do_facet $SINGLEMDS "mkdir -p $CONFDIR"
IDENTITY_FLUSH=mdt.$MDT.identity_flush
IDENTITY_UPCALL=mdt.$MDT.identity_upcall
-MDSCAPA=mdt.$MDT.capa
-CAPA_TIMEOUT=mdt.$MDT.capa_timeout
MDSSECLEVEL=mdt.$MDT.sec_level
# for CLIENT_TYPE
}
run_test 4 "set supplementary group ==============="
-mds_capability_timeout() {
- [ $# -lt 1 ] && echo "Miss mds capability timeout value" && return 1
-
- echo "Set mds capability timeout as $1 seconds"
- do_facet $SINGLEMDS "lctl set_param -n $CAPA_TIMEOUT=$1"
- return 0
-}
-
-mds_sec_level_switch() {
- [ $# -lt 1 ] && echo "Miss mds sec level switch value" && return 1
-
- case $1 in
- 0) echo "Disable capa for all clients";;
- 1) echo "Enable capa for remote client";;
- 3) echo "Enable capa for all clients";;
- *) echo "Invalid mds sec level switch value" && return 2;;
- esac
-
- do_facet $SINGLEMDS "lctl set_param -n $MDSSECLEVEL=$1"
- return 0
-}
-
-oss_sec_level_switch() {
- [ $# -lt 1 ] && echo "Miss oss sec level switch value" && return 1
-
- case $1 in
- 0) echo "Disable capa for all clients";;
- 1) echo "Enable capa for remote client";;
- 3) echo "Enable capa for all clients";;
- *) echo "Invalid oss sec level switch value" && return 2;;
- esac
-
- for i in `seq $OSTCOUNT`; do
- local j=`expr $i - 1`
- local OST="`do_facet ost$i "lctl get_param -N obdfilter.\*OST\*$j/stats 2>/dev/null | cut -d"." -f2" || true`"
- [ -z "$OST" ] && return 3
- do_facet ost$i "lctl set_param -n obdfilter.$OST.sec_level=$1"
- done
- return 0
-}
-
-mds_capability_switch() {
- [ $# -lt 1 ] && echo "Miss mds capability switch value" && return 1
-
- case $1 in
- 0) echo "Turn off mds capability";;
- 3) echo "Turn on mds capability";;
- *) echo "Invalid mds capability switch value" && return 2;;
- esac
-
- do_facet $SINGLEMDS "lctl set_param -n $MDSCAPA=$1"
- return 0
-}
-
-oss_capability_switch() {
- [ $# -lt 1 ] && echo "Miss oss capability switch value" && return 1
-
- case $1 in
- 0) echo "Turn off oss capability";;
- 1) echo "Turn on oss capability";;
- *) echo "Invalid oss capability switch value" && return 2;;
- esac
-
- for i in `seq $OSTCOUNT`; do
- local j=`expr $i - 1`
- local OST="`do_facet ost$i "lctl get_param -N obdfilter.\*OST\*$j/stats 2>/dev/null | cut -d"." -f2" || true`"
- [ -z "$OST" ] && return 3
- do_facet ost$i "lctl set_param -n obdfilter.$OST.capa=$1"
- done
- return 0
-}
-
-turn_mds_capa_on() {
- mds_capability_switch 3 || return 1
- mds_sec_level_switch 3 || return 2
- return 0
-}
-
-turn_oss_capa_on() {
- oss_capability_switch 1 || return 1
- oss_sec_level_switch 3 || return 2
- return 0
-}
-
-turn_capability_on() {
- local capa_timeout=${1:-"1800"}
-
- # To turn on fid capability for the system,
- # there is a requirement that fid capability
- # is turned on on all MDS/OSS servers before
- # client mount.
-
- turn_mds_capa_on || return 1
- turn_oss_capa_on || return 2
- mds_capability_timeout $capa_timeout || return 3
- remount_client $MOUNT || return 4
- return 0
-}
-
-turn_mds_capa_off() {
- mds_sec_level_switch 0 || return 1
- mds_capability_switch 0 || return 2
- return 0
-}
-
-turn_oss_capa_off() {
- oss_sec_level_switch 0 || return 1
- oss_capability_switch 0 || return 2
- return 0
-}
-
-turn_capability_off() {
- # to turn off fid capability, you can just do
- # it in a live system. But, please turn off
- # capability of all OSS servers before MDS servers.
-
- turn_oss_capa_off || return 1
- turn_mds_capa_off || return 2
- return 0
-}
-
-# We demonstrate that access to the objects in the filesystem are not
-# accessible without supplying secrets from the MDS by disabling a
-# proc variable on the mds so that it does not supply secrets. We then
-# try and access objects which result in failure.
-test_5() {
- local file=$DIR/f5
-
- [ $GSS_SUP = 0 ] && skip "without GSS support." && return
- if ! remote_mds; then
- skip "client should be separated from server."
- return
- fi
-
- rm -f $file
-
- turn_capability_off
- if [ $? != 0 ]; then
- error "turn_capability_off"
- return 1
- fi
-
- turn_oss_capa_on
- if [ $? != 0 ]; then
- error "turn_oss_capa_on"
- return 2
- fi
-
- if [ "$CLIENT_TYPE" = "remote" ]; then
- remount_client $MOUNT && return 3
- turn_oss_capa_off
- return 0
- else
- remount_client $MOUNT || return 4
- fi
-
- # proc variable disabled -- access to the objects in the filesystem
- # is not allowed
- echo "Should get Write error here : (proc variable are disabled "\
- "-- access to the objects in the filesystem is denied."
