X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Ftests%2Fsanity-gss.sh;h=c4d0562efac3884f594f1b6fc2ad1bc4efe427f4;hb=bc4f27deaf66091c9ecd6e4944cba88bcf846e75;hp=9024134e80d5ab3a49e69e29fa35cdf1d8694e59;hpb=efe37534401d6a195f895ebbf7640fdfd595d024;p=fs%2Flustre-release.git diff --git a/lustre/tests/sanity-gss.sh b/lustre/tests/sanity-gss.sh index 9024134..c4d0562 100644 --- a/lustre/tests/sanity-gss.sh +++ b/lustre/tests/sanity-gss.sh @@ -59,9 +59,7 @@ cnt_all2ost=0 cnt_all2mdt=0 cnt_all2all=0 DBENCH_PID=0 -PROC_CLI="srpc.info" -# Escape "." to use lctl -PROC_CLI=${PROC_CLI//\./\*} +PROC_CLI="srpc_info" # set manually GSS=true @@ -85,7 +83,7 @@ check_and_setup_lustre rm -rf $DIR/[df][0-9]* -check_runas_id $RUNAS_ID $RUNAS +check_runas_id $RUNAS_ID $RUNAS_ID $RUNAS build_test_filter @@ -230,6 +228,14 @@ flvr_cnt_mdt2ost() echo $cnt; } +flvr_cnt_mgc2mgs() +{ + local flavor=$1 + + output=`do_facet client lctl get_param -n mgc.*.$PROC_CLI 2>/dev/null` + count_flvr "$output" $flavor +} + do_check_flavor() { local dir=$1 # from to @@ -452,6 +458,7 @@ test_1() { chmod 0777 $DIR || error "chmod $DIR failed" # access w/o cred $RUNAS kdestroy + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" $RUNAS touch $file && error "unexpected success" # access w/ cred @@ -472,7 +479,7 @@ test_2() { # cleanup all cred/ctx and touch $RUNAS kdestroy - $RUNAS $LFS flushctx || error "can't flush ctx" + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" $RUNAS touch $file2 && error "unexpected success" # restore and touch @@ -502,7 +509,7 @@ test_3() { # metadata check should fail, but file data check should success # because we always use root credential to OSTs $RUNAS kdestroy - $RUNAS $LFS flushctx + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" echo "destroied credentials/contexs for $RUNAS_ID" $RUNAS $CHECKSTAT -p 0666 $file && error "checkstat succeed" kill -s 10 $OPPID @@ -538,7 +545,7 @@ test_4() { check_gss_daemon_facet client lgssd && error "lgssd still running" # flush context, and touch - $RUNAS $LFS flushctx + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" $RUNAS touch $file2 & TOUCHPID=$! echo "waiting touch pid $TOUCHPID" @@ -571,7 +578,7 @@ test_5() { check_gss_daemon_facet mds lsvcgssd && error "lsvcgssd still running" # flush context, and touch - $RUNAS $LFS flushctx + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" $RUNAS touch $file2 & TOUCHPID=$! @@ -624,7 +631,7 @@ test_7() { [ $num_osts -lt 2 ] && echo "skipping $TESTNAME (must have >= 2 OSTs)" && return mkdir $tdir || error - $LFS setstripe $tdir 0 -1 -1 || error + $LFS setstripe -c $num_osts $tdir || error echo "creating..." for ((i=0;i<20;i++)); do @@ -640,26 +647,39 @@ run_test 7 "exercise enlarge_reqbuf()" test_8() { - debugsave - sysctl -w lnet.debug="other" + local ATHISTORY=$(do_facet mds "find /sys/ -name at_history") + local ATOLDBASE=$(do_facet mds "cat $ATHISTORY") + do_facet mds "echo 8 >> $ATHISTORY" + $LCTL dk > /dev/null + debugsave + sysctl -w lnet.debug="+other" + + mkdir -p $DIR/d8 + chmod a+w $DIR/d8 + + REQ_DELAY=`lctl get_param -n mdc.