3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
11 LUSTRE=${LUSTRE:-$(dirname $0)/..}
12 . $LUSTRE/tests/test-framework.sh
17 ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT "
18 # bug number for skipped test:
20 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
22 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
24 NODEMAP_TESTS=$(seq 7 26)
26 if ! check_versions; then
27 echo "It is NOT necessary to test nodemap under interoperation mode"
28 EXCEPT="$EXCEPT $NODEMAP_TESTS"
33 RUNAS_CMD=${RUNAS_CMD:-runas}
35 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
38 PERM_CONF=$CONFDIR/perm.conf
40 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
41 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
43 require_dsh_mds || exit 0
44 require_dsh_ost || exit 0
46 clients=${CLIENTS//,/ }
47 num_clients=$(get_node_count ${clients})
48 clients_arr=($clients)
50 echo "was USER0=$(getent passwd | grep :${ID0:-500}:)"
51 echo "was USER1=$(getent passwd | grep :${ID1:-501}:)"
56 echo "now USER0=$USER0=$ID0:$(id -g $USER0), USER1=$USER1=$ID1:$(id -g $USER1)"
58 if [ "$SLOW" == "yes" ]; then
61 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
66 NODEMAP_IPADDR_LIST="1 250"
69 NODEMAP_MAX_ID=$((ID0 + NODEMAP_ID_COUNT))
72 skip "need to add user0 ($ID0:$ID0)" && exit 0
75 skip "need to add user1 ($ID1:$ID1)" && exit 0
77 IDBASE=${IDBASE:-60000}
79 # changes to mappings must be reflected in test 23
81 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
82 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
85 check_and_setup_lustre
90 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
91 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
93 echo "with GSS support"
96 echo "without GSS support"
99 MDT=$(do_facet $SINGLEMDS lctl get_param -N "mdt.\*MDT0000" |
101 [ -z "$MDT" ] && error "fail to get MDT device" && exit 1
102 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
103 IDENTITY_FLUSH=mdt.$MDT.identity_flush
104 IDENTITY_UPCALL=mdt.$MDT.identity_upcall
113 if ! $RUNAS_CMD -u $user krb5_login.sh; then
114 error "$user login kerberos failed."
118 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
119 $RUNAS_CMD -u $user lfs flushctx -k
120 $RUNAS_CMD -u $user krb5_login.sh
121 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
122 error "init $user $group failed."
128 declare -a identity_old
131 for num in $(seq $MDSCOUNT); do
132 switch_identity $num true || identity_old[$num]=$?
135 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
136 sec_login $USER0 $USER0
139 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
140 sec_login $USER1 $USER1
145 # run as different user
149 chmod 0755 $DIR || error "chmod (1)"
150 rm -rf $DIR/$tdir || error "rm (1)"
151 mkdir -p $DIR/$tdir || error "mkdir (1)"
152 chown $USER0 $DIR/$tdir || error "chown (2)"
153 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
154 rm -f $DIR/f0 || error "rm (2)"
155 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
156 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
157 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
158 touch $DIR/$tdir/f3 || error "touch (4)"
159 chown root $DIR/$tdir || error "chown (3)"
160 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
161 chmod 0775 $DIR/$tdir || error "chmod (2)"
162 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
163 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
164 touch $DIR/$tdir/f6 || error "touch (7)"
165 rm -rf $DIR/$tdir || error "rm (3)"
167 run_test 0 "uid permission ============================="
171 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
174 mkdir_on_mdt0 $DIR/$tdir
176 chown $USER0 $DIR/$tdir || error "chown (1)"
177 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
178 echo "enable uid $ID1 setuid"
179 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
180 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
181 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
183 chown root $DIR/$tdir || error "chown (4)"
184 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
185 chmod 0770 $DIR/$tdir || error "chmod (6)"
186 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
187 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
188 echo "enable uid $ID1 setuid,setgid"
189 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
190 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
191 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
193 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
198 do_facet $SINGLEMDS "rm -f $PERM_CONF"
199 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
201 run_test 1 "setuid/gid ============================="
203 # bug 3285 - supplementary group should always succeed.
204 # NB: the supplementary groups are set for local client only,
205 # as for remote client, the groups of the specified uid on MDT
206 # will be obtained by upcall /sbin/l_getidentity and used.
208 [[ "$MDS1_VERSION" -ge $(version_code 2.6.93) ]] ||
209 [[ "$MDS1_VERSION" -ge $(version_code 2.5.35) &&
210 "$MDS1_VERSION" -lt $(version_code 2.5.50) ]] ||
211 skip "Need MDS version at least 2.6.93 or 2.5.35"
215 chmod 0771 $DIR/$tdir
216 chgrp $ID0 $DIR/$tdir
217 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
218 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
219 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
220 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
221 error "setgroups (2)"
222 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
225 do_facet $SINGLEMDS "rm -f $PERM_CONF"
226 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
228 run_test 4 "set supplementary group ==============="
234 squash_id default 99 0
235 wait_nm_sync default squash_uid '' inactive
236 squash_id default 99 1
237 wait_nm_sync default squash_gid '' inactive
238 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
239 local csum=${HOSTNAME_CHECKSUM}_${i}
241 do_facet mgs $LCTL nodemap_add $csum
243 if [ $rc -ne 0 ]; then
244 echo "nodemap_add $csum failed with $rc"
248 wait_update_facet --verbose mgs \
249 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
250 grep -c $csum || true" 1 30 ||
253 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
254 local csum=${HOSTNAME_CHECKSUM}_${i}
256 wait_nm_sync $csum id '' inactive
264 for ((i = 0; i < NODEMAP_COUNT; i++)); do
265 local csum=${HOSTNAME_CHECKSUM}_${i}
267 if ! do_facet mgs $LCTL nodemap_del $csum; then
268 error "nodemap_del $csum failed with $?"
272 wait_update_facet --verbose mgs \
273 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
274 grep -c $csum || true" 0 30 ||
277 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
278 local csum=${HOSTNAME_CHECKSUM}_${i}
280 wait_nm_sync $csum id '' inactive
287 local cmd="$LCTL nodemap_add_range"
291 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
292 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
293 if ! do_facet mgs $cmd --name $1 --range $range; then
302 local cmd="$LCTL nodemap_del_range"
306 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
307 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
308 if ! do_facet mgs $cmd --name $1 --range $range; then
318 local cmd="$LCTL nodemap_add_idmap"
322 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
324 echo "Start to add idmaps ..."
325 for ((i = 0; i < NODEMAP_COUNT; i++)); do
328 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
329 local csum=${HOSTNAME_CHECKSUM}_${i}
331 local fs_id=$((j + 1))
333 if ! do_facet mgs $cmd --name $csum --idtype uid \
334 --idmap $client_id:$fs_id; then
337 if ! do_facet mgs $cmd --name $csum --idtype gid \
338 --idmap $client_id:$fs_id; then
342 if ! do_facet mgs $cmd --name $csum \
343 --idtype projid --idmap \
344 $client_id:$fs_id; then
354 update_idmaps() { #LU-10040
355 [ "$MGS_VERSION" -lt $(version_code 2.10.55) ] &&
356 skip "Need MGS >= 2.10.55"
358 local csum=${HOSTNAME_CHECKSUM}_0
359 local old_id_client=$ID0
360 local old_id_fs=$((ID0 + 1))
361 local new_id=$((ID0 + 100))
368 echo "Start to update idmaps ..."
370 #Inserting an existed idmap should return error
371 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
373 $cmd --idmap $old_id_client:$old_id_fs 2>/dev/null; then
374 error "insert idmap {$old_id_client:$old_id_fs} " \
375 "should return error"
380 #Update id_fs and check it
381 if ! do_facet mgs $cmd --idmap $old_id_client:$new_id; then
382 error "$cmd --idmap $old_id_client:$new_id failed"
386 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
387 awk '{ print $7 }' | sed -n '2p')
388 [ $tmp_id != $new_id ] && { error "new id_fs $tmp_id != $new_id"; \
389 rc=$((rc + 1)); return $rc; }
391 #Update id_client and check it
392 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
393 error "$cmd --idmap $new_id:$new_id failed"
397 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
398 awk '{ print $5 }' | sed -n "$((NODEMAP_ID_COUNT + 1)) p")
399 tmp_id=$(echo ${tmp_id%,*}) #e.g. "501,"->"501"
400 [ $tmp_id != $new_id ] && { error "new id_client $tmp_id != $new_id"; \
401 rc=$((rc + 1)); return $rc; }
403 #Delete above updated idmap
404 cmd="$LCTL nodemap_del_idmap --name $csum --idtype uid"
405 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
406 error "$cmd --idmap $new_id:$new_id failed"
411 #restore the idmaps to make delete_idmaps work well
412 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
413 if ! do_facet mgs $cmd --idmap $old_id_client:$old_id_fs; then
414 error "$cmd --idmap $old_id_client:$old_id_fs failed"
424 local cmd="$LCTL nodemap_del_idmap"
428 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
430 echo "Start to delete idmaps ..."
431 for ((i = 0; i < NODEMAP_COUNT; i++)); do
434 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
435 local csum=${HOSTNAME_CHECKSUM}_${i}
437 local fs_id=$((j + 1))
439 if ! do_facet mgs $cmd --name $csum --idtype uid \
440 --idmap $client_id:$fs_id; then
443 if ! do_facet mgs $cmd --name $csum --idtype gid \
444 --idmap $client_id:$fs_id; then
448 if ! do_facet mgs $cmd --name $csum \
449 --idtype projid --idmap \
450 $client_id:$fs_id; then
464 local cmd="$LCTL nodemap_modify"
467 proc[0]="admin_nodemap"
468 proc[1]="trusted_nodemap"
472 for ((idx = 0; idx < 2; idx++)); do
473 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
478 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
488 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
489 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
493 cmd[0]="$LCTL nodemap_modify --property squash_uid"
494 cmd[1]="$LCTL nodemap_modify --property squash_gid"
495 cmd[2]="$LCTL nodemap_modify --property squash_projid"
497 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
502 # ensure that the squash defaults are the expected defaults
503 squash_id default 99 0
504 wait_nm_sync default squash_uid '' inactive
505 squash_id default 99 1
506 wait_nm_sync default squash_gid '' inactive
507 if [ "$MDS1_VERSION" -ge $(version_code 2.14.50) ]; then
508 squash_id default 99 2
509 wait_nm_sync default squash_projid '' inactive
515 cmd="$LCTL nodemap_test_nid"
517 nid=$(do_facet mgs $cmd $1)
519 if [ $nid == $2 ]; then
527 # restore activation state
528 do_facet mgs $LCTL nodemap_activate 0
534 local cmd="$LCTL nodemap_test_id"
537 echo "Start to test idmaps ..."
538 ## nodemap deactivated
539 if ! do_facet mgs $LCTL nodemap_activate 0; then
542 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
545 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
546 local nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
547 local fs_id=$(do_facet mgs $cmd --nid $nid \
548 --idtype uid --id $id)
549 if [ $fs_id != $id ]; then
550 echo "expected $id, got $fs_id"
557 if ! do_facet mgs $LCTL nodemap_activate 1; then
561 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
562 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
563 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
564 fs_id=$(do_facet mgs $cmd --nid $nid \
565 --idtype uid --id $id)
566 expected_id=$((id + 1))
567 if [ $fs_id != $expected_id ]; then
568 echo "expected $expected_id, got $fs_id"
575 for ((i = 0; i < NODEMAP_COUNT; i++)); do
576 local csum=${HOSTNAME_CHECKSUM}_${i}
578 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
579 --property trusted --value 1; then
580 error "nodemap_modify $csum failed with $?"
585 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
586 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
587 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
588 fs_id=$(do_facet mgs $cmd --nid $nid \
589 --idtype uid --id $id)
590 if [ $fs_id != $id ]; then
591 echo "expected $id, got $fs_id"
597 ## ensure allow_root_access is enabled
598 for ((i = 0; i < NODEMAP_COUNT; i++)); do
599 local csum=${HOSTNAME_CHECKSUM}_${i}
601 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
602 --property admin --value 1; then
603 error "nodemap_modify $csum failed with $?"
608 ## check that root allowed
609 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
610 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
611 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
612 if [ $fs_id != 0 ]; then
613 echo "root allowed expected 0, got $fs_id"
618 ## ensure allow_root_access is disabled
619 for ((i = 0; i < NODEMAP_COUNT; i++)); do
620 local csum=${HOSTNAME_CHECKSUM}_${i}
622 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
623 --property admin --value 0; then
624 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
630 ## check that root is mapped to 99
631 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
632 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
633 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
634 if [ $fs_id != 99 ]; then
635 error "root squash expected 99, got $fs_id"
640 ## reset client trust to 0
641 for ((i = 0; i < NODEMAP_COUNT; i++)); do
642 if ! do_facet mgs $LCTL nodemap_modify \
643 --name ${HOSTNAME_CHECKSUM}_${i} \
644 --property trusted --value 0; then
645 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
657 remote_mgs_nodsh && skip "remote MGS with nodsh"
658 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
659 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
663 [[ $rc != 0 ]] && error "nodemap_add failed with $rc"
667 [[ $rc != 0 ]] && error "nodemap_del failed with $rc"
671 run_test 7 "nodemap create and delete"
676 remote_mgs_nodsh && skip "remote MGS with nodsh"
677 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
678 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
684 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
690 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
696 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
700 run_test 8 "nodemap reject duplicates"
706 remote_mgs_nodsh && skip "remote MGS with nodsh"
707 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
708 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
713 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
716 for ((i = 0; i < NODEMAP_COUNT; i++)); do
717 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
721 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
724 for ((i = 0; i < NODEMAP_COUNT; i++)); do
725 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
729 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
734 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
738 run_test 9 "nodemap range add"
743 remote_mgs_nodsh && skip "remote MGS with nodsh"
744 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
745 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
750 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
753 for ((i = 0; i < NODEMAP_COUNT; i++)); do
754 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
758 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
761 for ((i = 0; i < NODEMAP_COUNT; i++)); do
762 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
766 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
771 for ((i = 0; i < NODEMAP_COUNT; i++)); do
772 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
776 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
780 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 5
784 run_test 10a "nodemap reject duplicate ranges"
787 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
788 skip "Need MGS >= 2.10.53"
792 local nids="192.168.19.[0-255]@o2ib20"
794 do_facet mgs $LCTL nodemap_del $nm1 2>/dev/null
795 do_facet mgs $LCTL nodemap_del $nm2 2>/dev/null
797 do_facet mgs $LCTL nodemap_add $nm1 || error "Add $nm1 failed"
798 do_facet mgs $LCTL nodemap_add $nm2 || error "Add $nm2 failed"
799 do_facet mgs $LCTL nodemap_add_range --name $nm1 --range $nids ||
800 error "Add range $nids to $nm1 failed"
801 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
802 grep start_nid)" ] || error "No range was found"
803 do_facet mgs $LCTL nodemap_del_range --name $nm2 --range $nids &&
804 error "Deleting range $nids from $nm2 should fail"
805 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
806 grep start_nid)" ] || error "Range $nids should be there"
808 do_facet mgs $LCTL nodemap_del $nm1 || error "Delete $nm1 failed"
809 do_facet mgs $LCTL nodemap_del $nm2 || error "Delete $nm2 failed"
812 run_test 10b "delete range from the correct nodemap"
814 test_10c() { #LU-8912
815 [ "$MGS_VERSION" -lt $(version_code 2.10.57) ] &&
816 skip "Need MGS >= 2.10.57"
818 local nm="nodemap_lu8912"
819 local nid_range="10.210.[32-47].[0-255]@o2ib3"
820 local start_nid="10.210.32.0@o2ib3"
821 local end_nid="10.210.47.255@o2ib3"
822 local start_nid_found
825 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
826 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
827 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
828 error "Add range $nid_range to $nm failed"
830 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
831 awk -F '[,: ]' /start_nid/'{ print $9 }')
832 [ "$start_nid" == "$start_nid_found" ] ||
833 error "start_nid: $start_nid_found != $start_nid"
834 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
835 awk -F '[,: ]' /end_nid/'{ print $13 }')
836 [ "$end_nid" == "$end_nid_found" ] ||
837 error "end_nid: $end_nid_found != $end_nid"
839 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
842 run_test 10c "verfify contiguous range support"
844 test_10d() { #LU-8913
845 [ "$MGS_VERSION" -lt $(version_code 2.10.59) ] &&
846 skip "Need MGS >= 2.10.59"
848 local nm="nodemap_lu8913"
849 local nid_range="*@o2ib3"
850 local start_nid="0.0.0.0@o2ib3"
851 local end_nid="255.255.255.255@o2ib3"
852 local start_nid_found
855 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
856 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
857 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
858 error "Add range $nid_range to $nm failed"
860 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
861 awk -F '[,: ]' /start_nid/'{ print $9 }')
862 [ "$start_nid" == "$start_nid_found" ] ||
863 error "start_nid: $start_nid_found != $start_nid"
864 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
865 awk -F '[,: ]' /end_nid/'{ print $13 }')
866 [ "$end_nid" == "$end_nid_found" ] ||