- $WTL $file 30
- if [ $? == 0 ]; then
- error "Write worked well even though secrets not supplied."
- return 5
- fi
-
- turn_capability_on
- if [ $? != 0 ]; then
- error "turn_capability_on"
- return 6
- fi
-
- sleep 5
-
- # proc variable enabled, secrets supplied -- write should work now
- echo "Should not fail here : (proc variable enabled, secrets supplied "\
- "-- write should work now)."
- $WTL $file 30
- if [ $? != 0 ]; then
- error "Write failed even though secrets supplied."
- return 7
- fi
-
- turn_capability_off
- if [ $? != 0 ]; then
- error "turn_capability_off"
- return 8
- fi
- rm -f $file
-}
-run_test 5 "capa secrets ========================="
-
-# Expiry: A test program is performing I/O on a file. It has credential
-# with an expiry half a minute later. While the program is running the
-# credentials expire and no automatic extensions or renewals are
-# enabled. The program will demonstrate an I/O failure.
-test_6() {
- local file=$DIR/f6
-
- [ $GSS_SUP = 0 ] && skip "without GSS support." && return
- if ! remote_mds; then
- skip "client should be separated from server."
- return
- fi
-
- turn_capability_off
- if [ $? != 0 ]; then
- error "turn_capability_off"
- return 1
- fi
-
- rm -f $file
-
- turn_capability_on 30
- if [ $? != 0 ]; then
- error "turn_capability_on 30"
- return 2
- fi
-
- # Token expiry
- $WTL $file 60
- if [ $? != 0 ]; then
- error "$WTL $file 60"
- return 3
- fi
-
- # Reset MDS capability timeout
- mds_capability_timeout 30
- if [ $? != 0 ]; then
- error "mds_capability_timeout 30"
- return 4
- fi
-
- $WTL $file 60 &
- local PID=$!
- sleep 5
-
- # To disable automatic renew, only need turn capa off on MDS.
- turn_mds_capa_off
- if [ $? != 0 ]; then
- error "turn_mds_capa_off"
- return 5
- fi
-
- echo "We expect I/O failure."
- wait $PID
- if [ $? == 0 ]; then
- echo "no I/O failure got."
- return 6
- fi
-
- turn_capability_off
- if [ $? != 0 ]; then
- error "turn_capability_off"
- return 7
- fi
- rm -f $file
-}
-run_test 6 "capa expiry ========================="
-
create_nodemaps() {
local i
local out
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
create_nodemaps
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
# Set up nodemaps
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
local rc
remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
return
rc=0
return $rc
}
+nodemap_version_check () {
+ remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
+ [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
+ return 1
+ return 0
+}
+
nodemap_test_setup() {
local rc
local active_nodemap=$1
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.6.90) ] &&
- skip "Skip test on $(get_lustre_version) MGS, need 2.6.90+" &&
- return
-
do_nodes $(comma_list $(all_mdts_nodes)) $LCTL set_param \
mdt.*.identity_upcall=NONE
}
nodemap_test_cleanup() {
+ trap 0
delete_fops_nodemaps
rc=$?
[[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
}
test_16() {
+ nodemap_version_check || return 0
nodemap_test_setup 0
+ trap nodemap_test_cleanup EXIT
test_fops all_off
nodemap_test_cleanup
}
run_test 16 "test nodemap all_off fileops"
test_17() {
+ nodemap_version_check || return 0
nodemap_test_setup
+ trap nodemap_test_cleanup EXIT
nodemap_clients_admin_trusted 0 1
test_fops trusted_noadmin 1
nodemap_test_cleanup
run_test 17 "test nodemap trusted_noadmin fileops"
test_18() {
+ nodemap_version_check || return 0
nodemap_test_setup
+
+ trap nodemap_test_cleanup EXIT
nodemap_clients_admin_trusted 0 0
test_fops mapped_noadmin 1
nodemap_test_cleanup
run_test 18 "test nodemap mapped_noadmin fileops"
test_19() {
+ nodemap_version_check || return 0
nodemap_test_setup
+
+ trap nodemap_test_cleanup EXIT
nodemap_clients_admin_trusted 1 1
test_fops trusted_admin 1
nodemap_test_cleanup
run_test 19 "test nodemap trusted_admin fileops"
test_20() {
+ nodemap_version_check || return 0
nodemap_test_setup
+
+ trap nodemap_test_cleanup EXIT
nodemap_clients_admin_trusted 1 0
test_fops mapped_admin 1
nodemap_test_cleanup
run_test 20 "test nodemap mapped_admin fileops"
test_21() {
+ nodemap_version_check || return 0
nodemap_test_setup
+
+ trap nodemap_test_cleanup EXIT
local x=1
local i=0
for client in $clients; do
run_test 21 "test nodemap mapped_trusted_noadmin fileops"
test_22() {
+ nodemap_version_check || return 0
nodemap_test_setup
+
+ trap nodemap_test_cleanup EXIT
local x=1
local i=0
for client in $clients; do
}
test_23() {
+ nodemap_version_check || return 0
nodemap_test_setup
+ trap nodemap_test_cleanup EXIT
# 1 trusted cluster, 1 mapped cluster
local unmapped_fs=$((IDBASE+0))
local unmapped_c1=$((IDBASE+5))