3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
10 # bug number for skipped test: 19430 19967 19967
11 ALWAYS_EXCEPT=" 2 5 6 $SANITY_SEC_EXCEPT"
12 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
14 [ "$ALWAYS_EXCEPT$EXCEPT" ] && \
15 echo "Skipping tests: $ALWAYS_EXCEPT $EXCEPT"
18 export PATH=$PWD/$SRCDIR:$SRCDIR:$PWD/$SRCDIR/../utils:$PATH:/sbin
19 export NAME=${NAME:-local}
21 LUSTRE=${LUSTRE:-$(dirname $0)/..}
22 . $LUSTRE/tests/test-framework.sh
24 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
27 RUNAS_CMD=${RUNAS_CMD:-runas}
29 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
32 PERM_CONF=$CONFDIR/perm.conf
35 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
36 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
39 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
42 require_dsh_mds || exit 0
43 require_dsh_ost || exit 0
45 clients=${CLIENTS//,/ }
46 num_clients=$(get_node_count ${clients})
47 clients_arr=($clients)
51 USER0=$(grep :$ID0:$ID0: /etc/passwd | cut -d: -f1)
52 USER1=$(grep :$ID1:$ID1: /etc/passwd | cut -d: -f1)
55 skip "need to add user0 ($ID0:$ID0) to /etc/passwd" && exit 0
58 skip "need to add user1 ($ID1:$ID1) to /etc/passwd" && exit 0
60 IDBASE=${IDBASE:-60000}
62 # changes to mappings must be reflected in test 23
64 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
65 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
68 check_and_setup_lustre
71 if [ "$I_MOUNTED" = "yes" ]; then
72 cleanupall -f || error "sec_cleanup"
77 [ -z "`echo $DIR | grep $MOUNT`" ] && \
78 error "$DIR not in $MOUNT" && sec_cleanup && exit 1
80 [ `echo $MOUNT | wc -w` -gt 1 ] && \
81 echo "NAME=$MOUNT mounted more than once" && sec_cleanup && exit 0
84 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
85 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
87 echo "with GSS support"
90 echo "without GSS support"
93 MDT=$(do_facet $SINGLEMDS lctl get_param -N "mdt.\*MDT0000" |
95 [ -z "$MDT" ] && error "fail to get MDT device" && exit 1
96 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
97 IDENTITY_FLUSH=mdt.$MDT.identity_flush
98 IDENTITY_UPCALL=mdt.$MDT.identity_upcall
99 MDSSECLEVEL=mdt.$MDT.sec_level
102 if [ -z "$(lctl get_param -n llite.*.client_type | grep remote 2>/dev/null)" ]
119 if ! $RUNAS_CMD -u $user krb5_login.sh; then
120 error "$user login kerberos failed."
124 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
125 $RUNAS_CMD -u $user lfs flushctx -k
126 $RUNAS_CMD -u $user krb5_login.sh
127 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
128 error "init $user $group failed."
134 declare -a identity_old
137 for num in `seq $MDSCOUNT`; do
138 switch_identity $num true || identity_old[$num]=$?
