set -e
ONLY=${ONLY:-"$*"}
-# bug number for skipped test:
-ALWAYS_EXCEPT=" $SANITY_SEC_EXCEPT"
-# UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
-
-SRCDIR=$(dirname $0)
-export PATH=$PWD/$SRCDIR:$SRCDIR:$PWD/$SRCDIR/../utils:$PATH:/sbin
-export NAME=${NAME:-local}
LUSTRE=${LUSTRE:-$(dirname $0)/..}
. $LUSTRE/tests/test-framework.sh
init_test_env $@
-. ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
+
init_logging
+ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT "
+# bug number for skipped test:
+ALWAYS_EXCEPT+=" "
+# UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
+
+[ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
+
NODEMAP_TESTS=$(seq 7 26)
if ! check_versions; then
EXCEPT="$EXCEPT $NODEMAP_TESTS"
fi
-[ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
-
-[ "$ALWAYS_EXCEPT$EXCEPT$EXCEPT_SLOW" ] &&
- echo "Skipping tests: $ALWAYS_EXCEPT $EXCEPT $EXCEPT_SLOW"
+build_test_filter
RUNAS_CMD=${RUNAS_CMD:-runas}
SAVE_PWD=$PWD
-build_test_filter
-
sec_login() {
local user=$1
local group=$2
# as for remote client, the groups of the specified uid on MDT
# will be obtained by upcall /sbin/l_getidentity and used.
test_4() {
- local server_version=$(lustre_version_code $SINGLEMDS)
-
- [[ $server_version -ge $(version_code 2.6.93) ]] ||
- [[ $server_version -ge $(version_code 2.5.35) &&
- $server_version -lt $(version_code 2.5.50) ]] ||
- { skip "Need MDS version at least 2.6.93 or 2.5.35"; return; }
+ [[ "$MDS1_VERSION" -ge $(version_code 2.6.93) ]] ||
+ [[ "$MDS1_VERSION" -ge $(version_code 2.5.35) &&
+ "$MDS1_VERSION" -lt $(version_code 2.5.50) ]] ||
+ skip "Need MDS version at least 2.6.93 or 2.5.35"
rm -rf $DIR/$tdir
mkdir -p $DIR/$tdir
local rc
squash_id default 99 0
+ wait_nm_sync default squash_uid '' inactive
squash_id default 99 1
+ wait_nm_sync default squash_gid '' inactive
for (( i = 0; i < NODEMAP_COUNT; i++ )); do
local csum=${HOSTNAME_CHECKSUM}_${i}
- if ! do_facet mgs $LCTL nodemap_add $csum; then
- return 1
+ do_facet mgs $LCTL nodemap_add $csum
+ rc=$?
+ if [ $rc -ne 0 ]; then
+ echo "nodemap_add $csum failed with $rc"
+ return $rc
fi
out=$(do_facet mgs $LCTL get_param nodemap.$csum.id)
## This needs to return zero if the following statement is 1
[[ $(echo $out | grep -c $csum) == 0 ]] && return 1
done
+ for (( i = 0; i < NODEMAP_COUNT; i++ )); do
+ local csum=${HOSTNAME_CHECKSUM}_${i}
+
+ wait_nm_sync $csum id '' inactive
+ done
return 0
}
out=$(do_facet mgs $LCTL get_param nodemap.$csum.id 2>/dev/null)
[[ $(echo $out | grep -c $csum) != 0 ]] && return 1
done
+ for (( i = 0; i < NODEMAP_COUNT; i++ )); do
+ local csum=${HOSTNAME_CHECKSUM}_${i}
+
+ wait_nm_sync $csum id '' inactive
+ done
return 0
}
}
update_idmaps() { #LU-10040
- [ $(lustre_version_code mgs) -lt $(version_code 2.10.55) ] &&
- skip "Need MGS >= 2.10.55" &&
- return
+ [ "$MGS_VERSION" -lt $(version_code 2.10.55) ] &&
+ skip "Need MGS >= 2.10.55"
+
local csum=${HOSTNAME_CHECKSUM}_0
local old_id_client=$ID0
local old_id_fs=$((ID0 + 1))
}
squash_id() {
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
+
local cmd
cmd[0]="$LCTL nodemap_modify --property squash_uid"
fi
}
+wait_nm_sync() {
+ local nodemap_name=$1
+ local key=$2
+ local value=$3
+ local opt=$4
+ local proc_param
+ local is_active=$(do_facet mgs $LCTL get_param -n nodemap.active)
+ local max_retries=20
+ local is_sync
+ local out1=""
+ local out2
+ local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE | cut -d' ' -f1)
+ local i
+
+ if [ "$nodemap_name" == "active" ]; then
+ proc_param="active"
+ elif [ -z "$key" ]; then
+ proc_param=${nodemap_name}
+ else
+ proc_param="${nodemap_name}.${key}"
+ fi
+ if [ "$opt" == "inactive" ]; then
