From 60188994e24b95db5915b8e6802f7963ffb2fd9c Mon Sep 17 00:00:00 2001 From: Andreas Dilger Date: Wed, 31 Aug 2022 00:51:41 -0700 Subject: [PATCH] LU-15259 tests: use existing usernames for setfacl In SLES15.2 and Ubutntu 20 the "bin" and "daemon" users are not defined in /etc/passwd, causing setfacl to print a cryptic error: setfacl -m u:bin:rw f -- failed ~ ? setfacl: Option -m: Invalid argument near character 3 Replace "bin" and "daemon" in ACL tests so they are run with user and group names that exist on all distros currently being tested. They can also be specified via ACLUSR1/ACLUSR2 in the test config. The "permission_xattr" test also needs "nobody" user and group. Also, the "getfacl" command prints users and groups in numerical order, so the ACL tests will fail if "daemon" < "bin", or if either group is higher than the "users" group. Fix them as needed. Test-Parameters: trivial testlist=sanity-quota,sanity-sec,pjdfstest Test-Parameters: testlist=sanity env=ONLY=103-154 clientdistro=el7.9 serverdistro=el7.9 Test-Parameters: testlist=sanity env=ONLY=103-154 clientdistro=el8.6 Test-Parameters: testlist=sanity env=ONLY=103-154,SANITY_EXCEPT=130,HONOR_EXCEPT=y clientdistro=el9.0 Test-Parameters: testlist=sanity env=ONLY=103-154 clientdistro=sles15sp3 Test-Parameters: testlist=sanity env=ONLY=103-154 clientdistro=sles15sp4 Test-Parameters: testlist=sanity env=ONLY=103-154 clientdistro=ubuntu2004 Signed-off-by: Andreas Dilger Change-Id: I7003e95577ab3a9314e8d4d29bb6b1784b9f8ae7 Reviewed-on: https://review.whamcloud.com/45627 Tested-by: jenkins Tested-by: Maloo Reviewed-by: James Simmons Reviewed-by: Jian Yu Reviewed-by: Oleg Drokin --- lustre/tests/acl/make-tree | 2 +- lustre/tests/acl/run | 6 +- lustre/tests/cfg/local.sh | 7 +- lustre/tests/sanity-quota.sh | 26 +++---- lustre/tests/sanity-sec.sh | 15 ++-- lustre/tests/sanity.sh | 162 ++++++++++++++++++++++++++++++----------- lustre/tests/test-framework.sh | 3 + 7 files changed, 152 insertions(+), 69 deletions(-) diff --git a/lustre/tests/acl/make-tree b/lustre/tests/acl/make-tree index c27dde8..cd466cc 100755 --- a/lustre/tests/acl/make-tree +++ b/lustre/tests/acl/make-tree @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # reduce LEVELS from 3 => 2 by CFS LEVELS=2 ; [ -z "$1" ] || LEVELS=$1 diff --git a/lustre/tests/acl/run b/lustre/tests/acl/run index ffffd5a..5fc7aec 100755 --- a/lustre/tests/acl/run +++ b/lustre/tests/acl/run @@ -250,8 +250,8 @@ sub exec_test($$) { while () { #print "< $_"; if ($needs_shell) { - s#^/bin/sh: line \d+: ##; - s#^/bin/sh: ##; # temporarily added by ericm + s#^/bin/bash: line \d+: ##; + s#^/bin/bash: ##; # temporarily added by ericm } push @$result, $_; } @@ -272,7 +272,7 @@ sub exec_test($$) { or die "Can't join STDOUT and STDERR: $!"; if ($needs_shell) { - exec ('/bin/sh', '-c', join(" ", @$prog)); + exec ('/bin/bash', '-c', join(" ", @$prog)); } else { exec @$prog; } diff --git a/lustre/tests/cfg/local.sh b/lustre/tests/cfg/local.sh index d408dec..a762942 100644 --- a/lustre/tests/cfg/local.sh +++ b/lustre/tests/cfg/local.sh @@ -109,9 +109,14 @@ fi DEBUG_SIZE=${DEBUG_SIZE:-$_debug_mb} +TSTUSR=${TSTUSR:-"quota_usr"} +TSTUSR2=${TSTUSR2:-"quota_2usr"} +USER0=${USER0:-"sanityusr"} +USER1=${USER1:-"sanityusr1"} + ENABLE_QUOTA=${ENABLE_QUOTA:-""} QUOTA_TYPE=${QUOTA_TYPE:-"ug3"} -QUOTA_USERS=${QUOTA_USERS:-"quota_usr quota_2usr sanityusr sanityusr1"} +QUOTA_USERS=${QUOTA_USERS:-"$TSTUSR $TSTUSR2 $USER0 $USER1"} # "error: conf_param: No such device" issue in every test suite logs # sanity-quota test_32 hash_lqs_cur_bits is not set properly LQUOTAOPTS=${LQUOTAOPTS:-"hash_lqs_cur_bits=3"} diff --git a/lustre/tests/sanity-quota.sh b/lustre/tests/sanity-quota.sh index f55c009..e6955c3 100755 --- a/lustre/tests/sanity-quota.sh +++ b/lustre/tests/sanity-quota.sh @@ -30,10 +30,8 @@ build_test_filter DIRECTIO=${DIRECTIO:-$LUSTRE/tests/directio} ORIG_PWD=${PWD} -TSTID=${TSTID:-60000} -TSTID2=${TSTID2:-60001} -TSTUSR=${TSTUSR:-"quota_usr"} -TSTUSR2=${TSTUSR2:-"quota_2usr"} +TSTID=${TSTID:-"$(id -u $TSTUSR)"} +TSTID2=${TSTID2:-"$(id -u $TSTUSR2)"} TSTPRJID=${TSTPRJID:-1000} BLK_SZ=1024 MAX_DQ_TIME=604800 @@ -4494,8 +4492,8 @@ test_67_write() { echo "file "$file echo "0 $0 1 $1 2 $2 3 $3 4 $4" case "$4" in - quota_usr) _runas=$RUNAS;; - quota_2usr) _runas=$RUNAS2;; + $TSTUSR) _runas=$RUNAS;; + $TSTUSR2) _runas=$RUNAS2;; *) error "unknown quota parameter $4";; esac @@ -4567,12 +4565,12 @@ test_67() { chown $TSTUSR.$TSTUSR $testfile || error "chown $testfile failed" # write 10 MB to testfile - test_67_write "$testfile" "user" 10 "quota_usr" + test_67_write "$testfile" "user" 10 "$TSTUSR" # create qpool and add OST1 pool_add $qpool || error "pool_add failed" pool_add_targets $qpool 1 1 || error "pool_add_targets failed" - # as quota_usr hasn't limits, lqe may absent. But it should be + # as $TSTUSR hasn't limits, lqe may absent. But it should be # created after the 1st direct qmt_get. used=$(getquota -u $TSTUSR global bhardlimit $qpool) @@ -4597,14 +4595,14 @@ test_67() { error "setstripe $testfile2 failed" chown $TSTUSR2.$TSTUSR2 $testfile2 || error "chown $testfile2 failed" # Write from another user and check that qpool1 - # shows correct granted, despite quota_2usr hasn't limits in qpool1. - test_67_write "$testfile2" "user" 10 "quota_2usr" + # shows correct granted, despite $TSTUSR2 hasn't limits in qpool1. + test_67_write "$testfile2" "user" 10 "$TSTUSR2" used=$(getquota -u $TSTUSR2 global curspace $qpool) granted=$(getgranted $qpool "dt" $TSTID2 "usr") [ $granted -ne 0 ] && error "Granted($granted) for $TSTUSR2 in $qpool isn't 0." - # Granted space for quota_2usr in qpool1 should appear only + # Granted space for $TSTUSR2 in qpool1 should appear only # when global lqe for this user becomes enforced. $LFS setquota -u $TSTUSR2 -B ${limit}M $DIR || error "set user quota failed" @@ -4616,7 +4614,7 @@ test_67() { $LFS setstripe $testfile3 -c 1 -i 0 || error "setstripe $testfile3 failed" chown $TSTUSR2.