141 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
142 sec_login $USER0 $USER0
145 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
146 sec_login $USER1 $USER1
151 # run as different user
155 chmod 0755 $DIR || error "chmod (1)"
156 rm -rf $DIR/$tdir || error "rm (1)"
157 mkdir -p $DIR/$tdir || error "mkdir (1)"
159 if [ "$CLIENT_TYPE" = "remote" ]; then
160 do_facet $SINGLEMDS "echo '* 0 normtown' > $PERM_CONF"
161 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
162 chown $USER0 $DIR/$tdir && error "chown (1)"
163 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
164 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
166 chown $USER0 $DIR/$tdir || error "chown (2)"
169 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
170 rm -f $DIR/f0 || error "rm (2)"
171 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
172 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
173 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
174 touch $DIR/$tdir/f3 || error "touch (4)"
175 chown root $DIR/$tdir || error "chown (3)"
176 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
177 chmod 0775 $DIR/$tdir || error "chmod (2)"
178 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
179 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
180 touch $DIR/$tdir/f6 || error "touch (7)"
181 rm -rf $DIR/$tdir || error "rm (3)"
183 if [ "$CLIENT_TYPE" = "remote" ]; then
184 do_facet $SINGLEMDS "rm -f $PERM_CONF"
185 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
188 run_test 0 "uid permission ============================="
192 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
194 if [ "$CLIENT_TYPE" = "remote" ]; then
195 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
196 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
202 chown $USER0 $DIR/$tdir || error "chown (1)"
203 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
204 echo "enable uid $ID1 setuid"
205 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
206 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
207 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
209 chown root $DIR/$tdir || error "chown (4)"
210 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
211 chmod 0770 $DIR/$tdir || error "chmod (6)"
212 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
213 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
214 echo "enable uid $ID1 setuid,setgid"
215 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
216 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
217 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
219 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
224 do_facet $SINGLEMDS "rm -f $PERM_CONF"
225 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
227 run_test 1 "setuid/gid ============================="
229 run_rmtacl_subtest() {
230 $SAVE_PWD/rmtacl/run $SAVE_PWD/rmtacl/$1.test
235 # for remote client only
237 [ "$CLIENT_TYPE" = "local" ] && \
238 skip "remote_acl for remote client only" && return
239 [ -z "$(lctl get_param -n mdc.*-mdc-*.connect_flags | grep ^acl)" ] && \
240 skip "must have acl enabled" && return
241 [ -z "$(which setfacl 2>/dev/null)" ] && \
242 skip "could not find setfacl" && return
243 [ "$UID" != 0 ] && skip "must run as root" && return
245 do_facet $SINGLEMDS "echo '* 0 rmtacl,rmtown' > $PERM_CONF"
246 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
250 sec_login daemon daemon
251 sec_login games users
257 echo "performing cp ..."
258 run_rmtacl_subtest cp || error "cp"
259 echo "performing getfacl-noacl..."
260 run_rmtacl_subtest getfacl-noacl || error "getfacl-noacl"
261 echo "performing misc..."
262 run_rmtacl_subtest misc || error "misc"
263 echo "performing permissions..."
264 run_rmtacl_subtest permissions || error "permissions"
265 echo "performing setfacl..."
266 run_rmtacl_subtest setfacl || error "setfacl"
268 # inheritance test got from HP
269 echo "performing inheritance..."
270 cp $SAVE_PWD/rmtacl/make-tree .
272 run_rmtacl_subtest inheritance || error "inheritance"
278 do_facet $SINGLEMDS "rm -f $PERM_CONF"
279 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
281 run_test 2 "rmtacl ============================="
284 # root_squash will be redesigned in Lustre 1.7
286 skip "root_squash will be redesigned in Lustre 1.7" && return
288 run_test 3 "rootsquash ============================="
290 # bug 3285 - supplementary group should always succeed.
291 # NB: the supplementary groups are set for local client only,
292 # as for remote client, the groups of the specified uid on MDT
293 # will be obtained by upcall /sbin/l_getidentity and used.