867 error "end_nid: $end_nid_found != $end_nid"
869 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
872 run_test 10d "verfify nodemap range format '*@<net>' support"
877 remote_mgs_nodsh && skip "remote MGS with nodsh"
878 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
879 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
884 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
887 for ((i = 0; i < NODEMAP_COUNT; i++)); do
888 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
892 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
897 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
901 run_test 11 "nodemap modify"
906 remote_mgs_nodsh && skip "remote MGS with nodsh"
907 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
908 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
913 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
916 for ((i = 0; i < NODEMAP_COUNT; i++)); do
917 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
921 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
924 for ((i = 0; i < NODEMAP_COUNT; i++)); do
925 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
929 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
932 if (( $MDS1_VERSION >= $(version_code 2.14.52) )); then
933 for ((i = 0; i < NODEMAP_COUNT; i++)); do
934 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 2; then
939 [[ $rc != 0 ]] && error "nodemap squash_projid with $rc" && return 5
944 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
948 run_test 12 "nodemap set squash ids"
953 remote_mgs_nodsh && skip "remote MGS with nodsh"
954 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
955 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
960 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
963 for ((i = 0; i < NODEMAP_COUNT; i++)); do
964 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
968 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
971 for ((i = 0; i < NODEMAP_COUNT; i++)); do
972 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
973 for k in $NODEMAP_IPADDR_LIST; do
974 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
975 ${HOSTNAME_CHECKSUM}_${i}; then
981 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
986 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
990 run_test 13 "test nids"
995 remote_mgs_nodsh && skip "remote MGS with nodsh"
996 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
997 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1002 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1005 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1006 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
1007 for k in $NODEMAP_IPADDR_LIST; do
1008 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
1015 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
1020 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
1024 run_test 14 "test default nodemap nid lookup"
1029 remote_mgs_nodsh && skip "remote MGS with nodsh"
1030 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1031 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1036 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1038 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
1039 local csum=${HOSTNAME_CHECKSUM}_${i}
1041 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1042 --property admin --value 0; then
1045 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
1046 --property trusted --value 0; then
1050 [[ $rc != 0 ]] && error "nodemap_modify failed with $rc" && return 1
1053 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1054 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
1058 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
1063 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
1065 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
1066 if [[ "$activedefault" != "1" ]]; then
1067 stack_trap cleanup_active EXIT
1073 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
1078 [[ $rc != 0 ]] && error "update_idmaps failed with $rc" && return 5
1083 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 6
1088 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 7
1092 run_test 15 "test id mapping"
1094 create_fops_nodemaps() {
1097 for client in $clients; do
1098 local client_ip=$(host_nids_address $client $NETTYPE)
1099 local client_nid=$(h2nettype $client_ip)
1100 do_facet mgs $LCTL nodemap_add c${i} || return 1
1101 do_facet mgs $LCTL nodemap_add_range \
1102 --name c${i} --range $client_nid || return 1
1103 for map in ${FOPS_IDMAPS[i]}; do
1104 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1105 --idtype uid --idmap ${map} || return 1
1106 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1107 --idtype gid --idmap ${map} || return 1
1110 wait_nm_sync c$i idmap
1117 delete_fops_nodemaps() {
1120 for client in $clients; do
1121 do_facet mgs $LCTL nodemap_del c${i} || return 1
1129 if [ $MDSCOUNT -le 1 ]; then
1130 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1132 # round-robin MDTs to test DNE nodemap support
1133 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1134 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1135 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1136 ((fops_mds_index++))
1140 # acl test directory needs to be initialized on a privileged client
1142 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1143 local trust=$(do_facet mgs $LCTL get_param -n \
1144 nodemap.c0.trusted_nodemap)
1146 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1147 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1149 wait_nm_sync c0 admin_nodemap
1150 wait_nm_sync c0 trusted_nodemap
1152 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1154 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1156 do_facet mgs $LCTL nodemap_modify --name c0 \
1157 --property admin --value $admin
1158 do_facet mgs $LCTL nodemap_modify --name c0 \
1159 --property trusted --value $trust
1161 # flush MDT locks to make sure they are reacquired before test
1162 do_node ${clients_arr[0]} $LCTL set_param \
1163 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1165 wait_nm_sync c0 admin_nodemap
1166 wait_nm_sync c0 trusted_nodemap
1169 # fileset test directory needs to be initialized on a privileged client
1170 fileset_test_setup() {
1173 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1174 cleanup_mount $MOUNT
1175 FILESET="" zconf_mount_clients $CLIENTS $MOUNT
1178 local admin=$(do_facet mgs $LCTL get_param -n \
1179 nodemap.${nm}.admin_nodemap)
1180 local trust=$(do_facet mgs $LCTL get_param -n \
1181 nodemap.${nm}.trusted_nodemap)
1183 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1184 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1187 wait_nm_sync $nm admin_nodemap
1188 wait_nm_sync $nm trusted_nodemap
1190 # create directory and populate it for subdir mount
1191 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir ||
1192 error "unable to create dir $MOUNT/$subdir"
1193 do_node ${clients_arr[0]} touch $MOUNT/$subdir/this_is_$subdir ||
1194 error "unable to create file $MOUNT/$subdir/this_is_$subdir"
1195 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir/$subsubdir ||
1196 error "unable to create dir $MOUNT/$subdir/$subsubdir"
1197 do_node ${clients_arr[0]} touch \
1198 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir ||
1199 error "unable to create file \
1200 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir"
1202 do_facet mgs $LCTL nodemap_modify --name $nm \
1203 --property admin --value $admin
1204 do_facet mgs $LCTL nodemap_modify --name $nm \
1205 --property trusted --value $trust
1207 # flush MDT locks to make sure they are reacquired before test
1208 do_node ${clients_arr[0]} $LCTL set_param \
1209 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1211 wait_nm_sync $nm admin_nodemap
1212 wait_nm_sync $nm trusted_nodemap
1215 # fileset test directory needs to be initialized on a privileged client
1216 fileset_test_cleanup() {
1218 local admin=$(do_facet mgs $LCTL get_param -n \
1219 nodemap.${nm}.admin_nodemap)
1220 local trust=$(do_facet mgs $LCTL get_param -n \
1221 nodemap.${nm}.trusted_nodemap)
1223 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1224 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1227 wait_nm_sync $nm admin_nodemap
1228 wait_nm_sync $nm trusted_nodemap
1230 # cleanup directory created for subdir mount
1231 do_node ${clients_arr[0]} rm -rf $MOUNT/$subdir ||
1232 error "unable to remove dir $MOUNT/$subdir"
1234 do_facet mgs $LCTL nodemap_modify --name $nm \
1235 --property admin --value $admin
1236 do_facet mgs $LCTL nodemap_modify --name $nm \
1237 --property trusted --value $trust
1239 # flush MDT locks to make sure they are reacquired before test
1240 do_node ${clients_arr[0]} $LCTL set_param \
1241 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1243 wait_nm_sync $nm admin_nodemap
1244 wait_nm_sync $nm trusted_nodemap
1245 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1246 cleanup_mount $MOUNT
1247 zconf_mount_clients $CLIENTS $MOUNT
1251 do_create_delete() {
1254 local testfile=$DIR/$tdir/$tfile
1258 if $run_u touch $testfile >& /dev/null; then
1260 $run_u rm $testfile && d=1
1264 local expected=$(get_cr_del_expected $key)
1265 [ "$res" != "$expected" ] &&
1266 error "test $key, wanted $expected, got $res" && rc=$((rc + 1))
1270 nodemap_check_quota() {
1272 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1275 do_fops_quota_test() {
1277 # fuzz quota used to account for possible indirect blocks, etc
1278 local quota_fuzz=$(fs_log_size)
1279 local qused_orig=$(nodemap_check_quota "$run_u")
1280 local qused_high=$((qused_orig + quota_fuzz))
1281 local qused_low=$((qused_orig - quota_fuzz))
1282 local testfile=$DIR/$tdir/$tfile
1283 $run_u dd if=/dev/zero of=$testfile oflag=sync bs=1M count=1 \
1284 >& /dev/null || error "unable to write quota test file"
1285 sync; sync_all_data || true
1287 local qused_new=$(nodemap_check_quota "$run_u")
1288 [ $((qused_new)) -lt $((qused_low + 1024)) -o \
1289 $((qused_new)) -gt $((qused_high + 1024)) ] &&
1290 error "$qused_new != $qused_orig + 1M after write, " \
1291 "fuzz is $quota_fuzz"
1292 $run_u rm $testfile || error "unable to remove quota test file"
1293 wait_delete_completed_mds
1295 qused_new=$(nodemap_check_quota "$run_u")
1296 [ $((qused_new)) -lt $((qused_low)) \
1297 -o $((qused_new)) -gt $((qused_high)) ] &&
1298 error "quota not reclaimed, expect $qused_orig, " \
1299 "got $qused_new, fuzz $quota_fuzz"
1302 get_fops_mapped_user() {
1305 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1306 for map in ${FOPS_IDMAPS[i]}; do
1307 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1308 cut -d: -f2 <<< "$map"
1316 get_cr_del_expected() {
1318 IFS=":" read -a key <<< "$1"
1319 local mapmode="${key[0]}"
1320 local mds_user="${key[1]}"
1321 local cluster="${key[2]}"
1322 local cli_user="${key[3]}"
1323 local mode="0${key[4]}"
1330 [[ $mapmode == *mapped* ]] && mapped=1
1331 # only c1 is mapped in these test cases
1332 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1333 [[ $mapmode == *noadmin* ]] && noadmin=1
1335 # o+wx works as long as the user isn't mapped
1336 if [ $((mode & 3)) -eq 3 ]; then
1340 # if client user is root, check if root is squashed
1341 if [ "$cli_user" == "0" ]; then
1342 # squash root succeed, if other bit is on
1345 1) [ "$other" == "1" ] && echo $SUCCESS
1346 [ "$other" == "0" ] && echo $FAILURE;;
1350 if [ "$mapped" == "0" ]; then
1351 [ "$other" == "1" ] && echo $SUCCESS
1352 [ "$other" == "0" ] && echo $FAILURE
1356 # if mapped user is mds user, check for u+wx
1357 mapped_user=$(get_fops_mapped_user $cli_user)
1358 [ "$mapped_user" == "-1" ] &&
1359 error "unable to find mapping for client user $cli_user"
1361 if [ "$mapped_user" == "$mds_user" -a \
1362 $(((mode & 0300) == 0300)) -eq 1 ]; then
1366 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1373 test_fops_admin_cli_i=""
1374 test_fops_chmod_dir() {
1375 local current_cli_i=$1
1377 local dir_to_chmod=$3
1378 local new_admin_cli_i=""
1380 # do we need to set up a new admin client?
1381 [ "$current_cli_i" == "0" ] && [ "$test_fops_admin_cli_i" != "1" ] &&
1383 [ "$current_cli_i" != "0" ] && [ "$test_fops_admin_cli_i" != "0" ] &&
1386 # if only one client, and non-admin, need to flip admin everytime
1387 if [ "$num_clients" == "1" ]; then
1388 test_fops_admin_client=$clients
1389 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1390 nodemap.c0.admin_nodemap)
1391 if [ "$test_fops_admin_val" != "1" ]; then
1392 do_facet mgs $LCTL nodemap_modify \
1396 wait_nm_sync c0 admin_nodemap
1398 elif [ "$new_admin_cli_i" != "" ]; then
1399 # restore admin val to old admin client
1400 if [ "$test_fops_admin_cli_i" != "" ] &&
1401 [ "$test_fops_admin_val" != "1" ]; then
1402 do_facet mgs $LCTL nodemap_modify \
1403 --name c${test_fops_admin_cli_i} \
1405 --value $test_fops_admin_val
1406 wait_nm_sync c${test_fops_admin_cli_i} admin_nodemap
1409 test_fops_admin_cli_i=$new_admin_cli_i
1410 test_fops_admin_client=${clients_arr[$new_admin_cli_i]}
1411 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1412 nodemap.c${new_admin_cli_i}.admin_nodemap)
1414 if [ "$test_fops_admin_val" != "1" ]; then
1415 do_facet mgs $LCTL nodemap_modify \
1416 --name c${new_admin_cli_i} \
1419 wait_nm_sync c${new_admin_cli_i} admin_nodemap
1423 do_node $test_fops_admin_client chmod $perm_bits $DIR/$tdir || return 1
1425 # remove admin for single client if originally non-admin
1426 if [ "$num_clients" == "1" ] && [ "$test_fops_admin_val" != "1" ]; then
1427 do_facet mgs $LCTL nodemap_modify --name c0 --property admin \
1429 wait_nm_sync c0 admin_nodemap
1437 local single_client="$2"
1438 local client_user_list=([0]="0 $((IDBASE+3))"
1439 [1]="0 $((IDBASE+5))")
1440 local mds_users="-1 0"
1443 local perm_bit_list="3 $((0300))"
1444 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1445 if [ "$SLOW" == "yes" ]; then
1446 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1448 client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1449 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1450 mds_users="-1 0 1 2"
1453 # force single_client to speed up test
1454 [ "$SLOW" == "yes" ] ||
1456 # step through mds users. -1 means root
1457 for mds_i in $mds_users; do
1458 local user=$((mds_i + IDBASE))
1462 [ "$mds_i" == "-1" ] && user=0
1464 echo mkdir -p $DIR/$tdir
1467 for client in $clients; do
1469 for u in ${client_user_list[$cli_i]}; do
1470 local run_u="do_node $client \
1471 $RUNAS_CMD -u$u -g$u -G$u"
1472 for perm_bits in $perm_bit_list; do
1473 local mode=$(printf %03o $perm_bits)
1475 key="$mapmode:$user:c$cli_i:$u:$mode"
1476 test_fops_chmod_dir $cli_i $mode \
1478 error cannot chmod $key
1479 do_create_delete "$run_u" "$key"
1483 test_fops_chmod_dir $cli_i 777 $DIR/$tdir ||
1484 error cannot chmod $key
1485 do_fops_quota_test "$run_u"
1488 cli_i=$((cli_i + 1))
1489 [ "$single_client" == "1" ] && break
1496 nodemap_version_check () {
1497 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1498 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1499 skip "No nodemap on $MGS_VERSION MGS < 2.5.53" &&
1504 nodemap_test_setup() {
1506 local active_nodemap=1
1508 [ "$1" == "0" ] && active_nodemap=0
1510 do_nodes $(comma_list $(all_mdts_nodes)) \
1511 $LCTL set_param mdt.*.identity_upcall=NONE
1514 create_fops_nodemaps
1516 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1518 do_facet mgs $LCTL nodemap_activate $active_nodemap
1521 do_facet mgs $LCTL nodemap_modify --name default \
1522 --property admin --value 1
1523 wait_nm_sync default admin_nodemap
1524 do_facet mgs $LCTL nodemap_modify --name default \
1525 --property trusted --value 1
1526 wait_nm_sync default trusted_nodemap
1529 nodemap_test_cleanup() {
1531 delete_fops_nodemaps
1533 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1535 do_facet mgs $LCTL nodemap_modify --name default \
1536 --property admin --value 0
1537 wait_nm_sync default admin_nodemap
1538 do_facet mgs $LCTL nodemap_modify --name default \
1539 --property trusted --value 0
1540 wait_nm_sync default trusted_nodemap
1542 do_facet mgs $LCTL nodemap_activate 0
1543 wait_nm_sync active 0
1545 export SK_UNIQUE_NM=false
1549 nodemap_clients_admin_trusted() {
1553 for client in $clients; do
1554 do_facet mgs $LCTL nodemap_modify --name c0 \
1555 --property admin --value $admin
1556 do_facet mgs $LCTL nodemap_modify --name c0 \
1557 --property trusted --value $tr
1560 wait_nm_sync c$((i - 1)) admin_nodemap
1561 wait_nm_sync c$((i - 1)) trusted_nodemap
1565 nodemap_version_check || return 0
1566 nodemap_test_setup 0
1568 trap nodemap_test_cleanup EXIT
1570 nodemap_test_cleanup
1572 run_test 16 "test nodemap all_off fileops"
1576 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1577 skip "Need MDS >= 2.11.55"
1580 nodemap_version_check || return 0
1583 trap nodemap_test_cleanup EXIT
1584 nodemap_clients_admin_trusted 0 1
1585 test_fops trusted_noadmin 1
1586 nodemap_test_cleanup
1588 run_test 17 "test nodemap trusted_noadmin fileops"
1592 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1593 skip "Need MDS >= 2.11.55"
1596 nodemap_version_check || return 0
1599 trap nodemap_test_cleanup EXIT
1600 nodemap_clients_admin_trusted 0 0
1601 test_fops mapped_noadmin 1
1602 nodemap_test_cleanup
1604 run_test 18 "test nodemap mapped_noadmin fileops"
1608 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1609 skip "Need MDS >= 2.11.55"
1612 nodemap_version_check || return 0
1615 trap nodemap_test_cleanup EXIT
1616 nodemap_clients_admin_trusted 1 1
1617 test_fops trusted_admin 1
1618 nodemap_test_cleanup
1620 run_test 19 "test nodemap trusted_admin fileops"
1624 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1625 skip "Need MDS >= 2.11.55"
1628 nodemap_version_check || return 0
1631 trap nodemap_test_cleanup EXIT
1632 nodemap_clients_admin_trusted 1 0
1633 test_fops mapped_admin 1
1634 nodemap_test_cleanup
1636 run_test 20 "test nodemap mapped_admin fileops"
1640 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1641 skip "Need MDS >= 2.11.55"
1644 nodemap_version_check || return 0
1647 trap nodemap_test_cleanup EXIT
1650 for client in $clients; do
1651 do_facet mgs $LCTL nodemap_modify --name c${i} \
1652 --property admin --value 0
1653 do_facet mgs $LCTL nodemap_modify --name c${i} \
1654 --property trusted --value $x
1658 wait_nm_sync c$((i - 1)) trusted_nodemap
1660 test_fops mapped_trusted_noadmin
1661 nodemap_test_cleanup
1663 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1667 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1668 skip "Need MDS >= 2.11.55"
1671 nodemap_version_check || return 0
1674 trap nodemap_test_cleanup EXIT
1677 for client in $clients; do
1678 do_facet mgs $LCTL nodemap_modify --name c${i} \
1679 --property admin --value 1
1680 do_facet mgs $LCTL nodemap_modify --name c${i} \
1681 --property trusted --value $x
1685 wait_nm_sync c$((i - 1)) trusted_nodemap
1687 test_fops mapped_trusted_admin
1688 nodemap_test_cleanup
1690 run_test 22 "test nodemap mapped_trusted_admin fileops"
1692 # acl test directory needs to be initialized on a privileged client
