3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
11 LUSTRE=${LUSTRE:-$(dirname $0)/..}
12 . $LUSTRE/tests/test-framework.sh
17 ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT "
18 # bug number for skipped test:
20 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
22 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26"
24 NODEMAP_TESTS=$(seq 7 26)
26 if ! check_versions; then
27 echo "It is NOT necessary to test nodemap under interoperation mode"
28 EXCEPT="$EXCEPT $NODEMAP_TESTS"
33 RUNAS_CMD=${RUNAS_CMD:-runas}
35 WTL=${WTL:-"$LUSTRE/tests/write_time_limit"}
38 PERM_CONF=$CONFDIR/perm.conf
40 HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
41 SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
43 require_dsh_mds || exit 0
44 require_dsh_ost || exit 0
46 clients=${CLIENTS//,/ }
47 num_clients=$(get_node_count ${clients})
48 clients_arr=($clients)
52 USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
53 USER1=$(getent passwd | grep :$ID1:$ID1: | cut -d: -f1)
57 NODEMAP_IPADDR_LIST="1 10 64 128 200 250"
59 NODEMAP_MAX_ID=$((ID0 + NODEMAP_ID_COUNT))
62 skip "need to add user0 ($ID0:$ID0)" && exit 0
65 skip "need to add user1 ($ID1:$ID1)" && exit 0
67 IDBASE=${IDBASE:-60000}
69 # changes to mappings must be reflected in test 23
71 [0]="$((IDBASE+3)):$((IDBASE+0)) $((IDBASE+4)):$((IDBASE+2))"
72 [1]="$((IDBASE+5)):$((IDBASE+1)) $((IDBASE+6)):$((IDBASE+2))"
75 check_and_setup_lustre
80 GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
81 if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
83 echo "with GSS support"
86 echo "without GSS support"
89 MDT=$(do_facet $SINGLEMDS lctl get_param -N "mdt.\*MDT0000" |
91 [ -z "$MDT" ] && error "fail to get MDT device" && exit 1
92 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
93 IDENTITY_FLUSH=mdt.$MDT.identity_flush
94 IDENTITY_UPCALL=mdt.$MDT.identity_upcall
103 if ! $RUNAS_CMD -u $user krb5_login.sh; then
104 error "$user login kerberos failed."
108 if ! $RUNAS_CMD -u $user -g $group ls $DIR > /dev/null 2>&1; then
109 $RUNAS_CMD -u $user lfs flushctx -k
110 $RUNAS_CMD -u $user krb5_login.sh
111 if ! $RUNAS_CMD -u$user -g$group ls $DIR > /dev/null 2>&1; then
112 error "init $user $group failed."
118 declare -a identity_old
121 for num in $(seq $MDSCOUNT); do
122 switch_identity $num true || identity_old[$num]=$?
125 if ! $RUNAS_CMD -u $ID0 ls $DIR > /dev/null 2>&1; then
126 sec_login $USER0 $USER0
129 if ! $RUNAS_CMD -u $ID1 ls $DIR > /dev/null 2>&1; then
130 sec_login $USER1 $USER1
135 # run as different user
139 chmod 0755 $DIR || error "chmod (1)"
140 rm -rf $DIR/$tdir || error "rm (1)"
141 mkdir -p $DIR/$tdir || error "mkdir (1)"
142 chown $USER0 $DIR/$tdir || error "chown (2)"
143 $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)"
144 rm -f $DIR/f0 || error "rm (2)"
145 $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)"
146 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f1 || error "touch (2)"
147 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f2 && error "touch (3)"
148 touch $DIR/$tdir/f3 || error "touch (4)"
149 chown root $DIR/$tdir || error "chown (3)"
150 chgrp $USER0 $DIR/$tdir || error "chgrp (1)"
151 chmod 0775 $DIR/$tdir || error "chmod (2)"
152 $RUNAS_CMD -u $ID0 touch $DIR/$tdir/f4 || error "touch (5)"
153 $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)"
154 touch $DIR/$tdir/f6 || error "touch (7)"
155 rm -rf $DIR/$tdir || error "rm (3)"
157 run_test 0 "uid permission ============================="
161 [ $GSS_SUP = 0 ] && skip "without GSS support." && return
166 chown $USER0 $DIR/$tdir || error "chown (1)"
167 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f0 && error "touch (2)"
168 echo "enable uid $ID1 setuid"
169 do_facet $SINGLEMDS "echo '* $ID1 setuid' >> $PERM_CONF"
170 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
171 $RUNAS_CMD -u $ID1 -v $ID0 touch $DIR/$tdir/f1 || error "touch (3)"
173 chown root $DIR/$tdir || error "chown (4)"
174 chgrp $USER0 $DIR/$tdir || error "chgrp (5)"
175 chmod 0770 $DIR/$tdir || error "chmod (6)"
176 $RUNAS_CMD -u $ID1 -g $ID1 touch $DIR/$tdir/f2 && error "touch (7)"
177 $RUNAS_CMD -u$ID1 -g$ID1 -j$ID0 touch $DIR/$tdir/f3 && error "touch (8)"
178 echo "enable uid $ID1 setuid,setgid"
179 do_facet $SINGLEMDS "echo '* $ID1 setuid,setgid' > $PERM_CONF"
180 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
181 $RUNAS_CMD -u $ID1 -g $ID1 -j $ID0 touch $DIR/$tdir/f4 ||
183 $RUNAS_CMD -u $ID1 -v $ID0 -g $ID1 -j $ID0 touch $DIR/$tdir/f5 ||
188 do_facet $SINGLEMDS "rm -f $PERM_CONF"
189 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
191 run_test 1 "setuid/gid ============================="
193 # bug 3285 - supplementary group should always succeed.
194 # NB: the supplementary groups are set for local client only,
195 # as for remote client, the groups of the specified uid on MDT
196 # will be obtained by upcall /sbin/l_getidentity and used.
198 [[ "$MDS1_VERSION" -ge $(version_code 2.6.93) ]] ||
199 [[ "$MDS1_VERSION" -ge $(version_code 2.5.35) &&
200 "$MDS1_VERSION" -lt $(version_code 2.5.50) ]] ||
201 skip "Need MDS version at least 2.6.93 or 2.5.35"
205 chmod 0771 $DIR/$tdir
206 chgrp $ID0 $DIR/$tdir
207 $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)"
208 do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF"
209 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
210 $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir ||
211 error "setgroups (2)"
212 $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)"
215 do_facet $SINGLEMDS "rm -f $PERM_CONF"
216 do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1"
218 run_test 4 "set supplementary group ==============="
224 squash_id default 99 0
225 wait_nm_sync default squash_uid '' inactive
226 squash_id default 99 1
227 wait_nm_sync default squash_gid '' inactive
228 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
229 local csum=${HOSTNAME_CHECKSUM}_${i}
231 do_facet mgs $LCTL nodemap_add $csum
233 if [ $rc -ne 0 ]; then
234 echo "nodemap_add $csum failed with $rc"
238 wait_update_facet --verbose mgs \
239 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
240 grep -c $csum || true" 1 30 ||
243 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
244 local csum=${HOSTNAME_CHECKSUM}_${i}
246 wait_nm_sync $csum id '' inactive
254 for ((i = 0; i < NODEMAP_COUNT; i++)); do
255 local csum=${HOSTNAME_CHECKSUM}_${i}
257 if ! do_facet mgs $LCTL nodemap_del $csum; then
258 error "nodemap_del $csum failed with $?"
262 wait_update_facet --verbose mgs \
263 "$LCTL get_param nodemap.$csum.id 2>/dev/null | \
264 grep -c $csum || true" 0 30 ||
267 for (( i = 0; i < NODEMAP_COUNT; i++ )); do
268 local csum=${HOSTNAME_CHECKSUM}_${i}
270 wait_nm_sync $csum id '' inactive
277 local cmd="$LCTL nodemap_add_range"
281 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
282 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
283 if ! do_facet mgs $cmd --name $1 --range $range; then
292 local cmd="$LCTL nodemap_del_range"
296 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
297 range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
298 if ! do_facet mgs $cmd --name $1 --range $range; then
308 local cmd="$LCTL nodemap_add_idmap"
311 echo "Start to add idmaps ..."
312 for ((i = 0; i < NODEMAP_COUNT; i++)); do
315 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
316 local csum=${HOSTNAME_CHECKSUM}_${i}
318 local fs_id=$((j + 1))
320 if ! do_facet mgs $cmd --name $csum --idtype uid \
321 --idmap $client_id:$fs_id; then
324 if ! do_facet mgs $cmd --name $csum --idtype gid \
325 --idmap $client_id:$fs_id; then
334 update_idmaps() { #LU-10040
335 [ "$MGS_VERSION" -lt $(version_code 2.10.55) ] &&
336 skip "Need MGS >= 2.10.55"
338 local csum=${HOSTNAME_CHECKSUM}_0
339 local old_id_client=$ID0
340 local old_id_fs=$((ID0 + 1))
341 local new_id=$((ID0 + 100))
348 echo "Start to update idmaps ..."
350 #Inserting an existed idmap should return error
351 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
353 $cmd --idmap $old_id_client:$old_id_fs 2>/dev/null; then
354 error "insert idmap {$old_id_client:$old_id_fs} " \
355 "should return error"
360 #Update id_fs and check it
361 if ! do_facet mgs $cmd --idmap $old_id_client:$new_id; then
362 error "$cmd --idmap $old_id_client:$new_id failed"
366 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
367 awk '{ print $7 }' | sed -n '2p')
368 [ $tmp_id != $new_id ] && { error "new id_fs $tmp_id != $new_id"; \
369 rc=$((rc + 1)); return $rc; }
371 #Update id_client and check it
372 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
373 error "$cmd --idmap $new_id:$new_id failed"
377 tmp_id=$(do_facet mgs $LCTL get_param -n nodemap.$csum.idmap |
378 awk '{ print $5 }' | sed -n "$((NODEMAP_ID_COUNT + 1)) p")
379 tmp_id=$(echo ${tmp_id%,*}) #e.g. "501,"->"501"
380 [ $tmp_id != $new_id ] && { error "new id_client $tmp_id != $new_id"; \
381 rc=$((rc + 1)); return $rc; }
383 #Delete above updated idmap
384 cmd="$LCTL nodemap_del_idmap --name $csum --idtype uid"
385 if ! do_facet mgs $cmd --idmap $new_id:$new_id; then
386 error "$cmd --idmap $new_id:$new_id failed"
391 #restore the idmaps to make delete_idmaps work well
392 cmd="$LCTL nodemap_add_idmap --name $csum --idtype uid"
393 if ! do_facet mgs $cmd --idmap $old_id_client:$old_id_fs; then
394 error "$cmd --idmap $old_id_client:$old_id_fs failed"
404 local cmd="$LCTL nodemap_del_idmap"
407 echo "Start to delete idmaps ..."
408 for ((i = 0; i < NODEMAP_COUNT; i++)); do
411 for ((j = $ID0; j < NODEMAP_MAX_ID; j++)); do
412 local csum=${HOSTNAME_CHECKSUM}_${i}
414 local fs_id=$((j + 1))
416 if ! do_facet mgs $cmd --name $csum --idtype uid \
417 --idmap $client_id:$fs_id; then
420 if ! do_facet mgs $cmd --name $csum --idtype gid \
421 --idmap $client_id:$fs_id; then
434 local cmd="$LCTL nodemap_modify"
437 proc[0]="admin_nodemap"
438 proc[1]="trusted_nodemap"
442 for ((idx = 0; idx < 2; idx++)); do
443 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
448 if ! do_facet mgs $cmd --name $1 --property ${option[$idx]} \
458 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
459 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
463 cmd[0]="$LCTL nodemap_modify --property squash_uid"
464 cmd[1]="$LCTL nodemap_modify --property squash_gid"
466 if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
472 local nodemap_name=$1
477 local is_active=$(do_facet mgs $LCTL get_param -n nodemap.active)
482 local mgs_ip=$(host_nids_address $mgs_HOST $NETTYPE | cut -d' ' -f1)
485 if [ "$nodemap_name" == "active" ]; then
487 elif [ -z "$key" ]; then
488 proc_param=${nodemap_name}
490 proc_param="${nodemap_name}.${key}"
492 if [ "$opt" == "inactive" ]; then
493 # check nm sync even if nodemap is not activated
497 (( is_active == 0 )) && [ "$proc_param" != "active" ] && return
499 if [ -z "$value" ]; then
500 out1=$(do_facet mgs $LCTL get_param $opt \
501 nodemap.${proc_param} 2>/dev/null)
502 echo "On MGS ${mgs_ip}, ${proc_param} = $out1"
507 # wait up to 10 seconds for other servers to sync with mgs
508 for i in $(seq 1 10); do
509 for node in $(all_server_nodes); do
510 local node_ip=$(host_nids_address $node $NETTYPE |
514 if [ -z "$value" ]; then
515 [ $node_ip == $mgs_ip ] && continue
518 out2=$(do_node $node_ip $LCTL get_param $opt \
519 nodemap.$proc_param 2>/dev/null)
520 echo "On $node ${node_ip}, ${proc_param} = $out2"
521 [ "$out1" != "$out2" ] && is_sync=false && break
529 echo OTHER - IP: $node_ip
531 error "mgs and $nodemap_name ${key} mismatch, $i attempts"
533 echo "waited $((i - 1)) seconds for sync"
536 # ensure that the squash defaults are the expected defaults
537 squash_id default 99 0
538 wait_nm_sync default squash_uid '' inactive
539 squash_id default 99 1
540 wait_nm_sync default squash_gid '' inactive
545 cmd="$LCTL nodemap_test_nid"
547 nid=$(do_facet mgs $cmd $1)
549 if [ $nid == $2 ]; then
557 # restore activation state
558 do_facet mgs $LCTL nodemap_activate 0
564 local cmd="$LCTL nodemap_test_id"
567 echo "Start to test idmaps ..."