295 if [ "$CLIENT_TYPE" = "remote" ]; then
296 do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF"
297 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
302 chmod 0771 $DIR/$tdir
303 chgrp $ID0 $DIR/$tdir
304 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
305 if [ "$CLIENT_TYPE" = "local" ]; then
306 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
307 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
308 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
309 error "setgroups (2)"
311 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
314 do_facet $SINGLEMDS "rm -f $PERM_CONF"
315 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
317 run_test 4 "set supplementary group ==============="
324 squash_id default 99 0
325 squash_id default 99 1
326 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
327 if ! do_facet mgs $LCTL nodemap_add \
328 ${HOSTNAME_CHECKSUM}_${i}; then
331 out=$(do_facet mgs $LCTL get_param \
332 nodemap.${HOSTNAME_CHECKSUM}_${i}.id)
333 ## This needs to return zero if the following statement is 1
334 rc=$(echo $out | grep -c ${HOSTNAME_CHECKSUM}_${i})
335 [[ $rc == 0 ]] && return 1
345 for ((i = 0; i < NODEMAP_COUNT; i++)); do
346 if ! do_facet mgs $LCTL nodemap_del \
347 ${HOSTNAME_CHECKSUM}_${i}; then
348 error "nodemap_del ${HOSTNAME_CHECKSUM}_${i} \
352 out=$(do_facet mgs $LCTL get_param \
353 nodemap.${HOSTNAME_CHECKSUM}_${i}.id)
354 rc=$(echo $out | grep -c ${HOSTNAME_CHECKSUM}_${i})
355 [[ $rc != 0 ]] && return 1
362 local cmd="$LCTL nodemap_add_range"
366 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
367 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
368 if ! do_facet mgs $cmd --name $1 \
378 local cmd="$LCTL nodemap_del_range"
382 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
383 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
384 if ! do_facet mgs $cmd --name $1 \
398 local cmd="$LCTL nodemap_add_idmap"
401 for ((i = 0; i < NODEMAP_COUNT; i++)); do
402 for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
405 if ! do_facet mgs $cmd \
406 --name ${HOSTNAME_CHECKSUM}_${i} \
407 --idtype uid --idmap $client_id:$fs_id; then
410 if ! do_facet mgs $cmd \
411 --name ${HOSTNAME_CHECKSUM}_${i} \
412 --idtype gid --idmap $client_id:$fs_id; then
426 local cmd="$LCTL nodemap_del_idmap"
429 for ((i = 0; i < NODEMAP_COUNT; i++)); do
430 for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
433 if ! do_facet mgs $cmd \
434 --name ${HOSTNAME_CHECKSUM}_${i} \
435 --idtype uid --idmap $client_id:$fs_id; then
438 if ! do_facet mgs $cmd \
439 --name ${HOSTNAME_CHECKSUM}_${i} \
440 --idtype gid --idmap $client_id:$fs_id; then
453 local cmd="$LCTL nodemap_modify"
456 proc[0]="admin_nodemap"
457 proc[1]="trusted_nodemap"
461 for ((idx = 0; idx < 2; idx++)); do
462 if ! do_facet mgs $cmd --name $1 \
463 --property ${option[$idx]} \
468 if ! do_facet mgs $cmd --name $1 \
469 --property ${option[$idx]} \
481 cmd[0]="$LCTL nodemap_modify --property squash_uid"
482 cmd[1]="$LCTL nodemap_modify --property squash_gid"
484 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
489 # ensure that the squash defaults are the expected defaults
490 squash_id default 99 0
491 squash_id default 99 1
496 cmd="$LCTL nodemap_test_nid"
498 nid=$(do_facet mgs $cmd $1)
500 if [ $nid == $2 ]; then
511 local cmd="$LCTL nodemap_test_id"
514 ## nodemap deactivated
515 if ! do_facet mgs lctl nodemap_activate 0; then
518 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
519 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
520 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
521 fs_id=$(do_facet mgs $cmd --nid $nid \
522 --idtype uid --id $id)
523 if [ $fs_id != $id ]; then
524 echo "expected $id, got $fs_id"
531 if ! do_facet mgs lctl nodemap_activate 1; then
535 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
536 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
537 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
538 fs_id=$(do_facet mgs $cmd --nid $nid \
539 --idtype uid --id $id)
540 expected_id=$((id + 1))
541 if [ $fs_id != $expected_id ]; then
542 echo "expected $expected_id, got $fs_id"
549 for ((i = 0; i < NODEMAP_COUNT; i++)); do
550 if ! do_facet mgs $LCTL nodemap_modify \
551 --name ${HOSTNAME_CHECKSUM}_${i} \
552 --property trusted --value 1; then
553 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
559 for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
560 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
561 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
562 fs_id=$(do_facet mgs $cmd --nid $nid \
563 --idtype uid --id $id)
564 if [ $fs_id != $id ]; then
565 echo "expected $id, got $fs_id"
571 ## ensure allow_root_access is enabled
572 for ((i = 0; i < NODEMAP_COUNT; i++)); do
573 if ! do_facet mgs $LCTL nodemap_modify \
574 --name ${HOSTNAME_CHECKSUM}_${i} \
575 --property admin --value 1; then
576 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
582 ## check that root allowed
583 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
584 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
585 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
586 if [ $fs_id != 0 ]; then
587 echo "root allowed expected 0, got $fs_id"
592 ## ensure allow_root_access is disabled
593 for ((i = 0; i < NODEMAP_COUNT; i++)); do
594 if ! do_facet mgs $LCTL nodemap_modify \
595 --name ${HOSTNAME_CHECKSUM}_${i} \
596 --property admin --value 0; then
597 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
603 ## check that root is mapped to 99
604 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
605 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
606 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
607 if [ $fs_id != 99 ]; then
608 error "root squash expected 99, got $fs_id"
613 ## reset client trust to 0