1693 nodemap_acl_test_setup() {
1694 local admin=$(do_facet mgs $LCTL get_param -n \
1695 nodemap.c0.admin_nodemap)
1696 local trust=$(do_facet mgs $LCTL get_param -n \
1697 nodemap.c0.trusted_nodemap)
1699 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1700 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1702 wait_nm_sync c0 admin_nodemap
1703 wait_nm_sync c0 trusted_nodemap
1705 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1707 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1708 error unable to chmod a+rwx test dir $DIR/$tdir
1710 do_facet mgs $LCTL nodemap_modify --name c0 \
1711 --property admin --value $admin
1712 do_facet mgs $LCTL nodemap_modify --name c0 \
1713 --property trusted --value $trust
1715 wait_nm_sync c0 trusted_nodemap
1718 # returns 0 if the number of ACLs does not change on the second (mapped) client
1719 # after being set on the first client
1720 nodemap_acl_test() {
1722 local set_client="$2"
1723 local get_client="$3"
1724 local check_setfacl="$4"
1725 local setfacl_error=0
1726 local testfile=$DIR/$tdir/$tfile
1727 local RUNAS_USER="$RUNAS_CMD -u $user"
1729 local acl_count_post=0
1731 nodemap_acl_test_setup
1734 do_node $set_client $RUNAS_USER touch $testfile
1736 # ACL masks aren't filtered by nodemap code, so we ignore them
1737 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1739 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1742 # if check setfacl is set to 1, then it's supposed to error
1743 if [ "$check_setfacl" == "1" ]; then
1744 [ "$setfacl_error" != "1" ] && return 1
1747 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1749 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1751 [ $acl_count -eq $acl_count_post ] && return 0
1756 [ $num_clients -lt 2 ] && skip "Need 2 clients at least" && return
1757 nodemap_version_check || return 0
1760 trap nodemap_test_cleanup EXIT
1761 # 1 trusted cluster, 1 mapped cluster
1762 local unmapped_fs=$((IDBASE+0))
1763 local unmapped_c1=$((IDBASE+5))
1764 local mapped_fs=$((IDBASE+2))
1765 local mapped_c0=$((IDBASE+4))
1766 local mapped_c1=$((IDBASE+6))
1768 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1769 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1771 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1772 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1774 wait_nm_sync c1 trusted_nodemap
1776 # setfacl on trusted cluster to unmapped user, verify it's not seen
1777 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1778 error "acl count (1)"
1780 # setfacl on trusted cluster to mapped user, verify it's seen
1781 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1782 error "acl count (2)"
1784 # setfacl on mapped cluster to mapped user, verify it's seen
1785 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1786 error "acl count (3)"
1788 # setfacl on mapped cluster to unmapped user, verify error
1789 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1790 error "acl count (4)"
1793 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1794 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1796 wait_nm_sync c0 trusted_nodemap
1798 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1799 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1800 error "acl count (5)"
1802 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1803 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1804 error "acl count (6)"
1806 nodemap_test_cleanup
1808 run_test 23a "test mapped regular ACLs"
1810 test_23b() { #LU-9929
1811 [ $num_clients -lt 2 ] && skip "Need 2 clients at least"
1812 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
1813 skip "Need MGS >= 2.10.53"
1815 export SK_UNIQUE_NM=true
1817 trap nodemap_test_cleanup EXIT
1819 local testdir=$DIR/$tdir
1820 local fs_id=$((IDBASE+10))
1825 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1826 wait_nm_sync c0 admin_nodemap
1827 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 1
1828 wait_nm_sync c1 admin_nodemap
1829 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 1
1830 wait_nm_sync c1 trusted_nodemap
1832 # Add idmap $ID0:$fs_id (500:60010)
1833 do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
1834 --idmap $ID0:$fs_id ||
1835 error "add idmap $ID0:$fs_id to nodemap c0 failed"
1836 wait_nm_sync c0 idmap
1838 # set/getfacl default acl on client 1 (unmapped gid=500)
1839 do_node ${clients_arr[0]} rm -rf $testdir
1840 do_node ${clients_arr[0]} mkdir -p $testdir
1841 # Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
1842 do_node ${clients_arr[0]} setfacl -R -d -m group:$USER0:rwx $testdir ||
1843 error "setfacl $testdir on ${clients_arr[0]} failed"
1844 unmapped_id=$(do_node ${clients_arr[0]} getfacl $testdir |
1845 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1846 [ "$unmapped_id" = "$USER0" ] ||
1847 error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
1849 # getfacl default acl on client 2 (mapped gid=60010)
1850 mapped_id=$(do_node ${clients_arr[1]} getfacl $testdir |
1851 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1852 fs_user=$(do_node ${clients_arr[1]} getent passwd |
1853 grep :$fs_id:$fs_id: | cut -d: -f1)
1854 [ -z "$fs_user" ] && fs_user=$fs_id
1855 [ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
1856 error "Should return gid=$fs_id or $fs_user on client2"
1859 nodemap_test_cleanup
1860 export SK_UNIQUE_NM=false
1862 run_test 23b "test mapped default ACLs"
1867 trap nodemap_test_cleanup EXIT
1868 do_nodes $(comma_list $(all_server_nodes)) $LCTL get_param -R nodemap
1870 nodemap_test_cleanup
1872 run_test 24 "check nodemap proc files for LBUGs and Oopses"
1875 local tmpfile=$(mktemp)
1876 local tmpfile2=$(mktemp)
1877 local tmpfile3=$(mktemp)
1878 local tmpfile4=$(mktemp)
1882 nodemap_version_check || return 0
1884 # stop clients for this test
1885 zconf_umount_clients $CLIENTS $MOUNT ||
1886 error "unable to umount clients $CLIENTS"
1888 export SK_UNIQUE_NM=true
1891 # enable trusted/admin for setquota call in cleanup_and_setup_lustre()
1893 for client in $clients; do
1894 do_facet mgs $LCTL nodemap_modify --name c${i} \
1895 --property admin --value 1
1896 do_facet mgs $LCTL nodemap_modify --name c${i} \
1897 --property trusted --value 1
1900 wait_nm_sync c$((i - 1)) trusted_nodemap
1902 trap nodemap_test_cleanup EXIT
1904 # create a new, empty nodemap, and add fileset info to it
1905 do_facet mgs $LCTL nodemap_add test25 ||
1906 error "unable to create nodemap $testname"
1907 do_facet mgs $LCTL set_param -P nodemap.$testname.fileset=/$subdir ||
1908 error "unable to add fileset info to nodemap test25"
1910 wait_nm_sync test25 id
1912 do_facet mgs $LCTL nodemap_info > $tmpfile
1913 do_facet mds $LCTL nodemap_info > $tmpfile2
1915 if ! $SHARED_KEY; then
1916 # will conflict with SK's nodemaps
1917 cleanup_and_setup_lustre
1919 # stop clients for this test
1920 zconf_umount_clients $CLIENTS $MOUNT ||
1921 error "unable to umount clients $CLIENTS"
1923 do_facet mgs $LCTL nodemap_info > $tmpfile3
1924 diff -q $tmpfile3 $tmpfile >& /dev/null ||
1925 error "nodemap_info diff on MGS after remount"
1927 do_facet mds $LCTL nodemap_info > $tmpfile4
1928 diff -q $tmpfile4 $tmpfile2 >& /dev/null ||
1929 error "nodemap_info diff on MDS after remount"
1932 do_facet mgs $LCTL nodemap_del test25 ||
1933 error "cannot delete nodemap test25 from config"
1934 nodemap_test_cleanup
1935 # restart clients previously stopped
1936 zconf_mount_clients $CLIENTS $MOUNT ||
1937 error "unable to mount clients $CLIENTS"
1939 rm -f $tmpfile $tmpfile2
1940 export SK_UNIQUE_NM=false
1942 run_test 25 "test save and reload nodemap config"
1945 nodemap_version_check || return 0
1949 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_add"
1950 wait_nm_sync c$large_i admin_nodemap
1952 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_del"
1953 wait_nm_sync c$large_i admin_nodemap
1955 run_test 26 "test transferring very large nodemap"
1957 nodemap_exercise_fileset() {
1960 local check_proj=true
1962 (( $MDS1_VERSION >= $(version_code 2.14.52) )) || check_proj=false
1965 if [ "$nm" == "default" ]; then
1966 do_facet mgs $LCTL nodemap_activate 1
1968 do_facet mgs $LCTL nodemap_modify --name default \
1969 --property admin --value 1
1970 do_facet mgs $LCTL nodemap_modify --name default \
1971 --property trusted --value 1
1972 wait_nm_sync default admin_nodemap
1973 wait_nm_sync default trusted_nodemap
1978 if $SHARED_KEY; then
1979 export SK_UNIQUE_NM=true
1981 # will conflict with SK's nodemaps
1982 trap "fileset_test_cleanup $nm" EXIT
1984 fileset_test_setup "$nm"
1986 # add fileset info to $nm nodemap
1987 if ! combined_mgs_mds; then
1988 do_facet mgs $LCTL set_param nodemap.${nm}.fileset=/$subdir ||
1989 error "unable to add fileset info to $nm nodemap on MGS"
1991 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=/$subdir ||
1992 error "unable to add fileset info to $nm nodemap for servers"
1993 wait_nm_sync $nm fileset "nodemap.${nm}.fileset=/$subdir"
1995 if $check_proj; then
1996 do_facet mgs $LCTL nodemap_modify --name $nm \
1997 --property admin --value 1
1998 wait_nm_sync $nm admin_nodemap
1999 do_facet mgs $LCTL nodemap_modify --name $nm \
2000 --property trusted --value 0
2001 wait_nm_sync $nm trusted_nodemap
2002 do_facet mgs $LCTL nodemap_modify --name $nm \
2003 --property map_mode --value projid
2004 wait_nm_sync $nm map_mode
2005 do_facet mgs $LCTL nodemap_add_idmap --name $nm \
2006 --idtype projid --idmap 1:1
2007 do_facet mgs $LCTL nodemap_modify --name $nm \
2008 --property deny_unknown --value 1
2009 wait_nm_sync $nm deny_unknown
2013 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2014 error "unable to umount client ${clients_arr[0]}"
2015 # set some generic fileset to trigger SSK code
2017 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2018 error "unable to remount client ${clients_arr[0]}"
2021 # test mount point content
2022 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subdir ||
2023 error "fileset not taken into account"
2025 if $check_proj; then
2026 do_node ${clients_arr[0]} $LFS setquota -p 1 -b 10000 -B 11000 \
2027 -i 0 -I 0 $MOUNT || error "setquota -p 1 failed"
2028 do_node ${clients_arr[0]} $LFS setquota -p 2 -b 10000 -B 11000 \
2029 -i 0 -I 0 $MOUNT && error "setquota -p 2 should fail"
2032 # re-mount client with sub-subdir
2033 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2034 error "unable to umount client ${clients_arr[0]}"
2035 export FILESET=/$subsubdir
2036 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2037 error "unable to remount client ${clients_arr[0]}"
2040 # test mount point content
2041 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subsubdir ||
2042 error "subdir of fileset not taken into account"
2044 # remove fileset info from nodemap
2045 do_facet mgs $LCTL nodemap_set_fileset --name $nm --fileset clear ||
2046 error "unable to delete fileset info on $nm nodemap"
2047 wait_update_facet mgs "$LCTL get_param nodemap.${nm}.fileset" \
2048 "nodemap.${nm}.fileset=" ||
2049 error "fileset info still not cleared on $nm nodemap"
2050 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=clear ||
2051 error "unable to reset fileset info on $nm nodemap"
2052 wait_nm_sync $nm fileset "nodemap.${nm}.fileset="
2055 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2056 error "unable to umount client ${clients_arr[0]}"
2057 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2058 error "unable to remount client ${clients_arr[0]}"
2060 # test mount point content
2061 if ! $(do_node ${clients_arr[0]} test -d $MOUNT/$subdir); then
2063 error "fileset not cleared on $nm nodemap"
2066 # back to non-nodemap setup
2067 if $SHARED_KEY; then
2068 export SK_UNIQUE_NM=false
2069 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2070 error "unable to umount client ${clients_arr[0]}"
2072 fileset_test_cleanup "$nm"
2073 if [ "$nm" == "default" ]; then
2074 do_facet mgs $LCTL nodemap_modify --name default \
2075 --property admin --value 0
2076 do_facet mgs $LCTL nodemap_modify --name default \
2077 --property trusted --value 0
2078 wait_nm_sync default admin_nodemap
2079 wait_nm_sync default trusted_nodemap
2080 do_facet mgs $LCTL nodemap_activate 0
2081 wait_nm_sync active 0
2083 export SK_UNIQUE_NM=false
2085 nodemap_test_cleanup
2087 if $SHARED_KEY; then
2088 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2089 error "unable to remount client ${clients_arr[0]}"
2094 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2095 skip "Need MDS >= 2.11.50"
2097 for nm in "default" "c0"; do
2098 local subdir="subdir_${nm}"
2099 local subsubdir="subsubdir_${nm}"
2101 if [ "$nm" == "default" ] && [ "$SHARED_KEY" == "true" ]; then
2102 echo "Skipping nodemap $nm with SHARED_KEY";
2106 echo "Exercising fileset for nodemap $nm"
2107 nodemap_exercise_fileset "$nm"
2110 run_test 27a "test fileset in various nodemaps"
2112 test_27b() { #LU-10703
2113 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2114 skip "Need MDS >= 2.11.50"
2115 [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs"
2118 trap nodemap_test_cleanup EXIT
2120 # Add the nodemaps and set their filesets
2121 for i in $(seq 1 $MDSCOUNT); do
2122 do_facet mgs $LCTL nodemap_del nm$i 2>/dev/null
2123 do_facet mgs $LCTL nodemap_add nm$i ||
2124 error "add nodemap nm$i failed"
2125 wait_nm_sync nm$i "" "" "-N"
2127 if ! combined_mgs_mds; then
2129 $LCTL set_param nodemap.nm$i.fileset=/dir$i ||
2130 error "set nm$i.fileset=/dir$i failed on MGS"
2132 do_facet mgs $LCTL set_param -P nodemap.nm$i.fileset=/dir$i ||
2133 error "set nm$i.fileset=/dir$i failed on servers"
2134 wait_nm_sync nm$i fileset "nodemap.nm$i.fileset=/dir$i"
2137 # Check if all the filesets are correct
2138 for i in $(seq 1 $MDSCOUNT); do
2139 fileset=$(do_facet mds$i \
2140 $LCTL get_param -n nodemap.nm$i.fileset)
2141 [ "$fileset" = "/dir$i" ] ||
2142 error "nm$i.fileset $fileset != /dir$i on mds$i"
2143 do_facet mgs $LCTL nodemap_del nm$i ||
2144 error "delete nodemap nm$i failed"
2147 nodemap_test_cleanup
2149 run_test 27b "The new nodemap won't clear the old nodemap's fileset"
2152 if ! $SHARED_KEY; then
2153 skip "need shared key feature for this test" && return
2155 mkdir -p $DIR/$tdir || error "mkdir failed"
2156 touch $DIR/$tdir/$tdir.out || error "touch failed"
2157 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2158 error "read before rotation failed"
2160 # store top key identity to ensure rotation has occurred
2161 SK_IDENTITY_OLD=$(lctl get_param *.*.*srpc* | grep "expire" |
2162 head -1 | awk '{print $15}' | cut -c1-8)
2163 do_facet $SINGLEMDS lfs flushctx ||
2164 error "could not run flushctx on $SINGLEMDS"
2166 lfs flushctx || error "could not run flushctx on client"
2168 # verify new key is in place
2169 SK_IDENTITY_NEW=$(lctl get_param *.*.*srpc* | grep "expire" |
2170 head -1 | awk '{print $15}' | cut -c1-8)
2171 if [ $SK_IDENTITY_OLD == $SK_IDENTITY_NEW ]; then
2172 error "key did not rotate correctly"
2174 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2175 error "read after rotation failed"
2178 run_test 28 "check shared key rotation method"
2181 if ! $SHARED_KEY; then
2182 skip "need shared key feature for this test" && return
2184 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2185 skip "test only valid if integrity is active"
2188 mkdir $DIR/$tdir || error "mkdir"
2189 touch $DIR/$tdir/$tfile || error "touch"
2190 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2191 error "unable to umount clients"
2192 do_node ${clients_arr[0]} "keyctl show |
2193 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2194 OLD_SK_PATH=$SK_PATH
2195 export SK_PATH=/dev/null
2196 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2197 export SK_PATH=$OLD_SK_PATH
2198 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tfile"
2199 if [ $? -eq 0 ]; then
2200 error "able to mount and read without key"
2202 error "able to mount without key"
2205 export SK_PATH=$OLD_SK_PATH
2206 do_node ${clients_arr[0]} "keyctl show |
2207 awk '/lustre/ { print \\\$1 }' |
2208 xargs -IX keyctl unlink X"
2210 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2211 error "unable to mount clients"
2213 run_test 29 "check for missing shared key"
2216 if ! $SHARED_KEY; then
2217 skip "need shared key feature for this test" && return
2219 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2220 skip "test only valid if integrity is active"
2222 mkdir -p $DIR/$tdir || error "mkdir failed"
2223 touch $DIR/$tdir/$tdir.out || error "touch failed"
2224 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2225 error "unable to umount clients"
2226 # unload keys from ring
2227 do_node ${clients_arr[0]} "keyctl show |
2228 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2229 # generate key with bogus filesystem name
2230 do_node ${clients_arr[0]} "lgss_sk -w $SK_PATH/$FSNAME-bogus.key \
2231 -f $FSNAME.bogus -t client -d /dev/urandom" ||
2232 error "lgss_sk failed (1)"
2233 do_facet $SINGLEMDS lfs flushctx || error "could not run flushctx"
2234 OLD_SK_PATH=$SK_PATH
2235 export SK_PATH=$SK_PATH/$FSNAME-bogus.key
2236 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2237 SK_PATH=$OLD_SK_PATH
2238 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tdir.out"
2239 if [ $? -eq 0 ]; then
2240 error "mount and read file with invalid key"
2242 error "mount with invalid key"
2245 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2246 error "unable to umount clients"
2247 # unload keys from ring
2248 do_node ${clients_arr[0]} "keyctl show |
2249 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2251 SK_PATH=$OLD_SK_PATH
2252 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2253 error "unable to mount clients"
2255 run_test 30 "check for invalid shared key"
2260 mkdir -p $DIR/$tdir || error "mkdir $flvr"
2261 touch $DIR/$tdir/f0 || error "touch $flvr"
2262 ls $DIR/$tdir || error "ls $flvr"
2263 dd if=/dev/zero of=$DIR/$tdir/f0 conv=fsync bs=1M count=10 \
2264 >& /dev/null || error "dd $flvr"
2265 rm -f $DIR/$tdir/f0 || error "rm $flvr"
2266 rmdir $DIR/$tdir || error "rmdir $flvr"
2269 echo 3 > /proc/sys/vm/drop_caches
2273 local save_flvr=$SK_FLAVOR
2275 if ! $SHARED_KEY; then
2276 skip "need shared key feature for this test"
2279 stack_trap restore_to_default_flavor EXIT
2281 for flvr in skn ska ski skpi; do
2284 restore_to_default_flavor || error "cannot set $flvr flavor"
2285 SK_FLAVOR=$save_flvr
2290 run_test 30b "basic test of all different SSK flavors"
2294 zconf_umount $HOSTNAME $MOUNT || error "unable to umount client"
2296 # remove ${NETTYPE}999 network on all nodes
2297 do_nodes $(comma_list $(all_nodes)) \
2298 "$LNETCTL net del --net ${NETTYPE}999 && \
2299 $LNETCTL lnet unconfigure 2>/dev/null || true"
2301 # necessary to do writeconf in order to de-register
2302 # @${NETTYPE}999 nid for targets
2304 export KEEP_ZPOOL="true"
2306 export SK_MOUNTED=false
2309 export KEEP_ZPOOL="$KZPOOL"
2313 local nid=$(lctl list_nids | grep ${NETTYPE} | head -n1)
2314 local addr=${nid%@*}
2317 export LNETCTL=$(which lnetctl 2> /dev/null)
2319 [ -z "$LNETCTL" ] && skip "without lnetctl support." && return
2320 local_mode && skip "in local mode."
