X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Ftests%2Fsanity-sec.sh;h=fe1db87cdc99600fa035c5d5d7ceaf3f4b82e181;hb=47e905f602b6d4ce85d835491a5ca820bd75d769;hp=b65f72224013a2f392be9f51a553e90b599c5932;hpb=cefa8cda2ba2d288ccaa4ec077a6c627592503ea;p=fs%2Flustre-release.git diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index b65f722..fe1db87 100644 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -7,7 +7,12 @@ set -e ONLY=${ONLY:-"$*"} -[ "$EXCEPT" ] && echo "Skipping tests: `echo $EXCEPT`" +# bug number for skipped test: 19430 19967 19967 +ALWAYS_EXCEPT=" 2 5 6 $SANITY_SEC_EXCEPT" +# UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT! + +[ "$ALWAYS_EXCEPT$EXCEPT" ] && \ + echo "Skipping tests: $ALWAYS_EXCEPT $EXCEPT" SRCDIR=`dirname $0` export PATH=$PWD/$SRCDIR:$SRCDIR:$PWD/$SRCDIR/../utils:$PATH:/sbin @@ -42,6 +47,12 @@ USER1=`cat /etc/passwd|grep :$ID1:$ID1:|cut -d: -f1` check_and_setup_lustre +sec_cleanup() { + if [ "$I_MOUNTED" = "yes" ]; then + cleanupall -f || error "sec_cleanup" + fi +} + DIR=${DIR:-$MOUNT} [ -z "`echo $DIR | grep $MOUNT`" ] && \ error "$DIR not in $MOUNT" && sec_cleanup && exit 1 @@ -62,17 +73,13 @@ else echo "without GSS support" fi -MDT="`do_facet $SINGLEMDS "lctl get_param -N mdt.\*MDT\*/stats 2>/dev/null | cut -d"." -f2" || true`" -if [ ! -z "$MDT" ]; then - do_facet $SINGLEMDS "mkdir -p $CONFDIR" - IDENTITY_FLUSH=mdt.$MDT.identity_flush - MDSCAPA=mdt.$MDT.capa - CAPA_TIMEOUT=mdt.$MDT.capa_timeout - MDSSECLEVEL=mdt.$MDT.sec_level - LOCALMDT=$MDT -else - LOCALMDT="" -fi +MDT="`do_facet $SINGLEMDS "lctl get_param -N mdt.\*MDT\*.stats 2>/dev/null | cut -d"." -f2" || true`" +[ -z "$MDT" ] && error "fail to get MDT device" && exit 1 +do_facet $SINGLEMDS "mkdir -p $CONFDIR" +IDENTITY_FLUSH=mdt.$MDT.identity_flush +MDSCAPA=mdt.$MDT.capa +CAPA_TIMEOUT=mdt.$MDT.capa_timeout +MDSSECLEVEL=mdt.$MDT.sec_level # for CLIENT_TYPE if [ -z "$(lctl get_param -n llite.*.client_type | grep remote 2>/dev/null)" ]; then @@ -128,11 +135,10 @@ test_0() { umask 0022 chmod 0755 $DIR || error "chmod (1)" - rm -rf $DIR/* || error "rm (1)" + rm -rf $DIR/$tdir || error "rm (1)" mkdir -p $DIR/$tdir || error "mkdir (1)" if [ "$CLIENT_TYPE" = "remote" ]; then - [ -z "$MDT" ] && skip "do not support do_facet operations." && return do_facet $SINGLEMDS "echo '* 0 normtown' > $PERM_CONF" do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" chown $USER0 $DIR/$tdir && error "chown (1)" @@ -154,7 +160,7 @@ test_0() { $RUNAS -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)" $RUNAS -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)" touch $DIR/$tdir/f6 || error "touch (7)" - rm -rf $DIR/* || error "rm (3)" + rm -rf $DIR/$tdir || error "rm (3)" if [ "$CLIENT_TYPE" = "remote" ]; then do_facet $SINGLEMDS "rm -f $PERM_CONF" @@ -166,7 +172,6 @@ run_test 0 "uid permission =============================" # setuid/gid test_1() { [ $GSS_SUP = 0 ] && skip "without GSS support." && return - [ -z "$MDT" ] && skip "do not support do_facet operations." && return if [ "$CLIENT_TYPE" = "remote" ]; then do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF" @@ -216,7 +221,6 @@ test_2 () { [ -z "$(which setfacl 2>/dev/null)" ] && \ skip "could not find setfacl" && return [ "$UID" != 0 ] && skip "must run as root" && return - [ -z "$MDT" ] && skip "do not support do_facet operations." && return do_facet $SINGLEMDS "echo '* 0 rmtacl,rmtown' > $PERM_CONF" do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" @@ -269,7 +273,6 @@ run_test 3 "rootsquash =============================" # will be obtained by upcall /sbin/l_getidentity and used. test_4() { if [ "$CLIENT_TYPE" = "remote" ]; then - [ -z "$MDT" ] && skip "do not support do_facet operations." && return do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF" do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" fi @@ -280,19 +283,15 @@ test_4() { chgrp $ID0 $DIR/$tdir $RUNAS -u $ID0 ls $DIR/$tdir || error "setgroups (1)" if [ "$CLIENT_TYPE" = "local" ]; then - if [ ! -z "$MDT" ]; then - do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - $RUNAS -u $ID1 -G1,2,$ID0 ls $DIR/$tdir || error "setgroups (2)" - fi + do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF" + do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" + $RUNAS -u $ID1 -G1,2,$ID0 ls $DIR/$tdir || error "setgroups (2)" fi $RUNAS -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)" rm -rf $DIR/$tdir - if [ ! -z "$MDT" ]; then - do_facet $SINGLEMDS "rm -f $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - fi + do_facet $SINGLEMDS "rm -f $PERM_CONF" + do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" } run_test 4 "set supplementary group ===============" @@ -425,8 +424,11 @@ test_5() { local file=$DIR/f5 [ $GSS_SUP = 0 ] && skip "without GSS support." && return - [ -z "$MDT" ] && skip "do not support do_facet operations." && return - [ ! -z "$LOCALMDT" ] && skip "client should be separated from server." && return + if ! remote_mds; then + skip "client should be separated from server." + return + fi + rm -f $file turn_capability_off @@ -493,8 +495,10 @@ test_6() { local file=$DIR/f6 [ $GSS_SUP = 0 ] && skip "without GSS support." && return - [ -z "$MDT" ] && skip "do not support do_facet operations." && return - [ ! -z "$LOCALMDT" ] && skip "client should be separated from server." && return + if ! remote_mds; then + skip "client should be separated from server." + return + fi turn_capability_off if [ $? != 0 ]; then @@ -565,11 +569,6 @@ sec_unsetup() { } sec_unsetup -sec_cleanup() { - if [ "$I_MOUNTED" = "yes" ]; then - cleanupall -f || error "sec_cleanup" - fi -} sec_cleanup echo '=========================== finished ==============================='