568 ## nodemap deactivated
569 if ! do_facet mgs $LCTL nodemap_activate 0; then
572 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
575 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
576 local nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
577 local fs_id=$(do_facet mgs $cmd --nid $nid \
578 --idtype uid --id $id)
579 if [ $fs_id != $id ]; then
580 echo "expected $id, got $fs_id"
587 if ! do_facet mgs $LCTL nodemap_activate 1; then
591 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
592 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
593 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
594 fs_id=$(do_facet mgs $cmd --nid $nid \
595 --idtype uid --id $id)
596 expected_id=$((id + 1))
597 if [ $fs_id != $expected_id ]; then
598 echo "expected $expected_id, got $fs_id"
605 for ((i = 0; i < NODEMAP_COUNT; i++)); do
606 local csum=${HOSTNAME_CHECKSUM}_${i}
608 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
609 --property trusted --value 1; then
610 error "nodemap_modify $csum failed with $?"
615 for ((id = $ID0; id < NODEMAP_MAX_ID; id++)); do
616 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
617 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
618 fs_id=$(do_facet mgs $cmd --nid $nid \
619 --idtype uid --id $id)
620 if [ $fs_id != $id ]; then
621 echo "expected $id, got $fs_id"
627 ## ensure allow_root_access is enabled
628 for ((i = 0; i < NODEMAP_COUNT; i++)); do
629 local csum=${HOSTNAME_CHECKSUM}_${i}
631 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
632 --property admin --value 1; then
633 error "nodemap_modify $csum failed with $?"
638 ## check that root allowed
639 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
640 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
641 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
642 if [ $fs_id != 0 ]; then
643 echo "root allowed expected 0, got $fs_id"
648 ## ensure allow_root_access is disabled
649 for ((i = 0; i < NODEMAP_COUNT; i++)); do
650 local csum=${HOSTNAME_CHECKSUM}_${i}
652 if ! do_facet mgs $LCTL nodemap_modify --name $csum \
653 --property admin --value 0; then
654 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
660 ## check that root is mapped to 99
661 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
662 nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
663 fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
664 if [ $fs_id != 99 ]; then
665 error "root squash expected 99, got $fs_id"
670 ## reset client trust to 0
671 for ((i = 0; i < NODEMAP_COUNT; i++)); do
672 if ! do_facet mgs $LCTL nodemap_modify \
673 --name ${HOSTNAME_CHECKSUM}_${i} \
674 --property trusted --value 0; then
675 error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
687 remote_mgs_nodsh && skip "remote MGS with nodsh"
688 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
689 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
693 [[ $rc != 0 ]] && error "nodemap_add failed with $rc"
697 [[ $rc != 0 ]] && error "nodemap_del failed with $rc"
701 run_test 7 "nodemap create and delete"
706 remote_mgs_nodsh && skip "remote MGS with nodsh"
707 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
708 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
714 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
720 [[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
726 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
730 run_test 8 "nodemap reject duplicates"
736 remote_mgs_nodsh && skip "remote MGS with nodsh"
737 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
738 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
743 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
746 for ((i = 0; i < NODEMAP_COUNT; i++)); do
747 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
751 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
754 for ((i = 0; i < NODEMAP_COUNT; i++)); do
755 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
759 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
764 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
768 run_test 9 "nodemap range add"
773 remote_mgs_nodsh && skip "remote MGS with nodsh"
774 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
775 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
780 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
783 for ((i = 0; i < NODEMAP_COUNT; i++)); do
784 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
788 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
791 for ((i = 0; i < NODEMAP_COUNT; i++)); do
792 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
796 [[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
801 for ((i = 0; i < NODEMAP_COUNT; i++)); do
802 if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
806 [[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
810 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 5
814 run_test 10a "nodemap reject duplicate ranges"
817 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
818 skip "Need MGS >= 2.10.53"
822 local nids="192.168.19.[0-255]@o2ib20"
824 do_facet mgs $LCTL nodemap_del $nm1 2>/dev/null
825 do_facet mgs $LCTL nodemap_del $nm2 2>/dev/null
827 do_facet mgs $LCTL nodemap_add $nm1 || error "Add $nm1 failed"
828 do_facet mgs $LCTL nodemap_add $nm2 || error "Add $nm2 failed"
829 do_facet mgs $LCTL nodemap_add_range --name $nm1 --range $nids ||
830 error "Add range $nids to $nm1 failed"
831 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
832 grep start_nid)" ] || error "No range was found"
833 do_facet mgs $LCTL nodemap_del_range --name $nm2 --range $nids &&
834 error "Deleting range $nids from $nm2 should fail"
835 [ -n "$(do_facet mgs $LCTL get_param nodemap.$nm1.* |
836 grep start_nid)" ] || error "Range $nids should be there"
838 do_facet mgs $LCTL nodemap_del $nm1 || error "Delete $nm1 failed"
839 do_facet mgs $LCTL nodemap_del $nm2 || error "Delete $nm2 failed"
842 run_test 10b "delete range from the correct nodemap"
844 test_10c() { #LU-8912
845 [ "$MGS_VERSION" -lt $(version_code 2.10.57) ] &&
846 skip "Need MGS >= 2.10.57"
848 local nm="nodemap_lu8912"
849 local nid_range="10.210.[32-47].[0-255]@o2ib3"
850 local start_nid="10.210.32.0@o2ib3"
851 local end_nid="10.210.47.255@o2ib3"
852 local start_nid_found
855 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
856 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
857 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
858 error "Add range $nid_range to $nm failed"
860 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
861 awk -F '[,: ]' /start_nid/'{ print $9 }')
862 [ "$start_nid" == "$start_nid_found" ] ||
863 error "start_nid: $start_nid_found != $start_nid"
864 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
865 awk -F '[,: ]' /end_nid/'{ print $13 }')
866 [ "$end_nid" == "$end_nid_found" ] ||
867 error "end_nid: $end_nid_found != $end_nid"
869 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
872 run_test 10c "verfify contiguous range support"
874 test_10d() { #LU-8913
875 [ "$MGS_VERSION" -lt $(version_code 2.10.59) ] &&
876 skip "Need MGS >= 2.10.59"
878 local nm="nodemap_lu8913"
879 local nid_range="*@o2ib3"
880 local start_nid="0.0.0.0@o2ib3"
881 local end_nid="255.255.255.255@o2ib3"
882 local start_nid_found
885 do_facet mgs $LCTL nodemap_del $nm 2>/dev/null
886 do_facet mgs $LCTL nodemap_add $nm || error "Add $nm failed"
887 do_facet mgs $LCTL nodemap_add_range --name $nm --range $nid_range ||
888 error "Add range $nid_range to $nm failed"
890 start_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
891 awk -F '[,: ]' /start_nid/'{ print $9 }')
892 [ "$start_nid" == "$start_nid_found" ] ||
893 error "start_nid: $start_nid_found != $start_nid"
894 end_nid_found=$(do_facet mgs $LCTL get_param nodemap.$nm.* |
895 awk -F '[,: ]' /end_nid/'{ print $13 }')
896 [ "$end_nid" == "$end_nid_found" ] ||
897 error "end_nid: $end_nid_found != $end_nid"
899 do_facet mgs $LCTL nodemap_del $nm || error "Delete $nm failed"
902 run_test 10d "verfify nodemap range format '*@<net>' support"
907 remote_mgs_nodsh && skip "remote MGS with nodsh"
908 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
909 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
914 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
917 for ((i = 0; i < NODEMAP_COUNT; i++)); do
918 if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
922 [[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
927 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
931 run_test 11 "nodemap modify"
936 remote_mgs_nodsh && skip "remote MGS with nodsh"
937 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
938 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
943 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
946 for ((i = 0; i < NODEMAP_COUNT; i++)); do
947 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
951 [[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
954 for ((i = 0; i < NODEMAP_COUNT; i++)); do
955 if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
959 [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
964 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
968 run_test 12 "nodemap set squash ids"
973 remote_mgs_nodsh && skip "remote MGS with nodsh"
974 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
975 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
980 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
983 for ((i = 0; i < NODEMAP_COUNT; i++)); do
984 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
988 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
991 for ((i = 0; i < NODEMAP_COUNT; i++)); do
992 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
993 for k in $NODEMAP_IPADDR_LIST; do
994 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
995 ${HOSTNAME_CHECKSUM}_${i}; then
1001 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
1006 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
1010 run_test 13 "test nids"
1015 remote_mgs_nodsh && skip "remote MGS with nodsh"
1016 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1017 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1022 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1025 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1026 for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
1027 for k in $NODEMAP_IPADDR_LIST; do
1028 if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
1035 [[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
1040 [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
1044 run_test 14 "test default nodemap nid lookup"
1049 remote_mgs_nodsh && skip "remote MGS with nodsh"
1050 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1051 skip "No nodemap on $MGS_VERSION MGS < 2.5.53"
1056 [[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
1059 for ((i = 0; i < NODEMAP_COUNT; i++)); do
1060 if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
1064 [[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
1069 [[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