+ # check nm sync even if nodemap is not activated
+ is_active=1
+ opt=""
+ fi
+ (( is_active == 0 )) && [ "$proc_param" != "active" ] && return
+
+ if [ -z "$value" ]; then
+ out1=$(do_facet mgs $LCTL get_param $opt \
+ nodemap.${proc_param} 2>/dev/null)
+ echo "On MGS ${mgs_ip}, ${proc_param} = $out1"
+ else
+ out1=$value;
+ fi
+
+ # wait up to 10 seconds for other servers to sync with mgs
+ for i in $(seq 1 10); do
+ for node in $(all_server_nodes); do
+ local node_ip=$(host_nids_address $node $NETTYPE |
+ cut -d' ' -f1)
+
+ is_sync=true
+ if [ -z "$value" ]; then
+ [ $node_ip == $mgs_ip ] && continue
+ fi
+
+ out2=$(do_node $node_ip $LCTL get_param $opt \
+ nodemap.$proc_param 2>/dev/null)
+ echo "On $node ${node_ip}, ${proc_param} = $out2"
+ [ "$out1" != "$out2" ] && is_sync=false && break
+ done
+ $is_sync && break
+ sleep 1
+ done
+ if ! $is_sync; then
+ echo MGS
+ echo $out1
+ echo OTHER - IP: $node_ip
+ echo $out2
+ error "mgs and $nodemap_name ${key} mismatch, $i attempts"
+ fi
+ echo "waited $((i - 1)) seconds for sync"
+}
+
# ensure that the squash defaults are the expected defaults
squash_id default 99 0
+wait_nm_sync default squash_uid '' inactive
squash_id default 99 1
+wait_nm_sync default squash_gid '' inactive
test_nid() {
local cmd
return 1
}
+cleanup_active() {
+ # restore activation state
+ do_facet mgs $LCTL nodemap_activate 0
+ wait_nm_sync active
+}
+
test_idmap() {
local i
local cmd="$LCTL nodemap_test_id"
test_7() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
create_nodemaps
rc=$?
- [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+ [[ $rc != 0 ]] && error "nodemap_add failed with $rc"
delete_nodemaps
rc=$?
- [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 2
+ [[ $rc != 0 ]] && error "nodemap_del failed with $rc"
return 0
}
test_8() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
# Set up nodemaps
local i
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
test_10a() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
run_test 10a "nodemap reject duplicate ranges"
test_10b() {
- [ $(lustre_version_code mgs) -lt $(version_code 2.10.53) ] &&
- skip "Need MGS >= 2.10.53" && return
+ [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
+ skip "Need MGS >= 2.10.53"
local nm1="nodemap1"
local nm2="nodemap2"
run_test 10b "delete range from the correct nodemap"
test_10c() { #LU-8912
- [ $(lustre_version_code mgs) -lt $(version_code 2.10.57) ] &&
- skip "Need MGS >= 2.10.57" && return
+ [ "$MGS_VERSION" -lt $(version_code 2.10.57) ] &&
+ skip "Need MGS >= 2.10.57"
local nm="nodemap_lu8912"
local nid_range="10.210.[32-47].[0-255]@o2ib3"
run_test 10c "verfify contiguous range support"
test_10d() { #LU-8913
- [ $(lustre_version_code mgs) -lt $(version_code 2.10.59) ] &&
- skip "Need MGS >= 2.10.59" && return
+ [ "$MGS_VERSION" -lt $(version_code 2.10.59) ] &&
+ skip "Need MGS >= 2.10.59"
local nm="nodemap_lu8913"
local nid_range="*@o2ib3"
test_11() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
test_12() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
test_13() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
test_14() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
test_15() {
local rc
- remote_mgs_nodsh && skip "remote MGS with nodsh" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
- return
+ remote_mgs_nodsh && skip "remote MGS with nodsh"
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
rc=0
create_nodemaps
rc=$?
[[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
+ activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
+ if [[ "$activedefault" != "1" ]]; then
+ stack_trap cleanup_active EXIT
+ fi
+
rc=0
test_idmap
rc=$?
