3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
10 # bug number for skipped test: 19430 19967 19967
11 ALWAYS_EXCEPT=" 2 5 6 $SANITY_SEC_EXCEPT"
12 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
15 export PATH=$PWD/$SRCDIR:$SRCDIR:$PWD/$SRCDIR/../utils:$PATH:/sbin
16 export NAME=${NAME:-local}
18 LUSTRE=${LUSTRE:-$(dirname $0)/..}
19 . $LUSTRE/tests/test-framework.sh
21 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
24 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
26 [ "$ALWAYS_EXCEPT$EXCEPT$EXCEPT_SLOW" ] &&
27 echo "Skipping tests: $ALWAYS_EXCEPT $EXCEPT $EXCEPT_SLOW"
29 RUNAS_CMD=${RUNAS_CMD:-runas}
31 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
34 PERM_CONF=$CONFDIR/perm.conf
37 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
38 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
41 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
44 require_dsh_mds || exit 0
45 require_dsh_ost || exit 0
47 clients=${CLIENTS//,/ }
48 num_clients=$(get_node_count ${clients})
49 clients_arr=($clients)
53 USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
54 USER1=$(getent passwd | grep :$ID1:$ID1: | cut -d: -f1)
57 skip "need to add user0 ($ID0:$ID0)" && exit 0
60 skip "need to add user1 ($ID1:$ID1)" && exit 0
62 IDBASE=${IDBASE:-60000}
64 # changes to mappings must be reflected in test 23
66 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
67 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
70 check_and_setup_lustre
73 if [ "$I_MOUNTED" = "yes" ]; then
74 cleanupall -f || error "sec_cleanup"
79 [ -z "$(echo $DIR | grep $MOUNT)" ] &&
80 error "$DIR not in $MOUNT" && sec_cleanup && exit 1
82 [ $(echo $MOUNT | wc -w) -gt 1 ] &&
83 echo "NAME=$MOUNT mounted more than once" && sec_cleanup && exit 0
86 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
87 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
89 echo "with GSS support"
92 echo "without GSS support"
95 MDT=$(do_facet $SINGLEMDS lctl get_param -N "mdt.\*MDT0000" |
97 [ -z "$MDT" ] && error "fail to get MDT device" && exit 1
98 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
99 IDENTITY_FLUSH=mdt.$MDT.identity_flush
100 IDENTITY_UPCALL=mdt.$MDT.identity_upcall
101 MDSSECLEVEL=mdt.$MDT.sec_level
104 if [ -z "$(lctl get_param -n llite.*.client_type | grep remote 2>/dev/null)" ]
121 if ! $RUNAS_CMD -u $user krb5_login.sh; then
122 error "$user login kerberos failed."
126 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
127 $RUNAS_CMD -u $user lfs flushctx -k
128 $RUNAS_CMD -u $user krb5_login.sh
129 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
130 error "init $user $group failed."
136 declare -a identity_old
139 for num in $(seq $MDSCOUNT); do
140 switch_identity $num true || identity_old[$num]=$?
