$TMP/abc
3439 local resfile=$TMP/resfile
3440 local pagesz=$(getconf PAGESIZE)
3443 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3444 skip "client encryption not supported"
3446 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3447 skip "need dummy encryption support"
3449 which vmtouch || skip "This test needs vmtouch utility"
3451 # Direct I/O is now supported on encrypted files.
3453 stack_trap cleanup_for_enc_tests EXIT
3456 $LFS setstripe -c1 -i0 $testfile
3457 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=2 conv=fsync
3458 dd if=$tmpfile of=$testfile bs=$pagesz count=2 oflag=direct ||
3459 error "could not write to file with O_DIRECT (1)"
3461 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3462 [ "$respage" == "0/2" ] ||
3463 error "write to enc file fell back to buffered IO"
3467 dd if=$testfile of=$resfile bs=$pagesz count=2 iflag=direct ||
3468 error "could not read from file with O_DIRECT (1)"
3470 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3471 [ "$respage" == "0/2" ] ||
3472 error "read from enc file fell back to buffered IO"
3474 cmp -bl $tmpfile $resfile ||
3475 error "file $testfile is corrupted (1)"
3479 $TRUNCATE $tmpfile $pagesz
3480 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=13 oflag=direct ||
3481 error "could not write to file with O_DIRECT (2)"
3485 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=13 iflag=direct ||
3486 error "could not read from file with O_DIRECT (2)"
3487 cmp -bl $tmpfile $resfile ||
3488 error "file $testfile is corrupted (2)"
3490 rm -f $testfile $resfile
3491 $LFS setstripe -c1 -i0 $testfile
3493 $TRUNCATE $tmpfile $((pagesz/2 - 5))
3494 cp $tmpfile $testfile
3498 dd if=$testfile of=$resfile bs=$pagesz count=1 iflag=direct ||
3499 error "could not read from file with O_DIRECT (3)"
3500 cmp -bl $tmpfile $resfile ||
3501 error "file $testfile is corrupted (3)"
3503 rm -f $tmpfile $resfile $testfile
3505 if [ $OSTCOUNT -ge 2 ]; then
3506 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=1 conv=fsync
3507 $LFS setstripe -S 256k -c2 $testfile
3509 # write in file, at beginning of first stripe, buffered IO
3510 dd if=$tmpfile of=$testfile bs=$pagesz count=1 \
3513 # write at beginning of second stripe, direct IO
3514 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=256k \
3515 oflag=seek_bytes,direct conv=fsync,notrunc
3519 # read at beginning of first stripe, direct IO
3520 dd if=$testfile of=$resfile bs=$pagesz count=1 \
3521 iflag=direct conv=fsync
3523 cmp -bl $tmpfile $resfile ||
3524 error "file $testfile is corrupted (4)"
3526 # read at beginning of second stripe, buffered IO
3527 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=256k \
3528 iflag=skip_bytes conv=fsync
3530 cmp -bl $tmpfile $resfile ||
3531 error "file $testfile is corrupted (5)"
3533 rm -f $tmpfile $resfile
3536 run_test 44 "encrypted file access semantics: direct IO"
3539 local testfile=$DIR/$tdir/$tfile
3540 local tmpfile=$TMP/junk
3542 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3543 skip "client encryption not supported"
3545 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3546 skip "need dummy encryption support"
3548 stack_trap cleanup_for_enc_tests EXIT
3551 $LFS setstripe -c1 -i0 $testfile
3552 dd if=/dev/zero of=$testfile bs=512K count=1
3553 $MULTIOP $testfile OSMRUc || error "$MULTIOP $testfile failed (1)"
3554 $MULTIOP $testfile OSMWUc || error "$MULTIOP $testfile failed (2)"
3556 dd if=/dev/zero of=$tmpfile bs=512K count=1
3557 $MULTIOP $tmpfile OSMWUc || error "$MULTIOP $tmpfile failed"
3558 $MMAP_CAT $tmpfile > ${tmpfile}2
3562 $MULTIOP $testfile OSMRUc
3563 $MMAP_CAT $testfile > ${testfile}2
3564 cmp -bl ${tmpfile}2 ${testfile}2 ||
3565 error "file $testfile is corrupted"
3567 rm -f $tmpfile ${tmpfile}2
3569 run_test 45 "encrypted file access semantics: MMAP"
3572 local testdir=$DIR/$tdir/mydir
3573 local testfile=$testdir/myfile
3574 local testdir2=$DIR/$tdir/mydirwithaveryverylongnametotestcodebehaviour0
3575 local testfile2=$testdir/myfilewithaveryverylongnametotestcodebehaviour0
3576 # testdir3, testfile3, testhl3 and testsl3 names are 255 bytes long
3577 local testdir3=$testdir2/dir_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz012345678
3578 local testfile3=$testdir2/file_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01234567
3579 local testhl3=$testdir2/hl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3580 local testsl3=$testdir2/sl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3581 local lsfile=$TMP/lsfile
3586 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3587 skip "client encryption not supported"
3589 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3590 skip "need dummy encryption support"
3592 stack_trap cleanup_for_enc_tests EXIT
3595 touch $DIR/$tdir/$tfile
3597 echo test > $testfile
3598 echo othertest > $testfile2
3599 if [[ $MDSCOUNT -gt 1 ]]; then
3600 $LFS setdirstripe -c1 -i1 $testdir2
3604 inum=$(stat -c %i $testdir2)
3605 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3606 # For now, restrict this part of the test to ldiskfs backend,
3607 # as osd-zfs does not support 255 byte-long encrypted names.
3608 mkdir $testdir3 || error "cannot mkdir $testdir3"
3609 touch $testfile3 || error "cannot touch $testfile3"
3610 ln $testfile3 $testhl3 || error "cannot ln $testhl3"
3611 ln -s $testfile3 $testsl3 || error "cannot ln $testsl3"
3613 sync ; echo 3 > /proc/sys/vm/drop_caches
3615 # remount without dummy encryption key
3616 remount_client_normally
3619 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -inum $inum)
3620 stat $scrambleddir || error "stat $scrambleddir failed"
3621 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3622 stat $scrambleddir/* || error "cannot stat in $scrambleddir"
3623 rm -rf $scrambleddir/* || error "cannot clean in $scrambleddir"
3625 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3627 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3628 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (1)"
3630 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3631 stat $scrambledfile || error "stat $scrambledfile failed (1)"
3634 cat $scrambledfile && error "cat $scrambledfile should have failed (1)"
3635 rm -f $scrambledfile || error "rm $scrambledfile failed (1)"
3637 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (2)"
3638 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3639 stat $scrambledfile || error "stat $scrambledfile failed (2)"
3641 cat $scrambledfile && error "cat $scrambledfile should have failed (2)"
3643 touch $scrambleddir/otherfile &&
3644 error "touch otherfile should have failed"
3645 ls $scrambleddir/otherfile && error "otherfile should not exist"
3646 mkdir $scrambleddir/otherdir &&
3647 error "mkdir otherdir should have failed"
3648 ls -d $scrambleddir/otherdir && error "otherdir should not exist"
3651 rm -f $scrambledfile || error "rm $scrambledfile failed (2)"
3652 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3655 run_test 46 "encrypted file access semantics without key"
3658 local testfile=$DIR/$tdir/$tfile
3659 local testfile2=$DIR/$tdir/${tfile}.2
3660 local tmpfile=$DIR/junk
3665 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3666 skip "client encryption not supported"
3668 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3669 skip "need dummy encryption support"
3671 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption ||
3674 stack_trap cleanup_for_enc_tests EXIT
3677 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3678 mrename $tmpfile $testfile &&
3679 error "rename from unencrypted to encrypted dir should fail"
3681 ln $tmpfile $testfile &&
3682 error "link from encrypted to unencrypted dir should fail"
3684 cp $tmpfile $testfile ||
3685 error "cp from unencrypted to encrypted dir should succeed"
3688 mrename $testfile $testfile2 ||
3689 error "rename from within encrypted dir should succeed"
3691 ln $testfile2 $testfile ||
3692 error "link from within encrypted dir should succeed"
3693 cmp -bl $testfile2 $testfile ||
3694 error "cannot read from hard link (1.1)"
3695 echo a >> $testfile || error "cannot write to hard link (1)"
3697 cmp -bl $testfile2 $testfile ||
3698 error "cannot read from hard link (1.2)"
3701 ln $testfile2 $tmpfile ||
3702 error "link from unencrypted to encrypted dir should succeed"
3704 cmp -bl $testfile2 $tmpfile ||
3705 error "cannot read from hard link (2.1)"
3706 echo a >> $tmpfile || error "cannot write to hard link (2)"
3708 cmp -bl $testfile2 $tmpfile ||
3709 error "cannot read from hard link (2.2)"
3712 if [ $name_enc -eq 1 ]; then
3713 # check we are limited in the number of hard links
3714 # we can create for encrypted files, to what can fit into LinkEA
3715 for i in $(seq 1 160); do
3716 ln $testfile2 ${testfile}_$i || break
3718 [ $i -lt 160 ] || error "hard link $i should fail"
3722 mrename $testfile2 $tmpfile &&
3723 error "rename from encrypted to unencrypted dir should fail"
3725 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3727 dd if=/dev/urandom of=$testfile bs=512K count=1
3728 mkdir $DIR/$tdir/mydir
3730 ln -s $testfile ${testfile}.sym ||
3731 error "symlink from within encrypted dir should succeed"
3733 cmp -bl $testfile ${testfile}.sym ||
3734 error "cannot read from sym link (1.1)"
3735 echo a >> ${testfile}.sym || error "cannot write to sym link (1)"
3737 cmp -bl $testfile ${testfile}.sym ||
3738 error "cannot read from sym link (1.2)"
3739 [ $(stat -c %s ${testfile}.sym) -eq ${#testfile} ] ||
3740 error "wrong symlink size (1)"
3742 ln -s $tmpfile ${testfile}.sl ||
3743 error "symlink from encrypted to unencrypted dir should succeed"
3745 cmp -bl $tmpfile ${testfile}.sl ||
3746 error "cannot read from sym link (2.1)"
3747 echo a >> ${testfile}.sl || error "cannot write to sym link (2)"
3749 cmp -bl $tmpfile ${testfile}.sl ||
3750 error "cannot read from sym link (2.2)"
3751 [ $(stat -c %s ${testfile}.sl) -eq ${#tmpfile} ] ||
3752 error "wrong symlink size (2)"
3753 rm -f ${testfile}.sl
3755 sync ; echo 3 > /proc/sys/vm/drop_caches
3757 # remount without dummy encryption key
3758 remount_client_normally
3760 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3761 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3762 scrambledlink=$(find $DIR/$tdir/ -maxdepth 1 -type l)
3763 ln $scrambledfile $scrambleddir/linkfile &&
3764 error "ln linkfile should have failed"
3765 mrename $scrambledfile $DIR/onefile2 &&
3766 error "mrename from $scrambledfile should have failed"
3768 mrename $DIR/onefile $scrambleddir/otherfile &&
3769 error "mrename to $scrambleddir should have failed"
3770 readlink $scrambledlink ||
3771 error "link should be read without key"
3772 [ $(stat -c %s $scrambledlink) -eq \
3773 $(expr length "$(readlink $scrambledlink)") ] ||
3774 error "wrong symlink size without key"
3775 if [ $name_enc -eq 1 ]; then
3776 readlink -e $scrambledlink &&
3777 error "link should not point to anywhere useful"
3779 ln -s $scrambledfile ${scrambledfile}.sym &&
3780 error "symlink without key should fail (1)"
3781 ln -s $tmpfile ${scrambledfile}.sl &&
3782 error "symlink without key should fail (2)"
3784 rm -f $tmpfile $DIR/onefile