}
run_test 15 "test id mapping"
-wait_nm_sync() {
- local nodemap_name=$1
- local key=$2
- local value=$3
- local opt=$4
- local proc_param
- local is_active=$(do_facet mgs $LCTL get_param -n nodemap.active)
- local max_retries=20
- local is_sync
- local out1=""
- local out2
- local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE | cut -d' ' -f1)
- local i
-
- if [ "$nodemap_name" == "active" ]; then
- proc_param="active"
- elif [ -z "$key" ]; then
- proc_param=${nodemap_name}
- else
- proc_param="${nodemap_name}.${key}"
- fi
- (( is_active == 0 )) && [ "$proc_param" != "active" ] && return
-
- if [ -z "$value" ]; then
- out1=$(do_facet mgs $LCTL get_param $opt nodemap.${proc_param})
- echo "On MGS ${mgs_ip}, ${proc_param} = $out1"
- else
- out1=$value;
- fi
-
- # wait up to 10 seconds for other servers to sync with mgs
- for i in $(seq 1 10); do
- for node in $(all_server_nodes); do
- local node_ip=$(host_nids_address $node $NETTYPE |
- cut -d' ' -f1)
-
- is_sync=true
- if [ -z "$value" ]; then
- [ $node_ip == $mgs_ip ] && continue
- fi
-
- out2=$(do_node $node_ip $LCTL get_param $opt \
- nodemap.$proc_param 2>/dev/null)
- echo "On $node ${node_ip}, ${proc_param} = $out2"
- [ "$out1" != "$out2" ] && is_sync=false && break
- done
- $is_sync && break
- sleep 1
- done
- if ! $is_sync; then
- echo MGS
- echo $out1
- echo OTHER - IP: $node_ip
- echo $out2
- error "mgs and $nodemap_name ${key} mismatch, $i attempts"
- fi
- echo "waited $((i - 1)) seconds for sync"
-}
-
create_fops_nodemaps() {
local i=0
local client
nodemap_version_check () {
remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
- [ $(lustre_version_code mgs) -lt $(version_code 2.5.53) ] &&
- skip "No nodemap on $(lustre_build_version mgs) MGS < 2.5.53" &&
+ [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
+ skip "No nodemap on $MGS_VERSION MGS < 2.5.53" &&
return 1
return 0
}
test_17() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
test_18() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
test_19() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
test_20() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
test_21() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
test_22() {
if $SHARED_KEY &&
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
skip "Need MDS >= 2.11.55"
fi
run_test 23a "test mapped regular ACLs"
test_23b() { #LU-9929
- [ $num_clients -lt 2 ] && skip "Need 2 clients at least" && return
- [ $(lustre_version_code mgs) -lt $(version_code 2.10.53) ] &&
- skip "Need MGS >= 2.10.53" && return
+ [ $num_clients -lt 2 ] && skip "Need 2 clients at least"
+ [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
+ skip "Need MGS >= 2.10.53"
export SK_UNIQUE_NM=true
nodemap_test_setup
error "add idmap $ID0:$fs_id to nodemap c0 failed"
wait_nm_sync c0 idmap
- # set/getfacl default acl on client0 (unmapped gid=500)
- rm -rf $testdir
- mkdir -p $testdir
+ # set/getfacl default acl on client 1 (unmapped gid=500)
+ do_node ${clients_arr[0]} rm -rf $testdir
+ do_node ${clients_arr[0]} mkdir -p $testdir
# Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
- setfacl -R -d -m group:$USER0:rwx $testdir ||
+ do_node ${clients_arr[0]} setfacl -R -d -m group:$USER0:rwx $testdir ||
error "setfacl $testdir on ${clients_arr[0]} failed"
- unmapped_id=$(getfacl $testdir | grep -E "default:group:.*:rwx" |
- awk -F: '{print $3}')
+ unmapped_id=$(do_node ${clients_arr[0]} getfacl $testdir |
+ grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
[ "$unmapped_id" = "$USER0" ] ||
error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
- # getfacl default acl on client2 (mapped gid=60010)
+ # getfacl default acl on client 2 (mapped gid=60010)
mapped_id=$(do_node ${clients_arr[1]} getfacl $testdir |
grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
fs_user=$(do_node ${clients_arr[1]} getent passwd |
}
test_27a() {
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.50) ] &&
- skip "Need MDS >= 2.11.50" && return
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
+ skip "Need MDS >= 2.11.50"