143 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
144 sec_login $USER0 $USER0
147 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
148 sec_login $USER1 $USER1
153 # run as different user
157 chmod 0755 $DIR || error "chmod (1)"
158 rm -rf $DIR/$tdir || error "rm (1)"
159 mkdir -p $DIR/$tdir || error "mkdir (1)"
161 if [ "$CLIENT_TYPE" = "remote" ]; then
162 do_facet $SINGLEMDS "echo '* 0 normtown' > $PERM_CONF"
163 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
164 chown $USER0 $DIR/$tdir && error "chown (1)"
165 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
166 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
168 chown $USER0 $DIR/$tdir || error "chown (2)"
171 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
172 rm -f $DIR/f0 || error "rm (2)"
173 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
174 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
175 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
176 touch $DIR/$tdir/f3 || error "touch (4)"
177 chown root $DIR/$tdir || error "chown (3)"
178 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
179 chmod 0775 $DIR/$tdir || error "chmod (2)"
180 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
181 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
182 touch $DIR/$tdir/f6 || error "touch (7)"
183 rm -rf $DIR/$tdir || error "rm (3)"
185 if [ "$CLIENT_TYPE" = "remote" ]; then
186 do_facet $SINGLEMDS "rm -f $PERM_CONF"
187 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
190 run_test 0 "uid permission ============================="
194 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
196 if [ "$CLIENT_TYPE" = "remote" ]; then
197 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
198 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
204 chown $USER0 $DIR/$tdir || error "chown (1)"
205 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
206 echo "enable uid $ID1 setuid"
207 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
208 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
209 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
211 chown root $DIR/$tdir || error "chown (4)"
212 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
213 chmod 0770 $DIR/$tdir || error "chmod (6)"
214 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
215 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
216 echo "enable uid $ID1 setuid,setgid"
217 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
218 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
219 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
221 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
226 do_facet $SINGLEMDS "rm -f $PERM_CONF"
227 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
229 run_test 1 "setuid/gid ============================="
231 run_rmtacl_subtest() {
232 $SAVE_PWD/rmtacl/run $SAVE_PWD/rmtacl/$1.test
237 # for remote client only
239 [ "$CLIENT_TYPE" = "local" ] &&
240 skip "remote_acl for remote client only" && return
241 [ -z "$(lctl get_param -n mdc.*-mdc-*.connect_flags | grep ^acl)" ] &&
242 skip "must have acl enabled" && return
243 [ -z "$(which setfacl 2>/dev/null)" ] &&
244 skip "could not find setfacl" && return
245 [ "$UID" != 0 ] && skip "must run as root" && return
247 do_facet $SINGLEMDS "echo '* 0 rmtacl,rmtown' > $PERM_CONF"
248 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
252 sec_login daemon daemon
253 sec_login games users
259 echo "performing cp ..."
260 run_rmtacl_subtest cp || error "cp"
261 echo "performing getfacl-noacl..."
262 run_rmtacl_subtest getfacl-noacl || error "getfacl-noacl"
263 echo "performing misc..."
264 run_rmtacl_subtest misc || error "misc"
265 echo "performing permissions..."
266 run_rmtacl_subtest permissions || error "permissions"
267 echo "performing setfacl..."
268 run_rmtacl_subtest setfacl || error "setfacl"
270 # inheritance test got from HP
271 echo "performing inheritance..."
272 cp $SAVE_PWD/rmtacl/make-tree .
274 run_rmtacl_subtest inheritance || error "inheritance"
280 do_facet $SINGLEMDS "rm -f $PERM_CONF"
281 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
283 run_test 2 "rmtacl ============================="
285 # bug 3285 - supplementary group should always succeed.
286 # NB: the supplementary groups are set for local client only,
287 # as for remote client, the groups of the specified uid on MDT
288 # will be obtained by upcall /sbin/l_getidentity and used.
290 local server_version=$(lustre_version_code $SINGLEMDS)
292 [[ $server_version -ge $(version_code 2.6.93) ]] ||
293 [[ $server_version -ge $(version_code 2.5.35) &&
294 $server_version -lt $(version_code 2.5.50) ]] ||
295 { skip "Need MDS version at least 2.6.93 or 2.5.35"; return; }
297 if [ "$CLIENT_TYPE" = "remote" ]; then
298 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
299 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
304 chmod 0771 $DIR/$tdir
305 chgrp $ID0 $DIR/$tdir
306 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
307 if [ "$CLIENT_TYPE" = "local" ]; then
308 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
309 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
310 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
311 error "setgroups (2)"
313 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
316 do_facet $SINGLEMDS "rm -f $PERM_CONF"
317 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
319 run_test 4 "set supplementary group ==============="
326 squash_id default 99 0
327 squash_id default 99 1
328 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
329 local csum=${HOSTNAME_CHECKSUM}_${i}
331 if ! do_facet mgs $LCTL nodemap_add $csum; then
335 out=$(do_facet mgs $LCTL get_param nodemap.$csum.id)
336 ## This needs to return zero if the following statement is 1
337 [[ $(echo $out | grep -c $csum) == 0 ]] && return 1
346 for ((i = 0; i < NODEMAP_COUNT; i++)); do
347 local csum=${HOSTNAME_CHECKSUM}_${i}
349 if ! do_facet mgs $LCTL nodemap_del $csum; then
350 error "nodemap_del $csum failed with $?"