3786 run_test 47 "encrypted file access semantics: rename/link"
3789 local save="$TMP/$TESTSUITE-$TESTNAME.parameters"
3790 local testfile=$DIR/$tdir/$tfile
3791 local tmpfile=$TMP/111
3792 local tmpfile2=$TMP/abc
3793 local pagesz=$(getconf PAGESIZE)
3798 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3799 skip "client encryption not supported"
3801 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3802 skip "need dummy encryption support"
3804 stack_trap cleanup_for_enc_tests EXIT
3807 # create file, 4 x PAGE_SIZE long
3808 tr '\0' '1' < /dev/zero |
3809 dd of=$tmpfile bs=1 count=4x$pagesz conv=fsync
3810 $LFS setstripe -c1 -i0 $testfile
3811 cp $tmpfile $testfile
3812 echo "abc" > $tmpfile2
3814 # decrease size: truncate to PAGE_SIZE
3815 $TRUNCATE $tmpfile $pagesz
3816 $TRUNCATE $testfile $pagesz
3817 cancel_lru_locks osc ; cancel_lru_locks mdc
3818 cmp -bl $tmpfile $testfile ||
3819 error "file $testfile is corrupted (1)"
3821 # increase size: truncate to 2 x PAGE_SIZE
3823 $TRUNCATE $tmpfile $sz
3824 $TRUNCATE $testfile $sz
3825 cancel_lru_locks osc ; cancel_lru_locks mdc
3826 cmp -bl $tmpfile $testfile ||
3827 error "file $testfile is corrupted (2)"
3830 seek=$((pagesz+100))
3831 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3833 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3835 cancel_lru_locks osc ; cancel_lru_locks mdc
3836 cmp -bl $tmpfile $testfile ||
3837 error "file $testfile is corrupted (3)"
3839 # truncate to PAGE_SIZE / 2
3841 $TRUNCATE $tmpfile $sz
3842 $TRUNCATE $testfile $sz
3843 cancel_lru_locks osc ; cancel_lru_locks mdc
3844 cmp -bl $tmpfile $testfile ||
3845 error "file $testfile is corrupted (4)"
3847 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3849 $TRUNCATE $tmpfile $sz
3850 $TRUNCATE $testfile $sz
3851 cancel_lru_locks osc ; cancel_lru_locks mdc
3852 cmp -bl $tmpfile $testfile ||
3853 error "file $testfile is corrupted (5)"
3855 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3857 $TRUNCATE $tmpfile $sz
3858 $TRUNCATE $testfile $sz
3859 cancel_lru_locks osc ; cancel_lru_locks mdc
3860 cmp -bl $tmpfile $testfile ||
3861 error "file $testfile is corrupted (6)"
3863 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3864 sz=$((sz+pagesz+30))
3865 $TRUNCATE $tmpfile $sz
3866 $TRUNCATE $testfile $sz
3867 cancel_lru_locks osc ; cancel_lru_locks mdc
3868 cmp -bl $tmpfile $testfile ||
3869 error "file $testfile is corrupted (7)"
3871 sync ; echo 3 > /proc/sys/vm/drop_caches
3873 # remount without dummy encryption key
3874 remount_client_normally
3876 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3877 $TRUNCATE $scrambledfile 0 &&
3878 error "truncate $scrambledfile should have failed without key"
3880 rm -f $tmpfile $tmpfile2
3882 run_test 48a "encrypted file access semantics: truncate"
3884 cleanup_for_enc_tests_othercli() {
3887 # remount othercli normally
3888 zconf_umount $othercli $MOUNT ||
3889 error "umount $othercli $MOUNT failed"
3890 zconf_mount $othercli $MOUNT ||
3891 error "remount $othercli $MOUNT failed"
3897 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3898 skip "client encryption not supported"
3900 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3901 skip "need dummy encryption support"
3903 [ "$num_clients" -ge 2 ] || skip "Need at least 2 clients"
3905 if [ "$HOSTNAME" == ${clients_arr[0]} ]; then
3906 othercli=${clients_arr[1]}
3908 othercli=${clients_arr[0]}
3911 stack_trap cleanup_for_enc_tests EXIT
3912 stack_trap "cleanup_for_enc_tests_othercli $othercli" EXIT
3914 zconf_umount $othercli $MOUNT ||
3915 error "umount $othercli $MOUNT failed"
3917 cp /bin/sleep $DIR/$tdir/
3918 cancel_lru_locks osc ; cancel_lru_locks mdc
3919 $DIR/$tdir/sleep 30 &
3920 # mount and IOs must be done in the same shell session, otherwise
3921 # encryption key in session keyring is missing
3922 do_node $othercli "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3923 $MGSNID:/$FSNAME $MOUNT && \
3924 $TRUNCATE $DIR/$tdir/sleep 7"
3925 wait || error "wait error"
3926 cmp --silent /bin/sleep $DIR/$tdir/sleep ||
3927 error "/bin/sleep and $DIR/$tdir/sleep differ"
3929 run_test 48b "encrypted file: concurrent truncate"
3935 $LCTL set_param debug=+info
3940 [ $? -eq 0 ] || error "$cmd failed"
3942 if [ -z "$MATCHING_STRING" ]; then
3943 $LCTL dk | grep -E "get xattr 'encryption.c'|get xattrs"
3945 $LCTL dk | grep -E "$MATCHING_STRING"
3947 [ $? -ne 0 ] || error "get xattr event was triggered"
3951 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3952 skip "client encryption not supported"
3954 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3955 skip "need dummy encryption support"
3957 stack_trap cleanup_for_enc_tests EXIT
3960 local dirname=$DIR/$tdir/subdir
3964 trace_cmd stat $dirname
3965 trace_cmd echo a > $dirname/f1
3966 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3967 trace_cmd stat $dirname/f1
3968 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3969 trace_cmd cat $dirname/f1
3970 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3971 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3972 MATCHING_STRING="get xattr 'encryption.c'" \
3973 trace_cmd $TRUNCATE $dirname/f1 10240
3974 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3975 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3976 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3978 if [[ $MDSCOUNT -gt 1 ]]; then
3979 trace_cmd $LFS setdirstripe -i 1 $dirname/d2
3980 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3981 trace_cmd $LFS migrate -m 0 $dirname/d2
3982 echo b > $dirname/d2/subf
3983 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3984 if (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )); then
3985 # migrate a non-empty encrypted dir
3986 trace_cmd $LFS migrate -m 1 $dirname/d2
3987 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3988 [ -f $dirname/d2/subf ] || error "migrate failed (1)"
3989 [ $(cat $dirname/d2/subf) == "b" ] ||
3990 error "migrate failed (2)"
3993 $LFS setdirstripe -i 1 -c 1 $dirname/d3
3994 dirname=$dirname/d3/subdir
3996 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3997 trace_cmd stat $dirname
3998 trace_cmd echo c > $dirname/f1
3999 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
4000 trace_cmd stat $dirname/f1
4001 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
4002 trace_cmd cat $dirname/f1
4003 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
4004 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
4005 MATCHING_STRING="get xattr 'encryption.c'" \
4006 trace_cmd $TRUNCATE $dirname/f1 10240
4007 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
4008 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
4009 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
4011 skip_noexit "2nd part needs >= 2 MDTs"
4014 run_test 49 "Avoid getxattr for encryption context"
4017 local testfile=$DIR/$tdir/$tfile
4018 local tmpfile=$TMP/abc
4019 local pagesz=$(getconf PAGESIZE)
4022 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4023 skip "client encryption not supported"
4025 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4026 skip "need dummy encryption support"
4028 stack_trap cleanup_for_enc_tests EXIT
4031 # write small file, data on MDT only
4032 tr '\0' '1' < /dev/zero |
4033 dd of=$tmpfile bs=1 count=5000 conv=fsync
4034 $LFS setstripe -E 1M -L mdt -E EOF $testfile
4035 cp $tmpfile $testfile
4037 # check that in-memory representation of file is correct
4038 cmp -bl $tmpfile $testfile ||
4039 error "file $testfile is corrupted in memory"
4041 remove_enc_key ; insert_enc_key
4043 # check that file read from server is correct
4044 cmp -bl $tmpfile $testfile ||
4045 error "file $testfile is corrupted on server"
4047 # decrease size: truncate to PAGE_SIZE
4048 $TRUNCATE $tmpfile $pagesz
4049 $TRUNCATE $testfile $pagesz
4050 remove_enc_key ; insert_enc_key
4051 cmp -bl $tmpfile $testfile ||
4052 error "file $testfile is corrupted (1)"
4054 # increase size: truncate to 2 x PAGE_SIZE
4056 $TRUNCATE $tmpfile $sz
4057 $TRUNCATE $testfile $sz
4058 remove_enc_key ; insert_enc_key
4059 cmp -bl $tmpfile $testfile ||
4060 error "file $testfile is corrupted (2)"
4062 # truncate to PAGE_SIZE / 2
4064 $TRUNCATE $tmpfile $sz
4065 $TRUNCATE $testfile $sz
4066 remove_enc_key ; insert_enc_key
4067 cmp -bl $tmpfile $testfile ||
4068 error "file $testfile is corrupted (3)"
4070 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
4072 $TRUNCATE $tmpfile $sz
4073 $TRUNCATE $testfile $sz
4074 remove_enc_key ; insert_enc_key
4075 cmp -bl $tmpfile $testfile ||
4076 error "file $testfile is corrupted (4)"
4078 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
4080 $TRUNCATE $tmpfile $sz
4081 $TRUNCATE $testfile $sz
4082 remove_enc_key ; insert_enc_key
4083 cmp -bl $tmpfile $testfile ||
4084 error "file $testfile is corrupted (5)"
4086 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
4087 sz=$((sz+pagesz+30))
4088 $TRUNCATE $tmpfile $sz
4089 $TRUNCATE $testfile $sz
4090 remove_enc_key ; insert_enc_key
4091 cmp -bl $tmpfile $testfile ||
4092 error "file $testfile is corrupted (6)"
4095 remove_enc_key ; insert_enc_key
4097 # write hole in file, data spread on MDT and OST
4098 tr '\0' '2' < /dev/zero |
4099 dd of=$tmpfile bs=1 count=1539 seek=1539074 conv=fsync,notrunc
4100 $LFS setstripe -E 1M -L mdt -E EOF $testfile
4101 cp --sparse=always $tmpfile $testfile
4103 # check that in-memory representation of file is correct
4104 cmp -bl $tmpfile $testfile ||
4105 error "file $testfile is corrupted in memory"
4107 remove_enc_key ; insert_enc_key
4109 # check that file read from server is correct
4110 cmp -bl $tmpfile $testfile ||
4111 error "file $testfile is corrupted on server"
4113 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4114 # inside OST part of data
4115 sz=$((1024*1024+13))
4116 $TRUNCATE $tmpfile $sz
4117 $TRUNCATE $testfile $sz
4118 remove_enc_key ; insert_enc_key
4119 cmp -bl $tmpfile $testfile ||
4120 error "file $testfile is corrupted (7)"
4122 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4123 # inside MDT part of data
4125 $TRUNCATE $tmpfile $sz
4126 $TRUNCATE $testfile $sz
4127 remove_enc_key ; insert_enc_key
4128 cmp -bl $tmpfile $testfile ||
4129 error "file $testfile is corrupted (8)"
4131 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4132 # inside MDT part of data
4133 sz=$((1024*1024-13))
4134 $TRUNCATE $tmpfile $sz
4135 $TRUNCATE $testfile $sz
4136 remove_enc_key ; insert_enc_key
4137 cmp -bl $tmpfile $testfile ||
4138 error "file $testfile is corrupted (9)"
4140 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4141 # inside OST part of data
4143 $TRUNCATE $tmpfile $sz
4144 $TRUNCATE $testfile $sz
4145 remove_enc_key ; insert_enc_key
4146 cmp -bl $tmpfile $testfile ||
4147 error "file $testfile is corrupted (10)"
4151 run_test 50 "DoM encrypted file"
4154 [ "$MDS1_VERSION" -gt $(version_code 2.13.53) ] ||
4155 skip "Need MDS version at least 2.13.53"
4157 mkdir $DIR/$tdir || error "mkdir $tdir"
4159 touch $DIR/$tdir/$tfile || error "touch $tfile"
4160 cp $(which chown) $DIR/$tdir || error "cp chown"
4161 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile &&
