}
test_20d() {
- if [ $MDS1_VERSION -lt $(version_code 2.12.50) ] ||
- [ $CLIENT_VERSION -lt $(version_code 2.12.50) ]; then
+ if [ "$MDS1_VERSION" -lt $(version_code 2.12.50) ] ||
+ [ "$CLIENT_VERSION" -lt $(version_code 2.12.50) ]; then
skip "Need version >= 2.12.50"
fi
[ $MDSCOUNT -lt 2 ] && skip "needs >= 2 MDTs"
}
test_21a() {
- local sepol
-
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.56) ] &&
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.56) ] &&
skip "Need MDS >= 2.11.56"
+ local sepol
+
# umount client
if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
umount_client $MOUNT2 || error "umount $MOUNT2 failed"
fi
# create nodemap entry with sepol
- create_nodemap nm1
+ create_nodemap c0
+
+ if $GSS_SK; then
+ # update mount option with skpath
+ MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
+ export SK_UNIQUE_NM=true
+
+ # load specific key on servers
+ do_nodes $(comma_list $(all_server_nodes)) "lgss_sk -t server \
+ -l $SK_PATH/nodemap/c0.key"
+
+ # set perms for per-nodemap keys else permission denied
+ do_nodes $(comma_list $(all_server_nodes)) \
+ "keyctl show | grep lustre | cut -c1-11 |
+ sed -e 's/ //g;' |
+ xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+ fi
# mount client without sending sepol
mount_client $MOUNT $MOUNT_OPTS &&
# store wrong sepol in nodemap
sepol="0:policy:0:0000000000000000000000000000000000000000000000000000000000000000"
- do_facet mgs $LCTL set_param nodemap.nm1.sepol="$sepol"
- do_facet mgs $LCTL set_param -P nodemap.nm1.sepol="$sepol"
- check_nodemap nm1 sepol $sepol
+ do_facet mgs $LCTL set_param nodemap.c0.sepol="$sepol"
+ do_facet mgs $LCTL set_param -P nodemap.c0.sepol="$sepol"
+ check_nodemap c0 sepol $sepol
# mount client with sepol
mount_client $MOUNT $MOUNT_OPTS &&
error "client mount without matching sepol should be refused"
# remove nodemap
- remove_nodemap nm1
+ remove_nodemap c0
+
+ if $GSS_SK; then
+ export SK_UNIQUE_NM=false
+ fi
# remount client normally
echo 0 > /sys/module/ptlrpc/parameters/send_sepol
run_test 21a "Send sepol at connect"
test_21b() {
- local sepol
-
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.56) ] &&
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.56) ] &&
skip "Need MDS >= 2.11.56"
+ local sepol
+
mkdir -p $DIR/$tdir || error "failed to create $DIR/$tdir"
echo test > $DIR/$tdir/toopen ||
error "failed to write to $DIR/$tdir/toopen"
echo 3 > /proc/sys/vm/drop_caches
# create nodemap entry with sepol
- create_nodemap nm1
+ create_nodemap c0
+
+ if $GSS_SK; then
+ export SK_UNIQUE_NM=true
+
+ # load specific key on servers
+ do_nodes $(comma_list $(all_server_nodes)) "lgss_sk -t server \
+ -l $SK_PATH/nodemap/c0.key"
+
+ # set perms for per-nodemap keys else permission denied
+ do_nodes $(comma_list $(all_server_nodes)) \
+ "keyctl show | grep lustre | cut -c1-11 |
+ sed -e 's/ //g;' |
+ xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+ fi
# metadata ops without sending sepol
touch $DIR/$tdir/f0 && error "touch (1)"
# store wrong sepol in nodemap
sepol="0:policy:0:0000000000000000000000000000000000000000000000000000000000000000"
- do_facet mgs $LCTL set_param nodemap.nm1.sepol="$sepol"
- do_facet mgs $LCTL set_param -P nodemap.nm1.sepol="$sepol"
- check_nodemap nm1 sepol $sepol
+ do_facet mgs $LCTL set_param nodemap.c0.sepol="$sepol"
+ do_facet mgs $LCTL set_param -P nodemap.c0.sepol="$sepol"
+ check_nodemap c0 sepol $sepol
# metadata ops with sepol
touch $DIR/$tdir/f4 && error "touch (3)"
# reset correct sepol
sepol=$(l_getsepol | cut -d':' -f2- | xargs)
- do_facet mgs $LCTL set_param nodemap.nm1.sepol="$sepol"
- do_facet mgs $LCTL set_param -P nodemap.nm1.sepol="$sepol"
- check_nodemap nm1 sepol $sepol
+ do_facet mgs $LCTL set_param nodemap.c0.sepol="$sepol"
+ do_facet mgs $LCTL set_param -P nodemap.c0.sepol="$sepol"
+ check_nodemap c0 sepol $sepol
# metadata ops with sepol every 10 seconds only
echo 10 > /sys/module/ptlrpc/parameters/send_sepol
fi
# remove nodemap
- remove_nodemap nm1
+ remove_nodemap c0
echo 0 > /sys/module/ptlrpc/parameters/send_sepol
+
+ if $GSS_SK; then
+ export SK_UNIQUE_NM=false
+ fi
}
run_test 21b "Send sepol for metadata ops"