354 out=$(do_facet mgs $LCTL get_param nodemap.$csum.id)
355 [[ $(echo $out | grep -c $csum) != 0 ]] && return 1
362 local cmd="$LCTL nodemap_add_range"
366 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
367 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
368 if ! do_facet mgs $cmd --name $1 --range $range; then
377 local cmd="$LCTL nodemap_del_range"
381 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
382 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
383 if ! do_facet mgs $cmd --name $1 --range $range; then
393 local cmd="$LCTL nodemap_add_idmap"
396 for ((i = 0; i < NODEMAP_COUNT; i++)); do
399 for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
400 local csum=${HOSTNAME_CHECKSUM}_${i}
402 local fs_id=$((j + 1))
404 if ! do_facet mgs $cmd --name $csum --idtype uid \
405 --idmap $client_id:$fs_id; then
408 if ! do_facet mgs $cmd --name $csum --idtype gid \
409 --idmap $client_id:$fs_id; then
420 local cmd="$LCTL nodemap_del_idmap"
423 for ((i = 0; i < NODEMAP_COUNT; i++)); do
426 for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
427 local csum=${HOSTNAME_CHECKSUM}_${i}
429 local fs_id=$((j + 1))
431 if ! do_facet mgs $cmd --name $csum --idtype uid \
432 --idmap $client_id:$fs_id; then
435 if ! do_facet mgs $cmd --name $csum --idtype gid \
436 --idmap $client_id:$fs_id; then
449 local cmd="$LCTL nodemap_modify"
452 proc[0]="admin_nodemap"
453 proc[1]="trusted_nodemap"
457 for ((idx = 0; idx < 2; idx++)); do
458 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
463 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
473 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
474 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
478 cmd[0]="$LCTL nodemap_modify --property squash_uid"
479 cmd[1]="$LCTL nodemap_modify --property squash_gid"
481 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
486 # ensure that the squash defaults are the expected defaults
487 squash_id default 99 0
488 squash_id default 99 1
493 cmd="$LCTL nodemap_test_nid"
495 nid=$(do_facet mgs $cmd $1)
497 if [ $nid == $2 ]; then
506 local cmd="$LCTL nodemap_test_id"
509 ## nodemap deactivated
510 if ! do_facet mgs $LCTL nodemap_activate 0; then
513 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
516 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
517 local nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
518 local fs_id=$(do_facet mgs $cmd --nid $nid \
519 --idtype uid --id $id)
520 if [ $fs_id != $id ]; then
521 echo "expected $id, got $fs_id"
528 if ! do_facet mgs $LCTL nodemap_activate 1; then
532 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
533 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
534 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
535 fs_id=$(do_facet mgs $cmd --nid $nid \
536 --idtype uid --id $id)
537 expected_id=$((id + 1))
538 if [ $fs_id != $expected_id ]; then
539 echo "expected $expected_id, got $fs_id"
546 for ((i = 0; i < NODEMAP_COUNT; i++)); do
547 local csum=${HOSTNAME_CHECKSUM}_${i}
549 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
550 --property trusted --value 1; then
551 error "nodemap_modify $csum failed with $?"
556 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
557 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
558 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
559 fs_id=$(do_facet mgs $cmd --nid $nid \
560 --idtype uid --id $id)
561 if [ $fs_id != $id ]; then
562 echo "expected $id, got $fs_id"
568 ## ensure allow_root_access is enabled
569 for ((i = 0; i < NODEMAP_COUNT; i++)); do
570 local csum=${HOSTNAME_CHECKSUM}_${i}
572 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
573 --property admin --value 1; then
574 error "nodemap_modify $csum failed with $?"