4162 error "chown $tfile should fail"
4163 setcap 'CAP_CHOWN=ep' $DIR/$tdir/chown || error "setcap CAP_CHOWN"
4164 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile ||
4165 error "chown $tfile"
4166 rm $DIR/$tdir/$tfile || error "rm $tfile"
4168 touch $DIR/$tdir/$tfile || error "touch $tfile"
4169 cp $(which touch) $DIR/$tdir || error "cp touch"
4170 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile &&
4171 error "touch should fail"
4172 setcap 'CAP_FOWNER=ep' $DIR/$tdir/touch || error "setcap CAP_FOWNER"
4173 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile ||
4174 error "touch $tfile"
4175 rm $DIR/$tdir/$tfile || error "rm $tfile"
4178 for cap in "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"; do
4179 touch $DIR/$tdir/$tfile || error "touch $tfile"
4180 chmod 600 $DIR/$tdir/$tfile || error "chmod $tfile"
4181 cp $(which cat) $DIR/$tdir || error "cp cat"
4182 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile &&
4183 error "cat should fail"
4184 setcap $cap=ep $DIR/$tdir/cat || error "setcap $cap"
4185 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile ||
4187 rm $DIR/$tdir/$tfile || error "rm $tfile"
4190 run_test 51 "FS capabilities ==============="
4193 local testfile=$DIR/$tdir/$tfile
4194 local tmpfile=$TMP/$tfile
4195 local mirror1=$TMP/$tfile.mirror1
4196 local mirror2=$TMP/$tfile.mirror2
4198 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4199 skip "client encryption not supported"
4201 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4202 skip "need dummy encryption support"
4204 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4206 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4209 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4211 $LFS mirror create -N -i0 -N -i1 $testfile ||
4212 error "could not create mirror"
4214 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4215 error "could not write to $testfile"
4217 $LFS mirror resync $testfile ||
4218 error "could not resync mirror"
4220 $LFS mirror verify -v $testfile ||
4221 error "verify mirror failed"
4223 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4224 error "could not read from mirror 1"
4226 cmp -bl $tmpfile $mirror1 ||
4227 error "mirror 1 is corrupted"
4229 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4230 error "could not read from mirror 2"
4232 cmp -bl $tmpfile $mirror2 ||
4233 error "mirror 2 is corrupted"
4235 tr '\0' '2' < /dev/zero |
4236 dd of=$tmpfile bs=1 count=9000 conv=fsync
4238 $LFS mirror write -N 1 -i $tmpfile $testfile ||
4239 error "could not write to mirror 1"
4241 $LFS mirror verify -v $testfile &&
4242 error "mirrors should be different"
4244 rm -f $testfile $mirror1 $mirror2
4246 $LFS setstripe -c1 -i0 $testfile
4247 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
4248 error "write to $testfile failed"
4249 $LFS getstripe $testfile
4252 $LFS migrate -i1 $testfile ||
4253 error "migrate $testfile failed"
4254 $LFS getstripe $testfile
4255 stripe=$($LFS getstripe -i $testfile)
4256 [ $stripe -eq 1 ] || error "migrate file $testfile failed"
4259 cmp -bl $tmpfile $testfile ||
4260 error "migrated file is corrupted"
4262 $LFS mirror extend -N -i0 $testfile ||
4263 error "mirror extend $testfile failed"
4264 $LFS getstripe $testfile
4265 mirror_count=$($LFS getstripe -N $testfile)
4266 [ $mirror_count -eq 2 ] ||
4267 error "mirror extend file $testfile failed (1)"
4268 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4269 [ $stripe -eq 1 ] || error "mirror extend file $testfile failed (2)"
4270 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4271 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4274 $LFS mirror verify -v $testfile ||
4275 error "mirror verify failed"
4276 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4277 error "read from mirror 1 failed"
4278 cmp -bl $tmpfile $mirror1 ||
4279 error "corruption of mirror 1"
4280 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4281 error "read from mirror 2 failed"
4282 cmp -bl $tmpfile $mirror2 ||
4283 error "corruption of mirror 2"
4285 $LFS mirror split --mirror-id 1 -f ${testfile}.mirror $testfile &&
4286 error "mirror split -f should fail"
4288 $LFS mirror split --mirror-id 1 $testfile &&
4289 error "mirror split without -d should fail"
4291 $LFS mirror split --mirror-id 1 -d $testfile ||
4292 error "mirror split failed"
4293 $LFS getstripe $testfile
4294 mirror_count=$($LFS getstripe -N $testfile)
4295 [ $mirror_count -eq 1 ] ||
4296 error "mirror split file $testfile failed (1)"
4297 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4298 [ -z "$stripe" ] || error "mirror extend file $testfile failed (2)"
4299 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4300 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4303 cmp -bl $tmpfile $testfile ||
4304 error "extended/split file is corrupted"
4306 run_test 52 "Mirrored encrypted file"
4309 local testfile=$DIR/$tdir/$tfile
4310 local testfile2=$DIR2/$tdir/$tfile
4311 local tmpfile=$TMP/$tfile.tmp
4312 local resfile=$TMP/$tfile.res
4316 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4317 skip "client encryption not supported"
4319 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4320 skip "need dummy encryption support"
4322 pagesz=$(getconf PAGESIZE)
4323 [[ $pagesz == 65536 ]] || skip "Need 64K PAGE_SIZE client"
4325 do_node $mds1_HOST \
4326 "mount.lustre --help |& grep -q 'test_dummy_encryption:'" ||
4327 skip "need dummy encryption support on MDS client mount"
4329 # this test is probably useless now, but may turn out to be useful when
4330 # Lustre supports servers with PAGE_SIZE != 4KB
4331 pagesz=$(do_node $mds1_HOST getconf PAGESIZE)
4332 [[ $pagesz == 4096 ]] || skip "Need 4K PAGE_SIZE MDS client"
4334 stack_trap cleanup_for_enc_tests EXIT
4335 stack_trap "zconf_umount $mds1_HOST $MOUNT2" EXIT
4338 $LFS setstripe -c1 -i0 $testfile
4340 # write from 1st client
4341 cat /dev/urandom | tr -dc 'a-zA-Z0-9' |
4342 dd of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4343 dd if=$tmpfile of=$testfile bs=$((pagesz+3)) count=2 conv=fsync ||
4344 error "could not write to $testfile (1)"
4346 # read from 2nd client
4347 # mount and IOs must be done in the same shell session, otherwise
4348 # encryption key in session keyring is missing
4349 do_node $mds1_HOST "mkdir -p $MOUNT2"
4350 do_node $mds1_HOST \
4351 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4352 $MGSNID:/$FSNAME $MOUNT2 && \
4353 dd if=$testfile2 of=$resfile bs=$((pagesz+3)) count=2" ||
4354 error "could not read from $testfile2 (1)"
4357 filemd5=$(do_node $mds1_HOST md5sum $resfile | awk '{print $1}')
4358 [ $filemd5 = $(md5sum $tmpfile | awk '{print $1}') ] ||
4359 error "file is corrupted (1)"
4360 do_node $mds1_HOST rm -f $resfile
4363 # truncate from 2nd client
4364 $TRUNCATE $tmpfile $((pagesz+3))
4365 zconf_umount $mds1_HOST $MOUNT2 ||
4366 error "umount $mds1_HOST $MOUNT2 failed (1)"
4367 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4368 $MGSNID:/$FSNAME $MOUNT2 && \
4369 $TRUNCATE $testfile2 $((pagesz+3))" ||
4370 error "could not truncate $testfile2 (1)"
4373 cmp -bl $tmpfile $testfile ||
4374 error "file is corrupted (2)"
4375 rm -f $tmpfile $testfile
4377 zconf_umount $mds1_HOST $MOUNT2 ||
4378 error "umount $mds1_HOST $MOUNT2 failed (2)"
4381 do_node $mds1_HOST \
4382 dd if=/dev/urandom of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4383 # write from 2nd client
4384 do_node $mds1_HOST \
4385 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4386 $MGSNID:/$FSNAME $MOUNT2 && \
4387 dd if=$tmpfile of=$testfile2 bs=$((pagesz+3)) count=2 conv=fsync" ||
4388 error "could not write to $testfile2 (2)"
4390 # read from 1st client
4391 dd if=$testfile of=$resfile bs=$((pagesz+3)) count=2 ||
4392 error "could not read from $testfile (2)"
4395 filemd5=$(do_node $mds1_HOST md5sum -b $tmpfile | awk '{print $1}')
4396 [ $filemd5 = $(md5sum -b $resfile | awk '{print $1}') ] ||
4397 error "file is corrupted (3)"
4401 # truncate from 1st client
4402 do_node $mds1_HOST "$TRUNCATE $tmpfile $((pagesz+3))"
4403 $TRUNCATE $testfile $((pagesz+3)) ||
4404 error "could not truncate $testfile (2)"
4407 zconf_umount $mds1_HOST $MOUNT2 ||
4408 error "umount $mds1_HOST $MOUNT2 failed (3)"
4409 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4410 $MGSNID:/$FSNAME $MOUNT2 && \
4411 cmp -bl $tmpfile $testfile2" ||
4412 error "file is corrupted (4)"
4414 do_node $mds1_HOST rm -f $tmpfile
4417 run_test 53 "Mixed PAGE_SIZE clients"
4420 local testdir=$DIR/$tdir/$ID0
4421 local testdir2=$DIR2/$tdir/$ID0
4422 local testfile=$testdir/$tfile
4423 local testfile2=$testdir/${tfile}withveryverylongnametoexercisecode
4424 local testfile3=$testdir/_${tfile}
4425 local tmpfile=$TMP/${tfile}.tmp
4426 local resfile=$TMP/${tfile}.res
4431 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4432 skip "client encryption not supported"
4434 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4435 skip "need dummy encryption support"
4437 which fscrypt || skip "This test needs fscrypt userspace tool"
4439 yes | fscrypt setup --force --verbose ||
4440 error "fscrypt global setup failed"
4441 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
4443 yes | fscrypt setup --verbose $MOUNT ||
4444 error "fscrypt setup $MOUNT failed"
4446 chown -R $ID0:$ID0 $testdir
4448 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4449 --source=custom_passphrase --name=protector $testdir" ||
4450 error "fscrypt encrypt failed"
4452 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4453 --source=custom_passphrase --name=protector2 $testdir" &&
4454 error "second fscrypt encrypt should have failed"
4456 mkdir -p ${testdir}2 || error "mkdir ${testdir}2 failed"
4457 touch ${testdir}2/f || error "mkdir ${testdir}2/f failed"
4460 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
4461 --source=custom_passphrase --name=protector3 ${testdir}2 &&
4462 error "fscrypt encrypt on non-empty dir should have failed"
4464 $RUNAS dd if=/dev/urandom of=$testfile bs=127 count=1 conv=fsync ||
4465 error "write to encrypted file $testfile failed"
4466 cp $testfile $tmpfile
4467 $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
4468 error "write to encrypted file $testfile2 failed"
4469 $RUNAS dd if=/dev/urandom of=$testfile3 bs=127 count=1 conv=fsync ||
4470 error "write to encrypted file $testfile3 failed"
4471 $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
4472 $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
4474 $RUNAS fscrypt lock --verbose $testdir ||
4475 error "fscrypt lock $testdir failed (1)"
4477 $RUNAS ls -R $testdir || error "ls -R $testdir failed"
4478 local filecount=$($RUNAS find $testdir -type f | wc -l)
4479 [ $filecount -eq 4 ] || error "found $filecount files"
4481 # check enable_filename_encryption default value
4482 # tunable only available for client built against embedded llcrypt
4483 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
4484 nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
4486 # If client is built against in-kernel fscrypt, it is not possible
4487 # to decide to encrypt file names or not: they are always encrypted.
