X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Ftests%2Fsanity-crypto.sh;h=b6e974fb4e98fd78fc077f399d545017de1412f7;hb=e52a140eb7f65a63f07dbb7e2aaff7f9e22974f2;hp=c5ab848b17fd60cabf396bf8afa019920ee6f69a;hpb=81e3f462f088dcc7014df02ecd2715248729d193;p=fs%2Flustre-release.git diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh index c5ab848..b6e974f 100755 --- a/lustre/tests/sanity-crypto.sh +++ b/lustre/tests/sanity-crypto.sh @@ -17,10 +17,14 @@ build_test_filter assert_env MDSCOUNT -if [ `using_krb5_sec $SECURITY` == 'n' ] ; then - ALWAYS_EXCEPT="0c $ALWAYS_EXCEPT" -fi +SETUP=${SETUP:-"setup"} +CLEANUP=${CLEANUP:-"cleanup"} +DIR1=${DIR1:-$MOUNT1} +DIR2=${DIR2:-$MOUNT2} +CRYPT_TYPE=${CRYPT_TYPE:-"gks"} +TMPFILE=${TMPFILE:-"/tmp/encrypt.tmp"} +RUN_UID=${RUN_UID:-1000} gen_config() { rm -f $XMLCONFIG @@ -45,8 +49,13 @@ gen_config() { fi add_ost ost --lov lov1 --dev $OSTDEV --size $OSTSIZE add_ost ost2 --lov lov1 --dev ${OSTDEV}-2 --size $OSTSIZE - add_gks gks - add_client client $MDS --lov lov1 --gks gks_svc --path $MOUNT + if [ $CRYPT_TYPE == "gks" ]; then + add_gks gks + add_client client $MDS --lov lov1 --gks gks_svc --path $MOUNT + else + add_client client $MDS --lov lov1 --path $MOUNT + fi + } build_test_filter @@ -62,8 +71,9 @@ cleanup() { umount $MOUNT2 || true umount $MOUNT || true rmmod llite - - stop_gks gks + if [ $CRYPT_TYPE == "gks" ]; then + stop_gks gks + fi for mds in `mds_list`; do stop $mds ${FORCE} $MDSLCONFARGS done @@ -79,8 +89,6 @@ if [ "$ONLY" == "cleanup" ]; then exit fi -SETUP=${SETUP:-"setup"} -CLEANUP=${CLEANUP:-"cleanup"} setup() { gen_config @@ -94,9 +102,9 @@ setup() { for mds in `mds_list`; do start $mds --reformat $MDSLCONFARGS done - set -vx - start_gks gks || exit 4 - set -e + if [ $CRYPT_TYPE == "gks" ]; then + start_gks gks || exit 4 + fi grep " $MOUNT " /proc/mounts || zconf_mount `hostname` $MOUNT grep " $MOUNT2 " /proc/mounts || zconf_mount `hostname` $MOUNT2 } @@ -106,7 +114,118 @@ $SETUP if [ "$ONLY" == "setup" ]; then exit 0 fi +disable_encrypt() { + NAME=$1 + grep " $MOUNT " /proc/mounts && umount $MOUNT + zconf_mount `hostname` $NAME +} +enable_encrypt() { + NAME=$1 + grep " $MOUNT " /proc/mounts && umount $MOUNT + zconf_mount `hostname` $MOUNT + $LCTL set_crypt $MOUNT $CRYPT_TYPE +} mkdir -p $DIR + + +dd if=/dev/urandom of=$TMPFILE bs=1024 count=1024 + +test_1a() { + rm -rf $DIR1/1a* + enable_encrypt $MOUNT + cp $TMPFILE $DIR1/1a0 + cp $TMPFILE $DIR2/1a1 + diff -u $DIR1/1a0 $DIR2/1a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/1a0 $DIR2/1a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/1a0 $DIR2/1a1 || error "files are different" +} +run_test 1a "read/write encryption=============" + +test_2a() { + rm -rf $DIR1/2a* + enable_encrypt $MOUNT + touch $DIR1/2a0 + setfacl -m u:bin:rw $DIR1/2a0 + cp $TMPFILE $DIR1/2a0 + cp $TMPFILE $DIR2/2a1 + diff -u $DIR1/2a0 $DIR2/2a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/2a0 $DIR2/2a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/2a0 $DIR2/2a1 || error "files are different" +} +run_test 2a "read/write encryption with acl=============" + +test_3a() { + rm -rf $DIR1/3a* + enable_encrypt $MOUNT + cp $TMPFILE $DIR1/3a0 + cp $TMPFILE $DIR2/3a1 + chown $RUN_UID $DIR1/3a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a1 + diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/3a0 $DIR2/3a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different" +} +run_test 3a "write chown encryption=============" + +test_4a() { + rm -rf $DIR1/4a* + enable_encrypt $MOUNT + cp $TMPFILE $DIR1/4a0 + cp $TMPFILE $DIR2/4a1 + setfacl -m u:bin:rw $DIR1/4a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a1 + diff -u $DIR1/4a0 $DIR2/4a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/4a0 $DIR2/4a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/4a0 $DIR2/4a1 || error "files are different" +} +run_test 4a "write chacl encryption=============" + +test_5a() { + rm -rf $DIR1/5a* + enable_encrypt $MOUNT + cp $TMPFILE $DIR1/5a0 + cp $TMPFILE $DIR2/5a1 + setfacl -m u:bin:rw $DIR1/5a0 + chown $RUN_UID $DIR1/5a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a1 + diff -u $DIR1/5a0 $DIR2/5a1 || error "files are different" + echo "enable crypt read success" + disable_encrypt $MOUNT + diff -u $DIR1/5a0 $DIR2/5a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/5a0 $DIR2/5a1 || error "files are different" +} +run_test 5a "write chacl encryption=============" + +test_6a() { + rm -rf $DIR1/6a* + enable_encrypt $MOUNT + cp $TMPFILE $DIR1/6a0 + cp $TMPFILE $DIR2/6a1 + chown 0600 $DIR1/6a0 + setfacl -m u:bin:rw $DIR1/6a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a1 + diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different" + echo "enable crypt read success" + disable_encrypt $MOUNT + diff -u $DIR1/6a0 $DIR2/6a1 && error "write encryption failed" + enable_encrypt $MOUNT + diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different" +} +run_test 6a "write chmod/setfacl encryption=============" + $CLEANUP