579 ## check that root allowed
580 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
581 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
582 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
583 if [ $fs_id != 0 ]; then
584 echo "root allowed expected 0, got $fs_id"
589 ## ensure allow_root_access is disabled
590 for ((i = 0; i < NODEMAP_COUNT; i++)); do
591 local csum=${HOSTNAME_CHECKSUM}_${i}
593 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
594 --property admin --value 0; then
595 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
601 ## check that root is mapped to 99
602 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
603 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
604 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
605 if [ $fs_id != 99 ]; then
606 error "root squash expected 99, got $fs_id"
611 ## reset client trust to 0
612 for ((i = 0; i < NODEMAP_COUNT; i++)); do
613 if ! do_facet mgs $LCTL nodemap_modify \
614 --name ${HOSTNAME_CHECKSUM}_${i} \
615 --property trusted --value 0; then
616 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
628 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
629 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
630 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
635 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
639 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 2
643 run_test 7 "nodemap create and delete"
648 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
649 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
650 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
657 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
663 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
669 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 3
673 run_test 8 "nodemap reject duplicates"
679 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
680 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
681 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
687 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
690 for ((i = 0; i < NODEMAP_COUNT; i++)); do
691 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
695 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
698 for ((i = 0; i < NODEMAP_COUNT; i++)); do
699 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
703 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
708 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 4
712 run_test 9 "nodemap range add"
717 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
718 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
719 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
725 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
728 for ((i = 0; i < NODEMAP_COUNT; i++)); do
729 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
733 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
736 for ((i = 0; i < NODEMAP_COUNT; i++)); do
737 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
741 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
746 for ((i = 0; i < NODEMAP_COUNT; i++)); do
747 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
751 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
755 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 5
759 run_test 10 "nodemap reject duplicate ranges"
764 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
765 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
766 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
772 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
775 for ((i = 0; i < NODEMAP_COUNT; i++)); do
776 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
780 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
785 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
789 run_test 11 "nodemap modify"
794 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
795 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
796 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
802 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
805 for ((i = 0; i < NODEMAP_COUNT; i++)); do
806 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
810 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
813 for ((i = 0; i < NODEMAP_COUNT; i++)); do
814 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
818 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
823 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
827 run_test 12 "nodemap set squash ids"
832 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
833 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
834 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
840 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
843 for ((i = 0; i < NODEMAP_COUNT; i++)); do
844 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
848 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
851 for ((i = 0; i < NODEMAP_COUNT; i++)); do
852 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
853 for k in $NODEMAP_IPADDR_LIST; do
854 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
855 ${HOSTNAME_CHECKSUM}_${i}; then
861 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
866 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
870 run_test 13 "test nids"
875 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
876 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
877 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
883 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
886 for ((i = 0; i < NODEMAP_COUNT; i++)); do
887 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
888 for k in $NODEMAP_IPADDR_LIST; do
889 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
896 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
901 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
905 run_test 14 "test default nodemap nid lookup"
910 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
911 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
912 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
918 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
921 for ((i = 0; i < NODEMAP_COUNT; i++)); do
922 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
926 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
931 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
936 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
941 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 5
946 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 6
950 run_test 15 "test id mapping"
952 # Until nodemaps are distributed by MGS, they need to be distributed manually
953 # This function and all calls to it should be removed once the MGS distributes
954 # nodemaps to the MDS and OSS nodes directly.