4488 if [ -n "$nameenc" ]; then
4489 [ $nameenc -eq 0 ] ||
4490 error "enable_filename_encryption should be 0 by default"
4492 # $testfile, $testfile2 and $testfile3 should exist because
4493 # names are not encrypted
4495 error "$testfile should exist because name not encrypted"
4496 [ -f $testfile2 ] ||
4497 error "$testfile2 should exist because name not encrypted"
4498 [ -f $testfile3 ] ||
4499 error "$testfile3 should exist because name not encrypted"
4501 [ $? -eq 0 ] || error "cannot stat $testfile3 without key"
4504 scrambledfiles=( $(find $testdir/ -maxdepth 1 -type f) )
4505 $RUNAS hexdump -C ${scrambledfiles[0]} &&
4506 error "reading ${scrambledfiles[0]} should fail without key"
4508 $RUNAS touch ${testfile}.nokey &&
4509 error "touch ${testfile}.nokey should have failed without key"
4511 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4512 error "fscrypt unlock $testdir failed (1)"
4514 $RUNAS cat $testfile > $resfile ||
4515 error "reading $testfile failed"
4517 cmp -bl $tmpfile $resfile || error "file read differs from file written"
4519 [ $? -eq 0 ] || error "cannot stat $testfile3 with key"
4521 $RUNAS fscrypt lock --verbose $testdir ||
4522 error "fscrypt lock $testdir failed (2)"
4524 $RUNAS hexdump -C ${scrambledfiles[1]} &&
4525 error "reading ${scrambledfiles[1]} should fail without key"
4527 # server local client incompatible with SSK keys installed
4528 if [ "$SHARED_KEY" != true ]; then
4530 stack_trap umount_mds_client EXIT
4531 do_facet $SINGLEMDS touch $DIR2/$tdir/newfile
4532 mdsscrambledfile=$(do_facet $SINGLEMDS find $testdir2/ \
4533 -maxdepth 1 -type f | head -n1)
4534 [ -n "$mdsscrambledfile" ] || error "could not find file"
4535 do_facet $SINGLEMDS cat "$mdsscrambledfile" &&
4536 error "reading $mdsscrambledfile should fail on MDS"
4537 do_facet $SINGLEMDS "echo aaa >> \"$mdsscrambledfile\"" &&
4538 error "writing $mdsscrambledfile should fail on MDS"
4539 do_facet $SINGLEMDS $MULTIOP $testdir2/fileA m &&
4540 error "creating $testdir2/fileA should fail on MDS"
4541 do_facet $SINGLEMDS mkdir $testdir2/dirA &&
4542 error "mkdir $testdir2/dirA should fail on MDS"
4543 do_facet $SINGLEMDS ln -s $DIR2/$tdir/newfile $testdir2/sl1 &&
4544 error "ln -s $testdir2/sl1 should fail on MDS"
4545 do_facet $SINGLEMDS ln $DIR2/$tdir/newfile $testdir2/hl1 &&
4546 error "ln $testdir2/hl1 should fail on MDS"
4547 do_facet $SINGLEMDS mv "$mdsscrambledfile" $testdir2/fB &&
4548 error "mv $mdsscrambledfile should fail on MDS"
4549 do_facet $SINGLEMDS mrename "$mdsscrambledfile" $testdir2/fB &&
4550 error "mrename $mdsscrambledfile should fail on MDS"
4551 do_facet $SINGLEMDS rm -f $DIR2/$tdir/newfile
4554 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4555 error "fscrypt unlock $testdir failed (2)"
4558 $RUNAS fscrypt lock --verbose $testdir ||
4559 error "fscrypt lock $testdir failed (3)"
4561 rm -rf $tmpfile $resfile $testdir ${testdir}2 $MOUNT/.fscrypt
4563 # remount client with subdirectory mount
4564 umount_client $MOUNT || error "umount $MOUNT failed (1)"
4565 export FILESET=/$tdir
4566 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (1)"
4570 # setup encryption from inside this subdir mount
4571 # the .fscrypt directory is going to be created at the real fs root
4572 yes | fscrypt setup --verbose $MOUNT ||
4573 error "fscrypt setup $MOUNT failed (2)"
4574 testdir=$MOUNT/vault
4576 chown -R $ID0:$ID0 $testdir
4577 fid1=$(path2fid $MOUNT/.fscrypt)
4578 echo "With FILESET $tdir, .fscrypt FID is $fid1"
4580 # enable name encryption, only valid if built against embedded llcrypt
4581 if [ -n "$nameenc" ]; then
4582 do_facet mgs $LCTL set_param -P \
4583 llite.*.enable_filename_encryption=1
4585 error "set_param -P \
4586 llite.*.enable_filename_encryption failed"
4588 wait_update_facet --verbose client \
4589 "$LCTL get_param -n llite.*.enable_filename_encryption \
4591 error "enable_filename_encryption not set on client"
4594 # encrypt 'vault' dir inside the subdir mount
4595 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4596 --source=custom_passphrase --name=protector $testdir" ||
4597 error "fscrypt encrypt failed"
4601 $RUNAS cp $tmpfile $testdir/encfile
4603 $RUNAS fscrypt lock --verbose $testdir ||
4604 error "fscrypt lock $testdir failed (4)"
4606 # encfile should actually have its name encrypted
4607 if [ -n "$nameenc" ]; then
4608 [ -f $testdir/encfile ] &&
4609 error "encfile name should be encrypted"
4611 filecount=$(find $testdir -type f | wc -l)
4612 [ $filecount -eq 1 ] || error "found $filecount files instead of 1"
4614 # remount client with encrypted dir as subdirectory mount
4615 umount_client $MOUNT || error "umount $MOUNT failed (2)"
4616 export FILESET=/$tdir/vault
4617 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (2)"
4621 fid2=$(path2fid $MOUNT/.fscrypt)
4622 echo "With FILESET $tdir/vault, .fscrypt FID is $fid2"
4623 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (1)"
4625 # all content seen by this mount is encrypted, but .fscrypt is virtually
4626 # presented, letting us call fscrypt lock/unlock
4627 echo mypass | $RUNAS fscrypt unlock --verbose $MOUNT ||
4628 error "fscrypt unlock $MOUNT failed (3)"
4631 [ $(cat $MOUNT/encfile) == "abc" ] || error "cat encfile failed"
4633 # remount client without subdir mount
4634 umount_client $MOUNT || error "umount $MOUNT failed (3)"
4635 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (3)"
4638 fid2=$(path2fid $MOUNT/.fscrypt)
4639 echo "Without FILESET, .fscrypt FID is $fid2"
4640 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (2)"
4642 # because .fscrypt was actually created at the real root of the fs,
4643 # we can call fscrypt lock/unlock on the encrypted dir
4644 echo mypass | $RUNAS fscrypt unlock --verbose $DIR/$tdir/vault ||
4645 error "fscrypt unlock $$DIR/$tdir/vault failed (4)"
4648 echo c >> $DIR/$tdir/vault/encfile || error "write to encfile failed"
4650 rm -rf $DIR/$tdir/vault/*
4651 $RUNAS fscrypt lock --verbose $DIR/$tdir/vault ||
4652 error "fscrypt lock $DIR/$tdir/vault failed (5)"
4654 # disable name encryption, only valid if built against embedded llcrypt
4655 if [ -n "$nameenc" ]; then
4656 do_facet mgs $LCTL set_param -P \
4657 llite.*.enable_filename_encryption=0
4659 error "set_param -P \
4660 llite.*.enable_filename_encryption failed"
4662 wait_update_facet --verbose client \
4663 "$LCTL get_param -n llite.*.enable_filename_encryption \
4665 error "enable_filename_encryption not set back to default"
4668 rm -rf $tmpfile $MOUNT/.fscrypt
4670 run_test 54 "Encryption policies with fscrypt"
4674 if is_mounted $MOUNT; then
4675 umount_client $MOUNT || error "umount $MOUNT failed"
4678 do_facet mgs $LCTL nodemap_del c0
4679 do_facet mgs $LCTL nodemap_modify --name default \
4680 --property admin --value 0
4681 do_facet mgs $LCTL nodemap_modify --name default \
4682 --property trusted --value 0
4683 wait_nm_sync default admin_nodemap
4684 wait_nm_sync default trusted_nodemap
4686 do_facet mgs $LCTL nodemap_activate 0
4687 wait_nm_sync active 0
4689 if $SHARED_KEY; then
4690 export SK_UNIQUE_NM=false
4694 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
4695 if [ "$MOUNT_2" ]; then
4696 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
4702 (( $MDS1_VERSION > $(version_code 2.12.6.2) )) ||
4703 skip "Need MDS version at least 2.12.6.3"
4708 mkdir -p $DIR/$tdir/$USER0/testdir_groups
4709 chown root:$USER0 $DIR/$tdir/$USER0
4710 chmod 770 $DIR/$tdir/$USER0
4711 chmod g+s $DIR/$tdir/$USER0
4712 chown $USER0:$USER0 $DIR/$tdir/$USER0/testdir_groups
4713 chmod 770 $DIR/$tdir/$USER0/testdir_groups
4714 chmod g+s $DIR/$tdir/$USER0/testdir_groups
4716 # unmount client completely
4717 umount_client $MOUNT || error "umount $MOUNT failed"
4718 if is_mounted $MOUNT2; then
4719 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
4722 do_nodes $(comma_list $(all_mdts_nodes)) \
4723 $LCTL set_param mdt.*.identity_upcall=NONE
4725 stack_trap cleanup_55 EXIT
4727 do_facet mgs $LCTL nodemap_activate 1
4730 do_facet mgs $LCTL nodemap_del c0 || true
4731 wait_nm_sync c0 id ''
4733 do_facet mgs $LCTL nodemap_modify --name default \
4734 --property admin --value 1
4735 do_facet mgs $LCTL nodemap_modify --name default \
4736 --property trusted --value 1
4737 wait_nm_sync default admin_nodemap
4738 wait_nm_sync default trusted_nodemap
4740 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
4741 client_nid=$(h2nettype $client_ip)
4742 do_facet mgs $LCTL nodemap_add c0
4743 do_facet mgs $LCTL nodemap_add_range \
4744 --name c0 --range $client_nid
4745 do_facet mgs $LCTL nodemap_modify --name c0 \
4746 --property admin --value 0
4747 do_facet mgs $LCTL nodemap_modify --name c0 \
4748 --property trusted --value 1
4749 wait_nm_sync c0 admin_nodemap
4750 wait_nm_sync c0 trusted_nodemap
4752 if $SHARED_KEY; then
4753 export SK_UNIQUE_NM=true
4754 # set some generic fileset to trigger SSK code
4758 # remount client to take nodemap into account
4759 zconf_mount_clients $HOSTNAME $MOUNT $MOUNT_OPTS ||
4760 error "remount failed"
4764 euid_access $USER0 $DIR/$tdir/$USER0/testdir_groups/file
4766 run_test 55 "access with seteuid"
4769 local testfile=$DIR/$tdir/$tfile