614 for ((i = 0; i < NODEMAP_COUNT; i++)); do
615 if ! do_facet mgs $LCTL nodemap_modify \
616 --name ${HOSTNAME_CHECKSUM}_${i} \
617 --property trusted --value 0; then
618 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
630 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
631 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
632 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
637 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
641 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 2
645 run_test 7 "nodemap create and delete"
650 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
651 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
652 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
659 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
665 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
671 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 3
675 run_test 8 "nodemap reject duplicates"
681 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
682 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
683 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
689 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
692 for ((i = 0; i < NODEMAP_COUNT; i++)); do
693 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
697 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
700 for ((i = 0; i < NODEMAP_COUNT; i++)); do
701 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
705 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
710 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 4
714 run_test 9 "nodemap range add"
719 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
720 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
721 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
727 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
730 for ((i = 0; i < NODEMAP_COUNT; i++)); do
731 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
735 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
738 for ((i = 0; i < NODEMAP_COUNT; i++)); do
739 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
743 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
748 for ((i = 0; i < NODEMAP_COUNT; i++)); do
749 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
753 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
757 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 5
761 run_test 10 "nodemap reject duplicate ranges"
766 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
767 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
768 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
774 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
777 for ((i = 0; i < NODEMAP_COUNT; i++)); do
778 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
782 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
787 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
791 run_test 11 "nodemap modify"
796 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
797 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
798 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
804 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
807 for ((i = 0; i < NODEMAP_COUNT; i++)); do
808 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
812 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
815 for ((i = 0; i < NODEMAP_COUNT; i++)); do
816 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
820 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
825 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
829 run_test 12 "nodemap set squash ids"
834 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
835 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
836 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
842 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
845 for ((i = 0; i < NODEMAP_COUNT; i++)); do
846 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
850 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
853 for ((i = 0; i < NODEMAP_COUNT; i++)); do
854 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
855 for k in $NODEMAP_IPADDR_LIST; do
856 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
857 ${HOSTNAME_CHECKSUM}_${i}; then
863 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
868 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
872 run_test 13 "test nids"
877 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
878 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
879 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
885 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
888 for ((i = 0; i < NODEMAP_COUNT; i++)); do
889 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
890 for k in $NODEMAP_IPADDR_LIST; do
891 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
898 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
903 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
907 run_test 14 "test default nodemap nid lookup"
912 remote_mgs_nodsh && skip "remote MGS with nodsh" && return
913 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
914 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
920 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
923 for ((i = 0; i < NODEMAP_COUNT; i++)); do
924 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
928 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
933 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
938 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
943 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 5
948 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 6
952 run_test 15 "test id mapping"
954 # Until nodemaps are distributed by MGS, they need to be distributed manually
955 # This function and all calls to it should be removed once the MGS distributes
956 # nodemaps to the MDS and OSS nodes directly.