1071 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
1072 if [[ "$activedefault" != "1" ]]; then
1073 stack_trap cleanup_active EXIT
1079 [[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
1084 [[ $rc != 0 ]] && error "update_idmaps failed with $rc" && return 5
1089 [[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 6
1094 [[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 7
1098 run_test 15 "test id mapping"
1100 create_fops_nodemaps() {
1103 for client in $clients; do
1104 local client_ip=$(host_nids_address $client $NETTYPE)
1105 local client_nid=$(h2nettype $client_ip)
1106 do_facet mgs $LCTL nodemap_add c${i} || return 1
1107 do_facet mgs $LCTL nodemap_add_range \
1108 --name c${i} --range $client_nid || return 1
1109 for map in ${FOPS_IDMAPS[i]}; do
1110 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1111 --idtype uid --idmap ${map} || return 1
1112 do_facet mgs $LCTL nodemap_add_idmap --name c${i} \
1113 --idtype gid --idmap ${map} || return 1
1116 wait_nm_sync c$i idmap
1123 delete_fops_nodemaps() {
1126 for client in $clients; do
1127 do_facet mgs $LCTL nodemap_del c${i} || return 1
1135 if [ $MDSCOUNT -le 1 ]; then
1136 do_node ${clients_arr[0]} mkdir -p $DIR/$tdir
1138 # round-robin MDTs to test DNE nodemap support
1139 [ ! -d $DIR ] && do_node ${clients_arr[0]} mkdir -p $DIR
1140 do_node ${clients_arr[0]} $LFS setdirstripe -c 1 -i \
1141 $((fops_mds_index % MDSCOUNT)) $DIR/$tdir
1142 ((fops_mds_index++))
1146 # acl test directory needs to be initialized on a privileged client
1148 local admin=$(do_facet mgs $LCTL get_param -n nodemap.c0.admin_nodemap)
1149 local trust=$(do_facet mgs $LCTL get_param -n \
1150 nodemap.c0.trusted_nodemap)
1152 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1153 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1155 wait_nm_sync c0 admin_nodemap
1156 wait_nm_sync c0 trusted_nodemap
1158 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1160 do_node ${clients_arr[0]} chown $user $DIR/$tdir
1162 do_facet mgs $LCTL nodemap_modify --name c0 \
1163 --property admin --value $admin
1164 do_facet mgs $LCTL nodemap_modify --name c0 \
1165 --property trusted --value $trust
1167 # flush MDT locks to make sure they are reacquired before test
1168 do_node ${clients_arr[0]} $LCTL set_param \
1169 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1171 wait_nm_sync c0 admin_nodemap
1172 wait_nm_sync c0 trusted_nodemap
1175 # fileset test directory needs to be initialized on a privileged client
1176 fileset_test_setup() {
1179 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1180 cleanup_mount $MOUNT
1181 FILESET="" zconf_mount_clients $CLIENTS $MOUNT
1184 local admin=$(do_facet mgs $LCTL get_param -n \
1185 nodemap.${nm}.admin_nodemap)
1186 local trust=$(do_facet mgs $LCTL get_param -n \
1187 nodemap.${nm}.trusted_nodemap)
1189 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1190 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1193 wait_nm_sync $nm admin_nodemap
1194 wait_nm_sync $nm trusted_nodemap
1196 # create directory and populate it for subdir mount
1197 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir ||
1198 error "unable to create dir $MOUNT/$subdir"
1199 do_node ${clients_arr[0]} touch $MOUNT/$subdir/this_is_$subdir ||
1200 error "unable to create file $MOUNT/$subdir/this_is_$subdir"
1201 do_node ${clients_arr[0]} mkdir $MOUNT/$subdir/$subsubdir ||
1202 error "unable to create dir $MOUNT/$subdir/$subsubdir"
1203 do_node ${clients_arr[0]} touch \
1204 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir ||
1205 error "unable to create file \
1206 $MOUNT/$subdir/$subsubdir/this_is_$subsubdir"
1208 do_facet mgs $LCTL nodemap_modify --name $nm \
1209 --property admin --value $admin
1210 do_facet mgs $LCTL nodemap_modify --name $nm \
1211 --property trusted --value $trust
1213 # flush MDT locks to make sure they are reacquired before test
1214 do_node ${clients_arr[0]} $LCTL set_param \
1215 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1217 wait_nm_sync $nm admin_nodemap
1218 wait_nm_sync $nm trusted_nodemap
1221 # fileset test directory needs to be initialized on a privileged client
1222 fileset_test_cleanup() {
1224 local admin=$(do_facet mgs $LCTL get_param -n \
1225 nodemap.${nm}.admin_nodemap)
1226 local trust=$(do_facet mgs $LCTL get_param -n \
1227 nodemap.${nm}.trusted_nodemap)
1229 do_facet mgs $LCTL nodemap_modify --name $nm --property admin --value 1
1230 do_facet mgs $LCTL nodemap_modify --name $nm --property trusted \
1233 wait_nm_sync $nm admin_nodemap
1234 wait_nm_sync $nm trusted_nodemap
1236 # cleanup directory created for subdir mount
1237 do_node ${clients_arr[0]} rm -rf $MOUNT/$subdir ||
1238 error "unable to remove dir $MOUNT/$subdir"
1240 do_facet mgs $LCTL nodemap_modify --name $nm \
1241 --property admin --value $admin
1242 do_facet mgs $LCTL nodemap_modify --name $nm \
1243 --property trusted --value $trust
1245 # flush MDT locks to make sure they are reacquired before test
1246 do_node ${clients_arr[0]} $LCTL set_param \
1247 ldlm.namespaces.$FSNAME-MDT*.lru_size=clear
1249 wait_nm_sync $nm admin_nodemap
1250 wait_nm_sync $nm trusted_nodemap
1251 if [ -n "$FILESET" -a -z "$SKIP_FILESET" ]; then
1252 cleanup_mount $MOUNT
1253 zconf_mount_clients $CLIENTS $MOUNT
1257 do_create_delete() {
1260 local testfile=$DIR/$tdir/$tfile
1264 if $run_u touch $testfile >& /dev/null; then
1266 $run_u rm $testfile && d=1
1270 local expected=$(get_cr_del_expected $key)
1271 [ "$res" != "$expected" ] &&
1272 error "test $key, wanted $expected, got $res" && rc=$((rc + 1))
1276 nodemap_check_quota() {
1278 $run_u lfs quota -q $DIR | awk '{ print $2; exit; }'
1281 do_fops_quota_test() {
1283 # fuzz quota used to account for possible indirect blocks, etc
1284 local quota_fuzz=$(fs_log_size)
1285 local qused_orig=$(nodemap_check_quota "$run_u")
1286 local qused_high=$((qused_orig + quota_fuzz))
1287 local qused_low=$((qused_orig - quota_fuzz))
1288 local testfile=$DIR/$tdir/$tfile
1289 $run_u dd if=/dev/zero of=$testfile oflag=sync bs=1M count=1 \
1290 >& /dev/null || error "unable to write quota test file"
1291 sync; sync_all_data || true
1293 local qused_new=$(nodemap_check_quota "$run_u")
1294 [ $((qused_new)) -lt $((qused_low + 1024)) -o \
1295 $((qused_new)) -gt $((qused_high + 1024)) ] &&
1296 error "$qused_new != $qused_orig + 1M after write, " \
1297 "fuzz is $quota_fuzz"
1298 $run_u rm $testfile || error "unable to remove quota test file"
1299 wait_delete_completed_mds
1301 qused_new=$(nodemap_check_quota "$run_u")
1302 [ $((qused_new)) -lt $((qused_low)) \
1303 -o $((qused_new)) -gt $((qused_high)) ] &&
1304 error "quota not reclaimed, expect $qused_orig, " \
1305 "got $qused_new, fuzz $quota_fuzz"
1308 get_fops_mapped_user() {
1311 for ((i=0; i < ${#FOPS_IDMAPS[@]}; i++)); do
1312 for map in ${FOPS_IDMAPS[i]}; do
1313 if [ $(cut -d: -f1 <<< "$map") == $cli_user ]; then
1314 cut -d: -f2 <<< "$map"
1322 get_cr_del_expected() {
1324 IFS=":" read -a key <<< "$1"
1325 local mapmode="${key[0]}"
1326 local mds_user="${key[1]}"
1327 local cluster="${key[2]}"
1328 local cli_user="${key[3]}"
1329 local mode="0${key[4]}"
1336 [[ $mapmode == *mapped* ]] && mapped=1
1337 # only c1 is mapped in these test cases
1338 [[ $mapmode == mapped_trusted* ]] && [ "$cluster" == "c0" ] && mapped=0
1339 [[ $mapmode == *noadmin* ]] && noadmin=1
1341 # o+wx works as long as the user isn't mapped
1342 if [ $((mode & 3)) -eq 3 ]; then
1346 # if client user is root, check if root is squashed
1347 if [ "$cli_user" == "0" ]; then
1348 # squash root succeed, if other bit is on
1351 1) [ "$other" == "1" ] && echo $SUCCESS
1352 [ "$other" == "0" ] && echo $FAILURE;;
1356 if [ "$mapped" == "0" ]; then
1357 [ "$other" == "1" ] && echo $SUCCESS
1358 [ "$other" == "0" ] && echo $FAILURE
1362 # if mapped user is mds user, check for u+wx
1363 mapped_user=$(get_fops_mapped_user $cli_user)
1364 [ "$mapped_user" == "-1" ] &&
1365 error "unable to find mapping for client user $cli_user"
1367 if [ "$mapped_user" == "$mds_user" -a \
1368 $(((mode & 0300) == 0300)) -eq 1 ]; then
1372 if [ "$mapped_user" != "$mds_user" -a "$other" == "1" ]; then
1379 test_fops_admin_cli_i=""
1380 test_fops_chmod_dir() {
1381 local current_cli_i=$1
1383 local dir_to_chmod=$3
1384 local new_admin_cli_i=""
1386 # do we need to set up a new admin client?
1387 [ "$current_cli_i" == "0" ] && [ "$test_fops_admin_cli_i" != "1" ] &&
1389 [ "$current_cli_i" != "0" ] && [ "$test_fops_admin_cli_i" != "0" ] &&
1392 # if only one client, and non-admin, need to flip admin everytime
1393 if [ "$num_clients" == "1" ]; then
1394 test_fops_admin_client=$clients
1395 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1396 nodemap.c0.admin_nodemap)
1397 if [ "$test_fops_admin_val" != "1" ]; then
1398 do_facet mgs $LCTL nodemap_modify \
1402 wait_nm_sync c0 admin_nodemap
1404 elif [ "$new_admin_cli_i" != "" ]; then
1405 # restore admin val to old admin client
1406 if [ "$test_fops_admin_cli_i" != "" ] &&
1407 [ "$test_fops_admin_val" != "1" ]; then
1408 do_facet mgs $LCTL nodemap_modify \
1409 --name c${test_fops_admin_cli_i} \
1411 --value $test_fops_admin_val
1412 wait_nm_sync c${test_fops_admin_cli_i} admin_nodemap
1415 test_fops_admin_cli_i=$new_admin_cli_i
1416 test_fops_admin_client=${clients_arr[$new_admin_cli_i]}
1417 test_fops_admin_val=$(do_facet mgs $LCTL get_param -n \
1418 nodemap.c${new_admin_cli_i}.admin_nodemap)
1420 if [ "$test_fops_admin_val" != "1" ]; then
1421 do_facet mgs $LCTL nodemap_modify \
1422 --name c${new_admin_cli_i} \
1425 wait_nm_sync c${new_admin_cli_i} admin_nodemap
1429 do_node $test_fops_admin_client chmod $perm_bits $DIR/$tdir || return 1
1431 # remove admin for single client if originally non-admin
1432 if [ "$num_clients" == "1" ] && [ "$test_fops_admin_val" != "1" ]; then
1433 do_facet mgs $LCTL nodemap_modify --name c0 --property admin \
1435 wait_nm_sync c0 admin_nodemap
1443 local single_client="$2"
1444 local client_user_list=([0]="0 $((IDBASE+3)) $((IDBASE+4))"
1445 [1]="0 $((IDBASE+5)) $((IDBASE+6))")
1448 local perm_bit_list="0 3 $((0300)) $((0303))"
1449 # SLOW tests 000-007, 010-070, 100-700 (octal modes)
1450 [ "$SLOW" == "yes" ] &&
1451 perm_bit_list="0 $(seq 1 7) $(seq 8 8 63) $(seq 64 64 511) \
1454 # step through mds users. -1 means root
1455 for mds_i in -1 0 1 2; do
1456 local user=$((mds_i + IDBASE))
1460 [ "$mds_i" == "-1" ] && user=0
1462 echo mkdir -p $DIR/$tdir
1465 for client in $clients; do
1467 for u in ${client_user_list[$cli_i]}; do
1468 local run_u="do_node $client \
1469 $RUNAS_CMD -u$u -g$u -G$u"
1470 for perm_bits in $perm_bit_list; do
1471 local mode=$(printf %03o $perm_bits)
1473 key="$mapmode:$user:c$cli_i:$u:$mode"
1474 test_fops_chmod_dir $cli_i $mode \
1476 error cannot chmod $key
1477 do_create_delete "$run_u" "$key"
1481 test_fops_chmod_dir $cli_i 777 $DIR/$tdir ||
1482 error cannot chmod $key
1483 do_fops_quota_test "$run_u"
1486 cli_i=$((cli_i + 1))
1487 [ "$single_client" == "1" ] && break