4771 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4773 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4774 skip "client encryption not supported"
4776 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4777 skip "need dummy encryption support"
4779 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4781 stack_trap cleanup_for_enc_tests EXIT
4784 $LFS setstripe -c1 $testfile
4785 dd if=/dev/urandom of=$testfile bs=1M count=3 conv=fsync
4786 filefrag -v $testfile || error "filefrag $testfile failed"
4787 (( $(filefrag -v $testfile | grep -c encrypted) >= 1 )) ||
4788 error "filefrag $testfile does not show encrypted flag"
4789 (( $(filefrag -v $testfile | grep -c encoded) >= 1 )) ||
4790 error "filefrag $testfile does not show encoded flag"
4792 run_test 56 "FIEMAP on encrypted file"
4795 local testdir=$DIR/$tdir/mytestdir
4796 local testfile=$DIR/$tdir/$tfile
4798 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4800 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4801 skip "client encryption not supported"
4803 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4804 skip "need dummy encryption support"
4808 setfattr -n security.c -v myval $testdir &&
4809 error "setting xattr on $testdir should have failed (1.1)"
4810 setfattr -n encryption.c -v myval $testdir &&
4811 error "setting xattr on $testdir should have failed (1.2)"
4813 setfattr -n security.c -v myval $testfile &&
4814 error "setting xattr on $testfile should have failed (1.1)"
4815 setfattr -n encryption.c -v myval $testfile &&
4816 error "setting xattr on $testfile should have failed (1.2)"
4820 stack_trap cleanup_for_enc_tests EXIT
4824 if [ $(getfattr -n security.c $testdir 2>&1 |
4825 grep -ci "Operation not permitted") -eq 0 ]; then
4826 error "getting xattr on $testdir should have failed (1.1)"
4828 if [ $(getfattr -n encryption.c $testdir 2>&1 |
4829 grep -ci "Operation not supported") -eq 0 ]; then
4830 error "getting xattr on $testdir should have failed (1.2)"
4832 getfattr -d -m - $testdir 2>&1 | grep security\.c &&
4833 error "listing xattrs on $testdir should not expose security.c"
4834 getfattr -d -m - $testdir 2>&1 | grep encryption\.c &&
4835 error "listing xattrs on $testdir should not expose encryption.c"
4836 if [ $(setfattr -n security.c -v myval $testdir 2>&1 |
4837 grep -ci "Operation not permitted") -eq 0 ]; then
4838 error "setting xattr on $testdir should have failed (2.1)"
4840 if [ $(setfattr -n encryption.c -v myval $testdir 2>&1 |
4841 grep -ci "Operation not supported") -eq 0 ]; then
4842 error "setting xattr on $testdir should have failed (2.2)"
4845 if [ $(getfattr -n security.c $testfile 2>&1 |
4846 grep -ci "Operation not permitted") -eq 0 ]; then
4847 error "getting xattr on $testfile should have failed (1.1)"
4849 if [ $(getfattr -n encryption.c $testfile 2>&1 |
4850 grep -ci "Operation not supported") -eq 0 ]; then
4851 error "getting xattr on $testfile should have failed (1.2)"
4853 getfattr -d -m - $testfile 2>&1 | grep security\.c &&
4854 error "listing xattrs on $testfile should not expose security.c"
4855 getfattr -d -m - $testfile 2>&1 | grep encryption\.c &&
4856 error "listing xattrs on $testfile should not expose encryption.c"
4857 if [ $(setfattr -n security.c -v myval $testfile 2>&1 |
4858 grep -ci "Operation not permitted") -eq 0 ]; then
4859 error "setting xattr on $testfile should have failed (2.1)"
4861 if [ $(setfattr -n encryption.c -v myval $testfile 2>&1 |
4862 grep -ci "Operation not supported") -eq 0 ]; then
4863 error "setting xattr on $testfile should have failed (2.2)"
4867 run_test 57 "security.c/encryption.c xattr protection"
4870 local testdir=$DIR/$tdir/mytestdir
4871 local testfile=$DIR/$tdir/$tfile
4873 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4875 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4876 skip "client encryption not supported"
4878 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4879 skip "need dummy encryption support"
4881 stack_trap cleanup_for_enc_tests EXIT
4884 touch $DIR/$tdir/$tfile
4885 mkdir $DIR/$tdir/subdir
4889 echo 3 > /proc/sys/vm/drop_caches
4891 ll_decode_linkea $DIR/$tdir/$tfile || error "cannot read $tfile linkea"
4892 ll_decode_linkea $DIR/$tdir/subdir || error "cannot read subdir linkea"
4894 for ((i = 0; i < 1000; i = $((i+1)))); do
4895 mkdir -p $DIR/$tdir/d${i}
4896 touch $DIR/$tdir/f${i}
4897 createmany -m $DIR/$tdir/d${i}/f 5 > /dev/null
4902 echo 3 > /proc/sys/vm/drop_caches
4905 ls -ailR $DIR/$tdir > /dev/null || error "fail to ls"
4907 run_test 58 "access to enc file's xattrs"
4910 local mirror1=$TMP/$tfile.mirror1
4911 local mirror2=$TMP/$tfile.mirror2
4915 $LFS mirror verify -vvv $testfile ||
4916 error "verifying mirror failed (1)"
4917 if [ $($LFS mirror verify -v $testfile 2>&1 |
4918 grep -ci "only valid") -ne 0 ]; then
4919 error "verifying mirror failed (2)"
4922 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4923 error "read from mirror 1 failed"
4924 cmp -bl $reffile $mirror1 ||
4925 error "corruption of mirror 1"
4926 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4927 error "read from mirror 2 failed"
4928 cmp -bl $reffile $mirror2 ||
4929 error "corruption of mirror 2"
4933 local testfile=$DIR/$tdir/$tfile
4934 local tmpfile=$TMP/$tfile
4935 local mirror1=$TMP/$tfile.mirror1
4936 local mirror2=$TMP/$tfile.mirror2
4939 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4940 skip "client encryption not supported"
4942 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4943 skip "need dummy encryption support"
4945 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4947 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4950 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4952 $LFS mirror create -N -i0 -N -i1 $testfile ||
4953 error "could not create mirror"
4954 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4955 error "could not write to $testfile"
4956 $LFS getstripe $testfile
4958 # remount without dummy encryption key
4959 remount_client_normally
4961 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
4962 $LFS mirror resync $scrambledfile ||
4963 error "could not resync mirror"
4965 $LFS mirror verify -vvv $scrambledfile ||
4966 error "mirror verify failed (1)"
4967 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
4968 grep -ci "only valid") -ne 0 ]; then
4969 error "mirror verify failed (2)"
4972 $LFS mirror read -N 1 -o $mirror1 $scrambledfile &&
4973 error "read from mirror should fail"
4976 remount_client_dummykey
4977 verify_mirror $testfile $tmpfile
4979 run_test 59a "mirror resync of encrypted files without key"
4982 local testfile=$DIR/$tdir/$tfile
4983 local tmpfile=$TMP/$tfile
4984 local mirror1=$TMP/$tfile.mirror1
4985 local mirror2=$TMP/$tfile.mirror2
4988 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4989 skip "client encryption not supported"
4991 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4992 skip "need dummy encryption support"
4994 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4996 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4999 tr '\0' '2' < /dev/zero |
5000 dd of=$tmpfile bs=1 count=9000 conv=fsync
5002 $LFS setstripe -c1 -i0 $testfile
5003 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
5004 error "write to $testfile failed"
5005 $LFS getstripe $testfile
5007 # remount without dummy encryption key
5008 remount_client_normally
5010 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
5011 $LFS migrate -i1 $scrambledfile ||
5012 error "migrate $scrambledfile failed"
5013 $LFS getstripe $scrambledfile
5014 stripe=$($LFS getstripe -i $scrambledfile)
5015 [ $stripe -eq 1 ] || error "migrate file $scrambledfile failed"
5019 remount_client_dummykey
5020 cmp -bl $tmpfile $testfile ||
5021 error "migrated file is corrupted"
5023 # remount without dummy encryption key
5024 remount_client_normally
5026 $LFS mirror extend -N -i0 $scrambledfile ||
5027 error "mirror extend $scrambledfile failed (1)"
5028 $LFS getstripe $scrambledfile
5029 mirror_count=$($LFS getstripe -N $scrambledfile)
5030 [ $mirror_count -eq 2 ] ||
5031 error "mirror extend file $scrambledfile failed (2)"
5032 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
5033 [ $stripe -eq 1 ] ||
5034 error "mirror extend file $scrambledfile failed (3)"
5035 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
5036 [ $stripe -eq 0 ] ||
5037 error "mirror extend file $scrambledfile failed (4)"
5039 $LFS mirror verify -vvv $scrambledfile ||
5040 error "mirror verify failed (1)"
5041 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
5042 grep -ci "only valid") -ne 0 ]; then
5043 error "mirror verify failed (2)"
5047 remount_client_dummykey
5048 verify_mirror $testfile $tmpfile
5050 # remount without dummy encryption key
5051 remount_client_normally
5053 $LFS mirror split --mirror-id 1 -d $scrambledfile ||
5054 error "mirror split file $scrambledfile failed (1)"
5055 $LFS getstripe $scrambledfile
5056 mirror_count=$($LFS getstripe -N $scrambledfile)
5057 [ $mirror_count -eq 1 ] ||
5058 error "mirror split file $scrambledfile failed (2)"
5059 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
5060 [ -z "$stripe" ] || error "mirror split file $scrambledfile failed (3)"
5061 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
