X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Ftests%2Fsanity-gss.sh;h=478f8726fbeeddcccd835d49e7dda25a9f3cf4cf;hb=fd2ff000b5f6f3f3df1c46b50d888affc2f36cd3;hp=56370ce968e0e2779ba5ee313a1b80521b337a47;hpb=60ea5e49e11678edaa11223a3d6aa3d502964e4c;p=fs%2Flustre-release.git diff --git a/lustre/tests/sanity-gss.sh b/lustre/tests/sanity-gss.sh index 56370ce..478f872 100644 --- a/lustre/tests/sanity-gss.sh +++ b/lustre/tests/sanity-gss.sh @@ -12,8 +12,6 @@ ONLY=${ONLY:-"$*"} ALWAYS_EXCEPT=${ALWAYS_EXCEPT:-"$SANITY_GSS_EXCEPT"} # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT! -[ "$SLOW" = "no" ] && EXCEPT_SLOW="100 101" - # Tests that fail on uml CPU=`awk '/model/ {print $4}' /proc/cpuinfo` [ "$CPU" = "UML" ] && EXCEPT="$EXCEPT" @@ -36,17 +34,12 @@ LUSTRE=${LUSTRE:-`dirname $0`/..} init_test_env $@ . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh} -if [ $UID -ne 0 ]; then - echo "Warning: running as non-root uid $UID" - RUNAS_ID="$UID" - RUNAS="" -else - RUNAS_ID=${RUNAS_ID:-500} - RUNAS=${RUNAS:-"runas -u $RUNAS_ID"} +remote_mds_nodsh && skip "remote MDS with nodsh" && exit 0 - # $RUNAS_ID may get set incorrectly somewhere else - [ $RUNAS_ID -eq 0 ] && error "\$RUNAS_ID set to 0, but \$UID is also 0!" -fi +[ "$SLOW" = "no" ] && EXCEPT_SLOW="100 101" + +# $RUNAS_ID may get set incorrectly somewhere else +[ $UID -eq 0 -a $RUNAS_ID -eq 0 ] && error "\$RUNAS_ID set to 0, but \$UID is also 0!" # remove $SEC, we'd like to control everything by ourselves unset SEC @@ -66,30 +59,34 @@ cnt_all2ost=0 cnt_all2mdt=0 cnt_all2all=0 DBENCH_PID=0 -PROC_CLI="srpc.info" +PROC_CLI="srpc_info" # set manually GSS=true GSS_KRB5=true +prepare_krb5_creds() { + echo prepare krb5 cred + rm -f $KRB5_CRED_SAVE + echo RUNAS=$RUNAS + $RUNAS krb5_login.sh || exit 1 + [ -f $KRB5_CRED ] || exit 2 + echo CRED=$KRB5_CRED + cp $KRB5_CRED $KRB5_CRED_SAVE +} + +prepare_krb5_creds + # we want double mount MOUNT_2=${MOUNT_2:-"yes"} -cleanup_and_setup_lustre +check_and_setup_lustre -rm -rf $DIR/${TESTSUITE}/[df][0-9]* rm -rf $DIR/[df][0-9]* -check_runas_id $RUNAS_ID $RUNAS +check_runas_id $RUNAS_ID $RUNAS_ID $RUNAS build_test_filter -prepare_krb5_creds() { - rm -f $KRB5_CRED_SAVE - $RUNAS krb5_login.sh || exit 1 - [ -f $KRB5_CRED ] || exit 2 - cp $KRB5_CRED $KRB5_CRED_SAVE -} - combination() { local M=$1 @@ -150,17 +147,45 @@ set_rule() count_flvr() { - output=$1 - flavor=$2 + local output=$1 + local flavor=$2 + local count=0 + + rpc_flvr=`echo $flavor | awk -F - '{ print $1 }'` + bulkspec=`echo $flavor | awk -F - '{ print $2 }'` + + count=`echo "$output" | grep "rpc flavor" | grep $rpc_flvr | wc -l` + + if [ "x$bulkspec" != "x" ]; then + algs=`echo $bulkspec | awk -F : '{ print $2 }'` + + if [ "x$algs" != "x" ]; then + bulk_count=`echo "$output" | grep "bulk flavor" | grep $algs | wc -l` + else + bulk=`echo $bulkspec | awk -F : '{ print $1 }'` + if [ $bulk == "bulkn" ]; then + bulk_count=`echo "$output" | grep "bulk flavor" \ + | grep "null/null" | wc -l` + elif [ $bulk == "bulki" ]; then + bulk_count=`echo "$output" | grep "bulk flavor" \ + | grep "/null" | grep -v "null/" | wc -l` + else + bulk_count=`echo "$output" | grep "bulk flavor" \ + | grep -v "/null" | grep -v "null/" | wc -l` + fi + fi + + [ $bulk_count -lt $count ] && count=$bulk_count + fi - echo "$output" | grep rpc | grep $flavor | wc -l + echo $count } flvr_cnt_cli2mdt() { local flavor=$1 - output=`do_facet client cat $LPROC/mdc/*-MDT*-mdc-*/$PROC_CLI 2>/dev/null` + output=`do_facet client lctl get_param -n mdc.