for nm in "default" "c0"; do
local subdir="subdir_${nm}"
run_test 27a "test fileset in various nodemaps"
test_27b() { #LU-10703
- [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.50) ] &&
- skip "Need MDS >= 2.11.50" && return
- [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs" && return
+ [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
+ skip "Need MDS >= 2.11.50"
+ [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs"
nodemap_test_setup
trap nodemap_test_cleanup EXIT
# add network ${NETTYPE}999 on all nodes
do_nodes $(comma_list $(all_nodes)) \
"$LNETCTL lnet configure && $LNETCTL net add --if \
- $($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
- {if (inf==1) print $2; fi; inf=0} /interfaces/{inf=1}') \
+ \$($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
+ {if (inf==1) print \$2; fi; inf=0} /interfaces/{inf=1}') \
--net ${NETTYPE}999" ||
error "unable to configure NID ${NETTYPE}999"
}
run_test 31 "client mount option '-o network'"
+cleanup_32() {
+ # umount client
+ zconf_umount_clients ${clients_arr[0]} $MOUNT
+
+ # disable sk flavor enforcement on MGS
+ set_rule _mgs any any null
+
+ # stop gss daemon on MGS
+ if ! combined_mgs_mds ; then
+ send_sigint $mgs_HOST lsvcgssd
+ fi
+
+ # re-mount client
+ MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
+ mountcli
+
+ restore_to_default_flavor
+}
+
+test_32() {
+ if ! $SHARED_KEY; then
+ skip "need shared key feature for this test"
+ fi
+
+ stack_trap cleanup_32 EXIT
+
+ # restore to default null flavor
+ save_flvr=$SK_FLAVOR
+ SK_FLAVOR=null
+ restore_to_default_flavor || error "cannot set null flavor"
+ SK_FLAVOR=$save_flvr
+
+ # umount client
+ if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
+ umount_client $MOUNT2 || error "umount $MOUNT2 failed"
+ fi
+ if $(grep -q $MOUNT' ' /proc/mounts); then
+ umount_client $MOUNT || error "umount $MOUNT failed"
+ fi
+
+ # start gss daemon on MGS
+ if combined_mgs_mds ; then
+ send_sigint $mds_HOST lsvcgssd
+ fi
+ start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
+
+ # add mgs key type and MGS NIDs in key on MGS
+ do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+ $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not modify keyfile on MGS"
+
+ # load modified key file on MGS
+ do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not load keyfile on MGS"
+
+ # add MGS NIDs in key on client
+ do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+ $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not modify keyfile on MGS"
+
+ # set perms for per-nodemap keys else permission denied
+ do_nodes $(comma_list $(all_nodes)) \
+ "keyctl show | grep lustre | cut -c1-11 |
+ sed -e 's/ //g;' |
+ xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+ # re-mount client with mgssec=skn
+ save_opts=$MOUNT_OPTS
+ if [ -z "$MOUNT_OPTS" ]; then
+ MOUNT_OPTS="-o mgssec=skn"
+ else
+ MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+ fi
+ zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+ error "mount ${clients_arr[0]} with mgssec=skn failed"
+ MOUNT_OPTS=$save_opts
+
+ # umount client
+ zconf_umount_clients ${clients_arr[0]} $MOUNT ||
+ error "umount ${clients_arr[0]} failed"
+
+ # enforce ska flavor on MGS
+ set_rule _mgs any any ska
+
+ # re-mount client without mgssec
+ zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
+ error "mount ${clients_arr[0]} without mgssec should fail"
+
+ # re-mount client with mgssec=skn
+ save_opts=$MOUNT_OPTS
+ if [ -z "$MOUNT_OPTS" ]; then
+ MOUNT_OPTS="-o mgssec=skn"
+ else
+ MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+ fi
+ zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
+ error "mount ${clients_arr[0]} with mgssec=skn should fail"
+ MOUNT_OPTS=$save_opts
+
+ # re-mount client with mgssec=ska
+ save_opts=$MOUNT_OPTS
+ if [ -z "$MOUNT_OPTS" ]; then
+ MOUNT_OPTS="-o mgssec=ska"
+ else
+ MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
+ fi
+ zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+ error "mount ${clients_arr[0]} with mgssec=ska failed"
+ MOUNT_OPTS=$save_opts