955 do_servers_not_mgs() {
956 local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE)
957 for node in $(all_server_nodes); do
958 local node_ip=$(host_nids_address $node $NETTYPE)
959 [ $node_ip == $mgs_ip ] && continue
964 create_fops_nodemaps() {
967 for client in $clients; do
968 local client_ip=$(host_nids_address $client $NETTYPE)
969 local client_nid=$(h2$NETTYPE $client_ip)
970 do_facet mgs $LCTL nodemap_add c${i} || return 1
971 do_facet mgs $LCTL nodemap_add_range \
972 --name c${i} --range $client_nid || return 1
973 do_servers_not_mgs $LCTL set_param nodemap.add_nodemap=c${i} ||
975 do_servers_not_mgs "$LCTL set_param " \
976 "nodemap.add_nodemap_range='c${i} $client_nid'" ||
978 for map in ${FOPS_IDMAPS[i]}; do
979 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
980 --idtype uid --idmap ${map} || return 1
981 do_servers_not_mgs "$LCTL set_param " \
982 "nodemap.add_nodemap_idmap='c$i uid ${map}'" ||
984 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
985 --idtype gid --idmap ${map} || return 1
986 do_servers_not_mgs "$LCTL set_param " \
987 " nodemap.add_nodemap_idmap='c$i gid ${map}'" ||
990 out1=$(do_facet mgs $LCTL get_param nodemap.c${i}.idmap)
991 out2=$(do_facet ost0 $LCTL get_param nodemap.c${i}.idmap)
992 [ "$out1" != "$out2" ] && error "mgs and oss maps mismatch"
998 delete_fops_nodemaps() {
1001 for client in $clients; do
1002 do_facet mgs $LCTL nodemap_del c${i} || return 1
1003 do_servers_not_mgs $LCTL set_param nodemap.remove_nodemap=c$i ||
1012 if [ $MDSCOUNT -le 1 ]; then
1013 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1015 # round-robin MDTs to test DNE nodemap support
1016 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1017 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1018 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1019 ((fops_mds_index++))
1023 # acl test directory needs to be initialized on a privileged client
1025 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1026 local trust=$(do_facet mgs $LCTL get_param -n \
1027 nodemap.c0.trusted_nodemap)
1029 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1030 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1031 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1032 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1034 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1036 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1038 do_facet mgs $LCTL nodemap_modify --name c0 \
1039 --property admin --value $admin
1040 do_facet mgs $LCTL nodemap_modify --name c0 \
1041 --property trusted --value $trust
1042 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=$admin
1043 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=$trust
1045 # flush MDT locks to make sure they are reacquired before test
1046 do_node ${clients_arr[0]} $LCTL set_param \
1047 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1050 do_create_delete() {
1053 local testfile=$DIR/$tdir/$tfile
1057 if $run_u touch $testfile >& /dev/null; then
1059 $run_u rm $testfile && d=1
1063 local expected=$(get_cr_del_expected $key)
1064 [ "$res" != "$expected" ] &&
1065 error "test $key, wanted $expected, got $res" && rc=$((rc + 1))
1069 nodemap_check_quota() {
1071 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1074 do_fops_quota_test() {
1076 # fuzz quota used to account for possible indirect blocks, etc
1077 local quota_fuzz=$(fs_log_size)
1078 local qused_orig=$(nodemap_check_quota "$run_u")
1079 local qused_high=$((qused_orig + quota_fuzz))
1080 local qused_low=$((qused_orig - quota_fuzz))
1081 local testfile=$DIR/$tdir/$tfile
1082 chmod 777 $DIR/$tdir
1083 $run_u dd if=/dev/zero of=$testfile bs=1M count=1 >& /dev/null
1084 sync; sync_all_data || true
1086 local qused_new=$(nodemap_check_quota "$run_u")
1087 [ $((qused_new)) -lt $((qused_low + 1024)) -o \
1088 $((qused_new)) -gt $((qused_high + 1024)) ] &&
1089 error "$qused_new != $qused_orig + 1M after write, " \
1090 "fuzz is $quota_fuzz"
1091 $run_u rm $testfile && d=1
1092 $NODEMAP_TEST_QUOTA && wait_delete_completed_mds