${FSNAME}-MDT0000-mdc-*.timeouts | + awk '/portal 12/ {print $5}' | tail -1` + REQ_DELAY=$((${REQ_DELAY} + ${REQ_DELAY} / 4 + 5)) # sleep sometime in ctx handle - do_facet mds sysctl -w lustre.fail_val=60 + do_facet mds lctl set_param fail_val=$REQ_DELAY #define OBD_FAIL_SEC_CTX_HDL_PAUSE 0x1204 - do_facet mds sysctl -w lustre.fail_loc=0x1204 + do_facet mds lctl set_param fail_loc=0x1204 - $RUNAS $LFS flushctx || error "can't flush ctx" + $RUNAS $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" - $RUNAS df $DIR & - DFPID=$! - echo "waiting df (pid $TOUCHPID) to finish..." - sleep 2 # give df a chance to really trigger context init rpc + $RUNAS touch $DIR/d8/f & + TOUCHPID=$! + echo "waiting for touch (pid $TOUCHPID) to finish..." + sleep 2 # give it a chance to really trigger context init rpc do_facet mds sysctl -w lustre.fail_loc=0 - wait $DFPID || error "df should have succeeded" + wait $TOUCHPID || error "touch should have succeeded" $LCTL dk | grep "Early reply #" || error "No early reply" + debugrestore + do_facet mds "echo $ATOLDBASE >> $ATHISTORY" || true } run_test 8 "Early reply sent for slow gss context negotiation" @@ -668,98 +688,6 @@ run_test 8 "Early reply sent for slow gss context negotiation" # so each test should not assume any start flavor. # -test_50() { - local sample=$TMP/sanity-gss-8 - local tdir=$MOUNT/dir8 - local iosize="256K" - local hash_algs="adler32 crc32 md5 sha1 sha256 sha384 sha512 wp256 wp384 wp512" - - # create sample file with aligned size for direct i/o - dd if=/dev/zero of=$sample bs=$iosize count=1 || error - dd conv=notrunc if=/etc/termcap of=$sample bs=$iosize count=1 || error - - rm -rf $tdir - mkdir $tdir || error "create dir $tdir" - - restore_to_default_flavor - - for alg in $hash_algs; do - echo "Testing $alg..." - flavor=krb5i-bulki:$alg/null - set_rule $FSNAME any cli2ost $flavor - wait_flavor cli2ost $flavor $cnt_cli2ost - - dd if=$sample of=$tdir/$alg oflag=direct,dsync bs=$iosize || error "$alg write" - diff $sample $tdir/$alg || error "$alg read" - done - - rm -rf $tdir - rm -f $sample -} -run_test 50 "verify bulk hash algorithms works" - -test_51() { - local s1=$TMP/sanity-gss-9.1 - local s2=$TMP/sanity-gss-9.2 - local s3=$TMP/sanity-gss-9.3 - local s4=$TMP/sanity-gss-9.4 - local tdir=$MOUNT/dir9 - local s1_size=4194304 # n * pagesize (4M) - local s2_size=512 # n * blksize - local s3_size=111 # n * blksize + m - local s4_size=5 # m - local cipher_algs="arc4 aes128 aes192 aes256 cast128 cast256 twofish128 twofish256" - - # create sample files for each situation - rm -f $s1 $s2 $s2 $s4 - dd if=/dev/urandom of=$s1 bs=1M count=4 || error - dd if=/dev/urandom of=$s2 bs=$s2_size count=1 || error - dd if=/dev/urandom of=$s3 bs=$s3_size count=1 || error - dd if=/dev/urandom of=$s4 bs=$s4_size count=1 || error - - rm -rf $tdir - mkdir $tdir || error "create dir $tdir" - - restore_to_default_flavor - - # - # different bulk data alignment will lead to different behavior of - # the implementation: (n > 0; 0 < m < encryption_block_size) - # - full page i/o - # - partial page, size = n * encryption_block_size - # - partial page, size = n * encryption_block_size + m - # - partial page, size = m - # - for alg in $cipher_algs; do - echo "Testing $alg..." - flavor=krb5p-bulkp:sha1/$alg - set_rule $FSNAME any cli2ost $flavor - wait_flavor cli2ost $flavor $cnt_cli2ost - - # sync write - dd if=$s1 of=$tdir/$alg.1 oflag=dsync bs=1M || error "write $alg.1" - dd if=$s2 of=$tdir/$alg.2 oflag=dsync || error "write $alg.2" - dd if=$s3 of=$tdir/$alg.3 oflag=dsync || error "write $alg.3" - dd if=$s4 of=$tdir/$alg.4 oflag=dsync || error "write $alg.4" - - # remount client - umount_client $MOUNT - umount_client $MOUNT2 - mount_client $MOUNT - mount_client $MOUNT2 - - # read & compare - diff $tdir/$alg.1 $s1 || error "read $alg.1" - diff $tdir/$alg.2 $s2 || error "read $alg.2" - diff $tdir/$alg.3 $s3 || error "read $alg.3" - diff $tdir/$alg.4 $s4 || error "read $alg.4" - done - - rm -rf $tdir - rm -f $sample -} -run_test 51 "bulk data alignment test under encryption mode" - test_90() { if [ "$SLOW" = "no" ]; then total=10 @@ -777,9 +705,11 @@ test_90() { sleep 2 