5062 [ $stripe -eq 0 ] || error "mirror split file $scrambledfile failed (4)"
5065 remount_client_dummykey
5067 cmp -bl $tmpfile $testfile ||
5068 error "extended/split file is corrupted"
5070 run_test 59b "migrate/extend/split of encrypted files without key"
5073 local dirname=$DIR/$tdir/subdir
5076 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5077 skip "client encryption not supported"
5079 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5080 skip "need dummy encryption support"
5082 [[ $MDSCOUNT -ge 2 ]] || skip_env "needs >= 2 MDTs"
5084 (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )) ||
5085 skip "MDT migration not supported with older server"
5087 stack_trap cleanup_for_enc_tests EXIT
5090 $LFS setdirstripe -i 0 $dirname
5091 echo b > $dirname/subf
5093 # remount without dummy encryption key
5094 remount_client_normally
5096 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
5098 # migrate a non-empty encrypted dir
5099 $LFS migrate -m 1 $scrambleddir ||
5100 error "migrate $scrambleddir between MDTs failed (1)"
5102 stripe=$($LFS getdirstripe -i $scrambleddir)
5103 [ $stripe -eq 1 ] ||
5104 error "migrate $scrambleddir between MDTs failed (2)"
5108 [ -f $dirname/subf ] ||
5109 error "migrate $scrambleddir between MDTs failed (3)"
5110 [ $(cat $dirname/subf) == "b" ] ||
5111 error "migrate $scrambleddir between MDTs failed (4)"
5113 run_test 59c "MDT migrate of encrypted files without key"
5116 local testdir=$DIR/$tdir/mytestdir
5117 local testfile=$DIR/$tdir/$tfile
5119 (( $MDS1_VERSION > $(version_code 2.14.53) )) ||
5120 skip "Need MDS version at least 2.14.53"
5122 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5123 skip "client encryption not supported"
5125 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5126 skip "need dummy encryption support"
5128 stack_trap cleanup_for_enc_tests EXIT
5131 echo a > $DIR/$tdir/file1
5132 mkdir $DIR/$tdir/subdir
5133 echo b > $DIR/$tdir/subdir/subfile1
5136 # unmount client completely
5137 umount_client $MOUNT || error "umount $MOUNT failed"
5138 if is_mounted $MOUNT2; then
5139 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
5142 # remount client with subdirectory mount
5143 export FILESET=/$tdir
5144 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
5145 if [ "$MOUNT_2" ]; then
5146 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
5150 ls -Rl $DIR || error "ls -Rl $DIR failed (1)"
5153 remount_client_dummykey
5156 ls -Rl $DIR || error "ls -Rl $DIR failed (2)"
5157 cat $DIR/file1 || error "cat $DIR/$tdir/file1 failed"
5158 cat $DIR/subdir/subfile1 ||
5159 error "cat $DIR/$tdir/subdir/subfile1 failed"
5161 run_test 60 "Subdirmount of encrypted dir"
5164 if $SHARED_KEY; then
5165 export SK_UNIQUE_NM=true
5169 do_facet mgs $LCTL nodemap_activate 1
5172 do_facet mgs $LCTL nodemap_del c0 || true
5173 wait_nm_sync c0 id ''
5175 do_facet mgs $LCTL nodemap_modify --name default \
5176 --property admin --value 1
5177 do_facet mgs $LCTL nodemap_modify --name default \
5178 --property trusted --value 1
5179 wait_nm_sync default admin_nodemap
5180 wait_nm_sync default trusted_nodemap
5182 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
5183 client_nid=$(h2nettype $client_ip)
5184 do_facet mgs $LCTL nodemap_add c0
5185 do_facet mgs $LCTL nodemap_add_range \
5186 --name c0 --range $client_nid
5187 do_facet mgs $LCTL nodemap_modify --name c0 \
5188 --property admin --value 1
5189 do_facet mgs $LCTL nodemap_modify --name c0 \
5190 --property trusted --value 1
5191 wait_nm_sync c0 admin_nodemap
5192 wait_nm_sync c0 trusted_nodemap
5196 do_facet mgs $LCTL nodemap_del c0
5197 do_facet mgs $LCTL nodemap_modify --name default \
5198 --property admin --value 0
5199 do_facet mgs $LCTL nodemap_modify --name default \
5200 --property trusted --value 0
5201 wait_nm_sync default admin_nodemap
5202 wait_nm_sync default trusted_nodemap
5204 do_facet mgs $LCTL nodemap_activate 0
5205 wait_nm_sync active 0
5207 if $SHARED_KEY; then
5209 export SK_UNIQUE_NM=false
5212 mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
5217 local testfile=$DIR/$tdir/$tfile
5220 readonly=$(do_facet mgs \
5221 lctl get_param -n nodemap.default.readonly_mount)
5222 [ -n "$readonly" ] ||
5223 skip "Server does not have readonly_mount nodemap flag"
5225 stack_trap cleanup_61 EXIT
5226 for idx in $(seq 1 $MDSCOUNT); do
5227 wait_recovery_complete mds$idx
5229 umount_client $MOUNT || error "umount $MOUNT failed (1)"
5231 # Activate nodemap, and mount rw.
5232 # Should succeed as rw mount is not forbidden by default.
5234 readonly=$(do_facet mgs \
5235 lctl get_param -n nodemap.default.readonly_mount)
5236 [ $readonly -eq 0 ] ||
5237 error "wrong default value for readonly_mount on default nodemap"
5238 readonly=$(do_facet mgs \
5239 lctl get_param -n nodemap.c0.readonly_mount)
5240 [ $readonly -eq 0 ] ||
5241 error "wrong default value for readonly_mount on nodemap c0"
5243 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
5244 error "mount '-o rw' failed with default"
5246 findmnt $MOUNT --output=options -n -f | grep -q "rw," ||
5247 error "should be rw mount"
5248 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5249 echo a > $testfile || error "write $testfile failed"
5250 umount_client $MOUNT || error "umount $MOUNT failed (2)"
5252 # Now enforce read-only, and retry.
5253 do_facet mgs $LCTL nodemap_modify --name c0 \
5254 --property readonly_mount --value 1
5255 wait_nm_sync c0 readonly_mount
5256 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS} ||
5257 error "mount failed"
5258 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5259 error "mount should have been turned into ro"
5260 cat $testfile || error "read $testfile failed (1)"
5261 echo b > $testfile && error "write $testfile should fail (1)"
5262 umount_client $MOUNT || error "umount $MOUNT failed (3)"
5263 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
5264 error "mount '-o rw' failed"
5265 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5266 error "mount rw should have been turned into ro"
5267 cat $testfile || error "read $testfile failed (2)"
5268 echo b > $testfile && error "write $testfile should fail (2)"
5269 umount_client $MOUNT || error "umount $MOUNT failed (4)"
5270 zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},ro ||
5271 error "mount '-o ro' failed"
5273 cat $testfile || error "read $testfile failed (3)"
5274 echo b > $testfile && error "write $testfile should fail (3)"
5275 umount_client $MOUNT || error "umount $MOUNT failed (5)"
5277 run_test 61 "Nodemap enforces read-only mount"
5280 local testdir=$DIR/$tdir/mytestdir
5281 local testfile=$DIR/$tdir/$tfile
5283 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
5285 (( $MDS1_VERSION > $(version_code 2.15.51) )) ||
5286 skip "Need MDS version at least 2.15.51"
5288 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5289 skip "client encryption not supported"
5291 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5292 skip "need dummy encryption support"
5294 stack_trap cleanup_for_enc_tests EXIT
5297 lfs setstripe -c -1 $DIR/$tdir
5298 touch $DIR/$tdir/${tfile}_1 || error "touch ${tfile}_1 failed"
5299 dd if=/dev/zero of=$DIR/$tdir/${tfile}_2 bs=1 count=1 conv=fsync ||
5300 error "dd ${tfile}_2 failed"
5302 # unmount the Lustre filesystem
5303 stopall || error "stopping for e2fsck run"
5305 # run e2fsck on the MDT and OST devices
5306 local mds_host=$(facet_active_host $SINGLEMDS)
5307 local ost_host=$(facet_active_host ost1)
5308 local mds_dev=$(mdsdevname ${SINGLEMDS//mds/})
5309 local ost_dev=$(ostdevname 1)
5311 run_e2fsck $mds_host $mds_dev "-n"
5312 run_e2fsck $ost_host $ost_dev "-n"
5314 # mount the Lustre filesystem
5315 setupall || error "remounting the filesystem failed"
5317 run_test 62 "e2fsck with encrypted files"
5322 for path in "${paths[@]}"; do
5330 for path in "${paths[@]}"; do
5331 fids+=("$(lfs path2fid $path)")
5336 for fid in "${fids[@]}"; do
5338 respath=$(lfs fid2path $MOUNT $fid)
5339 echo -e "\t" $respath
5340 ls -li $respath >/dev/null
5341 [ $? -eq 0 ] || error "fid2path $fid failed"
5348 local vaultdir1=$DIR/$tdir/vault1==dir
5349 local vaultdir2=$DIR/$tdir/vault2==dir
5350 local longfname1="longfilenamewitha=inthemiddletotestbehaviorregardingthedigestedform"
5351 local longdname="longdirectorynamewitha=inthemiddletotestbehaviorregardingthedigestedform"
5352 local longfname2="$longdname/${longfname1}2"
5354 (( $MDS1_VERSION > $(version_code 2.15.53) )) ||
5355 skip "Need MDS version at least 2.15.53"
5357 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5358 skip "client encryption not supported"
5360 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5361 skip "need dummy encryption support"
5363 which fscrypt || skip "This test needs fscrypt userspace tool"
5365 yes | fscrypt setup --force --verbose ||
5366 echo "fscrypt global setup already done"
5367 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
5369 yes | fscrypt setup --verbose $MOUNT ||
5370 echo "fscrypt setup $MOUNT already done"
5372 # enable_filename_encryption tunable only available for client
5373 # built against embedded llcrypt. If client is built against in-kernel
5374 # fscrypt, file names are always encrypted.