1094 qused_new=$(nodemap_check_quota "$run_u")
1095 [ $((qused_new)) -lt $((qused_low)) \
1096 -o $((qused_new)) -gt $((qused_high)) ] &&
1097 error "quota not reclaimed, expect $qused_orig, " \
1098 "got $qused_new, fuzz $quota_fuzz"
1101 get_fops_mapped_user() {
1104 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1105 for map in ${FOPS_IDMAPS[i]}; do
1106 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1107 cut -d: -f2 <<< "$map"
1115 get_cr_del_expected() {
1117 IFS=":" read -a key <<< "$1"
1118 local mapmode="${key[0]}"
1119 local mds_user="${key[1]}"
1120 local cluster="${key[2]}"
1121 local cli_user="${key[3]}"
1122 local mode="0${key[4]}"
1129 [[ $mapmode == *mapped* ]] && mapped=1
1130 # only c1 is mapped in these test cases
1131 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1132 [[ $mapmode == *noadmin* ]] && noadmin=1
1134 # o+wx works as long as the user isn't mapped
1135 if [ $((mode & 3)) -eq 3 ]; then
1139 # if client user is root, check if root is squashed
1140 if [ "$cli_user" == "0" ]; then
1141 # squash root succeed, if other bit is on
1144 1) [ "$other" == "1" ] && echo $SUCCESS
1145 [ "$other" == "0" ] && echo $FAILURE;;
1149 if [ "$mapped" == "0" ]; then
1150 [ "$other" == "1" ] && echo $SUCCESS
1151 [ "$other" == "0" ] && echo $FAILURE
1155 # if mapped user is mds user, check for u+wx
1156 mapped_user=$(get_fops_mapped_user $cli_user)
1157 [ "$mapped_user" == "-1" ] &&
1158 error "unable to find mapping for client user $cli_user"
1160 if [ "$mapped_user" == "$mds_user" -a \
1161 $(((mode & 0300) == 0300)) -eq 1 ]; then
1165 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1174 local single_client="$2"
1175 local client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1176 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1179 local perm_bit_list="0 3 $((0300)) $((0303))"
1180 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1181 [ "$SLOW" == "yes" ] &&
1182 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1185 # step through mds users. -1 means root
1186 for mds_i in -1 0 1 2; do
1187 local user=$((mds_i + IDBASE))
1191 [ "$mds_i" == "-1" ] && user=0
1193 echo mkdir -p $DIR/$tdir
1196 for client in $clients; do
1198 local admin=$(do_facet mgs $LCTL get_param -n \
1199 nodemap.c$cli_i.admin_nodemap)
1200 for u in ${client_user_list[$cli_i]}; do
1201 local run_u="do_node $client \
1202 $RUNAS_CMD -u$u -g$u -G$u"
1203 for perm_bits in $perm_bit_list; do
1204 local mode=$(printf %03o $perm_bits)
1206 key="$mapmode:$user:c$cli_i:$u:$mode"
1207 do_facet mgs $LCTL nodemap_modify \
1211 do_servers_not_mgs $LCTL set_param \
1212 nodemap.c$cli_i.admin_nodemap=1
1213 do_node $client chmod $mode $DIR/$tdir \
1214 || error unable to chmod $key
1215 do_facet mgs $LCTL nodemap_modify \
1219 do_servers_not_mgs $LCTL set_param \
1220 nodemap.c$cli_i.admin_nodemap=$admin
1222 do_create_delete "$run_u" "$key"
1226 do_fops_quota_test "$run_u"
1229 cli_i=$((cli_i + 1))
1230 [ "$single_client" == "1" ] && break
1237 nodemap_version_check () {
1238 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1239 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
1240 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
1245 nodemap_test_setup() {
1247 local active_nodemap=$1
1249 do_nodes $(comma_list $(all_mdts_nodes)) \
1250 $LCTL set_param mdt.*.identity_upcall=NONE
1253 create_fops_nodemaps
1255 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1257 if [ "$active_nodemap" == "0" ]; then
1258 do_facet mgs $LCTL set_param nodemap.active=0
1259 do_servers_not_mgs $LCTL set_param nodemap.active=0
1263 do_facet mgs $LCTL nodemap_activate 1
1264 do_servers_not_mgs $LCTL set_param nodemap.active=1
1265 do_facet mgs $LCTL nodemap_modify --name default \
1266 --property admin --value 1
1267 do_facet mgs $LCTL nodemap_modify --name default \
1268 --property trusted --value 1
1269 do_servers_not_mgs $LCTL set_param nodemap.default.admin_nodemap=1
1270 do_servers_not_mgs $LCTL set_param nodemap.default.trusted_nodemap=1