check_dbench echo "flush ctx ($n/$total) ..." - $LFS flushctx + $LFS flushctx $MOUNT || error "can't flush context on $MOUNT" done check_dbench + #sleep to let ctxs be re-established + sleep 10 stop_dbench } run_test 90 "recoverable from losing contexts under load" @@ -787,7 +717,7 @@ run_test 90 "recoverable from losing contexts under load" test_99() { local nrule_old=0 local nrule_new=0 - local max=32 + local max=64 # # general rules @@ -799,7 +729,6 @@ test_99() { for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME elan$i any krb5n || error "set rule $i" done - set_rule $FSNAME elan100 any krb5n && error "set $max rule should fail" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME elan$i any || error "remove rule $i" done @@ -820,7 +749,6 @@ test_99() { for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME-MDT0000 elan$i any krb5i || error "set rule $i" done - set_rule $FSNAME-MDT0000 elan100 any krb5i && error "set $max rule should fail" for ((i = $nrule_old; i < $max; i++)); do set_rule $FSNAME-MDT0000 elan$i any || error "remove rule $i" done @@ -831,7 +759,7 @@ test_99() { error "general rule: $nrule_new != $nrule_old" fi } -run_test 99 "maximum sptlrpc rules limitation" +run_test 99 "set large number of sptlrpc rules" error_dbench() { @@ -939,51 +867,44 @@ run_test 100 "change security flavor on the fly under load" switch_sec_test() { - local count=$1 - local flavor0=$2 - local flavor1=$3 - local flavor2=$4 - local df_pid=0 - local wait_time=$((TIMEOUT + TIMEOUT / 4)) + local flavor0=$1 + local flavor1=$2 + local filename=$DIR/$tfile + local multiop_pid local num # - # stop gss daemon, then switch to flavor1 (which should be a gss flavor), - # and run a 'df' which should hanging, wait the request timeout and - # resend, then switch the flavor to another one. To exercise the code of - # switching ctx/sec for a resend request. + # after set to flavor0, start multop which use flavor0 rpc, and let + # server drop the reply; then switch to flavor1, the resend should be + # completed using flavor1. To exercise the code of switching ctx/sec + # for a resend request. # - echo ">>>>>>>>>>>>>>> Testing $flavor0 -> $flavor1 -> $flavor2..." + log ">>>>>>>>>>>>>>> Testing $flavor0 -> $flavor1 <<<<<<<<<<<<<<<<<<<" - echo "(0) set base flavor $flavor0" set_rule $FSNAME any cli2mdt $flavor0 - wait_flavor cli2mdt $flavor0 $count - df $MOUNT - if [ $? -ne 0 ]; then - error "initial df failed" - fi - - stop_gss_daemons + wait_flavor cli2mdt $flavor0 $cnt_cli2mdt + rm -f $filename || error "remove old $filename failed" + +#MDS_REINT = 36 +#define OBD_FAIL_PTLRPC_DROP_REQ_OPC 0x513 + do_facet $SINGLEMDS lctl set_param fail_val=36 + do_facet $SINGLEMDS lctl set_param fail_loc=0x513 + log "starting multiop" + multiop $filename m & + multiop_pid=$! + echo "multiop pid=$multiop_pid" sleep 1 - echo "(1) $flavor0 -> $flavor1" set_rule $FSNAME any cli2mdt $flavor1 - wait_flavor cli2mdt $flavor1 $count - df $MOUNT & - df_pid=$! - sleep 1 + wait_flavor cli2mdt $flavor1 $cnt_cli2mdt - echo "waiting $wait_time seconds for df ($df_pid)" - sleep $wait_time - num=`ps --no-headers -p $df_pid 2>/dev/null | wc -l` - [ $num -eq 1 ] || error "df already ended ($num)" - echo "process $df_pid is still hanging there... OK" + num=`ps --no-headers -p $multiop_pid 2>/dev/null | wc -l` + [ $num -eq 1 ] || error "multiop($multiop_pid) already ended ($num)" + echo "process $multiop_pid is still hanging there... OK" - echo "(2) set end flavor $flavor2" - set_rule $FSNAME any cli2mdt $flavor2 - wait_flavor cli2mdt $flavor2 $count - start_gss_daemons - wait $df_pid || error "df returned