1494 nodemap_version_check () {
1495 remote_mgs_nodsh && skip "remote MGS with nodsh" && return 1
1496 [ "$MGS_VERSION" -lt $(version_code 2.5.53) ] &&
1497 skip "No nodemap on $MGS_VERSION MGS < 2.5.53" &&
1502 nodemap_test_setup() {
1504 local active_nodemap=1
1506 [ "$1" == "0" ] && active_nodemap=0
1508 do_nodes $(comma_list $(all_mdts_nodes)) \
1509 $LCTL set_param mdt.*.identity_upcall=NONE
1512 create_fops_nodemaps
1514 [[ $rc != 0 ]] && error "adding fops nodemaps failed $rc"
1516 do_facet mgs $LCTL nodemap_activate $active_nodemap
1519 do_facet mgs $LCTL nodemap_modify --name default \
1520 --property admin --value 1
1521 wait_nm_sync default admin_nodemap
1522 do_facet mgs $LCTL nodemap_modify --name default \
1523 --property trusted --value 1
1524 wait_nm_sync default trusted_nodemap
1527 nodemap_test_cleanup() {
1529 delete_fops_nodemaps
1531 [[ $rc != 0 ]] && error "removing fops nodemaps failed $rc"
1533 do_facet mgs $LCTL nodemap_modify --name default \
1534 --property admin --value 0
1535 wait_nm_sync default admin_nodemap
1536 do_facet mgs $LCTL nodemap_modify --name default \
1537 --property trusted --value 0
1538 wait_nm_sync default trusted_nodemap
1540 do_facet mgs $LCTL nodemap_activate 0
1541 wait_nm_sync active 0
1543 export SK_UNIQUE_NM=false
1547 nodemap_clients_admin_trusted() {
1551 for client in $clients; do
1552 do_facet mgs $LCTL nodemap_modify --name c0 \
1553 --property admin --value $admin
1554 do_facet mgs $LCTL nodemap_modify --name c0 \
1555 --property trusted --value $tr
1558 wait_nm_sync c$((i - 1)) admin_nodemap
1559 wait_nm_sync c$((i - 1)) trusted_nodemap
1563 nodemap_version_check || return 0
1564 nodemap_test_setup 0
1566 trap nodemap_test_cleanup EXIT
1568 nodemap_test_cleanup
1570 run_test 16 "test nodemap all_off fileops"
1574 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1575 skip "Need MDS >= 2.11.55"
1578 nodemap_version_check || return 0
1581 trap nodemap_test_cleanup EXIT
1582 nodemap_clients_admin_trusted 0 1
1583 test_fops trusted_noadmin 1
1584 nodemap_test_cleanup
1586 run_test 17 "test nodemap trusted_noadmin fileops"
1590 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1591 skip "Need MDS >= 2.11.55"
1594 nodemap_version_check || return 0
1597 trap nodemap_test_cleanup EXIT
1598 nodemap_clients_admin_trusted 0 0
1599 test_fops mapped_noadmin 1
1600 nodemap_test_cleanup
1602 run_test 18 "test nodemap mapped_noadmin fileops"
1606 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1607 skip "Need MDS >= 2.11.55"
1610 nodemap_version_check || return 0
1613 trap nodemap_test_cleanup EXIT
1614 nodemap_clients_admin_trusted 1 1
1615 test_fops trusted_admin 1
1616 nodemap_test_cleanup
1618 run_test 19 "test nodemap trusted_admin fileops"
1622 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1623 skip "Need MDS >= 2.11.55"
1626 nodemap_version_check || return 0
1629 trap nodemap_test_cleanup EXIT
1630 nodemap_clients_admin_trusted 1 0
1631 test_fops mapped_admin 1
1632 nodemap_test_cleanup
1634 run_test 20 "test nodemap mapped_admin fileops"
1638 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1639 skip "Need MDS >= 2.11.55"
1642 nodemap_version_check || return 0
1645 trap nodemap_test_cleanup EXIT
1648 for client in $clients; do
1649 do_facet mgs $LCTL nodemap_modify --name c${i} \
1650 --property admin --value 0
1651 do_facet mgs $LCTL nodemap_modify --name c${i} \
1652 --property trusted --value $x
1656 wait_nm_sync c$((i - 1)) trusted_nodemap
1658 test_fops mapped_trusted_noadmin
1659 nodemap_test_cleanup
1661 run_test 21 "test nodemap mapped_trusted_noadmin fileops"
1665 [ "$MDS1_VERSION" -lt $(version_code 2.11.55) ]; then
1666 skip "Need MDS >= 2.11.55"
1669 nodemap_version_check || return 0
1672 trap nodemap_test_cleanup EXIT
1675 for client in $clients; do
1676 do_facet mgs $LCTL nodemap_modify --name c${i} \
1677 --property admin --value 1
1678 do_facet mgs $LCTL nodemap_modify --name c${i} \
1679 --property trusted --value $x
1683 wait_nm_sync c$((i - 1)) trusted_nodemap
1685 test_fops mapped_trusted_admin
1686 nodemap_test_cleanup
1688 run_test 22 "test nodemap mapped_trusted_admin fileops"
1690 # acl test directory needs to be initialized on a privileged client
1691 nodemap_acl_test_setup() {
1692 local admin=$(do_facet mgs $LCTL get_param -n \
1693 nodemap.c0.admin_nodemap)
1694 local trust=$(do_facet mgs $LCTL get_param -n \
1695 nodemap.c0.trusted_nodemap)
1697 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1698 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1700 wait_nm_sync c0 admin_nodemap
1701 wait_nm_sync c0 trusted_nodemap
1703 do_node ${clients_arr[0]} rm -rf $DIR/$tdir
1705 do_node ${clients_arr[0]} chmod a+rwx $DIR/$tdir ||
1706 error unable to chmod a+rwx test dir $DIR/$tdir
1708 do_facet mgs $LCTL nodemap_modify --name c0 \
1709 --property admin --value $admin
1710 do_facet mgs $LCTL nodemap_modify --name c0 \
1711 --property trusted --value $trust
1713 wait_nm_sync c0 trusted_nodemap
1716 # returns 0 if the number of ACLs does not change on the second (mapped) client
1717 # after being set on the first client
1718 nodemap_acl_test() {
1720 local set_client="$2"
1721 local get_client="$3"
1722 local check_setfacl="$4"
1723 local setfacl_error=0
1724 local testfile=$DIR/$tdir/$tfile
1725 local RUNAS_USER="$RUNAS_CMD -u $user"
1727 local acl_count_post=0
1729 nodemap_acl_test_setup
1732 do_node $set_client $RUNAS_USER touch $testfile
1734 # ACL masks aren't filtered by nodemap code, so we ignore them
1735 acl_count=$(do_node $get_client getfacl $testfile | grep -v mask |
1737 do_node $set_client $RUNAS_USER setfacl -m $user:rwx $testfile ||
1740 # if check setfacl is set to 1, then it's supposed to error
1741 if [ "$check_setfacl" == "1" ]; then
1742 [ "$setfacl_error" != "1" ] && return 1
1745 [ "$setfacl_error" == "1" ] && echo "WARNING: unable to setfacl"
1747 acl_count_post=$(do_node $get_client getfacl $testfile | grep -v mask |
1749 [ $acl_count -eq $acl_count_post ] && return 0
1754 [ $num_clients -lt 2 ] && skip "Need 2 clients at least" && return
1755 nodemap_version_check || return 0
1758 trap nodemap_test_cleanup EXIT
1759 # 1 trusted cluster, 1 mapped cluster
1760 local unmapped_fs=$((IDBASE+0))
1761 local unmapped_c1=$((IDBASE+5))
1762 local mapped_fs=$((IDBASE+2))
1763 local mapped_c0=$((IDBASE+4))
1764 local mapped_c1=$((IDBASE+6))
1766 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1767 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 1
1769 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 0
1770 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 0
1772 wait_nm_sync c1 trusted_nodemap
1774 # setfacl on trusted cluster to unmapped user, verify it's not seen
1775 nodemap_acl_test $unmapped_fs ${clients_arr[0]} ${clients_arr[1]} ||
1776 error "acl count (1)"
1778 # setfacl on trusted cluster to mapped user, verify it's seen
1779 nodemap_acl_test $mapped_fs ${clients_arr[0]} ${clients_arr[1]} &&
1780 error "acl count (2)"
1782 # setfacl on mapped cluster to mapped user, verify it's seen
1783 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1784 error "acl count (3)"
1786 # setfacl on mapped cluster to unmapped user, verify error
1787 nodemap_acl_test $unmapped_fs ${clients_arr[1]} ${clients_arr[0]} 1 ||
1788 error "acl count (4)"
1791 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 0
1792 do_facet mgs $LCTL nodemap_modify --name c0 --property trusted --value 0
1794 wait_nm_sync c0 trusted_nodemap
1796 # setfacl to mapped user on c1, also mapped to c0, verify it's seen
1797 nodemap_acl_test $mapped_c1 ${clients_arr[1]} ${clients_arr[0]} &&
1798 error "acl count (5)"
1800 # setfacl to mapped user on c1, not mapped to c0, verify not seen
1801 nodemap_acl_test $unmapped_c1 ${clients_arr[1]} ${clients_arr[0]} ||
1802 error "acl count (6)"
1804 nodemap_test_cleanup
1806 run_test 23a "test mapped regular ACLs"
1808 test_23b() { #LU-9929
1809 [ $num_clients -lt 2 ] && skip "Need 2 clients at least"
1810 [ "$MGS_VERSION" -lt $(version_code 2.10.53) ] &&
1811 skip "Need MGS >= 2.10.53"
1813 export SK_UNIQUE_NM=true
1815 trap nodemap_test_cleanup EXIT
1817 local testdir=$DIR/$tdir
1818 local fs_id=$((IDBASE+10))
1823 do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
1824 wait_nm_sync c0 admin_nodemap
1825 do_facet mgs $LCTL nodemap_modify --name c1 --property admin --value 1
1826 wait_nm_sync c1 admin_nodemap
1827 do_facet mgs $LCTL nodemap_modify --name c1 --property trusted --value 1
1828 wait_nm_sync c1 trusted_nodemap
1830 # Add idmap $ID0:$fs_id (500:60010)
1831 do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
1832 --idmap $ID0:$fs_id ||
1833 error "add idmap $ID0:$fs_id to nodemap c0 failed"
1834 wait_nm_sync c0 idmap
1836 # set/getfacl default acl on client 1 (unmapped gid=500)
1837 do_node ${clients_arr[0]} rm -rf $testdir
1838 do_node ${clients_arr[0]} mkdir -p $testdir
1839 # Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
1840 do_node ${clients_arr[0]} setfacl -R -d -m group:$USER0:rwx $testdir ||
1841 error "setfacl $testdir on ${clients_arr[0]} failed"
1842 unmapped_id=$(do_node ${clients_arr[0]} getfacl $testdir |
1843 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1844 [ "$unmapped_id" = "$USER0" ] ||
1845 error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
1847 # getfacl default acl on client 2 (mapped gid=60010)
1848 mapped_id=$(do_node ${clients_arr[1]} getfacl $testdir |
1849 grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
1850 fs_user=$(do_node ${clients_arr[1]} getent passwd |
1851 grep :$fs_id:$fs_id: | cut -d: -f1)
1852 [ -z "$fs_user" ] && fs_user=$fs_id
1853 [ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
1854 error "Should return gid=$fs_id or $fs_user on client2"
1857 nodemap_test_cleanup
1858 export SK_UNIQUE_NM=false
1860 run_test 23b "test mapped default ACLs"
1865 trap nodemap_test_cleanup EXIT
1866 do_nodes $(comma_list $(all_server_nodes)) $LCTL get_param -R nodemap
1868 nodemap_test_cleanup
1870 run_test 24 "check nodemap proc files for LBUGs and Oopses"
1873 local tmpfile=$(mktemp)
1874 local tmpfile2=$(mktemp)
1875 local tmpfile3=$(mktemp)
1876 local tmpfile4=$(mktemp)
1880 nodemap_version_check || return 0
1882 # stop clients for this test
1883 zconf_umount_clients $CLIENTS $MOUNT ||
1884 error "unable to umount clients $CLIENTS"
1886 export SK_UNIQUE_NM=true
1889 # enable trusted/admin for setquota call in cleanup_and_setup_lustre()
1891 for client in $clients; do
1892 do_facet mgs $LCTL nodemap_modify --name c${i} \
1893 --property admin --value 1
1894 do_facet mgs $LCTL nodemap_modify --name c${i} \
1895 --property trusted --value 1
1898 wait_nm_sync c$((i - 1)) trusted_nodemap
1900 trap nodemap_test_cleanup EXIT
1902 # create a new, empty nodemap, and add fileset info to it
1903 do_facet mgs $LCTL nodemap_add test25 ||
1904 error "unable to create nodemap $testname"
1905 do_facet mgs $LCTL set_param -P nodemap.$testname.fileset=/$subdir ||
1906 error "unable to add fileset info to nodemap test25"