2322 stack_trap cleanup_31 EXIT
2325 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2326 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2328 if $(grep -q $MOUNT' ' /proc/mounts); then
2329 umount_client $MOUNT || error "umount $MOUNT failed"
2332 # check exports on servers are empty for client
2333 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2334 grep -q -" && error "export on MGS should be empty"
2335 do_nodes $(comma_list $(mdts_nodes) $(osts_nodes)) \
2336 "lctl get_param -n *.${FSNAME}*.exports.'$nid'.uuid \
2337 2>/dev/null | grep -q -" &&
2338 error "export on servers should be empty"
2340 # add network ${NETTYPE}999 on all nodes
2341 do_nodes $(comma_list $(all_nodes)) \
2342 "$LNETCTL lnet configure && $LNETCTL net add --if \
2343 \$($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2344 {if (inf==1) print \$2; fi; inf=0} /interfaces/{inf=1}') \
2345 --net ${NETTYPE}999" ||
2346 error "unable to configure NID ${NETTYPE}999"
2348 # necessary to do writeconf in order to register
2349 # new @${NETTYPE}999 nid for targets
2351 export KEEP_ZPOOL="true"
2353 export SK_MOUNTED=false
2355 setupall server_only || echo 1
2356 export KEEP_ZPOOL="$KZPOOL"
2359 local mgsnid_orig=$MGSNID
2360 # compute new MGSNID
2361 MGSNID=$(do_facet mgs "$LCTL list_nids | grep ${NETTYPE}999")
2363 # on client, turn LNet Dynamic Discovery on
2364 lnetctl set discovery 1
2366 # mount client with -o network=${NETTYPE}999 option:
2367 # should fail because of LNet Dynamic Discovery
2368 mount_client $MOUNT ${MOUNT_OPTS},network=${NETTYPE}999 &&
2369 error "client mount with '-o network' option should be refused"
2371 # on client, reconfigure LNet and turn LNet Dynamic Discovery off
2372 $LNETCTL net del --net ${NETTYPE}999 && lnetctl lnet unconfigure
2375 lnetctl set discovery 0
2377 $LNETCTL lnet configure && $LNETCTL net add --if \
2378 $($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2379 {if (inf==1) print $2; fi; inf=0} /interfaces/{inf=1}') \
2380 --net ${NETTYPE}999 ||
2381 error "unable to configure NID ${NETTYPE}999 on client"
2383 # mount client with -o network=${NETTYPE}999 option
2384 mount_client $MOUNT ${MOUNT_OPTS},network=${NETTYPE}999 ||
2385 error "unable to remount client"
2390 # check export on MGS
2391 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2393 [ $? -ne 0 ] || error "export for $nid on MGS should not exist"
2396 "lctl get_param -n *.MGS*.exports.'${addr}@${NETTYPE}999'.uuid \
2397 2>/dev/null | grep -q -"
2399 error "export for ${addr}@${NETTYPE}999 on MGS should exist"
2401 # check {mdc,osc} imports
2402 lctl get_param mdc.${FSNAME}-*.import | grep current_connection |
2403 grep -q ${NETTYPE}999
2405 error "import for mdc should use ${addr}@${NETTYPE}999"
2406 lctl get_param osc.${FSNAME}-*.import | grep current_connection |
2407 grep -q ${NETTYPE}999
2409 error "import for osc should use ${addr}@${NETTYPE}999"
2411 run_test 31 "client mount option '-o network'"
2415 zconf_umount_clients ${clients_arr[0]} $MOUNT
2417 # disable sk flavor enforcement on MGS
2418 set_rule _mgs any any null
2420 # stop gss daemon on MGS
2421 if ! combined_mgs_mds ; then
2422 send_sigint $mgs_HOST lsvcgssd
2426 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2429 restore_to_default_flavor
2433 if ! $SHARED_KEY; then
2434 skip "need shared key feature for this test"
2437 stack_trap cleanup_32 EXIT
2439 # restore to default null flavor
2440 save_flvr=$SK_FLAVOR
2442 restore_to_default_flavor || error "cannot set null flavor"
2443 SK_FLAVOR=$save_flvr
2446 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2447 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2449 if $(grep -q $MOUNT' ' /proc/mounts); then
2450 umount_client $MOUNT || error "umount $MOUNT failed"
2453 # start gss daemon on MGS
2454 if combined_mgs_mds ; then
2455 send_sigint $mds_HOST lsvcgssd
2457 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2459 # add mgs key type and MGS NIDs in key on MGS
2460 do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
2461 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2462 error "could not modify keyfile on MGS"
2464 # load modified key file on MGS
2465 do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2466 error "could not load keyfile on MGS"
2468 # add MGS NIDs in key on client
2469 do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
2470 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2471 error "could not modify keyfile on MGS"
2473 # set perms for per-nodemap keys else permission denied
2474 do_nodes $(comma_list $(all_nodes)) \
2475 "keyctl show | grep lustre | cut -c1-11 |
2477 xargs -IX keyctl setperm X 0x3f3f3f3f"
2479 # re-mount client with mgssec=skn
2480 save_opts=$MOUNT_OPTS
2481 if [ -z "$MOUNT_OPTS" ]; then
2482 MOUNT_OPTS="-o mgssec=skn"
2484 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2486 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2487 error "mount ${clients_arr[0]} with mgssec=skn failed"
2488 MOUNT_OPTS=$save_opts
2491 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2492 error "umount ${clients_arr[0]} failed"
2494 # enforce ska flavor on MGS
2495 set_rule _mgs any any ska
2497 # re-mount client without mgssec
2498 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2499 error "mount ${clients_arr[0]} without mgssec should fail"
2501 # re-mount client with mgssec=skn
2502 save_opts=$MOUNT_OPTS
2503 if [ -z "$MOUNT_OPTS" ]; then
2504 MOUNT_OPTS="-o mgssec=skn"
2506 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2508 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2509 error "mount ${clients_arr[0]} with mgssec=skn should fail"
2510 MOUNT_OPTS=$save_opts
2512 # re-mount client with mgssec=ska
2513 save_opts=$MOUNT_OPTS
2514 if [ -z "$MOUNT_OPTS" ]; then
2515 MOUNT_OPTS="-o mgssec=ska"
2517 MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
2519 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2520 error "mount ${clients_arr[0]} with mgssec=ska failed"
2521 MOUNT_OPTS=$save_opts
2525 run_test 32 "check for mgssec"
2528 # disable sk flavor enforcement
2529 set_rule $FSNAME any cli2mdt null
2530 wait_flavor cli2mdt null
2533 zconf_umount_clients ${clients_arr[0]} $MOUNT
2535 # stop gss daemon on MGS
2536 if ! combined_mgs_mds ; then
2537 send_sigint $mgs_HOST lsvcgssd
2541 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2544 restore_to_default_flavor
2548 if ! $SHARED_KEY; then
2549 skip "need shared key feature for this test"
2552 stack_trap cleanup_33 EXIT
2554 # restore to default null flavor
2555 save_flvr=$SK_FLAVOR
2557 restore_to_default_flavor || error "cannot set null flavor"
2558 SK_FLAVOR=$save_flvr
2561 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2562 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2564 if $(grep -q $MOUNT' ' /proc/mounts); then
2565 umount_client $MOUNT || error "umount $MOUNT failed"
2568 # start gss daemon on MGS
2569 if combined_mgs_mds ; then
2570 send_sigint $mds_HOST lsvcgssd
2572 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2574 # add mgs key type and MGS NIDs in key on MGS
2575 do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
2576 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2577 error "could not modify keyfile on MGS"
2579 # load modified key file on MGS
2580 do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2581 error "could not load keyfile on MGS"
2583 # add MGS NIDs in key on client
2584 do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
2585 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2586 error "could not modify keyfile on MGS"
2588 # set perms for per-nodemap keys else permission denied
2589 do_nodes $(comma_list $(all_nodes)) \
2590 "keyctl show | grep lustre | cut -c1-11 |
2592 xargs -IX keyctl setperm X 0x3f3f3f3f"
2594 # re-mount client with mgssec=skn
2595 save_opts=$MOUNT_OPTS
2596 if [ -z "$MOUNT_OPTS" ]; then
2597 MOUNT_OPTS="-o mgssec=skn"
2599 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2601 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2602 error "mount ${clients_arr[0]} with mgssec=skn failed"
2603 MOUNT_OPTS=$save_opts
2605 # enforce ska flavor for cli2mdt
2606 set_rule $FSNAME any cli2mdt ska
2607 wait_flavor cli2mdt ska
2609 # check error message
2610 $LCTL dk | grep "faked source" &&
2611 error "MGS connection srpc flags incorrect"
2615 run_test 33 "correct srpc flags for MGS connection"
2618 # restore deny_unknown
2619 do_facet mgs $LCTL nodemap_modify --name default \
2620 --property deny_unknown --value $denydefault
2621 if [ $? -ne 0 ]; then
2622 error_noexit "cannot reset deny_unknown on default nodemap"
2626 wait_nm_sync default deny_unknown
2633 [ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
2634 skip "deny_unknown on default nm not supported before 2.12.51"
2636 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
2638 if [[ "$activedefault" != "1" ]]; then
2639 do_facet mgs $LCTL nodemap_activate 1
2641 stack_trap cleanup_active EXIT
2644 denydefault=$(do_facet mgs $LCTL get_param -n \
2645 nodemap.default.deny_unknown)
2646 [ -z "$denydefault" ] &&
2647 error "cannot get deny_unknown on default nodemap"
2648 if [ "$denydefault" -eq 0 ]; then
2654 do_facet mgs $LCTL nodemap_modify --name default \
2655 --property deny_unknown --value $denynew ||
2656 error "cannot set deny_unknown on default nodemap"
2658 [ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
2660 error "setting deny_unknown on default nodemap did not work"
2662 stack_trap cleanup_34_deny EXIT
2664 wait_nm_sync default deny_unknown
2666 run_test 34 "deny_unknown on default nodemap"
2669 [ $(lustre_version_code $SINGLEMDS) -ge $(version_code 2.13.50) ] ||
2670 skip "Need MDS >= 2.13.50"
2672 # activate changelogs
2673 changelog_register || error "changelog_register failed"
2674 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
2675 changelog_users $SINGLEMDS | grep -q $cl_user ||
2676 error "User $cl_user not found in changelog_users"
2677 changelog_chmask ALL
2680 mkdir $DIR/$tdir || error "failed to mkdir $tdir"
2681 touch $DIR/$tdir/$tfile || error "failed to touch $tfile"
2683 # access changelogs with root
2684 changelog_dump || error "failed to dump changelogs"
2685 changelog_clear 0 || error "failed to clear changelogs"
2687 # put clients in non-admin nodemap
2689 stack_trap nodemap_test_cleanup EXIT
2690 for i in $(seq 0 $((num_clients-1))); do
2691 do_facet mgs $LCTL nodemap_modify --name c${i} \
2692 --property admin --value 0
2694 for i in $(seq 0 $((num_clients-1))); do
2695 wait_nm_sync c${i} admin_nodemap
2698 # access with mapped root
2699 changelog_dump && error "dump changelogs should have failed"
2700 changelog_clear 0 && error "clear changelogs should have failed"
2704 run_test 35 "Check permissions when accessing changelogs"
2707 local mode='\x00\x00\x00\x00'
2708 local raw="$(printf ""\\\\x%02x"" {0..63})"
2712 [[ $(lscpu) =~ Byte\ Order.*Little ]] && size='\x40\x00\x00\x00' ||
2713 size='\x00\x00\x00\x40'
2714 key="${mode}${raw}${size}"
2715 echo -n -e "${key}" | keyctl padd logon fscrypt:4242424242424242 @s
2720 sync ; echo 3 > /proc/sys/vm/drop_caches
2727 $LCTL set_param -n ldlm.namespaces.*.lru_size=clear
2728 sync ; echo 3 > /proc/sys/vm/drop_caches
2729 dummy_key=$(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
2730 if [ -n "$dummy_key" ]; then
2731 keyctl revoke $dummy_key
2737 # wait for SSK flavor to be applied if necessary
2740 wait_flavor all2all $SK_FLAVOR
2742 wait_flavor cli2mdt $SK_FLAVOR
2743 wait_flavor cli2ost $SK_FLAVOR
2748 remount_client_normally() {
2749 # remount client without dummy encryption key
2750 if is_mounted $MOUNT; then
2751 umount_client $MOUNT || error "umount $MOUNT failed"
2753 mount_client $MOUNT ${MOUNT_OPTS} ||
2754 error "remount failed"
2756 if is_mounted $MOUNT2; then
2757 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2759 if [ "$MOUNT_2" ]; then
2760 mount_client $MOUNT2 ${MOUNT_OPTS} ||
2761 error "remount failed"
2768 remount_client_dummykey() {
2771 # remount client with dummy encryption key
2772 if is_mounted $MOUNT; then
2773 umount_client $MOUNT || error "umount $MOUNT failed"
2775 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2776 error "remount failed"
2781 setup_for_enc_tests() {
2782 # remount client with test_dummy_encryption option
2783 if is_mounted $MOUNT; then
2784 umount_client $MOUNT || error "umount $MOUNT failed"
2786 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2787 error "mount with '-o test_dummy_encryption' failed"
2791 # this directory will be encrypted, because of dummy mode
2795 cleanup_for_enc_tests() {
2796 rm -rf $DIR/$tdir $*
2798 remount_client_normally
2801 cleanup_nodemap_after_enc_tests() {
2802 umount_client $MOUNT || true
2804 do_facet mgs $LCTL nodemap_modify --name default \
2805 --property forbid_encryption --value 0
2806 do_facet mgs $LCTL nodemap_modify --name default \
2807 --property readonly_mount --value 0 || true
2808 do_facet mgs $LCTL nodemap_modify --name default \
2809 --property trusted --value 0
2810 do_facet mgs $LCTL nodemap_modify --name default \
2811 --property admin --value 0
2812 do_facet mgs $LCTL nodemap_activate 0
2814 wait_nm_sync default forbid_encryption '' inactive
2815 [ -z "$(do_facet mgs \
2816 lctl get_param -n nodemap.default.readonly_mount)" ] ||
2817 wait_nm_sync default readonly_mount '' inactive
2818 wait_nm_sync default trusted_nodemap '' inactive
2819 wait_nm_sync default admin_nodemap '' inactive
2822 mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
2827 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2828 skip "client encryption not supported"
2830 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2831 skip "need dummy encryption support"
2833 stack_trap cleanup_for_enc_tests EXIT
2835 # first make sure it is possible to enable encryption
2836 # when nodemap is not active
2839 umount_client $MOUNT || error "umount $MOUNT failed (1)"
2841 # then activate nodemap, and retry
2842 # should succeed as encryption is not forbidden on default nodemap
2844 stack_trap cleanup_nodemap_after_enc_tests EXIT
2845 do_facet mgs $LCTL nodemap_activate 1
2847 forbid=$(do_facet mgs lctl get_param -n nodemap.default.forbid_encryption)
2848 [ $forbid -eq 0 ] || error "wrong default value for forbid_encryption"
2849 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2850 error "mount '-o test_dummy_encryption' failed with default"
2851 umount_client $MOUNT || error "umount $MOUNT failed (2)"
2853 # then forbid encryption, and retry
2854 do_facet mgs $LCTL nodemap_modify --name default \
2855 --property forbid_encryption --value 1
2856 wait_nm_sync default forbid_encryption
2857 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption &&
2858 error "mount '-o test_dummy_encryption' should have failed"
2861 run_test 36 "control if clients can use encryption"
2864 local testfile=$DIR/$tdir/$tfile
2865 local tmpfile=$TMP/abc
2866 local objdump=$TMP/objdump
2869 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2870 skip "client encryption not supported"
2872 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2873 skip "need dummy encryption support"
2875 [ "$ost1_FSTYPE" = ldiskfs ] || skip "ldiskfs only test (using debugfs)"
2877 stack_trap cleanup_for_enc_tests EXIT
2880 # write a few bytes in file
2881 echo "abc" > $tmpfile
2882 $LFS setstripe -c1 -i0 $testfile
2883 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2884 do_facet ost1 "sync; sync"
2886 # check that content on ost is encrypted
2887 objid=$($LFS getstripe $testfile | awk '/obdidx/{getline; print $2}')
2888 do_facet ost1 "$DEBUGFS -c -R 'cat O/0/d$(($objid % 32))/$objid' \
2889 $(ostdevname 1)" > $objdump
2890 cmp -s $objdump $tmpfile &&
2891 error "file $testfile is not encrypted on ost"
2893 # check that in-memory representation of file is correct
2894 cmp -bl ${tmpfile} ${testfile} ||
2895 error "file $testfile is corrupted in memory"
2897 cancel_lru_locks osc ; cancel_lru_locks mdc
2899 # check that file read from server is correct
2900 cmp -bl ${tmpfile} ${testfile} ||
2901 error "file $testfile is corrupted on server"
2903 rm -f $tmpfile $objdump
2905 run_test 37 "simple encrypted file"
2908 local testfile=$DIR/$tdir/$tfile
2909 local tmpfile=$TMP/abc
2915 local pagesz=$(getconf PAGE_SIZE)
2917 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2918 skip "client encryption not supported"
2920 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2921 skip "need dummy encryption support"
2923 stack_trap cleanup_for_enc_tests EXIT
2926 # get block size on ost
2927 blksz=$($LCTL get_param osc.$FSNAME*.import |
2928 awk '/grant_block_size:/ { print $2; exit; }')
2929 # write a few bytes in file at offset $blksz
2930 echo "abc" > $tmpfile
2931 $LFS setstripe -c1 -i0 $testfile
2932 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$blksz \
2933 oflag=seek_bytes conv=fsync
2935 blksz=$(($blksz > $pagesz ? $blksz : $pagesz))
2936 # check that in-memory representation of file is correct
2937 bsize=$(stat --format=%B $testfile)