error" + do_facet $SINGLEMDS lctl set_param fail_loc=0 + log "waiting for multiop ($multiop_pid) to finish" + wait $multiop_pid || error "multiop returned error" } test_101() @@ -991,18 +912,18 @@ test_101() # started from default flavors restore_to_default_flavor - switch_sec_test $cnt_cli2mdt null krb5n null - switch_sec_test $cnt_cli2mdt null krb5a null - switch_sec_test $cnt_cli2mdt null krb5i null - switch_sec_test $cnt_cli2mdt null krb5p null - switch_sec_test $cnt_cli2mdt null krb5i plain - switch_sec_test $cnt_cli2mdt plain krb5p plain - switch_sec_test $cnt_cli2mdt plain krb5n krb5a - switch_sec_test $cnt_cli2mdt krb5a krb5i krb5p - switch_sec_test $cnt_cli2mdt krb5p krb5a krb5n - switch_sec_test $cnt_cli2mdt krb5n krb5p krb5i + switch_sec_test null plain + switch_sec_test plain krb5n + switch_sec_test krb5n krb5a + switch_sec_test krb5a krb5i + switch_sec_test krb5i krb5p + switch_sec_test krb5p null + switch_sec_test null krb5p + switch_sec_test krb5p krb5i + switch_sec_test krb5i plain + switch_sec_test plain krb5p } -run_test 101 "switch ctx as well as sec for resending request" +run_test 101 "switch ctx/sec for resending request" error_102() { @@ -1056,6 +977,74 @@ test_102() { } run_test 102 "survive from insanely fast flavor switch" +test_150() { + local save_opts + local count + local clients=$CLIENTS + + [ -z $clients ] && clients=$HOSTNAME + + # started from default flavors + restore_to_default_flavor + + # at this time no rules has been set on mgs; mgc use null + # flavor connect to mgs. + count=`flvr_cnt_mgc2mgs null` + [ $count -eq 1 ] || error "$count mgc connection use null flavor" + + zconf_umount_clients $clients $MOUNT || return 1 + + # mount client with conflict flavor - should fail + save_opts=$MOUNTOPT + MOUNTOPT="$MOUNTOPT,mgssec=krb5p" + zconf_mount_clients $clients $MOUNT && \ + error "mount with conflict flavor should have failed" + MOUNTOPT=$save_opts + + # mount client with same flavor - should succeed + save_opts=$MOUNTOPT + MOUNTOPT="$MOUNTOPT,mgssec=null" + zconf_mount_clients $clients $MOUNT || \ + error "mount with same flavor should have succeeded" + MOUNTOPT=$save_opts + zconf_umount_clients $clients $MOUNT || return 2 + + # mount client with default flavor - should succeed + zconf_mount_clients $clients $MOUNT || \ + error "mount with default flavor should have succeeded" +} +run_test 150 "secure mgs connection: client flavor setting" + +test_151() { + local save_opts + + # set mgs only accept krb5p + set_rule _mgs any any krb5p + + # umount everything, modules still loaded + stopall + + # mount mgs with default flavor, in current framework it means mgs+mdt1. + # the connection of mgc of mdt1 to mgs is expected fail. + DEVNAME=$(mdsdevname 1) + start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with default flavor should have failed" + + # mount with unauthorized flavor should fail + save_opts=$MDS_MOUNT_OPTS + MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=null" + start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with unauthorized flavor should have failed" + MDS_MOUNT_OPTS=$save_opts + + # mount with designated flavor should succeed + save_opts=$MDS_MOUNT_OPTS + MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=krb5p" + start mds1 $DEVNAME $MDS_MOUNT_OPTS || error "mount with designated flavor should have succeeded" + MDS_MOUNT_OPTS=$save_opts + + stop mds1 -f +} +run_test 151 "secure mgs connection: server flavor control" + equals_msg `basename $0`: test complete, cleaning up check_and_cleanup_lustre [ -f "$TESTSUITELOG" ] && cat $TESTSUITELOG && grep -q FAIL $TESTSUITELOG && exit 1 || true