1908 wait_nm_sync test25 id
1910 do_facet mgs $LCTL nodemap_info > $tmpfile
1911 do_facet mds $LCTL nodemap_info > $tmpfile2
1913 if ! $SHARED_KEY; then
1914 # will conflict with SK's nodemaps
1915 cleanup_and_setup_lustre
1917 # stop clients for this test
1918 zconf_umount_clients $CLIENTS $MOUNT ||
1919 error "unable to umount clients $CLIENTS"
1921 do_facet mgs $LCTL nodemap_info > $tmpfile3
1922 diff -q $tmpfile3 $tmpfile >& /dev/null ||
1923 error "nodemap_info diff on MGS after remount"
1925 do_facet mds $LCTL nodemap_info > $tmpfile4
1926 diff -q $tmpfile4 $tmpfile2 >& /dev/null ||
1927 error "nodemap_info diff on MDS after remount"
1930 do_facet mgs $LCTL nodemap_del test25 ||
1931 error "cannot delete nodemap test25 from config"
1932 nodemap_test_cleanup
1933 # restart clients previously stopped
1934 zconf_mount_clients $CLIENTS $MOUNT ||
1935 error "unable to mount clients $CLIENTS"
1937 rm -f $tmpfile $tmpfile2
1938 export SK_UNIQUE_NM=false
1940 run_test 25 "test save and reload nodemap config"
1943 nodemap_version_check || return 0
1947 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_add"
1948 wait_nm_sync c$large_i admin_nodemap
1950 do_facet mgs "seq -f 'c%g' $large_i | xargs -n1 $LCTL nodemap_del"
1951 wait_nm_sync c$large_i admin_nodemap
1953 run_test 26 "test transferring very large nodemap"
1955 nodemap_exercise_fileset() {
1960 if [ "$nm" == "default" ]; then
1961 do_facet mgs $LCTL nodemap_activate 1
1966 if $SHARED_KEY; then
1967 export SK_UNIQUE_NM=true
1969 # will conflict with SK's nodemaps
1970 trap "fileset_test_cleanup $nm" EXIT
1972 fileset_test_setup "$nm"
1974 # add fileset info to $nm nodemap
1975 if ! combined_mgs_mds; then
1976 do_facet mgs $LCTL set_param nodemap.${nm}.fileset=/$subdir ||
1977 error "unable to add fileset info to $nm nodemap on MGS"
1979 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=/$subdir ||
1980 error "unable to add fileset info to $nm nodemap for servers"
1981 wait_nm_sync $nm fileset "nodemap.${nm}.fileset=/$subdir"
1984 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
1985 error "unable to umount client ${clients_arr[0]}"
1986 # set some generic fileset to trigger SSK code
1988 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
1989 error "unable to remount client ${clients_arr[0]}"
1992 # test mount point content
1993 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subdir ||
1994 error "fileset not taken into account"
1996 # re-mount client with sub-subdir
1997 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
1998 error "unable to umount client ${clients_arr[0]}"
1999 export FILESET=/$subsubdir
2000 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2001 error "unable to remount client ${clients_arr[0]}"
2004 # test mount point content
2005 do_node ${clients_arr[0]} test -f $MOUNT/this_is_$subsubdir ||
2006 error "subdir of fileset not taken into account"
2008 # remove fileset info from nodemap
2009 do_facet mgs $LCTL nodemap_set_fileset --name $nm --fileset clear ||
2010 error "unable to delete fileset info on $nm nodemap"
2011 wait_update_facet mgs "$LCTL get_param nodemap.${nm}.fileset" \
2012 "nodemap.${nm}.fileset=" ||
2013 error "fileset info still not cleared on $nm nodemap"
2014 do_facet mgs $LCTL set_param -P nodemap.${nm}.fileset=clear ||
2015 error "unable to reset fileset info on $nm nodemap"
2016 wait_nm_sync $nm fileset "nodemap.${nm}.fileset="
2019 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2020 error "unable to umount client ${clients_arr[0]}"
2021 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2022 error "unable to remount client ${clients_arr[0]}"
2024 # test mount point content
2025 if ! $(do_node ${clients_arr[0]} test -d $MOUNT/$subdir); then
2027 error "fileset not cleared on $nm nodemap"
2030 # back to non-nodemap setup
2031 if $SHARED_KEY; then
2032 export SK_UNIQUE_NM=false
2033 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2034 error "unable to umount client ${clients_arr[0]}"
2036 fileset_test_cleanup "$nm"
2037 if [ "$nm" == "default" ]; then
2038 do_facet mgs $LCTL nodemap_activate 0
2039 wait_nm_sync active 0
2041 export SK_UNIQUE_NM=false
2043 nodemap_test_cleanup
2045 if $SHARED_KEY; then
2046 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2047 error "unable to remount client ${clients_arr[0]}"
2052 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2053 skip "Need MDS >= 2.11.50"
2055 for nm in "default" "c0"; do
2056 local subdir="subdir_${nm}"
2057 local subsubdir="subsubdir_${nm}"
2059 if [ "$nm" == "default" ] && [ "$SHARED_KEY" == "true" ]; then
2060 echo "Skipping nodemap $nm with SHARED_KEY";
2064 echo "Exercising fileset for nodemap $nm"
2065 nodemap_exercise_fileset "$nm"
2068 run_test 27a "test fileset in various nodemaps"
2070 test_27b() { #LU-10703
2071 [ "$MDS1_VERSION" -lt $(version_code 2.11.50) ] &&
2072 skip "Need MDS >= 2.11.50"
2073 [[ $MDSCOUNT -lt 2 ]] && skip "needs >= 2 MDTs"
2076 trap nodemap_test_cleanup EXIT
2078 # Add the nodemaps and set their filesets
2079 for i in $(seq 1 $MDSCOUNT); do
2080 do_facet mgs $LCTL nodemap_del nm$i 2>/dev/null
2081 do_facet mgs $LCTL nodemap_add nm$i ||
2082 error "add nodemap nm$i failed"
2083 wait_nm_sync nm$i "" "" "-N"
2085 if ! combined_mgs_mds; then
2087 $LCTL set_param nodemap.nm$i.fileset=/dir$i ||
2088 error "set nm$i.fileset=/dir$i failed on MGS"
2090 do_facet mgs $LCTL set_param -P nodemap.nm$i.fileset=/dir$i ||
2091 error "set nm$i.fileset=/dir$i failed on servers"
2092 wait_nm_sync nm$i fileset "nodemap.nm$i.fileset=/dir$i"
2095 # Check if all the filesets are correct
2096 for i in $(seq 1 $MDSCOUNT); do
2097 fileset=$(do_facet mds$i \
2098 $LCTL get_param -n nodemap.nm$i.fileset)
2099 [ "$fileset" = "/dir$i" ] ||
2100 error "nm$i.fileset $fileset != /dir$i on mds$i"
2101 do_facet mgs $LCTL nodemap_del nm$i ||
2102 error "delete nodemap nm$i failed"
2105 nodemap_test_cleanup
2107 run_test 27b "The new nodemap won't clear the old nodemap's fileset"
2110 if ! $SHARED_KEY; then
2111 skip "need shared key feature for this test" && return
2113 mkdir -p $DIR/$tdir || error "mkdir failed"
2114 touch $DIR/$tdir/$tdir.out || error "touch failed"
2115 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2116 error "read before rotation failed"
2118 # store top key identity to ensure rotation has occurred
2119 SK_IDENTITY_OLD=$(lctl get_param *.*.*srpc* | grep "expire" |
2120 head -1 | awk '{print $15}' | cut -c1-8)
2121 do_facet $SINGLEMDS lfs flushctx ||
2122 error "could not run flushctx on $SINGLEMDS"
2124 lfs flushctx || error "could not run flushctx on client"
2126 # verify new key is in place
2127 SK_IDENTITY_NEW=$(lctl get_param *.*.*srpc* | grep "expire" |
2128 head -1 | awk '{print $15}' | cut -c1-8)
2129 if [ $SK_IDENTITY_OLD == $SK_IDENTITY_NEW ]; then
2130 error "key did not rotate correctly"
2132 if [ ! -f $DIR/$tdir/$tdir.out ]; then
2133 error "read after rotation failed"
2136 run_test 28 "check shared key rotation method"
2139 if ! $SHARED_KEY; then
2140 skip "need shared key feature for this test" && return
2142 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2143 skip "test only valid if integrity is active"
2146 mkdir $DIR/$tdir || error "mkdir"
2147 touch $DIR/$tdir/$tfile || error "touch"
2148 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2149 error "unable to umount clients"
2150 do_node ${clients_arr[0]} "keyctl show |
2151 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2152 OLD_SK_PATH=$SK_PATH
2153 export SK_PATH=/dev/null
2154 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2155 export SK_PATH=$OLD_SK_PATH
2156 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tfile"
2157 if [ $? -eq 0 ]; then
2158 error "able to mount and read without key"
2160 error "able to mount without key"
2163 export SK_PATH=$OLD_SK_PATH
2164 do_node ${clients_arr[0]} "keyctl show |
2165 awk '/lustre/ { print \\\$1 }' |
2166 xargs -IX keyctl unlink X"
2168 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2169 error "unable to mount clients"
2171 run_test 29 "check for missing shared key"
2174 if ! $SHARED_KEY; then
2175 skip "need shared key feature for this test" && return
2177 if [ $SK_FLAVOR != "ski" ] && [ $SK_FLAVOR != "skpi" ]; then
2178 skip "test only valid if integrity is active"
2180 mkdir -p $DIR/$tdir || error "mkdir failed"
2181 touch $DIR/$tdir/$tdir.out || error "touch failed"
2182 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2183 error "unable to umount clients"
2184 # unload keys from ring
2185 do_node ${clients_arr[0]} "keyctl show |
2186 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2187 # generate key with bogus filesystem name
2188 do_node ${clients_arr[0]} "lgss_sk -w $SK_PATH/$FSNAME-bogus.key \
2189 -f $FSNAME.bogus -t client -d /dev/urandom" ||
2190 error "lgss_sk failed (1)"
2191 do_facet $SINGLEMDS lfs flushctx || error "could not run flushctx"
2192 OLD_SK_PATH=$SK_PATH
2193 export SK_PATH=$SK_PATH/$FSNAME-bogus.key
2194 if zconf_mount_clients ${clients_arr[0]} $MOUNT; then
2195 SK_PATH=$OLD_SK_PATH
2196 do_node ${clients_arr[0]} "ls $DIR/$tdir/$tdir.out"
2197 if [ $? -eq 0 ]; then
2198 error "mount and read file with invalid key"
2200 error "mount with invalid key"
2203 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2204 error "unable to umount clients"
2205 # unload keys from ring
2206 do_node ${clients_arr[0]} "keyctl show |
2207 awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
2209 SK_PATH=$OLD_SK_PATH
2210 zconf_mount_clients ${clients_arr[0]} $MOUNT ||
2211 error "unable to mount clients"
2213 run_test 30 "check for invalid shared key"
2218 mkdir -p $DIR/$tdir || error "mkdir $flvr"
2219 touch $DIR/$tdir/f0 || error "touch $flvr"
2220 ls $DIR/$tdir || error "ls $flvr"
2221 dd if=/dev/zero of=$DIR/$tdir/f0 conv=fsync bs=1M count=10 \
2222 >& /dev/null || error "dd $flvr"
2223 rm -f $DIR/$tdir/f0 || error "rm $flvr"
2224 rmdir $DIR/$tdir || error "rmdir $flvr"
2227 echo 3 > /proc/sys/vm/drop_caches
2231 local save_flvr=$SK_FLAVOR
2233 if ! $SHARED_KEY; then
2234 skip "need shared key feature for this test"
2237 stack_trap restore_to_default_flavor EXIT
2239 for flvr in skn ska ski skpi; do
2242 restore_to_default_flavor || error "cannot set $flvr flavor"
2243 SK_FLAVOR=$save_flvr
2248 run_test 30b "basic test of all different SSK flavors"
2252 zconf_umount $HOSTNAME $MOUNT || error "unable to umount client"
2254 # remove ${NETTYPE}999 network on all nodes
2255 do_nodes $(comma_list $(all_nodes)) \
2256 "$LNETCTL net del --net ${NETTYPE}999 && \
2257 $LNETCTL lnet unconfigure 2>/dev/null || true"
2259 # necessary to do writeconf in order to de-register
2260 # @${NETTYPE}999 nid for targets
2262 export KEEP_ZPOOL="true"
2264 export SK_MOUNTED=false
2267 export KEEP_ZPOOL="$KZPOOL"
2271 local nid=$(lctl list_nids | grep ${NETTYPE} | head -n1)
2272 local addr=${nid%@*}
2275 export LNETCTL=$(which lnetctl 2> /dev/null)
2277 [ -z "$LNETCTL" ] && skip "without lnetctl support." && return
2278 local_mode && skip "in local mode."