2938 filesz=$(stat --format=%b $testfile)
2939 filesz=$((filesz*bsize))
2940 [ $filesz -le $blksz ] ||
2941 error "file $testfile is $filesz long in memory"
2943 cancel_lru_locks osc ; cancel_lru_locks mdc
2945 # check that file read from server is correct
2946 bsize=$(stat --format=%B $testfile)
2947 filesz=$(stat --format=%b $testfile)
2948 filesz=$((filesz*bsize))
2949 [ $filesz -le $blksz ] ||
2950 error "file $testfile is $filesz long on server"
2954 run_test 38 "encrypted file with hole"
2957 local testfile=$DIR/$tdir/$tfile
2958 local tmpfile=$TMP/abc
2960 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2961 skip "client encryption not supported"
2963 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2964 skip "need dummy encryption support"
2966 stack_trap cleanup_for_enc_tests EXIT
2969 # write a few bytes in file
2970 echo "abc" > $tmpfile
2971 $LFS setstripe -c1 -i0 $testfile
2972 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2974 # write a few more bytes in the same page
2975 dd if=$tmpfile of=$testfile bs=4 count=1 seek=1024 oflag=seek_bytes \
2978 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=1024 oflag=seek_bytes \
2981 # check that in-memory representation of file is correct
2982 cmp -bl $tmpfile $testfile ||
2983 error "file $testfile is corrupted in memory"
2985 cancel_lru_locks osc ; cancel_lru_locks mdc
2987 # check that file read from server is correct
2988 cmp -bl $tmpfile $testfile ||
2989 error "file $testfile is corrupted on server"
2993 run_test 39 "rewrite data in already encrypted page"
2996 local testfile=$DIR/$tdir/$tfile
2997 local tmpfile=$TMP/abc
2998 local tmpfile2=$TMP/abc2
3001 #define LUSTRE_ENCRYPTION_UNIT_SIZE (1 << 12)
3002 local UNIT_SIZE=$((1 << 12))
3005 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3006 skip "client encryption not supported"
3008 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3009 skip "need dummy encryption support"
3011 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
3013 stack_trap cleanup_for_enc_tests EXIT
3016 # write a few bytes in file
3017 echo "abc" > $tmpfile
3018 $LFS setstripe -c1 -i0 $testfile
3019 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
3021 # check that in-memory representation of file is correct
3022 cmp -bl $tmpfile $testfile ||
3023 error "file $testfile is corrupted in memory (1)"
3025 cancel_lru_locks osc ; cancel_lru_locks mdc
3027 # check that file read from server is correct
3028 cmp -bl $tmpfile $testfile ||
3029 error "file $testfile is corrupted on server (1)"
3031 # write a few other bytes in same page
3032 dd if=$tmpfile of=$testfile bs=4 count=1 seek=256 oflag=seek_bytes \
3035 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=256 oflag=seek_bytes \
3038 # check that in-memory representation of file is correct
3039 cmp -bl $tmpfile $testfile ||
3040 error "file $testfile is corrupted in memory (2)"
3042 cancel_lru_locks osc ; cancel_lru_locks mdc
3044 # check that file read from server is correct
3045 cmp -bl $tmpfile $testfile ||
3046 error "file $testfile is corrupted on server (2)"
3048 rm -f $testfile $tmpfile
3049 cancel_lru_locks osc ; cancel_lru_locks mdc
3051 # write a few bytes in file, at end of first page
3052 echo "abc" > $tmpfile
3053 $LFS setstripe -c1 -i0 $testfile
3054 seek=$(getconf PAGESIZE)
3056 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3059 # write a few other bytes at beginning of first page
3060 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3062 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3065 # check that in-memory representation of file is correct
3066 cmp -bl $tmpfile $testfile ||
3067 error "file $testfile is corrupted in memory (3)"
3069 cancel_lru_locks osc ; cancel_lru_locks mdc
3071 # check that file read from server is correct
3072 cmp -bl $tmpfile $testfile ||
3073 error "file $testfile is corrupted on server (3)"
3075 rm -f $testfile $tmpfile
3076 cancel_lru_locks osc ; cancel_lru_locks mdc
3078 # write a few bytes in file, at beginning of second page
3079 echo "abc" > $tmpfile
3080 $LFS setstripe -c1 -i0 $testfile
3081 seek=$(getconf PAGESIZE)
3082 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3084 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3087 # write a few other bytes at end of first page
3089 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3091 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3094 # check that in-memory representation of file is correct
3095 cmp -bl $tmpfile2 $testfile ||
3096 error "file $testfile is corrupted in memory (4)"
3098 cancel_lru_locks osc ; cancel_lru_locks mdc
3100 # check that file read from server is correct
3101 cmp -bl $tmpfile2 $testfile ||
3102 error "file $testfile is corrupted on server (4)"
3104 rm -f $testfile $tmpfile $tmpfile2
3105 cancel_lru_locks osc ; cancel_lru_locks mdc
3107 # write a few bytes in file, at beginning of first stripe
3108 echo "abc" > $tmpfile
3109 $LFS setstripe -S 256k -c2 $testfile
3110 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
3112 # write a few other bytes, at beginning of second stripe
3113 dd if=$tmpfile of=$testfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3115 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=262144 oflag=seek_bytes \
3118 # check that in-memory representation of file is correct
3119 cmp -bl $tmpfile $testfile ||
3120 error "file $testfile is corrupted in memory (5)"
3122 cancel_lru_locks osc ; cancel_lru_locks mdc
3124 # check that file read from server is correct
3125 cmp -bl $tmpfile $testfile ||
3126 error "file $testfile is corrupted on server (5)"
3128 filesz=$(stat --format=%s $testfile)
3129 filesz=$(((filesz+UNIT_SIZE-1)/UNIT_SIZE * UNIT_SIZE))
3131 # remount without dummy encryption key
3132 remount_client_normally
3134 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
3135 [ $(stat --format=%s $scrambledfile) -eq $filesz ] ||
3136 error "file size without key should be rounded up"
3140 run_test 40 "exercise size of encrypted file"
3143 local testfile=$DIR/$tdir/$tfile
3144 local tmpfile=$TMP/abc
3145 local tmpfile2=$TMP/abc2
3148 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3149 skip "client encryption not supported"
3151 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3152 skip "need dummy encryption support"
3154 stack_trap cleanup_for_enc_tests EXIT
3157 echo "abc" > $tmpfile
3158 seek=$(getconf PAGESIZE)
3159 seek=$((seek - 204))
3160 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3162 seek=$(getconf PAGESIZE)
3163 seek=$((seek + 1092))
3164 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3167 # write a few bytes in file
3168 $LFS setstripe -c1 -i0 -S 256k $testfile
3169 seek=$(getconf PAGESIZE)
3170 seek=$((seek - 204))
3171 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3172 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3173 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3177 # write a few other bytes, at a different offset
3178 seek=$(getconf PAGESIZE)
3179 seek=$((seek + 1092))
3180 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3181 conv=fsync,notrunc &
3183 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3185 # check that in-memory representation of file is correct
3186 cmp -bl $tmpfile2 $testfile ||
3187 error "file $testfile is corrupted in memory (1)"
3189 cancel_lru_locks osc ; cancel_lru_locks mdc
3191 # check that file read from server is correct
3192 cmp -bl $tmpfile2 $testfile ||
3193 error "file $testfile is corrupted on server (1)"
3195 rm -f $tmpfile $tmpfile2
3197 run_test 41 "test race on encrypted file size (1)"
3200 local testfile=$DIR/$tdir/$tfile
3201 local testfile2=$DIR2/$tdir/$tfile
3202 local tmpfile=$TMP/abc
3203 local tmpfile2=$TMP/abc2
3204 local pagesz=$(getconf PAGESIZE)
3207 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3208 skip "client encryption not supported"
3210 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3211 skip "need dummy encryption support"
3213 stack_trap cleanup_for_enc_tests EXIT
3216 if is_mounted $MOUNT2; then
3217 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3219 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3220 error "mount2 with '-o test_dummy_encryption' failed"
3222 # create file by writting one whole page
3223 $LFS setstripe -c1 -i0 -S 256k $testfile
3224 dd if=/dev/zero of=$testfile bs=$pagesz count=1 conv=fsync
3226 # read file from 2nd mount point
3227 cat $testfile2 > /dev/null
3229 echo "abc" > $tmpfile
3230 dd if=/dev/zero of=$tmpfile2 bs=$pagesz count=1 conv=fsync
3231 seek=$((2*pagesz - 204))
3232 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3234 seek=$((2*pagesz + 1092))
3235 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3238 # write a few bytes in file from 1st mount point
3239 seek=$((2*pagesz - 204))
3240 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3241 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3242 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3243 conv=fsync,notrunc &
3246 # write a few other bytes, at a different offset from 2nd mount point
3247 seek=$((2*pagesz + 1092))
3248 dd if=$tmpfile of=$testfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3249 conv=fsync,notrunc &
3251 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3253 # check that in-memory representation of file is correct
3254 cmp -bl $tmpfile2 $testfile ||
3255 error "file $testfile is corrupted in memory (1)"
3257 # check that in-memory representation of file is correct
3258 cmp -bl $tmpfile2 $testfile2 ||
3259 error "file $testfile is corrupted in memory (2)"
3261 cancel_lru_locks osc ; cancel_lru_locks mdc
3263 # check that file read from server is correct
3264 cmp -bl $tmpfile2 $testfile ||
3265 error "file $testfile is corrupted on server (1)"
3267 rm -f $tmpfile $tmpfile2
3269 run_test 42 "test race on encrypted file size (2)"
3272 local testfile=$DIR/$tdir/$tfile
3273 local testfile2=$DIR2/$tdir/$tfile
3274 local tmpfile=$TMP/abc
3275 local tmpfile2=$TMP/abc2
3276 local resfile=$TMP/res
3277 local pagesz=$(getconf PAGESIZE)
3280 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3281 skip "client encryption not supported"
3283 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3284 skip "need dummy encryption support"
3286 stack_trap cleanup_for_enc_tests EXIT
3289 if is_mounted $MOUNT2; then
3290 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3292 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3293 error "mount2 with '-o test_dummy_encryption' failed"
3296 tr '\0' '1' < /dev/zero |
3297 dd of=$tmpfile bs=1 count=$pagesz conv=fsync
3298 $LFS setstripe -c1 -i0 -S 256k $testfile
3299 cp $tmpfile $testfile
3301 # read file from 2nd mount point
3302 cat $testfile2 > /dev/null
3304 # write a few bytes in file from 1st mount point
3305 echo "abc" > $tmpfile2
3306 seek=$((2*pagesz - 204))
3307 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3308 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3309 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3310 conv=fsync,notrunc &
3313 # read file from 2nd mount point
3314 dd if=$testfile2 of=$resfile bs=$pagesz count=1 conv=fsync,notrunc
3315 cmp -bl $tmpfile $resfile ||
3316 error "file $testfile is corrupted in memory (1)"
3319 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3321 # check that in-memory representation of file is correct
3322 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3324 cmp -bl $tmpfile $testfile2 ||
3325 error "file $testfile is corrupted in memory (2)"
3327 cancel_lru_locks osc ; cancel_lru_locks mdc
3329 # check that file read from server is correct
3330 cmp -bl $tmpfile $testfile ||
3331 error "file $testfile is corrupted on server (1)"
3333 rm -f $tmpfile $tmpfile2
3335 run_test 43 "test race on encrypted file size (3)"
3338 local testfile=$DIR/$tdir/$tfile
3339 local tmpfile=$TMP/abc
3340 local resfile=$TMP/resfile
3341 local pagesz=$(getconf PAGESIZE)
3344 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3345 skip "client encryption not supported"
3347 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3348 skip "need dummy encryption support"
3350 which vmtouch || skip "This test needs vmtouch utility"
3352 # Direct I/O is now supported on encrypted files.
3354 stack_trap cleanup_for_enc_tests EXIT
3357 $LFS setstripe -c1 -i0 $testfile
3358 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=2 conv=fsync
3359 dd if=$tmpfile of=$testfile bs=$pagesz count=2 oflag=direct ||
3360 error "could not write to file with O_DIRECT (1)"
3362 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3363 [ "$respage" == "0/2" ] ||
3364 error "write to enc file fell back to buffered IO"
3368 dd if=$testfile of=$resfile bs=$pagesz count=2 iflag=direct ||
3369 error "could not read from file with O_DIRECT (1)"
3371 respage=$(vmtouch $testfile | awk '/Resident Pages:/ {print $3}')
3372 [ "$respage" == "0/2" ] ||
3373 error "read from enc file fell back to buffered IO"
3375 cmp -bl $tmpfile $resfile ||
3376 error "file $testfile is corrupted (1)"
3380 $TRUNCATE $tmpfile $pagesz
3381 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=13 oflag=direct ||
3382 error "could not write to file with O_DIRECT (2)"
3386 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=13 iflag=direct ||
3387 error "could not read from file with O_DIRECT (2)"
3388 cmp -bl $tmpfile $resfile ||
3389 error "file $testfile is corrupted (2)"
3391 rm -f $testfile $resfile
3392 $LFS setstripe -c1 -i0 $testfile
3394 $TRUNCATE $tmpfile $((pagesz/2 - 5))
3395 cp $tmpfile $testfile
3399 dd if=$testfile of=$resfile bs=$pagesz count=1 iflag=direct ||
3400 error "could not read from file with O_DIRECT (3)"
3401 cmp -bl $tmpfile $resfile ||
3402 error "file $testfile is corrupted (3)"
3404 rm -f $tmpfile $resfile $testfile
3406 if [ $OSTCOUNT -ge 2 ]; then
3407 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=1 conv=fsync
3408 $LFS setstripe -S 256k -c2 $testfile
3410 # write in file, at beginning of first stripe, buffered IO
3411 dd if=$tmpfile of=$testfile bs=$pagesz count=1 \
3414 # write at beginning of second stripe, direct IO
3415 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=256k \
3416 oflag=seek_bytes,direct conv=fsync,notrunc
3420 # read at beginning of first stripe, direct IO
3421 dd if=$testfile of=$resfile bs=$pagesz count=1 \
3422 iflag=direct conv=fsync
3424 cmp -bl $tmpfile $resfile ||
3425 error "file $testfile is corrupted (4)"
3427 # read at beginning of second stripe, buffered IO
3428 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=256k \
3429 iflag=skip_bytes conv=fsync
3431 cmp -bl $tmpfile $resfile ||
3432 error "file $testfile is corrupted (5)"
3434 rm -f $tmpfile $resfile
3437 run_test 44 "encrypted file access semantics: direct IO"
3440 local testfile=$DIR/$tdir/$tfile
3441 local tmpfile=$TMP/junk
3443 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3444 skip "client encryption not supported"
3446 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3447 skip "need dummy encryption support"
3449 stack_trap cleanup_for_enc_tests EXIT
3452 $LFS setstripe -c1 -i0 $testfile
3453 dd if=/dev/zero of=$testfile bs=512K count=1
3454 $MULTIOP $testfile OSMRUc || error "$MULTIOP $testfile failed (1)"
3455 $MULTIOP $testfile OSMWUc || error "$MULTIOP $testfile failed (2)"
3457 dd if=/dev/zero of=$tmpfile bs=512K count=1
3458 $MULTIOP $tmpfile OSMWUc || error "$MULTIOP $tmpfile failed"
3459 $MMAP_CAT $tmpfile > ${tmpfile}2
3463 $MULTIOP $testfile OSMRUc
3464 $MMAP_CAT $testfile > ${testfile}2
3465 cmp -bl ${tmpfile}2 ${testfile}2 ||
3466 error "file $testfile is corrupted"
3468 rm -f $tmpfile ${tmpfile}2
3470 run_test 45 "encrypted file access semantics: MMAP"
3473 local testdir=$DIR/$tdir/mydir
3474 local testfile=$testdir/myfile
3475 local testdir2=$DIR/$tdir/mydirwithaveryverylongnametotestcodebehaviour0
3476 local testfile2=$testdir/myfilewithaveryverylongnametotestcodebehaviour0
3477 # testdir3, testfile3, testhl3 and testsl3 names are 255 bytes long
3478 local testdir3=$testdir2/dir_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz012345678
3479 local testfile3=$testdir2/file_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01234567
3480 local testhl3=$testdir2/hl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3481 local testsl3=$testdir2/sl_abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789
3482 local lsfile=$TMP/lsfile
3487 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3488 skip "client encryption not supported"
3490 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3491 skip "need dummy encryption support"
3493 stack_trap cleanup_for_enc_tests EXIT
3496 touch $DIR/$tdir/$tfile
3498 echo test > $testfile
3499 echo othertest > $testfile2
3500 if [[ $MDSCOUNT -gt 1 ]]; then
3501 $LFS setdirstripe -c1 -i1 $testdir2
3505 inum=$(stat -c %i $testdir2)
3506 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3507 # For now, restrict this part of the test to ldiskfs backend,
3508 # as osd-zfs does not support 255 byte-long encrypted names.