1273 nodemap_test_cleanup() {
1275 delete_fops_nodemaps
1277 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1282 nodemap_clients_admin_trusted() {
1286 for client in $clients; do
1287 do_facet mgs $LCTL nodemap_modify --name c0 \
1288 --property admin --value $admin
1289 do_servers_not_mgs $LCTL set_param \
1290 nodemap.c${i}.admin_nodemap=$admin
1291 do_facet mgs $LCTL nodemap_modify --name c0 \
1292 --property trusted --value $tr
1293 do_servers_not_mgs $LCTL set_param \
1294 nodemap.c${i}.trusted_nodemap=$tr
1300 nodemap_version_check || return 0
1301 nodemap_test_setup 0
1303 trap nodemap_test_cleanup EXIT
1305 nodemap_test_cleanup
1307 run_test 16 "test nodemap all_off fileops"
1310 nodemap_version_check || return 0
1313 trap nodemap_test_cleanup EXIT
1314 nodemap_clients_admin_trusted 0 1
1315 test_fops trusted_noadmin 1
1316 nodemap_test_cleanup
1318 run_test 17 "test nodemap trusted_noadmin fileops"
1321 nodemap_version_check || return 0
1324 trap nodemap_test_cleanup EXIT
1325 nodemap_clients_admin_trusted 0 0
1326 test_fops mapped_noadmin 1
1327 nodemap_test_cleanup
1329 run_test 18 "test nodemap mapped_noadmin fileops"
1332 nodemap_version_check || return 0
1335 trap nodemap_test_cleanup EXIT
1336 nodemap_clients_admin_trusted 1 1
1337 test_fops trusted_admin 1
1338 nodemap_test_cleanup
1340 run_test 19 "test nodemap trusted_admin fileops"
1343 nodemap_version_check || return 0
1346 trap nodemap_test_cleanup EXIT
1347 nodemap_clients_admin_trusted 1 0
1348 test_fops mapped_admin 1
1349 nodemap_test_cleanup
1351 run_test 20 "test nodemap mapped_admin fileops"
1354 nodemap_version_check || return 0
1357 trap nodemap_test_cleanup EXIT
1360 for client in $clients; do
1361 do_facet mgs $LCTL nodemap_modify --name c${i} \
1362 --property admin --value 0
1363 do_facet mgs $LCTL nodemap_modify --name c${i} \
1364 --property trusted --value $x
1365 do_servers_not_mgs $LCTL set_param \
1366 nodemap.c${i}.admin_nodemap=0
1367 do_servers_not_mgs $LCTL set_param \
1368 nodemap.c${i}.trusted_nodemap=$x
1372 test_fops mapped_trusted_noadmin
1373 nodemap_test_cleanup
1375 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1378 nodemap_version_check || return 0
1381 trap nodemap_test_cleanup EXIT
1384 for client in $clients; do
1385 do_facet mgs $LCTL nodemap_modify --name c${i} \
1386 --property admin --value 1
1387 do_facet mgs $LCTL nodemap_modify --name c${i} \
1388 --property trusted --value $x
1389 do_servers_not_mgs $LCTL set_param \
1390 nodemap.c${i}.admin_nodemap=1
1391 do_servers_not_mgs $LCTL set_param \
1392 nodemap.c${i}.trusted_nodemap=$x
1396 test_fops mapped_trusted_admin
1397 nodemap_test_cleanup
1399 run_test 22 "test nodemap mapped_trusted_admin fileops"
1401 # acl test directory needs to be initialized on a privileged client
1402 nodemap_acl_test_setup() {
1403 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1404 local trust=$(do_facet mgs $LCTL get_param -n \
1405 nodemap.c0.trusted_nodemap)
1407 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1408 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1409 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1410 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1412 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1414 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1415 error unable to chmod a+rwx test dir $DIR/$tdir
1417 do_facet mgs $LCTL nodemap_modify --name c0 \
1418 --property admin --value $admin
1419 do_facet mgs $LCTL nodemap_modify --name c0 \
1420 --property trusted --value $trust
1421 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=$admin
1422 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=$trust
1426 # returns 0 if the number of ACLs does not change on the second (mapped) client
1427 # after being set on the first client
1428 nodemap_acl_test() {
1430 local set_client="$2"
1431 local get_client="$3"
1432 local check_setfacl="$4"
1433 local setfacl_error=0
1434 local testfile=$DIR/$tdir/$tfile
1435 local RUNAS_USER="$RUNAS_CMD -u $user"