5375 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
5376 nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
5378 if [ -n "$nameenc" ]; then
5379 do_facet mgs $LCTL set_param -P \
5380 llite.*.enable_filename_encryption=1
5382 error "set_param -P \
5383 llite.*.enable_filename_encryption=1 failed"
5385 wait_update_facet --verbose client \
5386 "$LCTL get_param -n llite.*.enable_filename_encryption \
5388 error "enable_filename_encryption not set on client"
5392 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5393 --source=custom_passphrase --name=protector_63_1 $vaultdir1 ||
5394 error "fscrypt encrypt $vaultdir1 failed"
5396 mkdir $vaultdir1/dirA
5397 mkdir $vaultdir1/$longdname
5398 paths=("$vaultdir1/fileA")
5399 paths+=("$vaultdir1/dirA/fileB")
5400 paths+=("$vaultdir1/$longfname1")
5401 paths+=("$vaultdir1/$longfname2")
5404 paths+=("$vaultdir1/dirA")
5405 paths+=("$vaultdir1/$longdname")
5410 fscrypt lock --verbose $vaultdir1 ||
5411 error "fscrypt lock $vaultdir1 failed (1)"
5415 if [ -z "$nameenc" ]; then
5416 echo "Rest of the test requires disabling name encryption"
5420 # disable name encryption
5421 do_facet mgs $LCTL set_param -P llite.*.enable_filename_encryption=0
5423 error "set_param -P llite.*.enable_filename_encryption=0 failed"
5425 wait_update_facet --verbose client \
5426 "$LCTL get_param -n llite.*.enable_filename_encryption \
5428 error "enable_filename_encryption not set back to default"
5431 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5432 --source=custom_passphrase --name=protector_63_2 $vaultdir2 ||
5433 error "fscrypt encrypt $vaultdir2 failed"
5435 mkdir $vaultdir2/dirA
5436 mkdir $vaultdir2/$longdname
5439 paths=("$vaultdir2/fileA")
5440 paths+=("$vaultdir2/dirA/fileB")
5441 paths+=("$vaultdir2/$longfname1")
5442 paths+=("$vaultdir2/$longfname2")
5445 paths+=("$vaultdir2/dirA")
5446 paths+=("$vaultdir2/$longdname")
5451 fscrypt lock --verbose $vaultdir2 ||
5452 error "fscrypt lock $vaultdir2 failed (2)"
5456 rm -rf $MOUNT/.fscrypt
5458 run_test 63 "fid2path with encrypted files"
5461 do_facet mgs $LCTL nodemap_activate 1
5464 do_facet mgs $LCTL nodemap_del c0 || true
5465 wait_nm_sync c0 id ''
5467 do_facet mgs $LCTL nodemap_modify --name default \
5468 --property admin --value 1
5469 do_facet mgs $LCTL nodemap_modify --name default \
5470 --property trusted --value 1
5471 wait_nm_sync default admin_nodemap
5472 wait_nm_sync default trusted_nodemap
5474 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
5475 client_nid=$(h2nettype $client_ip)
5476 do_facet mgs $LCTL nodemap_add c0
5477 do_facet mgs $LCTL nodemap_add_range \
5478 --name c0 --range $client_nid
5479 do_facet mgs $LCTL nodemap_modify --name c0 \
5480 --property admin --value 1
5481 do_facet mgs $LCTL nodemap_modify --name c0 \
5482 --property trusted --value 1
5483 wait_nm_sync c0 admin_nodemap
5484 wait_nm_sync c0 trusted_nodemap
5488 do_facet mgs $LCTL nodemap_del c0
5489 do_facet mgs $LCTL nodemap_modify --name default \
5490 --property admin --value 0
5491 do_facet mgs $LCTL nodemap_modify --name default \
5492 --property trusted --value 0
5493 wait_nm_sync default admin_nodemap
5494 wait_nm_sync default trusted_nodemap
5496 do_facet mgs $LCTL nodemap_activate 0
5497 wait_nm_sync active 0
5501 local testfile=$DIR/$tdir/$tfile
5504 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5505 skip "Need MDS >= 2.15.54 for role-based controls"
5507 stack_trap cleanup_64 EXIT
5508 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5511 # check default value for rbac is all
5512 rbac=$(do_facet mds $LCTL get_param -n nodemap.c0.rbac)
5513 for role in file_perms \
5521 [[ "$rbac" =~ "$role" ]] ||
5522 error "role '$role' not in default '$rbac'"
5525 do_facet mgs $LCTL nodemap_modify --name c0 \
5526 --property rbac --value file_perms
5527 wait_nm_sync c0 rbac
5529 stack_trap "set +vx"
5531 chmod 777 $testfile || error "chmod failed"
5532 chown $TSTUSR:$TSTUSR $testfile || error "chown failed"
5533 chgrp $TSTUSR $testfile || error "chgrp failed"
5534 $LFS project -p 1000 $testfile || error "setting project failed"
5537 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5538 wait_nm_sync c0 rbac
5541 chmod 777 $testfile && error "chmod should fail"
5542 chown $TSTUSR:$TSTUSR $testfile && error "chown should fail"
5543 chgrp $TSTUSR $testfile && error "chgrp should fail"
5544 $LFS project -p 1000 $testfile && error "setting project should fail"
5547 run_test 64a "Nodemap enforces file_perms RBAC roles"
5550 local testdir=$DIR/$tdir/${tfile}.d
5553 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5554 skip "Need MDS >= 2.15.54 for role-based controls"
5556 (( MDSCOUNT >= 2 )) || skip "mdt count $MDSCOUNT, skipping dne_ops role"
5558 stack_trap cleanup_64 EXIT
5559 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5562 dir_restripe=$(do_node $mds1_HOST \
5563 "$LCTL get_param -n mdt.*MDT0000.enable_dir_restripe")
5564 [ -n "$dir_restripe" ] || dir_restripe=0
5565 do_nodes $(comma_list $(all_mdts_nodes)) \
5566 $LCTL set_param mdt.*.enable_dir_restripe=1 ||
5567 error "enabling dir_restripe failed"
5568 stack_trap "do_nodes $(comma_list $(all_mdts_nodes)) \
5569 $LCTL set_param mdt.*.enable_dir_restripe=$dir_restripe" EXIT
5570 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5572 wait_nm_sync c0 rbac
5573 $LFS mkdir -i 0 ${testdir}_for_migr ||
5574 error "$LFS mkdir ${testdir}_for_migr failed (1)"
5575 touch ${testdir}_for_migr/file001 ||
5576 error "touch ${testdir}_for_migr/file001 failed (1)"
5577 $LFS mkdir -i 0 ${testdir}_mdt0 ||
5578 error "$LFS mkdir ${testdir}_mdt0 failed (1)"
5579 $LFS mkdir -i 1 ${testdir}_mdt1 ||
5580 error "$LFS mkdir ${testdir}_mdt1 failed (1)"
5582 $LFS mkdir -i 1 $testdir || error "$LFS mkdir failed (1)"
5584 $LFS mkdir -c 2 $testdir || error "$LFS mkdir failed (2)"
5587 $LFS setdirstripe -c 2 $testdir || error "$LFS setdirstripe failed"
5589 $LFS migrate -m 1 ${testdir}_for_migr || error "$LFS migrate failed"
5590 touch ${testdir}_mdt0/fileA || error "touch fileA failed (1)"
5591 mv ${testdir}_mdt0/fileA ${testdir}_mdt1/ || error "mv failed (1)"
5594 $LFS mkdir -i 0 ${testdir}_for_migr ||
5595 error "$LFS mkdir ${testdir}_for_migr failed (2)"
5596 touch ${testdir}_for_migr/file001 ||
5597 error "touch ${testdir}_for_migr/file001 failed (2)"
5598 $LFS mkdir -i 0 ${testdir}_mdt0 ||
5599 error "$LFS mkdir ${testdir}_mdt0 failed (2)"
5600 $LFS mkdir -i 1 ${testdir}_mdt1 ||
5601 error "$LFS mkdir ${testdir}_mdt1 failed (2)"
5603 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5604 wait_nm_sync c0 rbac
5606 $LFS mkdir -i 1 $testdir && error "$LFS mkdir should fail (1)"
5607 $LFS mkdir -c 2 $testdir && error "$LFS mkdir should fail (2)"
5609 $LFS setdirstripe -c 2 $testdir && error "$LFS setdirstripe should fail"
5611 $LFS migrate -m 1 ${testdir}_for_migr &&
5612 error "$LFS migrate should fail"
5613 touch ${testdir}_mdt0/fileA || error "touch fileA failed (2)"
5614 mv ${testdir}_mdt0/fileA ${testdir}_mdt1/ || error "mv failed (2)"
5617 run_test 64b "Nodemap enforces dne_ops RBAC roles"
5620 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5621 skip "Need MDS >= 2.15.54 for role-based controls"
5623 stack_trap cleanup_64 EXIT
5624 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5627 do_facet mgs $LCTL nodemap_modify --name c0 \
5628 --property rbac --value quota_ops
5629 wait_nm_sync c0 rbac
5631 $LFS setquota -u $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5632 error "lfs setquota -u failed"
5633 $LFS setquota -u $USER0 --delete $MOUNT
5634 $LFS setquota -g $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5635 error "lfs setquota -g failed"
5636 $LFS setquota -g $USER0 --delete $MOUNT
5637 $LFS setquota -p 1000 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
5638 error "lfs setquota -p failed"
5639 $LFS setquota -p 1000 --delete $MOUNT
5641 $LFS setquota -U -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5642 error "lfs setquota -U failed"
5643 $LFS setquota -U -b 0 -B 0 -i 0 -I 0 $MOUNT
5644 $LFS setquota -G -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5645 error "lfs setquota -G failed"
5646 $LFS setquota -G -b 0 -B 0 -i 0 -I 0 $MOUNT
5647 $LFS setquota -P -b 10G -B 11G -i 100K -I 105K $MOUNT ||
5648 error "lfs setquota -P failed"
5649 $LFS setquota -P -b 0 -B 0 -i 0 -I 0 $MOUNT
5650 $LFS setquota -u $USER0 -D $MOUNT ||
5651 error "lfs setquota -u -D failed"
5652 $LFS setquota -u $USER0 --delete $MOUNT
5653 $LFS setquota -g $USER0 -D $MOUNT ||
5654 error "lfs setquota -g -D failed"
5655 $LFS setquota -g $USER0 --delete $MOUNT
5656 $LFS setquota -p 1000 -D $MOUNT ||
5657 error "lfs setquota -p -D failed"
5658 $LFS setquota -p 1000 --delete $MOUNT
5661 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5662 wait_nm_sync c0 rbac
5665 $LFS setquota -u $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5666 error "lfs setquota -u should fail"
5667 $LFS setquota -u $USER0 --delete $MOUNT
5668 $LFS setquota -g $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5669 error "lfs setquota -g should fail"
5670 $LFS setquota -g $USER0 --delete $MOUNT
5671 $LFS setquota -p 1000 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT &&
5672 error "lfs setquota -p should fail"
5673 $LFS setquota -p 1000 --delete $MOUNT
5675 $LFS setquota -U -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5676 error "lfs setquota -U should fail"
5677 $LFS setquota -G -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5678 error "lfs setquota -G should fail"
5679 $LFS setquota -P -b 10G -B 11G -i 100K -I 105K $MOUNT &&
5680 error "lfs setquota -P should fail"
5681 $LFS setquota -u $USER0 -D $MOUNT &&
5682 error "lfs setquota -u -D should fail"