3509 mkdir $testdir3 || error "cannot mkdir $testdir3"
3510 touch $testfile3 || error "cannot touch $testfile3"
3511 ln $testfile3 $testhl3 || error "cannot ln $testhl3"
3512 ln -s $testfile3 $testsl3 || error "cannot ln $testsl3"
3514 sync ; echo 3 > /proc/sys/vm/drop_caches
3516 # remount without dummy encryption key
3517 remount_client_normally
3520 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -inum $inum)
3521 stat $scrambleddir || error "stat $scrambleddir failed"
3522 if [ "$mds1_FSTYPE" = ldiskfs ]; then
3523 stat $scrambleddir/* || error "cannot stat in $scrambleddir"
3524 rm -rf $scrambleddir/* || error "cannot clean in $scrambleddir"
3526 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3528 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3529 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (1)"
3531 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3532 stat $scrambledfile || error "stat $scrambledfile failed (1)"
3535 cat $scrambledfile && error "cat $scrambledfile should have failed (1)"
3536 rm -f $scrambledfile || error "rm $scrambledfile failed (1)"
3538 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed (2)"
3539 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3540 stat $scrambledfile || error "stat $scrambledfile failed (2)"
3542 cat $scrambledfile && error "cat $scrambledfile should have failed (2)"
3544 touch $scrambleddir/otherfile &&
3545 error "touch otherfile should have failed"
3546 ls $scrambleddir/otherfile && error "otherfile should not exist"
3547 mkdir $scrambleddir/otherdir &&
3548 error "mkdir otherdir should have failed"
3549 ls -d $scrambleddir/otherdir && error "otherdir should not exist"
3552 rm -f $scrambledfile || error "rm $scrambledfile failed (2)"
3553 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3556 run_test 46 "encrypted file access semantics without key"
3559 local testfile=$DIR/$tdir/$tfile
3560 local testfile2=$DIR/$tdir/${tfile}.2
3561 local tmpfile=$DIR/junk
3566 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3567 skip "client encryption not supported"
3569 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3570 skip "need dummy encryption support"
3572 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption ||
3575 stack_trap cleanup_for_enc_tests EXIT
3578 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3579 mrename $tmpfile $testfile &&
3580 error "rename from unencrypted to encrypted dir should fail"
3582 ln $tmpfile $testfile &&
3583 error "link from encrypted to unencrypted dir should fail"
3585 cp $tmpfile $testfile ||
3586 error "cp from unencrypted to encrypted dir should succeed"
3589 mrename $testfile $testfile2 ||
3590 error "rename from within encrypted dir should succeed"
3592 ln $testfile2 $testfile ||
3593 error "link from within encrypted dir should succeed"
3594 cmp -bl $testfile2 $testfile ||
3595 error "cannot read from hard link (1.1)"
3596 echo a >> $testfile || error "cannot write to hard link (1)"
3598 cmp -bl $testfile2 $testfile ||
3599 error "cannot read from hard link (1.2)"
3602 ln $testfile2 $tmpfile ||
3603 error "link from unencrypted to encrypted dir should succeed"
3605 cmp -bl $testfile2 $tmpfile ||
3606 error "cannot read from hard link (2.1)"
3607 echo a >> $tmpfile || error "cannot write to hard link (2)"
3609 cmp -bl $testfile2 $tmpfile ||
3610 error "cannot read from hard link (2.2)"
3613 if [ $name_enc -eq 1 ]; then
3614 # check we are limited in the number of hard links
3615 # we can create for encrypted files, to what can fit into LinkEA
3616 for i in $(seq 1 160); do
3617 ln $testfile2 ${testfile}_$i || break
3619 [ $i -lt 160 ] || error "hard link $i should fail"
3623 mrename $testfile2 $tmpfile &&
3624 error "rename from encrypted to unencrypted dir should fail"
3626 dd if=/dev/urandom of=$tmpfile bs=512K count=1
3628 dd if=/dev/urandom of=$testfile bs=512K count=1
3629 mkdir $DIR/$tdir/mydir
3631 ln -s $testfile ${testfile}.sym ||
3632 error "symlink from within encrypted dir should succeed"
3634 cmp -bl $testfile ${testfile}.sym ||
3635 error "cannot read from sym link (1.1)"
3636 echo a >> ${testfile}.sym || error "cannot write to sym link (1)"
3638 cmp -bl $testfile ${testfile}.sym ||
3639 error "cannot read from sym link (1.2)"
3640 [ $(stat -c %s ${testfile}.sym) -eq ${#testfile} ] ||
3641 error "wrong symlink size (1)"
3643 ln -s $tmpfile ${testfile}.sl ||
3644 error "symlink from encrypted to unencrypted dir should succeed"
3646 cmp -bl $tmpfile ${testfile}.sl ||
3647 error "cannot read from sym link (2.1)"
3648 echo a >> ${testfile}.sl || error "cannot write to sym link (2)"
3650 cmp -bl $tmpfile ${testfile}.sl ||
3651 error "cannot read from sym link (2.2)"
3652 [ $(stat -c %s ${testfile}.sl) -eq ${#tmpfile} ] ||
3653 error "wrong symlink size (2)"
3654 rm -f ${testfile}.sl
3656 sync ; echo 3 > /proc/sys/vm/drop_caches
3658 # remount without dummy encryption key
3659 remount_client_normally
3661 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3662 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3663 scrambledlink=$(find $DIR/$tdir/ -maxdepth 1 -type l)
3664 ln $scrambledfile $scrambleddir/linkfile &&
3665 error "ln linkfile should have failed"
3666 mrename $scrambledfile $DIR/onefile2 &&
3667 error "mrename from $scrambledfile should have failed"
3669 mrename $DIR/onefile $scrambleddir/otherfile &&
3670 error "mrename to $scrambleddir should have failed"
3671 readlink $scrambledlink ||
3672 error "link should be read without key"
3673 [ $(stat -c %s $scrambledlink) -eq \
3674 $(expr length "$(readlink $scrambledlink)") ] ||
3675 error "wrong symlink size without key"
3676 if [ $name_enc -eq 1 ]; then
3677 readlink -e $scrambledlink &&
3678 error "link should not point to anywhere useful"
3680 ln -s $scrambledfile ${scrambledfile}.sym &&
3681 error "symlink without key should fail (1)"
3682 ln -s $tmpfile ${scrambledfile}.sl &&
3683 error "symlink without key should fail (2)"
3685 rm -f $tmpfile $DIR/onefile
3687 run_test 47 "encrypted file access semantics: rename/link"
3690 local save="$TMP/$TESTSUITE-$TESTNAME.parameters"
3691 local testfile=$DIR/$tdir/$tfile
3692 local tmpfile=$TMP/111
3693 local tmpfile2=$TMP/abc
3694 local pagesz=$(getconf PAGESIZE)
3699 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3700 skip "client encryption not supported"
3702 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3703 skip "need dummy encryption support"
3705 stack_trap cleanup_for_enc_tests EXIT
3708 # create file, 4 x PAGE_SIZE long
3709 tr '\0' '1' < /dev/zero |
3710 dd of=$tmpfile bs=1 count=4x$pagesz conv=fsync
3711 $LFS setstripe -c1 -i0 $testfile
3712 cp $tmpfile $testfile
3713 echo "abc" > $tmpfile2
3715 # decrease size: truncate to PAGE_SIZE
3716 $TRUNCATE $tmpfile $pagesz
3717 $TRUNCATE $testfile $pagesz
3718 cancel_lru_locks osc ; cancel_lru_locks mdc
3719 cmp -bl $tmpfile $testfile ||
3720 error "file $testfile is corrupted (1)"
3722 # increase size: truncate to 2 x PAGE_SIZE
3724 $TRUNCATE $tmpfile $sz
3725 $TRUNCATE $testfile $sz
3726 cancel_lru_locks osc ; cancel_lru_locks mdc
3727 cmp -bl $tmpfile $testfile ||
3728 error "file $testfile is corrupted (2)"
3731 seek=$((pagesz+100))
3732 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3734 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3736 cancel_lru_locks osc ; cancel_lru_locks mdc
3737 cmp -bl $tmpfile $testfile ||
3738 error "file $testfile is corrupted (3)"
3740 # truncate to PAGE_SIZE / 2
3742 $TRUNCATE $tmpfile $sz
3743 $TRUNCATE $testfile $sz
3744 cancel_lru_locks osc ; cancel_lru_locks mdc
3745 cmp -bl $tmpfile $testfile ||
3746 error "file $testfile is corrupted (4)"
3748 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3750 $TRUNCATE $tmpfile $sz
3751 $TRUNCATE $testfile $sz
3752 cancel_lru_locks osc ; cancel_lru_locks mdc
3753 cmp -bl $tmpfile $testfile ||
3754 error "file $testfile is corrupted (5)"
3756 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3758 $TRUNCATE $tmpfile $sz
3759 $TRUNCATE $testfile $sz
3760 cancel_lru_locks osc ; cancel_lru_locks mdc
3761 cmp -bl $tmpfile $testfile ||
3762 error "file $testfile is corrupted (6)"
3764 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3765 sz=$((sz+pagesz+30))
3766 $TRUNCATE $tmpfile $sz
3767 $TRUNCATE $testfile $sz
3768 cancel_lru_locks osc ; cancel_lru_locks mdc
3769 cmp -bl $tmpfile $testfile ||
3770 error "file $testfile is corrupted (7)"
3772 sync ; echo 3 > /proc/sys/vm/drop_caches
3774 # remount without dummy encryption key
3775 remount_client_normally
3777 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3778 $TRUNCATE $scrambledfile 0 &&
3779 error "truncate $scrambledfile should have failed without key"
3781 rm -f $tmpfile $tmpfile2
3783 run_test 48a "encrypted file access semantics: truncate"
3785 cleanup_for_enc_tests_othercli() {
3788 # remount othercli normally
3789 zconf_umount $othercli $MOUNT ||
3790 error "umount $othercli $MOUNT failed"
3791 zconf_mount $othercli $MOUNT ||
3792 error "remount $othercli $MOUNT failed"
3798 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3799 skip "client encryption not supported"
3801 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3802 skip "need dummy encryption support"
3804 [ "$num_clients" -ge 2 ] || skip "Need at least 2 clients"
3806 if [ "$HOSTNAME" == ${clients_arr[0]} ]; then
3807 othercli=${clients_arr[1]}
3809 othercli=${clients_arr[0]}
3812 stack_trap cleanup_for_enc_tests EXIT
3813 stack_trap "cleanup_for_enc_tests_othercli $othercli" EXIT
3815 zconf_umount $othercli $MOUNT ||
3816 error "umount $othercli $MOUNT failed"
3818 cp /bin/sleep $DIR/$tdir/
3819 cancel_lru_locks osc ; cancel_lru_locks mdc
3820 $DIR/$tdir/sleep 30 &
3821 # mount and IOs must be done in the same shell session, otherwise
3822 # encryption key in session keyring is missing
3823 do_node $othercli "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3824 $MGSNID:/$FSNAME $MOUNT && \
3825 $TRUNCATE $DIR/$tdir/sleep 7"
3826 wait || error "wait error"
3827 cmp --silent /bin/sleep $DIR/$tdir/sleep ||
3828 error "/bin/sleep and $DIR/$tdir/sleep differ"
3830 run_test 48b "encrypted file: concurrent truncate"
3836 $LCTL set_param debug=+info
3841 [ $? -eq 0 ] || error "$cmd failed"
3843 if [ -z "$MATCHING_STRING" ]; then
3844 $LCTL dk | grep -E "get xattr 'encryption.c'|get xattrs"
3846 $LCTL dk | grep -E "$MATCHING_STRING"
3848 [ $? -ne 0 ] || error "get xattr event was triggered"
3852 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3853 skip "client encryption not supported"
3855 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3856 skip "need dummy encryption support"
3858 stack_trap cleanup_for_enc_tests EXIT
3861 local dirname=$DIR/$tdir/subdir
3865 trace_cmd stat $dirname
3866 trace_cmd echo a > $dirname/f1
3867 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3868 trace_cmd stat $dirname/f1
3869 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3870 trace_cmd cat $dirname/f1
3871 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3872 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3873 MATCHING_STRING="get xattr 'encryption.c'" \
3874 trace_cmd $TRUNCATE $dirname/f1 10240
3875 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3876 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3877 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3879 if [[ $MDSCOUNT -gt 1 ]]; then
3880 trace_cmd $LFS setdirstripe -i 1 $dirname/d2
3881 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3882 trace_cmd $LFS migrate -m 0 $dirname/d2
3883 echo b > $dirname/d2/subf
3884 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3885 if (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )); then
3886 # migrate a non-empty encrypted dir
3887 trace_cmd $LFS migrate -m 1 $dirname/d2
3888 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3889 [ -f $dirname/d2/subf ] || error "migrate failed (1)"
3890 [ $(cat $dirname/d2/subf) == "b" ] ||
3891 error "migrate failed (2)"
3894 $LFS setdirstripe -i 1 -c 1 $dirname/d3
3895 dirname=$dirname/d3/subdir
3897 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3898 trace_cmd stat $dirname
3899 trace_cmd echo c > $dirname/f1
3900 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3901 trace_cmd stat $dirname/f1
3902 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3903 trace_cmd cat $dirname/f1
3904 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3905 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3906 MATCHING_STRING="get xattr 'encryption.c'" \
3907 trace_cmd $TRUNCATE $dirname/f1 10240
3908 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3909 sync ; sync ; echo 3 > /proc/sys/vm/drop_caches
3910 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3912 skip_noexit "2nd part needs >= 2 MDTs"
3915 run_test 49 "Avoid getxattr for encryption context"
3918 local testfile=$DIR/$tdir/$tfile
3919 local tmpfile=$TMP/abc
3920 local pagesz=$(getconf PAGESIZE)
3923 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3924 skip "client encryption not supported"
3926 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3927 skip "need dummy encryption support"
3929 stack_trap cleanup_for_enc_tests EXIT
3932 # write small file, data on MDT only
3933 tr '\0' '1' < /dev/zero |
3934 dd of=$tmpfile bs=1 count=5000 conv=fsync
3935 $LFS setstripe -E 1M -L mdt -E EOF $testfile
3936 cp $tmpfile $testfile
3938 # check that in-memory representation of file is correct
3939 cmp -bl $tmpfile $testfile ||
3940 error "file $testfile is corrupted in memory"
3942 cancel_lru_locks osc ; cancel_lru_locks mdc
3944 # check that file read from server is correct
3945 cmp -bl $tmpfile $testfile ||
3946 error "file $testfile is corrupted on server"
3948 # decrease size: truncate to PAGE_SIZE
3949 $TRUNCATE $tmpfile $pagesz
3950 $TRUNCATE $testfile $pagesz
3951 cancel_lru_locks osc ; cancel_lru_locks mdc
3952 cmp -bl $tmpfile $testfile ||
3953 error "file $testfile is corrupted (1)"
3955 # increase size: truncate to 2 x PAGE_SIZE
3957 $TRUNCATE $tmpfile $sz
3958 $TRUNCATE $testfile $sz
3959 cancel_lru_locks osc ; cancel_lru_locks mdc
3960 cmp -bl $tmpfile $testfile ||
3961 error "file $testfile is corrupted (2)"
3963 # truncate to PAGE_SIZE / 2
3965 $TRUNCATE $tmpfile $sz
3966 $TRUNCATE $testfile $sz
3967 cancel_lru_locks osc ; cancel_lru_locks mdc
3968 cmp -bl $tmpfile $testfile ||
3969 error "file $testfile is corrupted (3)"
3971 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3973 $TRUNCATE $tmpfile $sz
3974 $TRUNCATE $testfile $sz
3975 cancel_lru_locks osc ; cancel_lru_locks mdc
3976 cmp -bl $tmpfile $testfile ||
3977 error "file $testfile is corrupted (4)"
3979 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3981 $TRUNCATE $tmpfile $sz
3982 $TRUNCATE $testfile $sz
3983 cancel_lru_locks osc ; cancel_lru_locks mdc
3984 cmp -bl $tmpfile $testfile ||
3985 error "file $testfile is corrupted (5)"
3987 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3988 sz=$((sz+pagesz+30))
3989 $TRUNCATE $tmpfile $sz
3990 $TRUNCATE $testfile $sz
3991 cancel_lru_locks osc ; cancel_lru_locks mdc
3992 cmp -bl $tmpfile $testfile ||
3993 error "file $testfile is corrupted (6)"
3996 cancel_lru_locks osc ; cancel_lru_locks mdc
3998 # write hole in file, data spread on MDT and OST
3999 tr '\0' '2' < /dev/zero |
4000 dd of=$tmpfile bs=1 count=1539 seek=1539074 conv=fsync,notrunc
4001 $LFS setstripe -E 1M -L mdt -E EOF $testfile
4002 cp --sparse=always $tmpfile $testfile
4004 # check that in-memory representation of file is correct
4005 cmp -bl $tmpfile $testfile ||
4006 error "file $testfile is corrupted in memory"
4008 cancel_lru_locks osc ; cancel_lru_locks mdc
4010 # check that file read from server is correct
4011 cmp -bl $tmpfile $testfile ||
4012 error "file $testfile is corrupted on server"
4014 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4015 # inside OST part of data
4016 sz=$((1024*1024+13))
4017 $TRUNCATE $tmpfile $sz
4018 $TRUNCATE $testfile $sz
4019 cancel_lru_locks osc ; cancel_lru_locks mdc
4020 cmp -bl $tmpfile $testfile ||
4021 error "file $testfile is corrupted (7)"
4023 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
4024 # inside MDT part of data
4026 $TRUNCATE $tmpfile $sz
4027 $TRUNCATE $testfile $sz
4028 cancel_lru_locks osc ; cancel_lru_locks mdc
4029 cmp -bl $tmpfile $testfile ||
4030 error "file $testfile is corrupted (8)"
4032 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4033 # inside MDT part of data
4034 sz=$((1024*1024-13))
4035 $TRUNCATE $tmpfile $sz
4036 $TRUNCATE $testfile $sz
4037 cancel_lru_locks osc ; cancel_lru_locks mdc
4038 cmp -bl $tmpfile $testfile ||
4039 error "file $testfile is corrupted (9)"
4041 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
4042 # inside OST part of data
4044 $TRUNCATE $tmpfile $sz
4045 $TRUNCATE $testfile $sz
4046 cancel_lru_locks osc ; cancel_lru_locks mdc
4047 cmp -bl $tmpfile $testfile ||
4048 error "file $testfile is corrupted (10)"
4052 run_test 50 "DoM encrypted file"
4055 [ "$MDS1_VERSION" -gt $(version_code 2.13.53) ] ||
4056 skip "Need MDS version at least 2.13.53"
4058 mkdir $DIR/$tdir || error "mkdir $tdir"
4060 touch $DIR/$tdir/$tfile || error "touch $tfile"
4061 cp $(which chown) $DIR/$tdir || error "cp chown"
4062 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile &&
4063 error "chown $tfile should fail"
4064 setcap 'CAP_CHOWN=ep' $DIR/$tdir/chown || error "setcap CAP_CHOWN"
4065 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile ||
4066 error "chown $tfile"
4067 rm $DIR/$tdir/$tfile || error "rm $tfile"
4069 touch $DIR/$tdir/$tfile || error "touch $tfile"
4070 cp $(which touch) $DIR/$tdir || error "cp touch"
4071 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile &&
4072 error "touch should fail"
4073 setcap 'CAP_FOWNER=ep' $DIR/$tdir/touch || error "setcap CAP_FOWNER"
4074 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile ||
4075 error "touch $tfile"