1437 local acl_count_post=0
1439 nodemap_acl_test_setup
1442 do_node $set_client $RUNAS_USER touch $testfile
1444 # ACL masks aren't filtered by nodemap code, so we ignore them
1445 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1447 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1450 # if check setfacl is set to 1, then it's supposed to error
1451 if [ "$check_setfacl" == "1" ]; then
1452 [ "$setfacl_error" != "1" ] && return 1
1455 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1457 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1459 [ $acl_count -eq $acl_count_post ] && return 0
1464 nodemap_version_check || return 0
1467 trap nodemap_test_cleanup EXIT
1468 # 1 trusted cluster, 1 mapped cluster
1469 local unmapped_fs=$((IDBASE+0))
1470 local unmapped_c1=$((IDBASE+5))
1471 local mapped_fs=$((IDBASE+2))
1472 local mapped_c0=$((IDBASE+4))
1473 local mapped_c1=$((IDBASE+6))
1475 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1476 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1477 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1478 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1480 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1481 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1482 do_servers_not_mgs $LCTL set_param nodemap.c1.admin_nodemap=0
1483 do_servers_not_mgs $LCTL set_param nodemap.c1.trusted_nodemap=0
1485 # setfacl on trusted cluster to unmapped user, verify it's not seen
1486 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1487 error "acl count (1)"
1489 # setfacl on trusted cluster to mapped user, verify it's seen
1490 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1491 error "acl count (2)"
1493 # setfacl on mapped cluster to mapped user, verify it's seen
1494 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1495 error "acl count (3)"
1497 # setfacl on mapped cluster to unmapped user, verify error
1498 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1499 error "acl count (4)"
1502 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1503 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1504 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=0
1505 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=0
1507 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1508 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1509 error "acl count (5)"
1511 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1512 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1513 error "acl count (6)"
1515 nodemap_test_cleanup
1517 run_test 23 "test mapped ACLs"
1522 trap nodemap_test_cleanup EXIT
1523 do_nodes $(comma_list $(all_server_nodes)) $LCTL get_param -R nodemap ||
1524 error "proc readable file read failed"
1526 nodemap_test_cleanup
1528 run_test 24 "check nodemap proc files for LBUGs and Oopses"
1531 nodemap_version_check || return 0
1534 trap nodemap_test_cleanup EXIT
1535 local tmpfile=$(mktemp)
1536 do_facet mgs $LCTL nodemap_info > $tmpfile
1537 cleanup_and_setup_lustre
1538 diff -q <(do_facet mgs $LCTL nodemap_info) $tmpfile >& /dev/null ||
1539 error "nodemap_info diff after remount"
1541 nodemap_test_cleanup
1544 run_test 25 "test save and reload nodemap config"
1547 nodemap_version_check || return 0
1551 for ((i = 0; i < large_i; i++)); do
1552 ((i % 1000 == 0)) && echo $i
1553 do_facet mgs $LCTL nodemap_add c$i ||
1554 error "cannot add nodemap $i to config"
1557 for ((i = 0; i < large_i; i++)); do
1558 ((i % 1000 == 0)) && echo $i
1559 do_facet mgs $LCTL nodemap_del c$i ||
1560 error "cannot delete nodemap $i from config"
1563 run_test 26 "test transferring very large nodemap"
1565 log "cleanup: ======================================================"
1568 ## nodemap deactivated
1569 do_facet mgs $LCTL nodemap_activate 0
1571 for num in $(seq $MDSCOUNT); do
1572 if [ "${identity_old[$num]}" = 1 ]; then
1573 switch_identity $num false || identity_old[$num]=$?
1577 $RUNAS_CMD -u $ID0 ls $DIR
1578 $RUNAS_CMD -u $ID1 ls $DIR
git://git.whamcloud.com / fs / lustre-release.git / blob