957 do_servers_not_mgs() {
958 local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE)
959 for node in $(all_server_nodes); do
960 local node_ip=$(host_nids_address $node $NETTYPE)
961 [ $node_ip == $mgs_ip ] && continue
966 create_fops_nodemaps() {
969 for client in $clients; do
970 local client_ip=$(host_nids_address $client $NETTYPE)
971 local client_nid=$(h2$NETTYPE $client_ip)
972 do_facet mgs $LCTL nodemap_add c${i} || return 1
973 do_facet mgs $LCTL nodemap_add_range \
974 --name c${i} --range $client_nid || return 1
975 do_servers_not_mgs $LCTL set_param nodemap.add_nodemap=c${i} ||
977 do_servers_not_mgs "$LCTL set_param \
978 nodemap.add_nodemap_range='c${i} $client_nid'" ||
980 for map in ${FOPS_IDMAPS[i]}; do
981 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
982 --idtype uid --idmap ${map} || return 1
983 do_servers_not_mgs "$LCTL set_param \
984 nodemap.add_nodemap_idmap='c$i uid ${map}'" ||
986 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
987 --idtype gid --idmap ${map} || return 1
988 do_servers_not_mgs "$LCTL set_param \
989 nodemap.add_nodemap_idmap='c$i gid ${map}'" ||
992 out1=$(do_facet mgs $LCTL get_param nodemap.c${i}.idmap)
993 out2=$(do_facet ost0 $LCTL get_param nodemap.c${i}.idmap)
994 [ "$out1" != "$out2" ] && error "mgs and oss maps mismatch"
1000 delete_fops_nodemaps() {
1003 for client in $clients; do
1004 do_facet mgs $LCTL nodemap_del c${i} || return 1
1005 do_servers_not_mgs $LCTL set_param nodemap.remove_nodemap=c$i ||
1014 if [ $MDSCOUNT -le 1 ]; then
1015 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1017 # round-robin MDTs to test DNE nodemap support
1018 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1019 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1020 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1021 ((fops_mds_index++))
1025 # acl test directory needs to be initialized on a privileged client
1027 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1028 local trust=$(do_facet mgs $LCTL get_param -n \
1029 nodemap.c0.trusted_nodemap)
1031 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1032 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1033 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1034 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1036 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1038 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1040 do_facet mgs $LCTL nodemap_modify --name c0 \
1041 --property admin --value $admin
1042 do_facet mgs $LCTL nodemap_modify --name c0 \
1043 --property trusted --value $trust
1044 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=$admin
1045 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=$trust
1047 # flush MDT locks to make sure they are reacquired before test
1048 do_node ${clients_arr[0]} lctl set_param \
1049 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1052 do_create_delete() {
1055 local testfile=$DIR/$tdir/$tfile
1059 if $run_u touch $testfile >& /dev/null; then
1061 $run_u rm $testfile && d=1
1065 local expected=$(get_cr_del_expected $key)
1066 [ "$res" != "$expected" ] && error "test $key expected " \
1067 "$expected, got $res" && rc=$(($rc+1))
1071 nodemap_check_quota() {
1073 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1076 do_fops_quota_test() {
1078 # fuzz quota used to account for possible indirect blocks, etc
1079 local quota_fuzz=$(fs_log_size)
1080 local qused_orig=$(nodemap_check_quota "$run_u")
1081 local qused_high=$((qused_orig + quota_fuzz))
1082 local qused_low=$((qused_orig - quota_fuzz))
1083 local testfile=$DIR/$tdir/$tfile
1084 chmod 777 $DIR/$tdir
1085 $run_u dd if=/dev/zero of=$testfile bs=1M count=1 >& /dev/null
1086 sync; sync_all_data || true
1088 local qused_new=$(nodemap_check_quota "$run_u")