$TSTUSR2 $testfile3 || error "chown $testfile3 failed" - test_67_write "$testfile3" "user" 10 "quota_2usr" + test_67_write "$testfile3" "user" 10 "$TSTUSR2" granted_mb=$(($(getgranted $qpool "dt" $TSTID2 "usr")/1024)) echo "$testfile3 granted_mb $granted_mb" [ $granted_mb -eq $limit ] || @@ -5009,7 +5007,7 @@ test_72() [ $used -ge $limit ] || error "used($used) is less than limit($limit)" # check that lfs quota -uv --pool prints only OST that # was added in a pool - lfs quota -v -u quota_usr --pool $qpool $DIR | grep -v "OST0001" | + lfs quota -v -u $TSTUSR --pool $qpool $DIR | grep -v "OST0001" | grep "OST\|MDT" && error "$qpool consists wrong targets" return 0 } @@ -5316,7 +5314,7 @@ run_test 76 "project ID 4294967295 should be not allowed" test_77() { mount_client $MOUNT2 "ro" - lfs setquota -u quota_usr -b 100M -B 100M -i 10K -I 10K $MOUNT2 && + lfs setquota -u $TSTUSR -b 100M -B 100M -i 10K -I 10K $MOUNT2 && error "lfs setquota should fail in read-only Lustre mount" umount $MOUNT2 } diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index 05a25bc..1c5b987 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -47,10 +47,13 @@ clients=${CLIENTS//,/ } num_clients=$(get_node_count ${clients}) clients_arr=($clients) -ID0=${ID0:-500} -ID1=${ID1:-501} -USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1) -USER1=$(getent passwd | grep :$ID1:$ID1: | cut -d: -f1) +echo "was USER0=$(getent passwd | grep :${ID0:-500}:)" +echo "was USER1=$(getent passwd | grep :${ID1:-501}:)" + +ID0=$(id -u $USER0) +ID1=$(id -u $USER1) + +echo "now USER0=$USER0=$ID0:$(id -g $USER0), USER1=$USER1=$ID1:$(id -g $USER1)" if [ "$SLOW" == "yes" ]; then NODEMAP_COUNT=16 @@ -4568,10 +4571,10 @@ test_55() { local client_nid mkdir -p $DIR/$tdir/$USER0/testdir_groups - chown root:$ID0 $DIR/$tdir/$USER0 + chown root:$USER0 $DIR/$tdir/$USER0 chmod 770 $DIR/$tdir/$USER0 chmod g+s $DIR/$tdir/$USER0 - chown $ID0:$ID0 $DIR/$tdir/$USER0/testdir_groups + chown $USER0:$USER0 $DIR/$tdir/$USER0/testdir_groups chmod 770 $DIR/$tdir/$USER0/testdir_groups chmod g+s $DIR/$tdir/$USER0/testdir_groups diff --git a/lustre/tests/sanity.sh b/lustre/tests/sanity.sh index 4d2aec1..ed1da80 100755 --- a/lustre/tests/sanity.sh +++ b/lustre/tests/sanity.sh @@ -63,11 +63,6 @@ if (( $LINUX_VERSION_CODE >= $(version_code 4.18.0) && always_except LU-13063 411 fi -#skip ACL tests on RHEL8 and SLES15 until tests changed to use other users -if (( $(egrep -cw "^bin|^daemon" /etc/passwd) < 2 )); then - always_except LU-15259 103a 125 154a -fi - # 5 12 8 12 15 (min)" [ "$SLOW" = "no" ] && EXCEPT_SLOW="27m 60i 