*-MDT*-mdc-*.$PROC_CLI 2>/dev/null` count_flvr "$output" $flavor } @@ -168,7 +193,7 @@ flvr_cnt_cli2ost() { local flavor=$1 - output=`do_facet client cat $LPROC/osc/*OST*-osc-[^M][^D][^T]*/$PROC_CLI 2>/dev/null` + output=`do_facet client lctl get_param -n osc.*OST*-osc-[^M][^D][^T]*.$PROC_CLI 2>/dev/null` count_flvr "$output" $flavor } @@ -183,7 +208,7 @@ flvr_cnt_mdt2mdt() fi for num in `seq $MDSCOUNT`; do - output=`do_facet mds$num cat $LPROC/mdc/*-MDT*-mdc[0-9]*/$PROC_CLI 2>/dev/null` + output=`do_facet mds$num lctl get_param -n mdc.*-MDT*-mdc[0-9]*.$PROC_CLI 2>/dev/null` tmpcnt=`count_flvr "$output" $flavor` cnt=$((cnt + tmpcnt)) done @@ -196,13 +221,21 @@ flvr_cnt_mdt2ost() local cnt=0 for num in `seq $MDSCOUNT`; do - output=`do_facet mds$num cat $LPROC/osc/*OST*-osc-MDT*/$PROC_CLI 2>/dev/null` + output=`do_facet mds$num lctl get_param -n osc.*OST*-osc-MDT*.$PROC_CLI 2>/dev/null` tmpcnt=`count_flvr "$output" $flavor` cnt=$((cnt + tmpcnt)) done echo $cnt; } +flvr_cnt_mgc2mgs() +{ + local flavor=$1 + + output=`do_facet client lctl get_param -n mgc.*.$PROC_CLI 2>/dev/null` + count_flvr "$output" $flavor +} + do_check_flavor() { local dir=$1 # from to @@ -261,16 +294,16 @@ wait_flavor() restore_to_default_flavor() { - local proc=$LPROC/mgs/MGS/live/$FSNAME + local proc="mgs.MGS.live.$FSNAME" echo "restoring to default flavor..." - nrule=`do_facet mgs cat $proc 2>/dev/null | grep ".srpc.flavor." | wc -l` + nrule=`do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor." | wc -l` # remove all existing rules if any if [ $nrule -ne 0 ]; then echo "$nrule existing rules" - for rule in `do_facet mgs cat $proc 2>/dev/null | grep ".srpc.flavor."`; do + for rule in `do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor."`; do echo "remove rule: $rule" spec=`echo $rule | awk -F = '{print $1}'` do_facet mgs "$LCTL conf_param $spec=" @@ -278,7 +311,7 @@ restore_to_default_flavor() fi # verify no rules left - nrule=`do_facet mgs cat $proc 2>/dev/null | grep ".srpc.flavor." | wc -l` + nrule=`do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor." | wc -l` [ $nrule -ne 0 ] && error "still $nrule rules left" # wait for default flavor to be applied @@ -309,7 +342,7 @@ set_flavor_all() start_dbench() { NPROC=`cat /proc/cpuinfo 2>/dev/null | grep ^processor | wc -l` - [ $NPROC -lt 2 ] && NPROC=2 + [ $NPROC -gt 2 ] && NPROC=2 sh rundbench $NPROC 1>/dev/null & DBENCH_PID=$! sleep 2 @@ -382,7 +415,6 @@ check_multiple_gss_daemons() { fi } -prepare_krb5_creds calc_connection_cnt umask 077 @@ -426,6 +458,7 @@ test_1() { chmod 0777 $DIR || error "chmod $DIR failed" # access w/o cred $RUNAS kdestroy + $RUNAS $LFS flushctx || error "can't flush ctx" $RUNAS touch $file && error "unexpected success" # access w/ cred @@ -567,10 +600,15 @@ test_5() { run_test 5 "lsvcgssd dead, operations lead to recovery" test_6() { + local nfile=10 + mkdir $DIR/d6 || error "mkdir $DIR/d6 failed" - cp -a /etc/* $DIR/d6/ || error "cp failed" + for ((i=0; i<$nfile; i++)); do + dd if=/dev/zero of=$DIR/d6/file$i bs=8k count=1 || error "dd file$i failed" + done