1089 [ $((qused_new)) -lt $((qused_low + 1024)) \
1090 -o $((qused_new)) -gt $((qused_high + 1024)) ] &&
1091 error "$qused_new != $qused_orig + 1M after write, \
1092 fuzz is $quota_fuzz"
1093 $run_u rm $testfile && d=1
1094 $NODEMAP_TEST_QUOTA && wait_delete_completed_mds
1096 qused_new=$(nodemap_check_quota "$run_u")
1097 [ $((qused_new)) -lt $((qused_low)) \
1098 -o $((qused_new)) -gt $((qused_high)) ] &&
1099 error "quota not reclaimed, expect $qused_orig got $qused_new, \
1103 get_fops_mapped_user() {
1106 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1107 for map in ${FOPS_IDMAPS[i]}; do
1108 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1109 cut -d: -f2 <<< "$map"
1117 get_cr_del_expected() {
1119 IFS=":" read -a key <<< "$1"
1120 local mapmode="${key[0]}"
1121 local mds_user="${key[1]}"
1122 local cluster="${key[2]}"
1123 local cli_user="${key[3]}"
1124 local mode="0${key[4]}"
1131 [[ $mapmode == *mapped* ]] && mapped=1
1132 # only c1 is mapped in these test cases
1133 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1134 [[ $mapmode == *noadmin* ]] && noadmin=1
1136 # o+wx works as long as the user isn't mapped
1137 if [ $((mode & 3)) -eq 3 ]; then
1141 # if client user is root, check if root is squashed
1142 if [ "$cli_user" == "0" ]; then
1143 # squash root succeed, if other bit is on
1146 1) [ "$other" == "1" ] && echo $SUCCESS
1147 [ "$other" == "0" ] && echo $FAILURE;;
1151 if [ "$mapped" == "0" ]; then
1152 [ "$other" == "1" ] && echo $SUCCESS
1153 [ "$other" == "0" ] && echo $FAILURE
1157 # if mapped user is mds user, check for u+wx
1158 mapped_user=$(get_fops_mapped_user $cli_user)
1159 [ "$mapped_user" == "-1" ] &&
1160 error "unable to find mapping for client user $cli_user"
1162 if [ "$mapped_user" == "$mds_user" -a \
1163 $(((mode & 0300) == 0300)) -eq 1 ]; then
1167 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1176 local single_client="$2"
1177 local client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1178 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1181 local perm_bit_list="0 3 $((0300)) $((0303))"
1182 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1183 [ "$SLOW" == "yes" ] &&
1184 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1187 # step through mds users. -1 means root
1188 for mds_i in -1 0 1 2; do
1189 local user=$((mds_i + IDBASE))
1193 [ "$mds_i" == "-1" ] && user=0
1195 echo mkdir -p $DIR/$tdir
1198 for client in $clients; do
1200 local admin=$(do_facet mgs $LCTL get_param -n \
1201 nodemap.c$cli_i.admin_nodemap)
1202 for u in ${client_user_list[$cli_i]}; do
1203 local run_u="do_node $client \
1204 $RUNAS_CMD -u$u -g$u -G$u"
1205 for perm_bits in $perm_bit_list; do
1206 local mode=$(printf %03o $perm_bits)
1208 key="$mapmode:$user:c$cli_i:$u:$mode"
1209 do_facet mgs $LCTL nodemap_modify \
1213 do_servers_not_mgs $LCTL set_param \
1214 nodemap.c$cli_i.admin_nodemap=1
1215 do_node $client chmod $mode $DIR/$tdir \
1216 || error unable to chmod $key
1217 do_facet mgs $LCTL nodemap_modify \
1221 do_servers_not_mgs $LCTL set_param \
1222 nodemap.c$cli_i.admin_nodemap=$admin
1224 do_create_delete "$run_u" "$key"
1228 do_fops_quota_test "$run_u"
1231 cli_i=$((cli_i + 1))
1232 [ "$single_client" == "1" ] && break
1239 nodemap_version_check () {
1240 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1241 [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
1242 skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
1247 nodemap_test_setup() {
1249 local active_nodemap=$1
1251 do_nodes $(comma_list $(all_mdts_nodes)) $LCTL set_param \
1252 mdt.*.identity_upcall=NONE
1255 create_fops_nodemaps
1257 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1259 if [ "$active_nodemap" == "0" ]; then
1260 do_facet mgs $LCTL set_param nodemap.active=0