64b 68 71 115 135 136 230d 300o" @@ -112,7 +107,6 @@ elif [ -r /etc/os-release ]; then awk '{ print $1 }')) if [[ $ubuntu_version -gt $(version_code 16.0.0) ]]; then - always_except LU-10334 103a always_except LU-10366 410 fi fi @@ -11561,21 +11555,91 @@ run_test 102t "zero length xattr values handled correctly" run_acl_subtest() { - $LUSTRE/tests/acl/run $LUSTRE/tests/acl/$1.test - return $? + local test=$LUSTRE/tests/acl/$1.test + local tmp=$(mktemp -t $1-XXXXXX).test + local bin=$2 + local dmn=$3 + local grp=$4 + local nbd=$5 + export LANG=C + + + local sedusers="-e s/bin/$bin/g -e s/daemon/$dmn/g" + local sedgroups="-e s/:users/:$grp/g" + [[ -z "$nbd" ]] || sedusers+=" -e s/nobody/$nbd/g" + + sed $sedusers $sedgroups < $test > $tmp + stack_trap "rm -f $tmp" + [[ -s $tmp ]] || error "sed failed to create test script" + + echo "performing $1 with bin='$bin' daemon='$dmn' users='$grp'..." + $LUSTRE/tests/acl/run $tmp || error "run_acl_subtest '$1' failed" } test_103a() { [ "$UID" != 0 ] && skip "must run as root" $GSS && skip_env "could not run under gss" - [ -z "$(lctl get_param -n mdc.*-mdc-*.connect_flags | grep acl)" ] && + [[ "$(lctl get_param -n mdc.*-mdc-*.connect_flags)" =~ "acl" ]] || skip_env "must have acl enabled" - [ -z "$(which setfacl 2>/dev/null)" ] && - skip_env "could not find setfacl" + which setfacl || skip_env "could not find setfacl" remote_mds_nodsh && skip "remote MDS with nodsh" - gpasswd -a daemon bin # LU-5641 - do_facet $SINGLEMDS gpasswd -a daemon bin # LU-5641 + ACLBIN=${ACLBIN:-"bin"} + ACLDMN=${ACLDMN:-"daemon"} + ACLGRP=${ACLGRP:-"users"} + ACLNBD=${ACLNBD:-"nobody"} + + if ! id $ACLBIN || + [[ "$(id -u $ACLBIN)" != "$(do_facet mds1 id -u $ACLBIN)" ]]; then + echo "bad 'bin' user '$ACLBIN', using '$USER0'" + ACLBIN=$USER0 + if ! id $ACLBIN ; then + cat /etc/passwd + skip_env "can't find suitable ACL 'bin' $ACLBIN" + fi + fi + if ! id $ACLDMN || (( $(id -u $ACLDMN) < $(id -u $ACLBIN) )) || + [[ "$(id -u $ACLDMN)" != "$(do_facet mds1 id -u $ACLDMN)" ]]; then + echo "bad 'daemon' user '$ACLDMN', using '$USER1'" + ACLDMN=$USER1 + if ! id $ACLDMN ; then + cat /etc/passwd + skip_env "can't find suitable ACL 'daemon' $ACLDMN" + fi + fi + if ! getent group $ACLGRP; then + echo "missing 'users' group '$ACLGRP', using '$TSTUSR'" + ACLGRP="$TSTUSR" + if ! getent group $ACLGRP; then + echo "cannot find group '$ACLGRP', adding it" + cat /etc/group + add_group 60000 $ACLGRP + fi + fi + + local bingid=$(getent group $ACLBIN | cut -d: -f 3) + local dmngid=$(getent group $ACLDMN | cut -d: -f 3) + local grpgid=$(getent group $ACLGRP | cut -d: -f 3) + + if (( $bingid > $grpgid || $dmngid > $grpgid )); then + echo "group '$ACLGRP' has low gid=$grpgid, use '$TSTUSR'" + ACLGRP="$TSTUSR" + if ! getent group $ACLGRP; then + echo "cannot find group '$ACLGRP', adding it" + cat /etc/group + add_group 