4076 rm $DIR/$tdir/$tfile || error "rm $tfile"
4079 for cap in "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"; do
4080 touch $DIR/$tdir/$tfile || error "touch $tfile"
4081 chmod 600 $DIR/$tdir/$tfile || error "chmod $tfile"
4082 cp $(which cat) $DIR/$tdir || error "cp cat"
4083 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile &&
4084 error "cat should fail"
4085 setcap $cap=ep $DIR/$tdir/cat || error "setcap $cap"
4086 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile ||
4088 rm $DIR/$tdir/$tfile || error "rm $tfile"
4091 run_test 51 "FS capabilities ==============="
4094 local testfile=$DIR/$tdir/$tfile
4095 local tmpfile=$TMP/$tfile
4096 local mirror1=$TMP/$tfile.mirror1
4097 local mirror2=$TMP/$tfile.mirror2
4099 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4100 skip "client encryption not supported"
4102 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4103 skip "need dummy encryption support"
4105 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4107 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4110 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4112 $LFS mirror create -N -i0 -N -i1 $testfile ||
4113 error "could not create mirror"
4115 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4116 error "could not write to $testfile"
4118 $LFS mirror resync $testfile ||
4119 error "could not resync mirror"
4121 $LFS mirror verify -v $testfile ||
4122 error "verify mirror failed"
4124 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4125 error "could not read from mirror 1"
4127 cmp -bl $tmpfile $mirror1 ||
4128 error "mirror 1 is corrupted"
4130 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4131 error "could not read from mirror 2"
4133 cmp -bl $tmpfile $mirror2 ||
4134 error "mirror 2 is corrupted"
4136 tr '\0' '2' < /dev/zero |
4137 dd of=$tmpfile bs=1 count=9000 conv=fsync
4139 $LFS mirror write -N 1 -i $tmpfile $testfile ||
4140 error "could not write to mirror 1"
4142 $LFS mirror verify -v $testfile &&
4143 error "mirrors should be different"
4145 rm -f $testfile $mirror1 $mirror2
4147 $LFS setstripe -c1 -i0 $testfile
4148 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
4149 error "write to $testfile failed"
4150 $LFS getstripe $testfile
4153 $LFS migrate -i1 $testfile ||
4154 error "migrate $testfile failed"
4155 $LFS getstripe $testfile
4156 stripe=$($LFS getstripe -i $testfile)
4157 [ $stripe -eq 1 ] || error "migrate file $testfile failed"
4160 cmp -bl $tmpfile $testfile ||
4161 error "migrated file is corrupted"
4163 $LFS mirror extend -N -i0 $testfile ||
4164 error "mirror extend $testfile failed"
4165 $LFS getstripe $testfile
4166 mirror_count=$($LFS getstripe -N $testfile)
4167 [ $mirror_count -eq 2 ] ||
4168 error "mirror extend file $testfile failed (1)"
4169 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4170 [ $stripe -eq 1 ] || error "mirror extend file $testfile failed (2)"
4171 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4172 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4175 $LFS mirror verify -v $testfile ||
4176 error "mirror verify failed"
4177 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4178 error "read from mirror 1 failed"
4179 cmp -bl $tmpfile $mirror1 ||
4180 error "corruption of mirror 1"
4181 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4182 error "read from mirror 2 failed"
4183 cmp -bl $tmpfile $mirror2 ||
4184 error "corruption of mirror 2"
4186 $LFS mirror split --mirror-id 1 -f ${testfile}.mirror $testfile &&
4187 error "mirror split -f should fail"
4189 $LFS mirror split --mirror-id 1 $testfile &&
4190 error "mirror split without -d should fail"
4192 $LFS mirror split --mirror-id 1 -d $testfile ||
4193 error "mirror split failed"
4194 $LFS getstripe $testfile
4195 mirror_count=$($LFS getstripe -N $testfile)
4196 [ $mirror_count -eq 1 ] ||
4197 error "mirror split file $testfile failed (1)"
4198 stripe=$($LFS getstripe --mirror-id=1 -i $testfile)
4199 [ -z "$stripe" ] || error "mirror extend file $testfile failed (2)"
4200 stripe=$($LFS getstripe --mirror-id=2 -i $testfile)
4201 [ $stripe -eq 0 ] || error "mirror extend file $testfile failed (3)"
4204 cmp -bl $tmpfile $testfile ||
4205 error "extended/split file is corrupted"
4207 run_test 52 "Mirrored encrypted file"
4210 local testfile=$DIR/$tdir/$tfile
4211 local testfile2=$DIR2/$tdir/$tfile
4212 local tmpfile=$TMP/$tfile.tmp
4213 local resfile=$TMP/$tfile.res
4217 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4218 skip "client encryption not supported"
4220 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4221 skip "need dummy encryption support"
4223 pagesz=$(getconf PAGESIZE)
4224 [[ $pagesz == 65536 ]] || skip "Need 64K PAGE_SIZE client"
4226 do_node $mds1_HOST \
4227 "mount.lustre --help |& grep -q 'test_dummy_encryption:'" ||
4228 skip "need dummy encryption support on MDS client mount"
4230 # this test is probably useless now, but may turn out to be useful when
4231 # Lustre supports servers with PAGE_SIZE != 4KB
4232 pagesz=$(do_node $mds1_HOST getconf PAGESIZE)
4233 [[ $pagesz == 4096 ]] || skip "Need 4K PAGE_SIZE MDS client"
4235 stack_trap cleanup_for_enc_tests EXIT
4236 stack_trap "zconf_umount $mds1_HOST $MOUNT2" EXIT
4239 $LFS setstripe -c1 -i0 $testfile
4241 # write from 1st client
4242 cat /dev/urandom | tr -dc 'a-zA-Z0-9' |
4243 dd of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4244 dd if=$tmpfile of=$testfile bs=$((pagesz+3)) count=2 conv=fsync ||
4245 error "could not write to $testfile (1)"
4247 # read from 2nd client
4248 # mount and IOs must be done in the same shell session, otherwise
4249 # encryption key in session keyring is missing
4250 do_node $mds1_HOST "mkdir -p $MOUNT2"
4251 do_node $mds1_HOST \
4252 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4253 $MGSNID:/$FSNAME $MOUNT2 && \
4254 dd if=$testfile2 of=$resfile bs=$((pagesz+3)) count=2" ||
4255 error "could not read from $testfile2 (1)"
4258 filemd5=$(do_node $mds1_HOST md5sum $resfile | awk '{print $1}')
4259 [ $filemd5 = $(md5sum $tmpfile | awk '{print $1}') ] ||
4260 error "file is corrupted (1)"
4261 do_node $mds1_HOST rm -f $resfile
4264 # truncate from 2nd client
4265 $TRUNCATE $tmpfile $((pagesz+3))
4266 zconf_umount $mds1_HOST $MOUNT2 ||
4267 error "umount $mds1_HOST $MOUNT2 failed (1)"
4268 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4269 $MGSNID:/$FSNAME $MOUNT2 && \
4270 $TRUNCATE $testfile2 $((pagesz+3))" ||
4271 error "could not truncate $testfile2 (1)"
4274 cmp -bl $tmpfile $testfile ||
4275 error "file is corrupted (2)"
4276 rm -f $tmpfile $testfile
4278 zconf_umount $mds1_HOST $MOUNT2 ||
4279 error "umount $mds1_HOST $MOUNT2 failed (2)"
4282 do_node $mds1_HOST \
4283 dd if=/dev/urandom of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
4284 # write from 2nd client
4285 do_node $mds1_HOST \
4286 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4287 $MGSNID:/$FSNAME $MOUNT2 && \
4288 dd if=$tmpfile of=$testfile2 bs=$((pagesz+3)) count=2 conv=fsync" ||
4289 error "could not write to $testfile2 (2)"
4291 # read from 1st client
4292 dd if=$testfile of=$resfile bs=$((pagesz+3)) count=2 ||
4293 error "could not read from $testfile (2)"
4296 filemd5=$(do_node $mds1_HOST md5sum -b $tmpfile | awk '{print $1}')
4297 [ $filemd5 = $(md5sum -b $resfile | awk '{print $1}') ] ||
4298 error "file is corrupted (3)"
4302 # truncate from 1st client
4303 do_node $mds1_HOST "$TRUNCATE $tmpfile $((pagesz+3))"
4304 $TRUNCATE $testfile $((pagesz+3)) ||
4305 error "could not truncate $testfile (2)"
4308 zconf_umount $mds1_HOST $MOUNT2 ||
4309 error "umount $mds1_HOST $MOUNT2 failed (3)"
4310 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
4311 $MGSNID:/$FSNAME $MOUNT2 && \
4312 cmp -bl $tmpfile $testfile2" ||
4313 error "file is corrupted (4)"
4315 do_node $mds1_HOST rm -f $tmpfile
4318 run_test 53 "Mixed PAGE_SIZE clients"
4321 local testdir=$DIR/$tdir/$ID0
4322 local testdir2=$DIR2/$tdir/$ID0
4323 local testfile=$testdir/$tfile
4324 local testfile2=$testdir/${tfile}withveryverylongnametoexercisecode
4325 local testfile3=$testdir/_${tfile}
4326 local tmpfile=$TMP/${tfile}.tmp
4327 local resfile=$TMP/${tfile}.res
4332 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4333 skip "client encryption not supported"
4335 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4336 skip "need dummy encryption support"
4338 which fscrypt || skip "This test needs fscrypt userspace tool"
4340 yes | fscrypt setup --force --verbose ||
4341 error "fscrypt global setup failed"
4342 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
4344 yes | fscrypt setup --verbose $MOUNT ||
4345 error "fscrypt setup $MOUNT failed"
4347 chown -R $ID0:$ID0 $testdir
4349 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4350 --source=custom_passphrase --name=protector $testdir" ||
4351 error "fscrypt encrypt failed"
4353 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4354 --source=custom_passphrase --name=protector2 $testdir" &&
4355 error "second fscrypt encrypt should have failed"
4357 mkdir -p ${testdir}2 || error "mkdir ${testdir}2 failed"
4358 touch ${testdir}2/f || error "mkdir ${testdir}2/f failed"
4361 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
4362 --source=custom_passphrase --name=protector3 ${testdir}2 &&
4363 error "fscrypt encrypt on non-empty dir should have failed"
4365 $RUNAS dd if=/dev/urandom of=$testfile bs=127 count=1 conv=fsync ||
4366 error "write to encrypted file $testfile failed"
4367 cp $testfile $tmpfile
4368 $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
4369 error "write to encrypted file $testfile2 failed"
4370 $RUNAS dd if=/dev/urandom of=$testfile3 bs=127 count=1 conv=fsync ||
4371 error "write to encrypted file $testfile3 failed"
4372 $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
4373 $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
4375 $RUNAS fscrypt lock --verbose $testdir ||
4376 error "fscrypt lock $testdir failed (1)"
4378 $RUNAS ls -R $testdir || error "ls -R $testdir failed"
4379 local filecount=$($RUNAS find $testdir -type f | wc -l)
4380 [ $filecount -eq 4 ] || error "found $filecount files"
4382 # check enable_filename_encryption default value
4383 # tunable only available for client built against embedded llcrypt
4384 $LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
4385 nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
4387 # If client is built against in-kernel fscrypt, it is not possible
4388 # to decide to encrypt file names or not: they are always encrypted.
4389 if [ -n "$nameenc" ]; then
4390 [ $nameenc -eq 0 ] ||
4391 error "enable_filename_encryption should be 0 by default"
4393 # $testfile, $testfile2 and $testfile3 should exist because
4394 # names are not encrypted
4396 error "$testfile should exist because name not encrypted"
4397 [ -f $testfile2 ] ||
4398 error "$testfile2 should exist because name not encrypted"
4399 [ -f $testfile3 ] ||
4400 error "$testfile3 should exist because name not encrypted"
4402 [ $? -eq 0 ] || error "cannot stat $testfile3 without key"
4405 scrambledfiles=( $(find $testdir/ -maxdepth 1 -type f) )
4406 $RUNAS hexdump -C ${scrambledfiles[0]} &&
4407 error "reading ${scrambledfiles[0]} should fail without key"
4409 $RUNAS touch ${testfile}.nokey &&
4410 error "touch ${testfile}.nokey should have failed without key"
4412 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4413 error "fscrypt unlock $testdir failed (1)"
4415 $RUNAS cat $testfile > $resfile ||
4416 error "reading $testfile failed"
4418 cmp -bl $tmpfile $resfile || error "file read differs from file written"
4420 [ $? -eq 0 ] || error "cannot stat $testfile3 with key"
4422 $RUNAS fscrypt lock --verbose $testdir ||
4423 error "fscrypt lock $testdir failed (2)"
4425 $RUNAS hexdump -C ${scrambledfiles[1]} &&
4426 error "reading ${scrambledfiles[1]} should fail without key"
4428 # server local client incompatible with SSK keys installed
4429 if [ "$SHARED_KEY" != true ]; then
4431 stack_trap umount_mds_client EXIT
4432 do_facet $SINGLEMDS touch $DIR2/$tdir/newfile
4433 mdsscrambledfile=$(do_facet $SINGLEMDS find $testdir2/ \
4434 -maxdepth 1 -type f | head -n1)
4435 [ -n "$mdsscrambledfile" ] || error "could not find file"
4436 do_facet $SINGLEMDS cat "$mdsscrambledfile" &&
4437 error "reading $mdsscrambledfile should fail on MDS"
4438 do_facet $SINGLEMDS "echo aaa >> \"$mdsscrambledfile\"" &&
4439 error "writing $mdsscrambledfile should fail on MDS"
4440 do_facet $SINGLEMDS $MULTIOP $testdir2/fileA m &&
4441 error "creating $testdir2/fileA should fail on MDS"
4442 do_facet $SINGLEMDS mkdir $testdir2/dirA &&
4443 error "mkdir $testdir2/dirA should fail on MDS"
4444 do_facet $SINGLEMDS ln -s $DIR2/$tdir/newfile $testdir2/sl1 &&
4445 error "ln -s $testdir2/sl1 should fail on MDS"
4446 do_facet $SINGLEMDS ln $DIR2/$tdir/newfile $testdir2/hl1 &&
4447 error "ln $testdir2/hl1 should fail on MDS"
4448 do_facet $SINGLEMDS mv "$mdsscrambledfile" $testdir2/fB &&
4449 error "mv $mdsscrambledfile should fail on MDS"
4450 do_facet $SINGLEMDS mrename "$mdsscrambledfile" $testdir2/fB &&
4451 error "mrename $mdsscrambledfile should fail on MDS"
4452 do_facet $SINGLEMDS rm -f $DIR2/$tdir/newfile
4455 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4456 error "fscrypt unlock $testdir failed (2)"
4459 $RUNAS fscrypt lock --verbose $testdir ||
4460 error "fscrypt lock $testdir failed (3)"
4462 rm -rf $tmpfile $resfile $testdir ${testdir}2 $MOUNT/.fscrypt
4464 # remount client with subdirectory mount
4465 umount_client $MOUNT || error "umount $MOUNT failed (1)"
4466 export FILESET=/$tdir
4467 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (1)"
4471 # setup encryption from inside this subdir mount
4472 # the .fscrypt directory is going to be created at the real fs root
4473 yes | fscrypt setup --verbose $MOUNT ||
4474 error "fscrypt setup $MOUNT failed (2)"
4475 testdir=$MOUNT/vault
4477 chown -R $ID0:$ID0 $testdir
4478 fid1=$(path2fid $MOUNT/.fscrypt)
4479 echo "With FILESET $tdir, .fscrypt FID is $fid1"
4481 # enable name encryption, only valid if built against embedded llcrypt
4482 if [ -n "$nameenc" ]; then
4483 do_facet mgs $LCTL set_param -P \
4484 llite.*.enable_filename_encryption=1
4486 error "set_param -P \
4487 llite.*.enable_filename_encryption failed"
4489 wait_update_facet --verbose client \
4490 "$LCTL get_param -n llite.*.enable_filename_encryption \
4492 error "enable_filename_encryption not set on client"
4495 # encrypt 'vault' dir inside the subdir mount
4496 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4497 --source=custom_passphrase --name=protector $testdir" ||
4498 error "fscrypt encrypt failed"
4502 $RUNAS cp $tmpfile $testdir/encfile
4504 $RUNAS fscrypt lock --verbose $testdir ||
4505 error "fscrypt lock $testdir failed (4)"
4507 # encfile should actually have its name encrypted
4508 if [ -n "$nameenc" ]; then
4509 [ -f $testdir/encfile ] &&
4510 error "encfile name should be encrypted"
4512 filecount=$(find $testdir -type f | wc -l)
4513 [ $filecount -eq 1 ] || error "found $filecount files instead of 1"
4515 # remount client with encrypted dir as subdirectory mount
4516 umount_client $MOUNT || error "umount $MOUNT failed (2)"
4517 export FILESET=/$tdir/vault
4518 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (2)"
4522 fid2=$(path2fid $MOUNT/.fscrypt)
4523 echo "With FILESET $tdir/vault, .fscrypt FID is $fid2"
4524 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (1)"
4526 # all content seen by this mount is encrypted, but .fscrypt is virtually
4527 # presented, letting us call fscrypt lock/unlock
4528 echo mypass | $RUNAS fscrypt unlock --verbose $MOUNT ||
4529 error "fscrypt unlock $MOUNT failed (3)"
4532 [ $(cat $MOUNT/encfile) == "abc" ] || error "cat encfile failed"
4534 # remount client without subdir mount
4535 umount_client $MOUNT || error "umount $MOUNT failed (3)"
4536 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed (3)"
4539 fid2=$(path2fid $MOUNT/.fscrypt)
4540 echo "Without FILESET, .fscrypt FID is $fid2"
4541 [ "$fid1" == "$fid2" ] || error "fid1 $fid1 != fid2 $fid2 (2)"
4543 # because .fscrypt was actually created at the real root of the fs,
4544 # we can call fscrypt lock/unlock on the encrypted dir
4545 echo mypass | $RUNAS fscrypt unlock --verbose $DIR/$tdir/vault ||
4546 error "fscrypt unlock $$DIR/$tdir/vault failed (4)"
4549 echo c >> $DIR/$tdir/vault/encfile || error "write to encfile failed"
4551 rm -rf $DIR/$tdir/vault/*
4552 $RUNAS fscrypt lock --verbose $DIR/$tdir/vault ||
4553 error "fscrypt lock $DIR/$tdir/vault failed (5)"
4555 # disable name encryption, only valid if built against embedded llcrypt
4556 if [ -n "$nameenc" ]; then
4557 do_facet mgs $LCTL set_param -P \
4558 llite.*.enable_filename_encryption=0
4560 error "set_param -P \
4561 llite.*.enable_filename_encryption failed"
4563 wait_update_facet --verbose client \
4564 "$LCTL get_param -n llite.*.enable_filename_encryption \
4566 error "enable_filename_encryption not set back to default"
4569 rm -rf $tmpfile $MOUNT/.fscrypt
4571 run_test 54 "Encryption policies with fscrypt"
4575 if is_mounted $MOUNT; then
4576 umount_client $MOUNT || error "umount $MOUNT failed"
4579 do_facet mgs $LCTL nodemap_del c0
4580 do_facet mgs $LCTL nodemap_modify --name default \
4581 --property admin --value 0
4582 do_facet mgs $LCTL nodemap_modify --name default \
4583 --property trusted --value 0
4584 wait_nm_sync default admin_nodemap
4585 wait_nm_sync default trusted_nodemap
4587 do_facet mgs $LCTL nodemap_activate 0
4588 wait_nm_sync active 0
4590 if $SHARED_KEY; then
4591 export SK_UNIQUE_NM=false
4595 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
4596 if [ "$MOUNT_2" ]; then
4597 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
4603 (( $MDS1_VERSION > $(version_code 2.12.6.2) )) ||
4604 skip "Need MDS version at least 2.12.6.3"