2280 stack_trap cleanup_31 EXIT
2283 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2284 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2286 if $(grep -q $MOUNT' ' /proc/mounts); then
2287 umount_client $MOUNT || error "umount $MOUNT failed"
2290 # check exports on servers are empty for client
2291 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2292 grep -q -" && error "export on MGS should be empty"
2293 do_nodes $(comma_list $(mdts_nodes) $(osts_nodes)) \
2294 "lctl get_param -n *.${FSNAME}*.exports.'$nid'.uuid \
2295 2>/dev/null | grep -q -" &&
2296 error "export on servers should be empty"
2298 # add network ${NETTYPE}999 on all nodes
2299 do_nodes $(comma_list $(all_nodes)) \
2300 "$LNETCTL lnet configure && $LNETCTL net add --if \
2301 \$($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2302 {if (inf==1) print \$2; fi; inf=0} /interfaces/{inf=1}') \
2303 --net ${NETTYPE}999" ||
2304 error "unable to configure NID ${NETTYPE}999"
2306 # necessary to do writeconf in order to register
2307 # new @${NETTYPE}999 nid for targets
2309 export KEEP_ZPOOL="true"
2311 export SK_MOUNTED=false
2313 setupall server_only || echo 1
2314 export KEEP_ZPOOL="$KZPOOL"
2317 local mgsnid_orig=$MGSNID
2318 # compute new MGSNID
2319 MGSNID=$(do_facet mgs "$LCTL list_nids | grep ${NETTYPE}999")
2321 # on client, turn LNet Dynamic Discovery on
2322 lnetctl set discovery 1
2324 # mount client with -o network=${NETTYPE}999 option:
2325 # should fail because of LNet Dynamic Discovery
2326 mount_client $MOUNT ${MOUNT_OPTS},network=${NETTYPE}999 &&
2327 error "client mount with '-o network' option should be refused"
2329 # on client, reconfigure LNet and turn LNet Dynamic Discovery off
2330 $LNETCTL net del --net ${NETTYPE}999 && lnetctl lnet unconfigure
2333 lnetctl set discovery 0
2335 $LNETCTL lnet configure && $LNETCTL net add --if \
2336 $($LNETCTL net show --net $net | awk 'BEGIN{inf=0} \
2337 {if (inf==1) print $2; fi; inf=0} /interfaces/{inf=1}') \
2338 --net ${NETTYPE}999 ||
2339 error "unable to configure NID ${NETTYPE}999 on client"
2341 # mount client with -o network=${NETTYPE}999 option
2342 mount_client $MOUNT ${MOUNT_OPTS},network=${NETTYPE}999 ||
2343 error "unable to remount client"
2348 # check export on MGS
2349 do_facet mgs "lctl get_param -n *.MGS*.exports.'$nid'.uuid 2>/dev/null |
2351 [ $? -ne 0 ] || error "export for $nid on MGS should not exist"
2354 "lctl get_param -n *.MGS*.exports.'${addr}@${NETTYPE}999'.uuid \
2355 2>/dev/null | grep -q -"
2357 error "export for ${addr}@${NETTYPE}999 on MGS should exist"
2359 # check {mdc,osc} imports
2360 lctl get_param mdc.${FSNAME}-*.import | grep current_connection |
2361 grep -q ${NETTYPE}999
2363 error "import for mdc should use ${addr}@${NETTYPE}999"
2364 lctl get_param osc.${FSNAME}-*.import | grep current_connection |
2365 grep -q ${NETTYPE}999
2367 error "import for osc should use ${addr}@${NETTYPE}999"
2369 run_test 31 "client mount option '-o network'"
2373 zconf_umount_clients ${clients_arr[0]} $MOUNT
2375 # disable sk flavor enforcement on MGS
2376 set_rule _mgs any any null
2378 # stop gss daemon on MGS
2379 if ! combined_mgs_mds ; then
2380 send_sigint $mgs_HOST lsvcgssd
2384 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2387 restore_to_default_flavor
2391 if ! $SHARED_KEY; then
2392 skip "need shared key feature for this test"
2395 stack_trap cleanup_32 EXIT
2397 # restore to default null flavor
2398 save_flvr=$SK_FLAVOR
2400 restore_to_default_flavor || error "cannot set null flavor"
2401 SK_FLAVOR=$save_flvr
2404 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2405 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2407 if $(grep -q $MOUNT' ' /proc/mounts); then
2408 umount_client $MOUNT || error "umount $MOUNT failed"
2411 # start gss daemon on MGS
2412 if combined_mgs_mds ; then
2413 send_sigint $mds_HOST lsvcgssd
2415 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2417 # add mgs key type and MGS NIDs in key on MGS
2418 do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
2419 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2420 error "could not modify keyfile on MGS"
2422 # load modified key file on MGS
2423 do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2424 error "could not load keyfile on MGS"
2426 # add MGS NIDs in key on client
2427 do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
2428 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2429 error "could not modify keyfile on MGS"
2431 # set perms for per-nodemap keys else permission denied
2432 do_nodes $(comma_list $(all_nodes)) \
2433 "keyctl show | grep lustre | cut -c1-11 |
2435 xargs -IX keyctl setperm X 0x3f3f3f3f"
2437 # re-mount client with mgssec=skn
2438 save_opts=$MOUNT_OPTS
2439 if [ -z "$MOUNT_OPTS" ]; then
2440 MOUNT_OPTS="-o mgssec=skn"
2442 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2444 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2445 error "mount ${clients_arr[0]} with mgssec=skn failed"
2446 MOUNT_OPTS=$save_opts
2449 zconf_umount_clients ${clients_arr[0]} $MOUNT ||
2450 error "umount ${clients_arr[0]} failed"
2452 # enforce ska flavor on MGS
2453 set_rule _mgs any any ska
2455 # re-mount client without mgssec
2456 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2457 error "mount ${clients_arr[0]} without mgssec should fail"
2459 # re-mount client with mgssec=skn
2460 save_opts=$MOUNT_OPTS
2461 if [ -z "$MOUNT_OPTS" ]; then
2462 MOUNT_OPTS="-o mgssec=skn"
2464 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2466 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
2467 error "mount ${clients_arr[0]} with mgssec=skn should fail"
2468 MOUNT_OPTS=$save_opts
2470 # re-mount client with mgssec=ska
2471 save_opts=$MOUNT_OPTS
2472 if [ -z "$MOUNT_OPTS" ]; then
2473 MOUNT_OPTS="-o mgssec=ska"
2475 MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
2477 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2478 error "mount ${clients_arr[0]} with mgssec=ska failed"
2479 MOUNT_OPTS=$save_opts
2483 run_test 32 "check for mgssec"
2486 # disable sk flavor enforcement
2487 set_rule $FSNAME any cli2mdt null
2488 wait_flavor cli2mdt null
2491 zconf_umount_clients ${clients_arr[0]} $MOUNT
2493 # stop gss daemon on MGS
2494 if ! combined_mgs_mds ; then
2495 send_sigint $mgs_HOST lsvcgssd
2499 MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
2502 restore_to_default_flavor
2506 if ! $SHARED_KEY; then
2507 skip "need shared key feature for this test"
2510 stack_trap cleanup_33 EXIT
2512 # restore to default null flavor
2513 save_flvr=$SK_FLAVOR
2515 restore_to_default_flavor || error "cannot set null flavor"
2516 SK_FLAVOR=$save_flvr
2519 if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
2520 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2522 if $(grep -q $MOUNT' ' /proc/mounts); then
2523 umount_client $MOUNT || error "umount $MOUNT failed"
2526 # start gss daemon on MGS
2527 if combined_mgs_mds ; then
2528 send_sigint $mds_HOST lsvcgssd
2530 start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
2532 # add mgs key type and MGS NIDs in key on MGS
2533 do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
2534 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2535 error "could not modify keyfile on MGS"
2537 # load modified key file on MGS
2538 do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2539 error "could not load keyfile on MGS"
2541 # add MGS NIDs in key on client
2542 do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
2543 $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
2544 error "could not modify keyfile on MGS"
2546 # set perms for per-nodemap keys else permission denied
2547 do_nodes $(comma_list $(all_nodes)) \
2548 "keyctl show | grep lustre | cut -c1-11 |
2550 xargs -IX keyctl setperm X 0x3f3f3f3f"
2552 # re-mount client with mgssec=skn
2553 save_opts=$MOUNT_OPTS
2554 if [ -z "$MOUNT_OPTS" ]; then
2555 MOUNT_OPTS="-o mgssec=skn"
2557 MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
2559 zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
2560 error "mount ${clients_arr[0]} with mgssec=skn failed"
2561 MOUNT_OPTS=$save_opts
2563 # enforce ska flavor for cli2mdt
2564 set_rule $FSNAME any cli2mdt ska
2565 wait_flavor cli2mdt ska
2567 # check error message
2568 $LCTL dk | grep "faked source" &&
2569 error "MGS connection srpc flags incorrect"
2573 run_test 33 "correct srpc flags for MGS connection"
2576 # restore deny_unknown
2577 do_facet mgs $LCTL nodemap_modify --name default \
2578 --property deny_unknown --value $denydefault
2579 if [ $? -ne 0 ]; then
2580 error_noexit "cannot reset deny_unknown on default nodemap"
2584 wait_nm_sync default deny_unknown
2591 [ $MGS_VERSION -lt $(version_code 2.12.51) ] &&
2592 skip "deny_unknown on default nm not supported before 2.12.51"
2594 activedefault=$(do_facet mgs $LCTL get_param -n nodemap.active)
2596 if [[ "$activedefault" != "1" ]]; then
2597 do_facet mgs $LCTL nodemap_activate 1
2599 stack_trap cleanup_active EXIT
2602 denydefault=$(do_facet mgs $LCTL get_param -n \
2603 nodemap.default.deny_unknown)
2604 [ -z "$denydefault" ] &&
2605 error "cannot get deny_unknown on default nodemap"
2606 if [ "$denydefault" -eq 0 ]; then
2612 do_facet mgs $LCTL nodemap_modify --name default \
2613 --property deny_unknown --value $denynew ||
2614 error "cannot set deny_unknown on default nodemap"
2616 [ "$(do_facet mgs $LCTL get_param -n nodemap.default.deny_unknown)" \
2618 error "setting deny_unknown on default nodemap did not work"
2620 stack_trap cleanup_34_deny EXIT
2622 wait_nm_sync default deny_unknown
2624 run_test 34 "deny_unknown on default nodemap"
2627 [ $(lustre_version_code $SINGLEMDS) -ge $(version_code 2.13.50) ] ||
2628 skip "Need MDS >= 2.13.50"
2630 # activate changelogs
2631 changelog_register || error "changelog_register failed"
2632 local cl_user="${CL_USERS[$SINGLEMDS]%% *}"
2633 changelog_users $SINGLEMDS | grep -q $cl_user ||
2634 error "User $cl_user not found in changelog_users"
2635 changelog_chmask ALL
2638 mkdir $DIR/$tdir || error "failed to mkdir $tdir"
2639 touch $DIR/$tdir/$tfile || error "failed to touch $tfile"
2641 # access changelogs with root
2642 changelog_dump || error "failed to dump changelogs"
2643 changelog_clear 0 || error "failed to clear changelogs"
2645 # put clients in non-admin nodemap
2647 stack_trap nodemap_test_cleanup EXIT
2648 for i in $(seq 0 $((num_clients-1))); do
2649 do_facet mgs $LCTL nodemap_modify --name c${i} \
2650 --property admin --value 0
2652 for i in $(seq 0 $((num_clients-1))); do
2653 wait_nm_sync c${i} admin_nodemap
2656 # access with mapped root
2657 changelog_dump && error "dump changelogs should have failed"
2658 changelog_clear 0 && error "clear changelogs should have failed"
2662 run_test 35 "Check permissions when accessing changelogs"
2664 setup_for_enc_tests() {
2665 # remount client with test_dummy_encryption option
2666 if is_mounted $MOUNT; then
2667 umount_client $MOUNT || error "umount $MOUNT failed"
2669 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2670 error "mount with '-o test_dummy_encryption' failed"
2672 # this directory will be encrypted, because of dummy mode
2676 cleanup_for_enc_tests() {
2677 # remount client normally
2678 if is_mounted $MOUNT; then
2679 umount_client $MOUNT || error "umount $MOUNT failed"
2681 mount_client $MOUNT ${MOUNT_OPTS} ||
2682 error "remount failed"
2684 if is_mounted $MOUNT2; then
2685 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
2687 if [ "$MOUNT_2" ]; then
2688 mount_client $MOUNT2 ${MOUNT_OPTS} ||
2689 error "remount failed"
2693 cleanup_nodemap_after_enc_tests() {
2694 do_facet mgs $LCTL nodemap_modify --name default \
2695 --property forbid_encryption --value 0
2696 wait_nm_sync default forbid_encryption
2697 do_facet mgs $LCTL nodemap_activate 0
2702 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2703 skip "client encryption not supported"
2705 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2706 skip "need dummy encryption support"
2708 stack_trap cleanup_for_enc_tests EXIT
2710 # first make sure it is possible to enable encryption
2711 # when nodemap is not active
2714 umount_client $MOUNT || error "umount $MOUNT failed (1)"
2716 # then activate nodemap, and retry
2717 # should succeed as encryption is not forbidden on default nodemap
2719 stack_trap cleanup_nodemap_after_enc_tests EXIT
2720 do_facet mgs $LCTL nodemap_activate 1
2722 forbid=$(do_facet mgs lctl get_param -n nodemap.default.forbid_encryption)
2723 [ $forbid -eq 0 ] || error "wrong default value for forbid_encryption"
2724 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption ||
2725 error "mount '-o test_dummy_encryption' failed with default"
2726 umount_client $MOUNT || error "umount $MOUNT failed (2)"
2728 # then forbid encryption, and retry
2729 do_facet mgs $LCTL nodemap_modify --name default \
2730 --property forbid_encryption --value 1
2731 wait_nm_sync default forbid_encryption
2732 mount_client $MOUNT ${MOUNT_OPTS},test_dummy_encryption &&
2733 error "mount '-o test_dummy_encryption' should have failed"
2736 run_test 36 "control if clients can use encryption"
2739 local testfile=$DIR/$tdir/$tfile
2740 local tmpfile=$TMP/abc
2741 local objdump=$TMP/objdump
2744 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2745 skip "client encryption not supported"
2747 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2748 skip "need dummy encryption support"
2750 [ "$ost1_FSTYPE" = ldiskfs ] || skip "ldiskfs only test (using debugfs)"
2752 stack_trap cleanup_for_enc_tests EXIT
2755 # write a few bytes in file
