From bb0a1075285076567bf9c3c406116682f0997579 Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Tue, 22 Jan 2019 17:26:18 +0100
Subject: [PATCH] LU-11883 nodemap: make deny_unknown visible on default
 nodemap

deny_unknown can be set on the 'default' nodemap, but its value
cannot be read, neither with 'lctl get_param' nor by reading the
file /proc/fs/lustre/nodemap/default/deny_unknown directly.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Idc8db01a8d32f0ae071f92307843379f4c02571c
Reviewed-on: https://review.whamcloud.com/34090
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
---
 lustre/ptlrpc/nodemap_lproc.c |   4 ++
 lustre/tests/sanity-sec.sh    | 124 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 126 insertions(+), 2 deletions(-)

diff --git a/lustre/ptlrpc/nodemap_lproc.c b/lustre/ptlrpc/nodemap_lproc.c
index f8d964d..8167883 100644
--- a/lustre/ptlrpc/nodemap_lproc.c
+++ b/lustre/ptlrpc/nodemap_lproc.c
@@ -748,6 +748,10 @@ static struct lprocfs_vars lprocfs_default_nodemap_vars[] = {
 		.fops		= &nodemap_admin_fops,
 	},
 	{
+		.name		= "deny_unknown",
+		.fops		= &nodemap_deny_unknown_fops,
+	},
+	{
 		.name		= "squash_uid",
 		.fops		= &nodemap_squash_uid_fops,
 	},
diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index c26a792..5611166 100755
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -19,6 +19,7 @@ LUSTRE=${LUSTRE:-$(dirname $0)/..}
 . $LUSTRE/tests/test-framework.sh
 init_test_env $@
 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
+get_lustre_env
 init_logging
 
 NODEMAP_TESTS=$(seq 7 26)
@@ -559,6 +560,71 @@ test_nid() {
 	return 1
 }
 
+wait_nm_sync() {
+	local nodemap_name=$1
+	local key=$2
+	local value=$3
+	local opt=$4
+	local proc_param
+	local is_active=$(do_facet mgs $LCTL get_param -n nodemap.active)
+	local max_retries=20
+	local is_sync
+	local out1=""
+	local out2
+	local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE | cut -d' ' -f1)
+	local i
+
+	if [ "$nodemap_name" == "active" ]; then
+		proc_param="active"
+	elif [ -z "$key" ]; then
+		proc_param=${nodemap_name}
+	else
+		proc_param="${nodemap_name}.${key}"
+	fi
+	(( is_active == 0 )) && [ "$proc_param" != "active" ] && return
+
+	if [ -z "$value" ]; then
+		out1=$(do_facet mgs $LCTL get_param $opt nodemap.${proc_param})
+		echo "On MGS ${mgs_ip}, ${proc_param} = $out1"
+	else
+		out1=$value;
+	fi
+
+	# wait up to 10 seconds for other servers to sync with mgs
+	for i in $(seq 1 10); do
+		for node in $(all_server_nodes); do
+		    local node_ip=$(host_nids_address $node $NETTYPE |
+				    cut -d' ' -f1)
+
+		    is_sync=true
+		    if [ -z "$value" ]; then
+			[ $node_ip == $mgs_ip ] && continue
+		    fi
+
+		    out2=$(do_node $node_ip $LCTL get_param $opt \
+				   nodemap.$proc_param 2>/dev/null)
+		    echo "On $node ${node_ip}, ${proc_param} = $out2"
+		    [ "$out1" != "$out2" ] && is_sync=false && break
+		done
+		$is_sync && break
+		sleep 1
+	done
+	if ! $is_sync; then
+		echo MGS
+		echo $out1
+		echo OTHER - IP: $node_ip
+		echo $out2
+		error "mgs and $nodemap_name ${key} mismatch, $i attempts"
+	fi
+	echo "waited $((i - 1)) seconds for sync"
+}
+
+cleanup_active() {
+	# restore activation state
+	do_facet mgs $LCTL nodemap_activate 0
+	wait_nm_sync active
+}
+
 test_idmap() {
 	local i
 	local cmd="$LCTL nodemap_test_id"
@@ -1077,6 +1143,11 @@ test_15() {
 	rc=$?
 	[[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
 
+	activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
+	if [[ "$activedefault" != "1" ]]; then
+		stack_trap cleanup_active EXIT
+	fi
+
 	rc=0
 	test_idmap
 	rc=$?
@@ -2529,12 +2600,61 @@ test_33() {
 }
 run_test 33 "correct srpc flags for MGS connection"
 
+cleanup_34_deny() {
+	# restore deny_unknown
+	do_facet mgs $LCTL nodemap_modify --name default \
+			   --property deny_unknown --value $denydefault
+	if [ $? -ne 0 ]; then
+		error_noexit "cannot reset deny_unknown on default nodemap"
+		return
+	fi
+
+	wait_nm_sync default deny_unknown
+}
+
+test_34() {
+	local denynew
+	local activedefault
+
+	[ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
+		skip "deny_unknown on default nm not supported before 2.12.51"
+
+	activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
+
+	if [[ "$activedefault" != "1" ]]; then
+		do_facet mgs $LCTL nodemap_activate 1
+		wait_nm_sync active
+		stack_trap cleanup_active EXIT
+	fi
+
+	denydefault=$(do_facet mgs $LCTL get_param -n \
+		      nodemap.default.deny_unknown)
+	[ -z "$denydefault" ] &&
+		error "cannot get deny_unknown on default nodemap"
+	if [ "$denydefault" -eq 0 ]; then
+		denynew=1;
+	else
+		denynew=0;
+	fi
+
+	do_facet mgs $LCTL nodemap_modify --name default \
+			--property deny_unknown --value $denynew ||
+		error "cannot set deny_unknown on default nodemap"
+
+	[ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
+			-eq $denynew ] ||
+		error "setting deny_unknown on default nodemap did not work"
+
+	stack_trap cleanup_34_deny EXIT
+
+	wait_nm_sync default deny_unknown
+}
+run_test 34 "deny_unknown on default nodemap"
+
 log "cleanup: ======================================================"
 
 sec_unsetup() {
 	## nodemap deactivated
-	do_facet mgs $LCTL nodemap_activate 0
-
 	for num in $(seq $MDSCOUNT); do
 		if [ "${identity_old[$num]}" = 1 ]; then
 			switch_identity $num false || identity_old[$num]=$?
-- 
1.8.3.1