5683 $LFS setquota -u $USER0 --delete $MOUNT
5684 $LFS setquota -g $USER0 -D $MOUNT &&
5685 error "lfs setquota -g -D should fail"
5686 $LFS setquota -g $USER0 --delete $MOUNT
5687 $LFS setquota -p 1000 -D $MOUNT &&
5688 error "lfs setquota -p -D should fail"
5689 $LFS setquota -p 1000 --delete $MOUNT
5692 run_test 64c "Nodemap enforces quota_ops RBAC roles"
5695 local testfile=$DIR/$tdir/$tfile
5698 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5699 skip "Need MDS >= 2.15.54 for role-based controls"
5701 stack_trap cleanup_64 EXIT
5702 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5705 do_facet mgs $LCTL nodemap_modify --name c0 \
5706 --property rbac --value byfid_ops
5707 wait_nm_sync c0 rbac
5710 fid=$(lfs path2fid $testfile)
5712 $LFS fid2path $MOUNT $fid || error "fid2path $fid failed (1)"
5713 cat $MOUNT/.lustre/fid/$fid || error "cat by fid failed"
5714 lfs rmfid $MOUNT $fid || error "lfs rmfid failed"
5717 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5718 wait_nm_sync c0 rbac
5721 fid=$(lfs path2fid $testfile)
5723 $LFS fid2path $MOUNT $fid || error "fid2path $fid failed (2)"
5724 cat $MOUNT/.lustre/fid/$fid && error "cat by fid should fail"
5725 lfs rmfid $MOUNT $fid && error "lfs rmfid should fail"
5729 run_test 64d "Nodemap enforces byfid_ops RBAC roles"
5732 local testfile=$DIR/$tdir/$tfile
5733 local testdir=$DIR/$tdir/${tfile}.d
5735 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5736 skip "Need MDS >= 2.15.54 for role-based controls"
5738 stack_trap cleanup_64 EXIT
5739 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5742 # activate changelogs
5743 changelog_register || error "changelog_register failed"
5744 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
5745 changelog_users $SINGLEMDS | grep -q $cl_user ||
5746 error "User $cl_user not found in changelog_users"
5747 changelog_chmask ALL
5750 mkdir $testdir || error "failed to mkdir $testdir"
5751 touch $testfile || error "failed to touch $testfile"
5753 do_facet mgs $LCTL nodemap_modify --name c0 \
5754 --property rbac --value chlg_ops
5755 wait_nm_sync c0 rbac
5758 echo "changelogs dump"
5759 changelog_dump || error "failed to dump changelogs"
5760 echo "changelogs clear"
5761 changelog_clear 0 || error "failed to clear changelogs"
5763 rm -rf $testdir $testfile || error "rm -rf $testdir $testfile failed"
5765 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value none
5766 wait_nm_sync c0 rbac
5769 mkdir $testdir || error "failed to mkdir $testdir"
5770 touch $testfile || error "failed to touch $testfile"
5773 echo "changelogs dump"
5774 changelog_dump && error "dump changelogs should fail"
5775 echo "changelogs clear"
5776 changelog_clear 0 && error "clear changelogs should fail"
5777 rm -rf $testdir $testfile
5779 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value all
5780 wait_nm_sync c0 rbac
5782 run_test 64e "Nodemap enforces chlg_ops RBAC roles"
5785 local vaultdir=$DIR/$tdir/vault
5790 (( MDS1_VERSION >= $(version_code 2.15.54) )) ||
5791 skip "Need MDS >= 2.15.54 for role-based controls"
5793 cli_enc=$($LCTL get_param mdc.*.import | grep client_encryption)
5794 [ -n "$cli_enc" ] || skip "Need enc support, skip fscrypt_admin role"
5795 which fscrypt || skip "Need fscrypt, skip fscrypt_admin role"
5797 stack_trap cleanup_64 EXIT
5798 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5801 yes | fscrypt setup --force --verbose ||
5802 echo "fscrypt global setup already done"
5803 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
5805 yes | fscrypt setup --verbose $MOUNT ||
5806 echo "fscrypt setup $MOUNT already done"
5807 stack_trap "rm -rf $MOUNT/.fscrypt"
5809 # file_perms is required because fscrypt uses chmod/chown
5810 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5811 --value fscrypt_admin,file_perms
5812 wait_nm_sync c0 rbac
5816 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5817 --source=custom_passphrase --name=protector_64 $vaultdir ||
5818 error "fscrypt encrypt $vaultdir failed"
5819 fscrypt lock $vaultdir || error "fscrypt lock $vaultdir failed (1)"
5820 policy=$(fscrypt status $vaultdir | awk '$1 == "Policy:"{print $2}')
5821 [ -n "$policy" ] || error "could not get enc policy"
5822 protector=$(fscrypt status $vaultdir |
5823 awk 'BEGIN {found=0} { if (found == 1) { print $1 }} \
5824 $1 == "PROTECTOR" {found=1}')
5825 [ -n "$protector" ] || error "could not get enc protector"
5829 # file_perms is required because fscrypt uses chmod/chown
5830 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
5832 wait_nm_sync c0 rbac
5835 echo mypass | fscrypt unlock $vaultdir ||
5836 error "fscrypt unlock $vaultdir failed"
5837 fscrypt lock $vaultdir || error "fscrypt lock $vaultdir failed (2)"
5838 fscrypt metadata destroy --protector=$MOUNT:$protector --force &&
5839 error "destroy protector should fail"
5840 fscrypt metadata destroy --policy=$MOUNT:$policy --force &&
5841 error "destroy policy should fail"
5842 mkdir -p ${vaultdir}2
5843 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
5844 --source=custom_passphrase \
5845 --name=protector_64bis ${vaultdir}2 &&
5846 error "fscrypt encrypt ${vaultdir}2 should fail"
5850 do_facet mgs $LCTL nodemap_modify --name c0 --property rbac --value all
5851 wait_nm_sync c0 rbac
5854 fscrypt metadata destroy --protector=$MOUNT:$protector --force ||
5855 error "destroy protector failed"
5856 fscrypt metadata destroy --policy=$MOUNT:$policy --force ||
5857 error "destroy policy failed"
5862 run_test 64f "Nodemap enforces fscrypt_admin RBAC roles"
5871 (( neg == 1 )) || neg=""
5872 $LFS find -type f ${neg:+"!"} --attrs $pattern $path > $TMP/res
5874 res=$(cat $TMP/res | wc -l)
5875 (( res == $expected )) ||
5876 error "Find $pattern $path: found $res, expected $expected"
5880 local dirbis=$DIR/${tdir}_bis
5881 local testfile=$DIR/$tdir/$tfile
5884 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5885 skip "client encryption not supported"
5887 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5888 skip "need dummy encryption support"
5890 # $dirbis is not going to be encrypted, as client
5891 # is not mounted with -o test_dummy_encryption yet
5893 stack_trap "rm -rf $dirbis" EXIT
5894 touch $dirbis/$tfile.1
5895 touch $dirbis/$tfile.2
5896 chattr +i $dirbis/$tfile.2
5897 stack_trap "chattr -i $dirbis/$tfile.2" EXIT
5899 stack_trap cleanup_for_enc_tests EXIT
5902 # All files/dirs under $DIR/$tdir are encrypted
5905 chattr +i $testfile.2
5906 stack_trap "chattr -i $testfile.2" EXIT
5908 $LFS find -printf "%p %LA\n" $dirbis/$tfile.1
5909 res=$($LFS find -printf "%LA" $dirbis/$tfile.1)
5910 [ "$res" == "---" ] ||
5911 error "$dirbis/$tfile.1 should have no attr, showed $res (1)"
5912 $LFS find -printf "%p %La\n" $dirbis/$tfile.1
5913 res=$($LFS find -printf "%La" $dirbis/$tfile.1)
5914 [ "$res" == "---" ] ||
5915 error "$dirbis/$tfile.1 should have no attr, showed $res (2)"
5916 $LFS find -printf "%p %LA\n" $dirbis/$tfile.2
5917 res=$($LFS find -printf "%LA" $dirbis/$tfile.2)
5918 [ "$res" == "Immutable" ] ||
5919 error "$dirbis/$tfile.2 should be Immutable, showed $res"
5920 $LFS find -printf "%p %La\n" $dirbis/$tfile.2
5921 res=$($LFS find -printf "%La" $dirbis/$tfile.2)
5922 [ "$res" == "i" ] ||
5923 error "$dirbis/$tfile.2 should be 'i', showed $res"
5924 $LFS find -printf "%p %LA\n" $testfile.1
5925 res=$($LFS find -printf "%LA" $testfile.1)
5926 [ "$res" == "Encrypted" ] ||
5927 error "$testfile.1 should be Encrypted, showed $res"
5928 $LFS find -printf "%p %La\n" $testfile.1
5929 res=$($LFS find -printf "%La" $testfile.1)
5930 [ "$res" == "E" ] ||
5931 error "$testfile.1 should be 'E', showed $res"
5932 $LFS find -printf "%p %LA\n" $testfile.2
5933 res=$($LFS find -printf "%LA" $testfile.2)
5934 [ "$res" == "Immutable,Encrypted" ] ||
5935 error "$testfile.2 should be Immutable,Encrypted, showed $res"
5936 $LFS find -printf "%p %La\n" $testfile.2
5937 res=$($LFS find -printf "%La" $testfile.2)
5938 [ "$res" == "iE" ] ||
5939 error "$testfile.2 should be 'iE', showed $res"
5941 echo Expecting to find 2 encrypted files
5942 look_for_files Encrypted 0 "$DIR/${tdir}*" 2
5943 echo Expecting to find 2 encrypted files
5944 look_for_files E 0 "$DIR/${tdir}*" 2
5946 echo Expecting to find 2 non-encrypted files
5947 look_for_files Encrypted 1 "$DIR/${tdir}*" 2
5948 echo Expecting to find 2 non-encrypted files
5949 look_for_files E 1 "$DIR/${tdir}*" 2
5951 echo Expecting to find 1 encrypted+immutable file
5952 look_for_files "Encrypted,Immutable" 0 "$DIR/${tdir}*" 1
5953 echo Expecting to find 1 encrypted+immutable file
5954 look_for_files "Ei" 0 "$DIR/${tdir}*" 1
5956 echo Expecting to find 1 encrypted+^immutable file
5957 look_for_files "Encrypted,^Immutable" 0 "$DIR/${tdir}*" 1
5958 echo Expecting to find 1 encrypted+^immutable file
5959 look_for_files "E^i" 0 "$DIR/${tdir}*" 1
5961 echo Expecting to find 1 ^encrypted+immutable file
5962 look_for_files "^Encrypted,Immutable" 0 "$DIR/${tdir}*" 1
5963 echo Expecting to find 1 ^encrypted+immutable file
5964 look_for_files "^Ei" 0 "$DIR/${tdir}*" 1
5966 echo Expecting to find 1 ^encrypted+^immutable file
5967 look_for_files "^Encrypted,^Immutable" 0 "$DIR/${tdir}*" 1
5968 echo Expecting to find 1 ^encrypted+^immutable file
5969 look_for_files "^E^i" 0 "$DIR/${tdir}*" 1
5971 run_test 65 "lfs find -printf %La and --attrs support"
5973 log "cleanup: ======================================================"
5976 for ((num = 1; num <= $MDSCOUNT; num++)); do
5977 if [[ "${identity_old[$num]}" == 1 ]]; then
5978 switch_identity $num false || identity_old[$num]=$?
5982 $RUNAS_CMD -u $ID0 ls $DIR
5983 $RUNAS_CMD -u $ID1 ls $DIR
5987 complete_test $SECONDS
5988 check_and_cleanup_lustre