+
+ exit 0
+}
+run_test 32 "check for mgssec"
+
+cleanup_33() {
+ # disable sk flavor enforcement
+ set_rule $FSNAME any cli2mdt null
+ wait_flavor cli2mdt null
+
+ # umount client
+ zconf_umount_clients ${clients_arr[0]} $MOUNT
+
+ # stop gss daemon on MGS
+ if ! combined_mgs_mds ; then
+ send_sigint $mgs_HOST lsvcgssd
+ fi
+
+ # re-mount client
+ MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
+ mountcli
+
+ restore_to_default_flavor
+}
+
+test_33() {
+ if ! $SHARED_KEY; then
+ skip "need shared key feature for this test"
+ fi
+
+ stack_trap cleanup_33 EXIT
+
+ # restore to default null flavor
+ save_flvr=$SK_FLAVOR
+ SK_FLAVOR=null
+ restore_to_default_flavor || error "cannot set null flavor"
+ SK_FLAVOR=$save_flvr
+
+ # umount client
+ if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
+ umount_client $MOUNT2 || error "umount $MOUNT2 failed"
+ fi
+ if $(grep -q $MOUNT' ' /proc/mounts); then
+ umount_client $MOUNT || error "umount $MOUNT failed"
+ fi
+
+ # start gss daemon on MGS
+ if combined_mgs_mds ; then
+ send_sigint $mds_HOST lsvcgssd
+ fi
+ start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
+
+ # add mgs key type and MGS NIDs in key on MGS
+ do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+ $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not modify keyfile on MGS"
+
+ # load modified key file on MGS
+ do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not load keyfile on MGS"
+
+ # add MGS NIDs in key on client
+ do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+ $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ error "could not modify keyfile on MGS"
+
+ # set perms for per-nodemap keys else permission denied
+ do_nodes $(comma_list $(all_nodes)) \
+ "keyctl show | grep lustre | cut -c1-11 |
+ sed -e 's/ //g;' |
+ xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+ # re-mount client with mgssec=skn
+ save_opts=$MOUNT_OPTS
+ if [ -z "$MOUNT_OPTS" ]; then
+ MOUNT_OPTS="-o mgssec=skn"
+ else
+ MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+ fi
+ zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+ error "mount ${clients_arr[0]} with mgssec=skn failed"
+ MOUNT_OPTS=$save_opts
+
+ # enforce ska flavor for cli2mdt
+ set_rule $FSNAME any cli2mdt ska
+ wait_flavor cli2mdt ska
+
+ # check error message
+ $LCTL dk | grep "faked source" &&
+ error "MGS connection srpc flags incorrect"
+
+ exit 0
+}
+run_test 33 "correct srpc flags for MGS connection"
+
+cleanup_34_deny() {
+ # restore deny_unknown
+ do_facet mgs $LCTL nodemap_modify --name default \
+ --property deny_unknown --value $denydefault
+ if [ $? -ne 0 ]; then
+ error_noexit "cannot reset deny_unknown on default nodemap"
+ return
+ fi
+
+ wait_nm_sync default deny_unknown
+}
+
+test_34() {
+ local denynew
+ local activedefault
+
+ [ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
+ skip "deny_unknown on default nm not supported before 2.12.51"
+
+ activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
+
+ if [[ "$activedefault" != "1" ]]; then
+ do_facet mgs $LCTL nodemap_activate 1
+ wait_nm_sync active
+ stack_trap cleanup_active EXIT
+ fi
+
+ denydefault=$(do_facet mgs $LCTL get_param -n \
+ nodemap.default.deny_unknown)
+ [ -z "$denydefault" ] &&
+ error "cannot get deny_unknown on default nodemap"
+ if [ "$denydefault" -eq 0 ]; then
+ denynew=1;
+ else
+ denynew=0;
+ fi
+
+ do_facet mgs $LCTL nodemap_modify --name default \
+ --property deny_unknown --value $denynew ||
+ error "cannot set deny_unknown on default nodemap"
+
+ [ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
+ -eq $denynew ] ||
+ error "setting deny_unknown on default nodemap did not work"
+
+ stack_trap cleanup_34_deny EXIT
+
+ wait_nm_sync default deny_unknown
+}
+run_test 34 "deny_unknown on default nodemap"
+
log "cleanup: ======================================================"
sec_unsetup() {
- ## nodemap deactivated
- do_facet mgs $LCTL nodemap_activate 0
-
for num in $(seq $MDSCOUNT); do
if [ "${identity_old[$num]}" = 1 ]; then
switch_identity $num false || identity_old[$num]=$?