1261 do_servers_not_mgs $LCTL set_param nodemap.active=0
1265 do_facet mgs $LCTL nodemap_activate 1
1266 do_servers_not_mgs $LCTL set_param nodemap.active=1
1267 do_facet mgs $LCTL nodemap_modify --name default \
1268 --property admin --value 1
1269 do_facet mgs $LCTL nodemap_modify --name default \
1270 --property trusted --value 1
1271 do_servers_not_mgs $LCTL set_param nodemap.default.admin_nodemap=1
1272 do_servers_not_mgs $LCTL set_param nodemap.default.trusted_nodemap=1
1275 nodemap_test_cleanup() {
1277 delete_fops_nodemaps
1279 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1284 nodemap_clients_admin_trusted() {
1288 for client in $clients; do
1289 do_facet mgs $LCTL nodemap_modify --name c0 \
1290 --property admin --value $admin
1291 do_servers_not_mgs $LCTL set_param \
1292 nodemap.c${i}.admin_nodemap=$admin
1293 do_facet mgs $LCTL nodemap_modify --name c0 \
1294 --property trusted --value $tr
1295 do_servers_not_mgs $LCTL set_param \
1296 nodemap.c${i}.trusted_nodemap=$tr
1302 nodemap_version_check || return 0
1303 nodemap_test_setup 0
1305 trap nodemap_test_cleanup EXIT
1307 nodemap_test_cleanup
1309 run_test 16 "test nodemap all_off fileops"
1312 nodemap_version_check || return 0
1315 trap nodemap_test_cleanup EXIT
1316 nodemap_clients_admin_trusted 0 1
1317 test_fops trusted_noadmin 1
1318 nodemap_test_cleanup
1320 run_test 17 "test nodemap trusted_noadmin fileops"
1323 nodemap_version_check || return 0
1326 trap nodemap_test_cleanup EXIT
1327 nodemap_clients_admin_trusted 0 0
1328 test_fops mapped_noadmin 1
1329 nodemap_test_cleanup
1331 run_test 18 "test nodemap mapped_noadmin fileops"
1334 nodemap_version_check || return 0
1337 trap nodemap_test_cleanup EXIT
1338 nodemap_clients_admin_trusted 1 1
1339 test_fops trusted_admin 1
1340 nodemap_test_cleanup
1342 run_test 19 "test nodemap trusted_admin fileops"
1345 nodemap_version_check || return 0
1348 trap nodemap_test_cleanup EXIT
1349 nodemap_clients_admin_trusted 1 0
1350 test_fops mapped_admin 1
1351 nodemap_test_cleanup
1353 run_test 20 "test nodemap mapped_admin fileops"
1356 nodemap_version_check || return 0
1359 trap nodemap_test_cleanup EXIT
1362 for client in $clients; do
1363 do_facet mgs $LCTL nodemap_modify --name c${i} \
1364 --property admin --value 0
1365 do_facet mgs $LCTL nodemap_modify --name c${i} \
1366 --property trusted --value $x
1367 do_servers_not_mgs $LCTL set_param \
1368 nodemap.c${i}.admin_nodemap=0
1369 do_servers_not_mgs $LCTL set_param \
1370 nodemap.c${i}.trusted_nodemap=$x
1374 test_fops mapped_trusted_noadmin
1375 nodemap_test_cleanup
1377 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1380 nodemap_version_check || return 0
1383 trap nodemap_test_cleanup EXIT
1386 for client in $clients; do
1387 do_facet mgs $LCTL nodemap_modify --name c${i} \
1388 --property admin --value 1
1389 do_facet mgs $LCTL nodemap_modify --name c${i} \
1390 --property trusted --value $x
1391 do_servers_not_mgs $LCTL set_param \
1392 nodemap.c${i}.admin_nodemap=1
1393 do_servers_not_mgs $LCTL set_param \
1394 nodemap.c${i}.trusted_nodemap=$x
1398 test_fops mapped_trusted_admin
1399 nodemap_test_cleanup
1401 run_test 22 "test nodemap mapped_trusted_admin fileops"
1403 # acl test directory needs to be initialized on a privileged client
1404 nodemap_acl_test_setup() {
1405 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1406 local trust=$(do_facet mgs $LCTL get_param -n \
1407 nodemap.c0.trusted_nodemap)
1409 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1410 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1411 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1412 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1414 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1416 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1417 error unable to chmod a+rwx test dir $DIR/$tdir