4609 mkdir -p $DIR/$tdir/$USER0/testdir_groups
4610 chown root:$USER0 $DIR/$tdir/$USER0
4611 chmod 770 $DIR/$tdir/$USER0
4612 chmod g+s $DIR/$tdir/$USER0
4613 chown $USER0:$USER0 $DIR/$tdir/$USER0/testdir_groups
4614 chmod 770 $DIR/$tdir/$USER0/testdir_groups
4615 chmod g+s $DIR/$tdir/$USER0/testdir_groups
4617 # unmount client completely
4618 umount_client $MOUNT || error "umount $MOUNT failed"
4619 if is_mounted $MOUNT2; then
4620 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
4623 do_nodes $(comma_list $(all_mdts_nodes)) \
4624 $LCTL set_param mdt.*.identity_upcall=NONE
4626 stack_trap cleanup_55 EXIT
4628 do_facet mgs $LCTL nodemap_activate 1
4631 do_facet mgs $LCTL nodemap_del c0 || true
4632 wait_nm_sync c0 id ''
4634 do_facet mgs $LCTL nodemap_modify --name default \
4635 --property admin --value 1
4636 do_facet mgs $LCTL nodemap_modify --name default \
4637 --property trusted --value 1
4638 wait_nm_sync default admin_nodemap
4639 wait_nm_sync default trusted_nodemap
4641 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
4642 client_nid=$(h2nettype $client_ip)
4643 do_facet mgs $LCTL nodemap_add c0
4644 do_facet mgs $LCTL nodemap_add_range \
4645 --name c0 --range $client_nid
4646 do_facet mgs $LCTL nodemap_modify --name c0 \
4647 --property admin --value 0
4648 do_facet mgs $LCTL nodemap_modify --name c0 \
4649 --property trusted --value 1
4650 wait_nm_sync c0 admin_nodemap
4651 wait_nm_sync c0 trusted_nodemap
4653 if $SHARED_KEY; then
4654 export SK_UNIQUE_NM=true
4655 # set some generic fileset to trigger SSK code
4659 # remount client to take nodemap into account
4660 zconf_mount_clients $HOSTNAME $MOUNT $MOUNT_OPTS ||
4661 error "remount failed"
4665 euid_access $USER0 $DIR/$tdir/$USER0/testdir_groups/file
4667 run_test 55 "access with seteuid"
4670 local testfile=$DIR/$tdir/$tfile
4672 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4674 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4675 skip "client encryption not supported"
4677 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4678 skip "need dummy encryption support"
4680 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4682 stack_trap cleanup_for_enc_tests EXIT
4685 $LFS setstripe -c1 $testfile
4686 dd if=/dev/urandom of=$testfile bs=1M count=3 conv=fsync
4687 filefrag -v $testfile || error "filefrag $testfile failed"
4688 (( $(filefrag -v $testfile | grep -c encrypted) >= 1 )) ||
4689 error "filefrag $testfile does not show encrypted flag"
4690 (( $(filefrag -v $testfile | grep -c encoded) >= 1 )) ||
4691 error "filefrag $testfile does not show encoded flag"
4693 run_test 56 "FIEMAP on encrypted file"
4696 local testdir=$DIR/$tdir/mytestdir
4697 local testfile=$DIR/$tdir/$tfile
4699 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4701 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4702 skip "client encryption not supported"
4704 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4705 skip "need dummy encryption support"
4709 setfattr -n security.c -v myval $testdir &&
4710 error "setting xattr on $testdir should have failed (1.1)"
4711 setfattr -n encryption.c -v myval $testdir &&
4712 error "setting xattr on $testdir should have failed (1.2)"
4714 setfattr -n security.c -v myval $testfile &&
4715 error "setting xattr on $testfile should have failed (1.1)"
4716 setfattr -n encryption.c -v myval $testfile &&
4717 error "setting xattr on $testfile should have failed (1.2)"
4721 stack_trap cleanup_for_enc_tests EXIT
4725 if [ $(getfattr -n security.c $testdir 2>&1 |
4726 grep -ci "Operation not permitted") -eq 0 ]; then
4727 error "getting xattr on $testdir should have failed (1.1)"
4729 if [ $(getfattr -n encryption.c $testdir 2>&1 |
4730 grep -ci "Operation not supported") -eq 0 ]; then
4731 error "getting xattr on $testdir should have failed (1.2)"
4733 getfattr -d -m - $testdir 2>&1 | grep security\.c &&
4734 error "listing xattrs on $testdir should not expose security.c"
4735 getfattr -d -m - $testdir 2>&1 | grep encryption\.c &&
4736 error "listing xattrs on $testdir should not expose encryption.c"
4737 if [ $(setfattr -n security.c -v myval $testdir 2>&1 |
4738 grep -ci "Operation not permitted") -eq 0 ]; then
4739 error "setting xattr on $testdir should have failed (2.1)"
4741 if [ $(setfattr -n encryption.c -v myval $testdir 2>&1 |
4742 grep -ci "Operation not supported") -eq 0 ]; then
4743 error "setting xattr on $testdir should have failed (2.2)"
4746 if [ $(getfattr -n security.c $testfile 2>&1 |
4747 grep -ci "Operation not permitted") -eq 0 ]; then
4748 error "getting xattr on $testfile should have failed (1.1)"
4750 if [ $(getfattr -n encryption.c $testfile 2>&1 |
4751 grep -ci "Operation not supported") -eq 0 ]; then
4752 error "getting xattr on $testfile should have failed (1.2)"
4754 getfattr -d -m - $testfile 2>&1 | grep security\.c &&
4755 error "listing xattrs on $testfile should not expose security.c"
4756 getfattr -d -m - $testfile 2>&1 | grep encryption\.c &&
4757 error "listing xattrs on $testfile should not expose encryption.c"
4758 if [ $(setfattr -n security.c -v myval $testfile 2>&1 |
4759 grep -ci "Operation not permitted") -eq 0 ]; then
4760 error "setting xattr on $testfile should have failed (2.1)"
4762 if [ $(setfattr -n encryption.c -v myval $testfile 2>&1 |
4763 grep -ci "Operation not supported") -eq 0 ]; then
4764 error "setting xattr on $testfile should have failed (2.2)"
4768 run_test 57 "security.c/encryption.c xattr protection"
4771 local testdir=$DIR/$tdir/mytestdir
4772 local testfile=$DIR/$tdir/$tfile
4774 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4776 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4777 skip "client encryption not supported"
4779 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4780 skip "need dummy encryption support"
4782 stack_trap cleanup_for_enc_tests EXIT
4785 touch $DIR/$tdir/$tfile
4786 mkdir $DIR/$tdir/subdir
4790 echo 3 > /proc/sys/vm/drop_caches
4792 ll_decode_linkea $DIR/$tdir/$tfile || error "cannot read $tfile linkea"
4793 ll_decode_linkea $DIR/$tdir/subdir || error "cannot read subdir linkea"
4795 for ((i = 0; i < 1000; i = $((i+1)))); do
4796 mkdir -p $DIR/$tdir/d${i}
4797 touch $DIR/$tdir/f${i}
4798 createmany -m $DIR/$tdir/d${i}/f 5 > /dev/null
4803 echo 3 > /proc/sys/vm/drop_caches
4806 ls -ailR $DIR/$tdir > /dev/null || error "fail to ls"
4808 run_test 58 "access to enc file's xattrs"
4811 local mirror1=$TMP/$tfile.mirror1
4812 local mirror2=$TMP/$tfile.mirror2
4816 $LFS mirror verify -vvv $testfile ||
4817 error "verifying mirror failed (1)"
4818 if [ $($LFS mirror verify -v $testfile 2>&1 |
4819 grep -ci "only valid") -ne 0 ]; then
4820 error "verifying mirror failed (2)"
4823 $LFS mirror read -N 1 -o $mirror1 $testfile ||
4824 error "read from mirror 1 failed"
4825 cmp -bl $reffile $mirror1 ||
4826 error "corruption of mirror 1"
4827 $LFS mirror read -N 2 -o $mirror2 $testfile ||
4828 error "read from mirror 2 failed"
4829 cmp -bl $reffile $mirror2 ||
4830 error "corruption of mirror 2"
4834 local testfile=$DIR/$tdir/$tfile
4835 local tmpfile=$TMP/$tfile
4836 local mirror1=$TMP/$tfile.mirror1
4837 local mirror2=$TMP/$tfile.mirror2
4840 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4841 skip "client encryption not supported"
4843 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4844 skip "need dummy encryption support"
4846 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4848 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4851 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
4853 $LFS mirror create -N -i0 -N -i1 $testfile ||
4854 error "could not create mirror"
4855 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
4856 error "could not write to $testfile"
4857 $LFS getstripe $testfile
4859 # remount without dummy encryption key
4860 remount_client_normally
4862 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
4863 $LFS mirror resync $scrambledfile ||
4864 error "could not resync mirror"
4866 $LFS mirror verify -vvv $scrambledfile ||
4867 error "mirror verify failed (1)"
4868 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
4869 grep -ci "only valid") -ne 0 ]; then
4870 error "mirror verify failed (2)"
4873 $LFS mirror read -N 1 -o $mirror1 $scrambledfile &&
4874 error "read from mirror should fail"
4877 remount_client_dummykey
4878 verify_mirror $testfile $tmpfile
4880 run_test 59a "mirror resync of encrypted files without key"
4883 local testfile=$DIR/$tdir/$tfile
4884 local tmpfile=$TMP/$tfile
4885 local mirror1=$TMP/$tfile.mirror1
4886 local mirror2=$TMP/$tfile.mirror2
4889 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4890 skip "client encryption not supported"
4892 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4893 skip "need dummy encryption support"
4895 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4897 stack_trap "cleanup_for_enc_tests $tmpfile $mirror1 $mirror2" EXIT
4900 tr '\0' '2' < /dev/zero |
4901 dd of=$tmpfile bs=1 count=9000 conv=fsync
4903 $LFS setstripe -c1 -i0 $testfile
4904 dd if=$tmpfile of=$testfile bs=9000 count=1 conv=fsync ||
4905 error "write to $testfile failed"
4906 $LFS getstripe $testfile
4908 # remount without dummy encryption key
4909 remount_client_normally
4911 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type f)
4912 $LFS migrate -i1 $scrambledfile ||
4913 error "migrate $scrambledfile failed"
4914 $LFS getstripe $scrambledfile
4915 stripe=$($LFS getstripe -i $scrambledfile)
4916 [ $stripe -eq 1 ] || error "migrate file $scrambledfile failed"
4920 remount_client_dummykey
4921 cmp -bl $tmpfile $testfile ||
4922 error "migrated file is corrupted"
4924 # remount without dummy encryption key
4925 remount_client_normally
4927 $LFS mirror extend -N -i0 $scrambledfile ||
4928 error "mirror extend $scrambledfile failed (1)"
4929 $LFS getstripe $scrambledfile
4930 mirror_count=$($LFS getstripe -N $scrambledfile)
4931 [ $mirror_count -eq 2 ] ||
4932 error "mirror extend file $scrambledfile failed (2)"
4933 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
4934 [ $stripe -eq 1 ] ||
4935 error "mirror extend file $scrambledfile failed (3)"
4936 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
4937 [ $stripe -eq 0 ] ||
4938 error "mirror extend file $scrambledfile failed (4)"
4940 $LFS mirror verify -vvv $scrambledfile ||
4941 error "mirror verify failed (1)"
4942 if [ $($LFS mirror verify -v $scrambledfile 2>&1 |
4943 grep -ci "only valid") -ne 0 ]; then
4944 error "mirror verify failed (2)"
4948 remount_client_dummykey
4949 verify_mirror $testfile $tmpfile
4951 # remount without dummy encryption key
4952 remount_client_normally
4954 $LFS mirror split --mirror-id 1 -d $scrambledfile ||
4955 error "mirror split file $scrambledfile failed (1)"
4956 $LFS getstripe $scrambledfile
4957 mirror_count=$($LFS getstripe -N $scrambledfile)
4958 [ $mirror_count -eq 1 ] ||
4959 error "mirror split file $scrambledfile failed (2)"
4960 stripe=$($LFS getstripe --mirror-id=1 -i $scrambledfile)
4961 [ -z "$stripe" ] || error "mirror split file $scrambledfile failed (3)"
4962 stripe=$($LFS getstripe --mirror-id=2 -i $scrambledfile)
4963 [ $stripe -eq 0 ] || error "mirror split file $scrambledfile failed (4)"
4966 remount_client_dummykey
4968 cmp -bl $tmpfile $testfile ||
4969 error "extended/split file is corrupted"
4971 run_test 59b "migrate/extend/split of encrypted files without key"
4974 local dirname=$DIR/$tdir/subdir
4977 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4978 skip "client encryption not supported"
4980 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4981 skip "need dummy encryption support"
4983 [[ $MDSCOUNT -ge 2 ]] || skip_env "needs >= 2 MDTs"
4985 (( "$MDS1_VERSION" > $(version_code 2.14.54.54) )) ||
4986 skip "MDT migration not supported with older server"
4988 stack_trap cleanup_for_enc_tests EXIT
4991 $LFS setdirstripe -i 0 $dirname
4992 echo b > $dirname/subf
4994 # remount without dummy encryption key
4995 remount_client_normally
4997 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
4999 # migrate a non-empty encrypted dir
5000 $LFS migrate -m 1 $scrambleddir ||
5001 error "migrate $scrambleddir between MDTs failed (1)"
5003 stripe=$($LFS getdirstripe -i $scrambleddir)
5004 [ $stripe -eq 1 ] ||
5005 error "migrate $scrambleddir between MDTs failed (2)"
5009 [ -f $dirname/subf ] ||
5010 error "migrate $scrambleddir between MDTs failed (3)"
5011 [ $(cat $dirname/subf) == "b" ] ||
5012 error "migrate $scrambleddir between MDTs failed (4)"
5014 run_test 59c "MDT migrate of encrypted files without key"
5017 local testdir=$DIR/$tdir/mytestdir
5018 local testfile=$DIR/$tdir/$tfile
5020 (( $MDS1_VERSION > $(version_code 2.14.53) )) ||
5021 skip "Need MDS version at least 2.14.53"
5023 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5024 skip "client encryption not supported"
5026 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5027 skip "need dummy encryption support"
5029 stack_trap cleanup_for_enc_tests EXIT
5032 echo a > $DIR/$tdir/file1
5033 mkdir $DIR/$tdir/subdir
5034 echo b > $DIR/$tdir/subdir/subfile1
5037 # unmount client completely
5038 umount_client $MOUNT || error "umount $MOUNT failed"
5039 if is_mounted $MOUNT2; then
5040 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
5043 # remount client with subdirectory mount
5044 export FILESET=/$tdir
5045 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
5046 if [ "$MOUNT_2" ]; then
5047 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
5051 ls -Rl $DIR || error "ls -Rl $DIR failed (1)"
5054 remount_client_dummykey
5057 ls -Rl $DIR || error "ls -Rl $DIR failed (2)"
5058 cat $DIR/file1 || error "cat $DIR/$tdir/file1 failed"
5059 cat $DIR/subdir/subfile1 ||
5060 error "cat $DIR/$tdir/subdir/subfile1 failed"
5062 run_test 60 "Subdirmount of encrypted dir"
5065 local testfile=$DIR/$tdir/$tfile
5068 readonly=$(do_facet mgs \
5069 lctl get_param -n nodemap.default.readonly_mount)
5070 [ -n "$readonly" ] ||
5071 skip "Server does not have readonly_mount nodemap flag"
5073 stack_trap cleanup_nodemap_after_enc_tests EXIT
5074 umount_client $MOUNT || error "umount $MOUNT failed (1)"
5076 # Activate nodemap, and mount rw.
5077 # Should succeed as rw mount is not forbidden on default nodemap
5079 do_facet mgs $LCTL nodemap_activate 1
5081 do_facet mgs $LCTL nodemap_modify --name default \
5082 --property admin --value 1
5083 do_facet mgs $LCTL nodemap_modify --name default \
5084 --property trusted --value 1
5085 wait_nm_sync default admin_nodemap
5086 wait_nm_sync default trusted_nodemap
5087 readonly=$(do_facet mgs \
5088 lctl get_param -n nodemap.default.readonly_mount)
5089 [ $readonly -eq 0 ] || error "wrong default value for readonly_mount"
5091 mount_client $MOUNT ${MOUNT_OPTS},rw ||
5092 error "mount '-o rw' failed with default"
5094 findmnt $MOUNT --output=options -n -f | grep -q "rw," ||
5095 error "should be rw mount"
5096 mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
5097 echo a > $testfile || error "write $testfile failed"
5098 umount_client $MOUNT || error "umount $MOUNT failed (2)"
5100 # Now enforce read-only, and retry.
5101 do_facet mgs $LCTL nodemap_modify --name default \
5102 --property readonly_mount --value 1
5103 wait_nm_sync default readonly_mount
5104 mount_client $MOUNT ${MOUNT_OPTS} ||
5105 error "mount failed"
5106 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5107 error "mount should have been turned into ro"
5108 cat $testfile || error "read $testfile failed (1)"
5109 echo b > $testfile && error "write $testfile should fail (1)"
5110 umount_client $MOUNT || error "umount $MOUNT failed (3)"
5111 mount_client $MOUNT ${MOUNT_OPTS},rw ||
5112 error "mount '-o rw' failed"
5113 findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
5114 error "mount rw should have been turned into ro"
5115 cat $testfile || error "read $testfile failed (2)"
5116 echo b > $testfile && error "write $testfile should fail (2)"
5117 umount_client $MOUNT || error "umount $MOUNT failed (4)"
5118 mount_client $MOUNT ${MOUNT_OPTS},ro ||
5119 error "mount '-o ro' failed"
5121 cat $testfile || error "read $testfile failed (3)"
5122 echo b > $testfile && error "write $testfile should fail (3)"
5123 umount_client $MOUNT || error "umount $MOUNT failed (5)"
5125 run_test 61 "Nodemap enforces read-only mount"
5128 local testdir=$DIR/$tdir/mytestdir
5129 local testfile=$DIR/$tdir/$tfile
5131 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
5133 (( $MDS1_VERSION > $(version_code 2.15.51) )) ||
5134 skip "Need MDS version at least 2.15.51"
5136 $LCTL get_param mdc.*.import | grep -q client_encryption ||
5137 skip "client encryption not supported"
5139 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
5140 skip "need dummy encryption support"
5142 stack_trap cleanup_for_enc_tests EXIT
5145 lfs setstripe -c -1 $DIR/$tdir
5146 touch $DIR/$tdir/${tfile}_1 || error "touch ${tfile}_1 failed"
5147 dd if=/dev/zero of=$DIR/$tdir/${tfile}_2 bs=1 count=1 conv=fsync ||
5148 error "dd ${tfile}_2 failed"
5150 # unmount the Lustre filesystem
5151 stopall || error "stopping for e2fsck run"
5153 # run e2fsck on the MDT and OST devices
5154 local mds_host=$(facet_active_host $SINGLEMDS)
5155 local ost_host=$(facet_active_host ost1)
5156 local mds_dev=$(mdsdevname ${SINGLEMDS//mds/})
5157 local ost_dev=$(ostdevname 1)
5159 run_e2fsck $mds_host $mds_dev "-n"
5160 run_e2fsck $ost_host $ost_dev "-n"
5162 # mount the Lustre filesystem
5163 setupall || error "remounting the filesystem failed"
5165 run_test 62 "e2fsck with encrypted files"
5167 log "cleanup: ======================================================"
5170 for num in $(seq $MDSCOUNT); do
5171 if [ "${identity_old[$num]}" = 1 ]; then
5172 switch_identity $num false || identity_old[$num]=$?
5176 $RUNAS_CMD -u $ID0 ls $DIR
5177 $RUNAS_CMD -u $ID1 ls $DIR
5182 check_and_cleanup_lustre
git://git.whamcloud.com / fs / lustre-release.git / blob