ls -l $DIR/d6/* > /dev/null || error "ls failed" rm -rf $DIR2/d6/* || error "rm failed" + rmdir $DIR2/d6/ || error "rmdir failed" } run_test 6 "test basic DLM callback works" @@ -593,7 +631,7 @@ test_7() { [ $num_osts -lt 2 ] && echo "skipping $TESTNAME (must have >= 2 OSTs)" && return mkdir $tdir || error - $LFS setstripe $tdir 0 -1 -1 || error + $LFS setstripe -c $num_osts $tdir || error echo "creating..." for ((i=0;i<20;i++)); do @@ -607,6 +645,49 @@ test_7() { } run_test 7 "exercise enlarge_reqbuf()" +test_8() +{ + local ATHISTORY=$(do_facet mds "find /sys/ -name at_history") + local ATOLDBASE=$(do_facet mds "cat $ATHISTORY") + do_facet mds "echo 8 >> $ATHISTORY" + + $LCTL dk > /dev/null + debugsave + sysctl -w lnet.debug="+other" + + mkdir -p $DIR/d8 + chmod a+w $DIR/d8 + + REQ_DELAY=`lctl get_param -n mdc.${FSNAME}-MDT0000-mdc-*.timeouts | + awk '/portal 12/ {print $5}' | tail -1` + REQ_DELAY=$((${REQ_DELAY} + ${REQ_DELAY} / 4 + 5)) + + # sleep sometime in ctx handle + do_facet mds lctl set_param fail_val=$REQ_DELAY +#define OBD_FAIL_SEC_CTX_HDL_PAUSE 0x1204 + do_facet mds lctl set_param fail_loc=0x1204 + + $RUNAS $LFS flushctx || error "can't flush ctx" + + $RUNAS touch $DIR/d8/f & + TOUCHPID=$! + echo "waiting for touch (pid $TOUCHPID) to finish..." + sleep 2 # give it a chance to really trigger context init rpc + do_facet mds sysctl -w lustre.fail_loc=0 + wait $TOUCHPID || error "touch should have succeeded" + + $LCTL dk | grep "Early reply #" || error "No early reply" + + debugrestore + do_facet mds "echo $ATOLDBASE >> $ATHISTORY" || true +} +run_test 8 "Early reply sent for slow gss context negotiation" + +# +# following tests will manipulate flavors and may end with any flavor set, +# so each test should not assume any start flavor. +# + test_90() { if [ "$SLOW" = "no" ]; then total=10 @@ -614,6 +695,10 @@ test_90() { total=60 fi + restore_to_default_flavor + set_rule $FSNAME any any krb5p + wait_flavor all2all krb5p $cnt_all2all + start_dbench for ((n=0;n<$total;n++)); do @@ -623,6 +708,8 @@ test_90() { $LFS flushctx done check_dbench + #sleep to let ctxs be re-established + sleep 10 stop_dbench } run_test 90 "recoverable from losing contexts under load" @@ -630,24 +717,23 @@ run_test 90 "recoverable from losing contexts under load" test_99() { local nrule_old=0 local nrule_new=0 - local max=32 + local max=64 # # general rules # - nrule_old=`do_facet mgs cat $LPROC/mgs/MGS/live/$FSNAME 2>/dev/null \ + nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \ | grep "$FSNAME.srpc.flavor." | wc -l` echo "original general rules: $nrule_old" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME elan$i any krb5n || error "set rule $i" done - set_rule $FSNAME elan100 any krb5n && error "set $max rule should fail" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME elan$i any || error "remove rule $i" done - nrule_new=`do_facet mgs cat $LPROC/mgs/MGS/live/$FSNAME 2>/dev/null \ + nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \ | grep "$FSNAME.srpc.flavor." | wc -l` if [ $nrule_new != $nrule_old ]; then error "general rule: $nrule_new != $nrule_old" @@ -656,25 +742,24 @@ test_99() { # # target-specific rules # - nrule_old=`do_facet mgs cat $LPROC/mgs/MGS/live/$FSNAME 2>/dev/null \ + nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \ | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l` echo "original target rules: $nrule_old" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME-MDT0000 elan$i any krb5i || error "set rule $i" done - set_rule $FSNAME-MDT0000 elan100 any krb5i && error "set $max rule should fail" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME-MDT0000 elan$i any || error "remove rule $i" done - nrule_new=`do_facet mgs cat $LPROC/mgs/MGS/live/$FSNAME 2>/dev/null \ + nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \ | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l` if [ $nrule_new != $nrule_old ]; then error "general rule: $nrule_new != $nrule_old" fi } -run_test 99 "maximum sptlrpc rules limitation" +run_test 99 "set large number of sptlrpc rules" error_dbench() { @@ -899,6 +984,70 @@ test_102() { } run_test 102 "survive from insanely fast flavor switch" +test_150() { + local save_opts + + # started from default flavors + restore_to_default_flavor + + # at this time no rules has been set on mgs; mgc use null + # flavor connect to mgs. + count=`flvr_cnt_mgc2mgs null` + [ $count -eq 1 ] || error "$count mgc connection use null flavor" + + # umount both clients + zconf_umount $HOSTNAME $MOUNT || return 1 + zconf_umount $HOSTNAME $MOUNT2 || return 2 + + # mount client with default flavor - should succeed + zconf_mount $HOSTNAME $MOUNT || error "mount with default flavor should have succeeded" + zconf_umount $HOSTNAME $MOUNT || return 5 + + # mount client with conflict flavor - should fail + save_opts=$MOUNTOPT + MOUNTOPT="$MOUNTOPT,mgssec=krb5p" + zconf_mount $HOSTNAME $MOUNT && error "mount with conflict flavor should have failed" + MOUNTOPT=$save_opts + + # mount client with same flavor - should succeed + save_opts=$MOUNTOPT + MOUNTOPT="$MOUNTOPT,mgssec=null" + zconf_mount $HOSTNAME $MOUNT || error "mount with same flavor should have succeeded" + zconf_umount $HOSTNAME $MOUNT || return 6 + MOUNTOPT=$save_opts +} +run_test 150 "secure mgs connection: client flavor setting" + +test_151() { + local save_opts + + # set mgs only accept krb5p + set_rule _mgs any any krb5p + + # umount everything, modules still loaded + stopall + + # mount mgs with default flavor, in current framework it means mgs+mdt1. + # the connection of mgc of mdt1 to mgs is expected fail. + DEVNAME=$(mdsdevname 1) + start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with default flavor should have failed" + + # mount with unauthorized flavor should fail + save_opts=$MDS_MOUNT_OPTS + MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=null" + start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with unauthorized flavor should have failed" + MDS_MOUNT_OPTS=$save_opts + + # mount with designated flavor should succeed + save_opts=$MDS_MOUNT_OPTS + MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=krb5p" + start mds1 $DEVNAME $MDS_MOUNT_OPTS || error "mount with designated flavor should have succeeded" + MDS_MOUNT_OPTS=$save_opts + + stop mds1 -f +} +run_test 151 "secure mgs connection: server flavor control" + equals_msg `basename $0`: test complete, cleaning up check_and_cleanup_lustre -[ -f "$TESTSUITELOG" ] && cat $TESTSUITELOG || true +[ -f "$TESTSUITELOG" ] && cat $TESTSUITELOG && grep -q FAIL $TESTSUITELOG && exit 1 || true