2756 echo "abc" > $tmpfile
2757 $LFS setstripe -c1 -i0 $testfile
2758 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2759 do_facet ost1 "sync; sync"
2761 # check that content on ost is encrypted
2762 objid=$($LFS getstripe $testfile | awk '/obdidx/{getline; print $2}')
2763 do_facet ost1 "$DEBUGFS -c -R 'cat O/0/d$(($objid % 32))/$objid' \
2764 $(ostdevname 1)" > $objdump
2765 cmp -s $objdump $tmpfile &&
2766 error "file $testfile is not encrypted on ost"
2768 # check that in-memory representation of file is correct
2769 cmp -bl ${tmpfile} ${testfile} ||
2770 error "file $testfile is corrupted in memory"
2772 cancel_lru_locks osc ; cancel_lru_locks mdc
2774 # check that file read from server is correct
2775 cmp -bl ${tmpfile} ${testfile} ||
2776 error "file $testfile is corrupted on server"
2778 rm -f $tmpfile $objdump
2780 run_test 37 "simple encrypted file"
2783 local testfile=$DIR/$tdir/$tfile
2784 local tmpfile=$TMP/abc
2790 local pagesz=$(getconf PAGE_SIZE)
2792 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2793 skip "client encryption not supported"
2795 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2796 skip "need dummy encryption support"
2798 stack_trap cleanup_for_enc_tests EXIT
2801 # get block size on ost
2802 blksz=$($LCTL get_param osc.$FSNAME*.import |
2803 awk '/grant_block_size:/ { print $2; exit; }')
2804 # write a few bytes in file at offset $blksz
2805 echo "abc" > $tmpfile
2806 $LFS setstripe -c1 -i0 $testfile
2807 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$blksz \
2808 oflag=seek_bytes conv=fsync
2810 blksz=$(($blksz > $pagesz ? $blksz : $pagesz))
2811 # check that in-memory representation of file is correct
2812 bsize=$(stat --format=%B $testfile)
2813 filesz=$(stat --format=%b $testfile)
2814 filesz=$((filesz*bsize))
2815 [ $filesz -le $blksz ] ||
2816 error "file $testfile is $filesz long in memory"
2818 cancel_lru_locks osc ; cancel_lru_locks mdc
2820 # check that file read from server is correct
2821 bsize=$(stat --format=%B $testfile)
2822 filesz=$(stat --format=%b $testfile)
2823 filesz=$((filesz*bsize))
2824 [ $filesz -le $blksz ] ||
2825 error "file $testfile is $filesz long on server"
2829 run_test 38 "encrypted file with hole"
2832 local testfile=$DIR/$tdir/$tfile
2833 local tmpfile=$TMP/abc
2835 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2836 skip "client encryption not supported"
2838 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2839 skip "need dummy encryption support"
2841 stack_trap cleanup_for_enc_tests EXIT
2844 # write a few bytes in file
2845 echo "abc" > $tmpfile
2846 $LFS setstripe -c1 -i0 $testfile
2847 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2849 # write a few more bytes in the same page
2850 dd if=$tmpfile of=$testfile bs=4 count=1 seek=1024 oflag=seek_bytes \
2853 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=1024 oflag=seek_bytes \
2856 # check that in-memory representation of file is correct
2857 cmp -bl $tmpfile $testfile ||
2858 error "file $testfile is corrupted in memory"
2860 cancel_lru_locks osc ; cancel_lru_locks mdc
2862 # check that file read from server is correct
2863 cmp -bl $tmpfile $testfile ||
2864 error "file $testfile is corrupted on server"
2868 run_test 39 "rewrite data in already encrypted page"
2871 local testfile=$DIR/$tdir/$tfile
2872 local tmpfile=$TMP/abc
2873 local tmpfile2=$TMP/abc2
2876 $LCTL get_param mdc.*.import | grep -q client_encryption ||
2877 skip "client encryption not supported"
2879 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
2880 skip "need dummy encryption support"
2882 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
2884 stack_trap cleanup_for_enc_tests EXIT
2887 # write a few bytes in file
2888 echo "abc" > $tmpfile
2889 $LFS setstripe -c1 -i0 $testfile
2890 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync
2892 # check that in-memory representation of file is correct
2893 cmp -bl $tmpfile $testfile ||
2894 error "file $testfile is corrupted in memory (1)"
2896 cancel_lru_locks osc ; cancel_lru_locks mdc
2898 # check that file read from server is correct
2899 cmp -bl $tmpfile $testfile ||
2900 error "file $testfile is corrupted on server (1)"
2902 # write a few other bytes in same page
2903 dd if=$tmpfile of=$testfile bs=4 count=1 seek=256 oflag=seek_bytes \
2906 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=256 oflag=seek_bytes \
2909 # check that in-memory representation of file is correct
2910 cmp -bl $tmpfile $testfile ||
2911 error "file $testfile is corrupted in memory (2)"
2913 cancel_lru_locks osc ; cancel_lru_locks mdc
2915 # check that file read from server is correct
2916 cmp -bl $tmpfile $testfile ||
2917 error "file $testfile is corrupted on server (2)"
2919 rm -f $testfile $tmpfile
2920 cancel_lru_locks osc ; cancel_lru_locks mdc
2922 # write a few bytes in file, at end of first page
2923 echo "abc" > $tmpfile
2924 $LFS setstripe -c1 -i0 $testfile
2925 seek=$(getconf PAGESIZE)
2927 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
2930 # write a few other bytes at beginning of first page
2931 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
2933 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
2936 # check that in-memory representation of file is correct
2937 cmp -bl $tmpfile $testfile ||
2938 error "file $testfile is corrupted in memory (3)"
2940 cancel_lru_locks osc ; cancel_lru_locks mdc
2942 # check that file read from server is correct
2943 cmp -bl $tmpfile $testfile ||
2944 error "file $testfile is corrupted on server (3)"
2946 rm -f $testfile $tmpfile
2947 cancel_lru_locks osc ; cancel_lru_locks mdc
2949 # write a few bytes in file, at beginning of second page
2950 echo "abc" > $tmpfile
2951 $LFS setstripe -c1 -i0 $testfile
2952 seek=$(getconf PAGESIZE)
2953 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
2955 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
2958 # write a few other bytes at end of first page
2960 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
2962 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
2965 # check that in-memory representation of file is correct
2966 cmp -bl $tmpfile2 $testfile ||
2967 error "file $testfile is corrupted in memory (4)"
2969 cancel_lru_locks osc ; cancel_lru_locks mdc
2971 # check that file read from server is correct
2972 cmp -bl $tmpfile2 $testfile ||
2973 error "file $testfile is corrupted on server (4)"
2975 rm -f $testfile $tmpfile $tmpfile2
2976 cancel_lru_locks osc ; cancel_lru_locks mdc
2978 # write a few bytes in file, at beginning of first stripe
2979 echo "abc" > $tmpfile
2980 $LFS setstripe -S 256k -c2 $testfile
2981 dd if=$tmpfile of=$testfile bs=4 count=1 conv=fsync,notrunc
2983 # write a few other bytes, at beginning of second stripe
2984 dd if=$tmpfile of=$testfile bs=4 count=1 seek=262144 oflag=seek_bytes \
2986 dd if=$tmpfile of=$tmpfile bs=4 count=1 seek=262144 oflag=seek_bytes \
2989 # check that in-memory representation of file is correct
2990 cmp -bl $tmpfile $testfile ||
2991 error "file $testfile is corrupted in memory (5)"
2993 cancel_lru_locks osc ; cancel_lru_locks mdc
2995 # check that file read from server is correct
2996 cmp -bl $tmpfile $testfile ||
2997 error "file $testfile is corrupted on server (5)"
3001 run_test 40 "exercise size of encrypted file"
3004 local testfile=$DIR/$tdir/$tfile
3005 local tmpfile=$TMP/abc
3006 local tmpfile2=$TMP/abc2
3009 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3010 skip "client encryption not supported"
3012 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3013 skip "need dummy encryption support"
3015 stack_trap cleanup_for_enc_tests EXIT
3018 echo "abc" > $tmpfile
3019 seek=$(getconf PAGESIZE)
3020 seek=$((seek - 204))
3021 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3023 seek=$(getconf PAGESIZE)
3024 seek=$((seek + 1092))
3025 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3028 # write a few bytes in file
3029 $LFS setstripe -c1 -i0 -S 256k $testfile
3030 seek=$(getconf PAGESIZE)
3031 seek=$((seek - 204))
3032 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3033 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3034 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3038 # write a few other bytes, at a different offset
3039 seek=$(getconf PAGESIZE)
3040 seek=$((seek + 1092))
3041 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3042 conv=fsync,notrunc &
3044 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3046 # check that in-memory representation of file is correct
3047 cmp -bl $tmpfile2 $testfile ||
3048 error "file $testfile is corrupted in memory (1)"
3050 cancel_lru_locks osc ; cancel_lru_locks mdc
3052 # check that file read from server is correct
3053 cmp -bl $tmpfile2 $testfile ||
3054 error "file $testfile is corrupted on server (1)"
3056 rm -f $tmpfile $tmpfile2
3058 run_test 41 "test race on encrypted file size (1)"
3061 local testfile=$DIR/$tdir/$tfile
3062 local testfile2=$DIR2/$tdir/$tfile
3063 local tmpfile=$TMP/abc
3064 local tmpfile2=$TMP/abc2
3065 local pagesz=$(getconf PAGESIZE)
3068 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3069 skip "client encryption not supported"
3071 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3072 skip "need dummy encryption support"
3074 stack_trap cleanup_for_enc_tests EXIT
3077 if is_mounted $MOUNT2; then
3078 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3080 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3081 error "mount2 with '-o test_dummy_encryption' failed"
3083 # create file by writting one whole page
3084 $LFS setstripe -c1 -i0 -S 256k $testfile
3085 dd if=/dev/zero of=$testfile bs=$pagesz count=1 conv=fsync
3087 # read file from 2nd mount point
3088 cat $testfile2 > /dev/null
3090 echo "abc" > $tmpfile
3091 dd if=/dev/zero of=$tmpfile2 bs=$pagesz count=1 conv=fsync
3092 seek=$((2*pagesz - 204))
3093 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3095 seek=$((2*pagesz + 1092))
3096 dd if=$tmpfile of=$tmpfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3099 # write a few bytes in file from 1st mount point
3100 seek=$((2*pagesz - 204))
3101 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3102 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3103 dd if=$tmpfile of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3104 conv=fsync,notrunc &
3107 # write a few other bytes, at a different offset from 2nd mount point
3108 seek=$((2*pagesz + 1092))
3109 dd if=$tmpfile of=$testfile2 bs=4 count=1 seek=$seek oflag=seek_bytes \
3110 conv=fsync,notrunc &
3112 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3114 # check that in-memory representation of file is correct
3115 cmp -bl $tmpfile2 $testfile ||
3116 error "file $testfile is corrupted in memory (1)"
3118 # check that in-memory representation of file is correct
3119 cmp -bl $tmpfile2 $testfile2 ||
3120 error "file $testfile is corrupted in memory (2)"
3122 cancel_lru_locks osc ; cancel_lru_locks mdc
3124 # check that file read from server is correct
3125 cmp -bl $tmpfile2 $testfile ||
3126 error "file $testfile is corrupted on server (1)"
3128 rm -f $tmpfile $tmpfile2
3130 run_test 42 "test race on encrypted file size (2)"
3133 local testfile=$DIR/$tdir/$tfile
3134 local testfile2=$DIR2/$tdir/$tfile
3135 local tmpfile=$TMP/abc
3136 local tmpfile2=$TMP/abc2
3137 local resfile=$TMP/res
3138 local pagesz=$(getconf PAGESIZE)
3141 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3142 skip "client encryption not supported"
3144 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3145 skip "need dummy encryption support"
3147 stack_trap cleanup_for_enc_tests EXIT
3150 if is_mounted $MOUNT2; then
3151 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
3153 mount_client $MOUNT2 ${MOUNT_OPTS},test_dummy_encryption ||
3154 error "mount2 with '-o test_dummy_encryption' failed"
3157 tr '\0' '1' < /dev/zero |
3158 dd of=$tmpfile bs=1 count=$pagesz conv=fsync
3159 $LFS setstripe -c1 -i0 -S 256k $testfile
3160 cp $tmpfile $testfile
3162 # read file from 2nd mount point
3163 cat $testfile2 > /dev/null
3165 # write a few bytes in file from 1st mount point
3166 echo "abc" > $tmpfile2
3167 seek=$((2*pagesz - 204))
3168 #define OBD_FAIL_OST_WR_ATTR_DELAY 0x250
3169 do_facet ost1 "$LCTL set_param fail_loc=0x250 fail_val=15"
3170 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3171 conv=fsync,notrunc &
3174 # read file from 2nd mount point
3175 dd if=$testfile2 of=$resfile bs=$pagesz count=1 conv=fsync,notrunc
3176 cmp -bl $tmpfile $resfile ||
3177 error "file $testfile is corrupted in memory (1)"
3180 do_facet ost1 "$LCTL set_param fail_loc=0x0"
3182 # check that in-memory representation of file is correct
3183 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3185 cmp -bl $tmpfile $testfile2 ||
3186 error "file $testfile is corrupted in memory (2)"
3188 cancel_lru_locks osc ; cancel_lru_locks mdc
3190 # check that file read from server is correct
3191 cmp -bl $tmpfile $testfile ||
3192 error "file $testfile is corrupted on server (1)"
3194 rm -f $tmpfile $tmpfile2
3196 run_test 43 "test race on encrypted file size (3)"
3199 local testfile=$DIR/$tdir/$tfile
3200 local tmpfile=$TMP/abc
3201 local resfile=$TMP/resfile
3202 local pagesz=$(getconf PAGESIZE)
3205 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3206 skip "client encryption not supported"
3208 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3209 skip "need dummy encryption support"
3211 which vmtouch || skip "This test needs vmtouch utility"
3213 # Direct I/O is now supported on encrypted files.