1419 do_facet mgs $LCTL nodemap_modify --name c0 \
1420 --property admin --value $admin
1421 do_facet mgs $LCTL nodemap_modify --name c0 \
1422 --property trusted --value $trust
1423 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=$admin
1424 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=$trust
1428 # returns 0 if the number of ACLs does not change on the second (mapped) client
1429 # after being set on the first client
1430 nodemap_acl_test() {
1432 local set_client="$2"
1433 local get_client="$3"
1434 local check_setfacl="$4"
1435 local setfacl_error=0
1436 local testfile=$DIR/$tdir/$tfile
1437 local RUNAS_USER="$RUNAS_CMD -u $user"
1439 local acl_count_post=0
1441 nodemap_acl_test_setup
1444 do_node $set_client $RUNAS_USER touch $testfile
1446 # ACL masks aren't filtered by nodemap code, so we ignore them
1447 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1449 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1452 # if check setfacl is set to 1, then it's supposed to error
1453 if [ "$check_setfacl" == "1" ]; then
1454 [ "$setfacl_error" != "1" ] && return 1
1457 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1459 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1461 [ $acl_count -eq $acl_count_post ] && return 0
1466 nodemap_version_check || return 0
1469 trap nodemap_test_cleanup EXIT
1470 # 1 trusted cluster, 1 mapped cluster
1471 local unmapped_fs=$((IDBASE+0))
1472 local unmapped_c1=$((IDBASE+5))
1473 local mapped_fs=$((IDBASE+2))
1474 local mapped_c0=$((IDBASE+4))
1475 local mapped_c1=$((IDBASE+6))
1477 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1478 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1479 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=1
1480 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=1
1482 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1483 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1484 do_servers_not_mgs $LCTL set_param nodemap.c1.admin_nodemap=0
1485 do_servers_not_mgs $LCTL set_param nodemap.c1.trusted_nodemap=0
1487 # setfacl on trusted cluster to unmapped user, verify it's not seen
1488 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1489 error "acl count (1)"
1491 # setfacl on trusted cluster to mapped user, verify it's seen
1492 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1493 error "acl count (2)"
1495 # setfacl on mapped cluster to mapped user, verify it's seen
1496 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1497 error "acl count (3)"
1499 # setfacl on mapped cluster to unmapped user, verify error
1500 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1501 error "acl count (4)"
1504 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1505 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1506 do_servers_not_mgs $LCTL set_param nodemap.c0.admin_nodemap=0
1507 do_servers_not_mgs $LCTL set_param nodemap.c0.trusted_nodemap=0
1509 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1510 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1511 error "acl count (5)"
1513 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1514 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1515 error "acl count (6)"
1517 nodemap_test_cleanup
1519 run_test 23 "test mapped ACLs"
1521 log "cleanup: ======================================================"
1524 ## nodemap deactivated
1525 do_facet mgs lctl nodemap_activate 0
1527 for num in $(seq $MDSCOUNT); do
1528 if [ "${identity_old[$num]}" = 1 ]; then
1529 switch_identity $num false || identity_old[$num]=$?
1533 $RUNAS_CMD -u $ID0 ls $DIR
1534 $RUNAS_CMD -u $ID1 ls $DIR
git://git.whamcloud.com / fs / lustre-release.git / blob