60000 $ACLGRP + fi + grpgid=$(getent group $ACLGRP | cut -d: -f 3) + if (( $bingid > $grpgid || $dmngid > $grpgid )); then + cat /etc/group + skip_env "$ACLGRP gid=$grpgid less than $bingid|$dmngid" + fi + fi + + gpasswd -a $ACLDMN $ACLBIN || + error "setting client group failed" # LU-5641 + do_facet mds1 gpasswd -a $ACLDMN $ACLBIN || + error "setting MDS group failed" # LU-5641 declare -a identity_old @@ -11588,48 +11652,56 @@ test_103a() { mkdir -p $DIR/$tdir cd $DIR/$tdir - echo "performing cp ..." - run_acl_subtest cp || error "run_acl_subtest cp failed" - echo "performing getfacl-noacl..." - run_acl_subtest getfacl-noacl || error "getfacl-noacl test failed" - echo "performing misc..." - run_acl_subtest misc || error "misc test failed" - echo "performing permissions..." - run_acl_subtest permissions || error "permissions failed" + run_acl_subtest cp $ACLBIN $ACLDMN $ACLGRP + run_acl_subtest getfacl-noacl $ACLBIN $ACLDMN $ACLGRP + run_acl_subtest misc $ACLBIN $ACLDMN $ACLGRP + run_acl_subtest permissions $ACLBIN $ACLDMN $ACLGRP # LU-1482 mdd: Setting xattr are properly checked with and without ACLs - if [ $MDS1_VERSION -gt $(version_code 2.8.55) ] || - { [ $MDS1_VERSION -lt $(version_code 2.6) ] && - [ $MDS1_VERSION -ge $(version_code 2.5.29) ]; } - then - echo "performing permissions xattr..." - run_acl_subtest permissions_xattr || - error "permissions_xattr failed" + # CentOS7- uses nobody=99, while newer distros use nobody=65534 + if ! id -u $ACLNBD || + (( $(id -u nobody) != $(do_facet mds1 id -u nobody) )); then + ACLNBD="nfsnobody" + if ! id -u $ACLNBD; then + ACLNBD="" + fi + fi + if [[ -n "$ACLNBD" ]] && ! getent group $ACLNBD; then + add_group $(id -u $ACLNBD) $ACLNBD + if ! getent group $ACLNBD; then + ACLNBD="" + fi fi - echo "performing setfacl..." - run_acl_subtest setfacl || error "setfacl test failed" + if (( $MDS1_VERSION > $(version_code 2.8.55) )) && + [[ -n "$ACLNBD" ]] && which setfattr; then + run_acl_subtest permissions_xattr \ + $ACLBIN $ACLDMN $ACLGRP $ACLNBD + elif [[ -z "$ACLNBD" ]]; then + echo "skip 'permission_xattr' test - missing 'nobody' user/grp" + else + echo "skip 'permission_xattr' test - missing setfattr command" + fi + run_acl_subtest setfacl $ACLBIN $ACLDMN $ACLGRP # inheritance test got from HP - echo "performing inheritance..." cp $LUSTRE/tests/acl/make-tree . || error "cannot copy make-tree" chmod +x make-tree || error "chmod +x failed" - run_acl_subtest inheritance || error "inheritance test failed" + run_acl_subtest inheritance $ACLBIN $ACLDMN $ACLGRP rm -f make-tree echo "LU-974 ignore umask when acl is enabled..." - run_acl_subtest 974 || error "LU-974 umask test failed" + run_acl_subtest 974 $ACLBIN $ACLDMN $ACLGRP if [ $MDSCOUNT -ge 2 ]; then - run_acl_subtest 974_remote || - error "LU-974 umask test failed under remote dir" + run_acl_subtest 974_remote $ACLBIN $ACLDMN $ACLGRP fi echo "LU-2561 newly created file is same size as directory..." if [ "$mds1_FSTYPE" != "zfs" ]; then - run_acl_subtest 2561 || error "LU-2561 test failed" + run_acl_subtest 2561 $ACLBIN $ACLDMN $ACLGRP else - run_acl_subtest 2561_zfs || error "LU-2561 zfs test failed" + run_acl_subtest 2561_zfs $ACLBIN $ACLDMN $ACLGRP fi - run_acl_subtest 4924 || error "LU-4924 test failed" + run_acl_subtest 4924 $ACLBIN $ACLDMN $ACLGRP cd $SAVE_PWD umask $SAVE_UMASK @@ -13502,7 +13574,8 @@ test_125() { # 13358 test_mkdir $DIR/$tdir $LFS setstripe -S 65536 -c -1 $DIR/$tdir || error "setstripe failed" - setfacl -R -m u:bin:rwx $DIR/$tdir || error "setfacl $DIR/$tdir failed" + setfacl -R -m u:$USER0:rwx $DIR/$tdir || + error "setfacl $DIR/$tdir failed" ls -ld $DIR/$tdir || error "cannot access $DIR/$tdir" } run_test 125 "don't return EPROTO when a dir has a non-default striping and ACLs" @@ -15254,7 +15327,7 @@ dot_lustre_fid_permission_check() { local test_dir=$2 echo "stat fid $fid" - stat $ffid > /dev/null || error "stat $ffid failed." + stat $ffid || error "stat $ffid failed." echo "touch fid $fid" touch $ffid || error "touch $ffid failed." echo "write to fid $fid" @@ -15276,9 +15349,10 @@ dot_lustre_fid_permission_check() { ln -f $ffid $test_dir/tfile.lnk || error "link $ffid failed." if [[ $($LCTL get_param -n mdc.*-mdc-*.connect_flags) =~ acl ]]; then echo "setfacl fid $fid" - setfacl -R -m u:bin:rwx $ffid || error "setfacl $ffid failed." + setfacl -R -m u:$USER0:rwx $ffid || + error "setfacl $ffid failed" echo "getfacl fid $fid" - getfacl $ffid >/dev/null || error "getfacl $ffid failed." + getfacl $ffid || error "getfacl $ffid failed." fi echo "unlink fid $fid" unlink $MOUNT/.lustre/fid/$fid && error "unlink $ffid should fail." @@ -15305,7 +15379,7 @@ dot_lustre_fid_permission_check() { ffid=$MOUNT/.lustre/fid/$fid echo "ls $fid" - ls $ffid > /dev/null || error "ls $ffid failed." + ls $ffid || error "ls $ffid failed." echo "touch $fid/$tfile.1" touch $ffid/$tfile.1 || error "touch $ffid/$tfile.1 failed." @@ -15425,7 +15499,7 @@ run_test 154B "verify the ll_decode_linkea tool" test_154a() { [ $PARALLEL == "yes" ] && skip "skip parallel run" [ -n "$FILESET" ] && skip "SKIP due to FILESET set" - [[ $MDS1_VERSION -ge $(version_code 2.2.51) ]] || + (( $MDS1_VERSION >= $(version_code 2.2.51) )) || skip "Need MDS version at least 2.2.51" [ -z "$(which setfacl)" ] && skip_env "must have setfacl tool" diff --git a/lustre/tests/test-framework.sh b/lustre/tests/test-framework.sh index 7046666..4a95e84 100755 --- a/lustre/tests/test-framework.sh +++ b/lustre/tests/test-framework.sh @@ -7415,6 +7415,9 @@ add_group() { rc=1 } else + echo "adding group $group_name:$group_id" + getent group $group_name || true + getent group $group_id || true groupadd -g $group_id $group_name rc=${PIPESTATUS[0]} fi -- 1.8.3.1