3215 stack_trap cleanup_for_enc_tests EXIT
3218 $LFS setstripe -c1 -i0 $testfile
3219 dd if=/dev/urandom of=$tmpfile bs=$pagesz count=2 conv=fsync
3220 dd if=$tmpfile of=$testfile bs=$pagesz count=2 oflag=direct ||
3221 error "could not write to file with O_DIRECT (1)"
3223 respage=$(vmtouch $testfile | awk '/Resident\ Pages:/ {print $3}')
3224 [ "$respage" == "0/2" ] ||
3225 error "write to enc file fell back to buffered IO"
3229 dd if=$testfile of=$resfile bs=$pagesz count=2 iflag=direct ||
3230 error "could not read from file with O_DIRECT (1)"
3232 respage=$(vmtouch $testfile | awk '/Resident\ Pages:/ {print $3}')
3233 [ "$respage" == "0/2" ] ||
3234 error "read from enc file fell back to buffered IO"
3236 cmp -bl $tmpfile $resfile ||
3237 error "file $testfile is corrupted (1)"
3241 $TRUNCATE $tmpfile $pagesz
3242 dd if=$tmpfile of=$testfile bs=$pagesz count=1 seek=13 oflag=direct ||
3243 error "could not write to file with O_DIRECT (2)"
3247 dd if=$testfile of=$resfile bs=$pagesz count=1 skip=13 iflag=direct ||
3248 error "could not read from file with O_DIRECT (2)"
3249 cmp -bl $tmpfile $resfile ||
3250 error "file $testfile is corrupted (2)"
3252 rm -f $testfile $resfile
3253 $LFS setstripe -c1 -i0 $testfile
3255 $TRUNCATE $tmpfile $((pagesz/2 - 5))
3256 cp $tmpfile $testfile
3260 dd if=$testfile of=$resfile bs=$pagesz count=1 iflag=direct ||
3261 error "could not read from file with O_DIRECT (3)"
3262 cmp -bl $tmpfile $resfile ||
3263 error "file $testfile is corrupted (3)"
3265 rm -f $tmpfile $resfile
3267 run_test 44 "encrypted file access semantics: direct IO"
3270 local testfile=$DIR/$tdir/$tfile
3271 local tmpfile=$TMP/junk
3273 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3274 skip "client encryption not supported"
3276 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3277 skip "need dummy encryption support"
3279 stack_trap cleanup_for_enc_tests EXIT
3282 $LFS setstripe -c1 -i0 $testfile
3283 dd if=/dev/zero of=$testfile bs=512K count=1
3284 $MULTIOP $testfile OSMRUc || error "$MULTIOP $testfile failed (1)"
3285 $MULTIOP $testfile OSMWUc || error "$MULTIOP $testfile failed (2)"
3287 dd if=/dev/zero of=$tmpfile bs=512K count=1
3288 $MULTIOP $tmpfile OSMWUc || error "$MULTIOP $tmpfile failed"
3289 $MMAP_CAT $tmpfile > ${tmpfile}2
3293 $MULTIOP $testfile OSMRUc
3294 $MMAP_CAT $testfile > ${testfile}2
3295 cmp -bl ${tmpfile}2 ${testfile}2 ||
3296 error "file $testfile is corrupted"
3298 rm -f $tmpfile ${tmpfile}2
3300 run_test 45 "encrypted file access semantics: MMAP"
3303 local testdir=$DIR/$tdir/mydir
3304 local testfile=$testdir/myfile
3305 local lsfile=$TMP/lsfile
3309 local testfile2=$DIR/$tdir/${tfile}.2
3310 local tmpfile=$DIR/junk
3312 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3313 skip "client encryption not supported"
3315 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3316 skip "need dummy encryption support"
3318 stack_trap cleanup_for_enc_tests EXIT
3322 touch $DIR/$tdir/$tfile
3324 echo test > $testfile
3325 sync ; echo 3 > /proc/sys/vm/drop_caches
3327 # remove fscrypt key from keyring
3328 keyctl revoke $(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
3331 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3332 ls -1 $scrambleddir > $lsfile || error "ls $testdir failed"
3334 scrambledfile=$scrambleddir/$(head -n 1 $lsfile)
3335 stat $scrambledfile || error "stat $scrambledfile failed"
3338 cat $scrambledfile && error "cat $scrambledfile should have failed"
3340 touch $scrambleddir/otherfile &&
3341 error "touch otherfile should have failed"
3342 ls $scrambleddir/otherfile && error "otherfile should not exist"
3343 mkdir $scrambleddir/otherdir &&
3344 error "mkdir otherdir should have failed"
3345 ls -d $scrambleddir/otherdir && error "otherdir should not exist"
3347 rm -f $scrambledfile || error "rm $scrambledfile failed"
3348 rmdir $scrambleddir || error "rmdir $scrambleddir failed"
3352 run_test 46 "encrypted file access semantics without key"
3355 local testfile=$DIR/$tdir/$tfile
3356 local testfile2=$DIR/$tdir/${tfile}.2
3357 local tmpfile=$DIR/junk
3361 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3362 skip "client encryption not supported"
3364 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3365 skip "need dummy encryption support"
3367 stack_trap cleanup_for_enc_tests EXIT
3370 dd if=/dev/zero of=$tmpfile bs=512K count=1
3371 mrename $tmpfile $testfile &&
3372 error "rename from unencrypted to encrypted dir should fail"
3374 ln $tmpfile $testfile &&
3375 error "link from unencrypted to encrypted dir should fail"
3377 cp $tmpfile $testfile ||
3378 error "cp from unencrypted to encrypted dir should succeed"
3381 mrename $testfile $testfile2 ||
3382 error "rename from within encrypted dir should succeed"
3384 ln $testfile2 $testfile ||
3385 error "link from within encrypted dir should succeed"
3388 ln $testfile2 $tmpfile ||
3389 error "link from encrypted to unencrypted dir should succeed"
3392 mrename $testfile2 $tmpfile ||
3393 error "rename from encrypted to unencrypted dir should succeed"
3395 dd if=/dev/zero of=$testfile bs=512K count=1
3396 mkdir $DIR/$tdir/mydir
3397 sync ; echo 3 > /proc/sys/vm/drop_caches
3399 # remove fscrypt key from keyring
3400 keyctl revoke $(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
3403 scrambleddir=$(find $DIR/$tdir/ -maxdepth 1 -mindepth 1 -type d)
3404 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3405 ln $scrambledfile $scrambleddir/linkfile &&
3406 error "ln linkfile should have failed"
3407 mrename $scrambledfile $DIR/onefile2 &&
3408 error "mrename from $scrambledfile should have failed"
3410 mrename $DIR/onefile $scrambleddir/otherfile &&
3411 error "mrename to $scrambleddir should have failed"
3413 rm -f $tmpfile $DIR/onefile
3415 run_test 47 "encrypted file access semantics: rename/link"
3418 local save="$TMP/$TESTSUITE-$TESTNAME.parameters"
3419 local testfile=$DIR/$tdir/$tfile
3420 local tmpfile=$TMP/111
3421 local tmpfile2=$TMP/abc
3422 local pagesz=$(getconf PAGESIZE)
3427 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3428 skip "client encryption not supported"
3430 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3431 skip "need dummy encryption support"
3433 stack_trap cleanup_for_enc_tests EXIT
3436 # create file, 4 x PAGE_SIZE long
3437 tr '\0' '1' < /dev/zero |
3438 dd of=$tmpfile bs=1 count=4x$pagesz conv=fsync
3439 $LFS setstripe -c1 -i0 $testfile
3440 cp $tmpfile $testfile
3441 echo "abc" > $tmpfile2
3443 # decrease size: truncate to PAGE_SIZE
3444 $TRUNCATE $tmpfile $pagesz
3445 $TRUNCATE $testfile $pagesz
3446 cancel_lru_locks osc ; cancel_lru_locks mdc
3447 cmp -bl $tmpfile $testfile ||
3448 error "file $testfile is corrupted (1)"
3450 # increase size: truncate to 2 x PAGE_SIZE
3452 $TRUNCATE $tmpfile $sz
3453 $TRUNCATE $testfile $sz
3454 cancel_lru_locks osc ; cancel_lru_locks mdc
3455 cmp -bl $tmpfile $testfile ||
3456 error "file $testfile is corrupted (2)"
3459 seek=$((pagesz+100))
3460 dd if=$tmpfile2 of=$tmpfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3462 dd if=$tmpfile2 of=$testfile bs=4 count=1 seek=$seek oflag=seek_bytes \
3464 cancel_lru_locks osc ; cancel_lru_locks mdc
3465 cmp -bl $tmpfile $testfile ||
3466 error "file $testfile is corrupted (3)"
3468 # truncate to PAGE_SIZE / 2
3470 $TRUNCATE $tmpfile $sz
3471 $TRUNCATE $testfile $sz
3472 cancel_lru_locks osc ; cancel_lru_locks mdc
3473 cmp -bl $tmpfile $testfile ||
3474 error "file $testfile is corrupted (4)"
3476 # lockless truncate should be turned into regular truncate for enc file
3477 save_lustre_params client "osc.*.lockless_truncate" > $save
3478 # restore lockless_truncate default values on exit
3479 stack_trap "restore_lustre_params < $save; rm -f $save" EXIT
3480 cancel_lru_locks osc ; cancel_lru_locks mdc
3481 lctl set_param -n osc.*.lockless_truncate 1
3482 cancel_lru_locks osc
3483 clear_stats osc.*.osc_stats
3484 $TRUNCATE $testfile 8000000 || error "truncate failed (1)"
3485 [ $(calc_stats osc.*.osc_stats lockless_truncate) -eq 0 ] ||
3486 error "lockless truncate should be turned into regular truncate"
3487 lctl set_param -n osc.*.lockless_truncate 0
3489 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3491 $TRUNCATE $tmpfile $sz
3492 $TRUNCATE $testfile $sz
3493 cancel_lru_locks osc ; cancel_lru_locks mdc
3494 cmp -bl $tmpfile $testfile ||
3495 error "file $testfile is corrupted (5)"
3497 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3499 $TRUNCATE $tmpfile $sz
3500 $TRUNCATE $testfile $sz
3501 cancel_lru_locks osc ; cancel_lru_locks mdc
3502 cmp -bl $tmpfile $testfile ||
3503 error "file $testfile is corrupted (6)"
3505 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3506 sz=$((sz+pagesz+30))
3507 $TRUNCATE $tmpfile $sz
3508 $TRUNCATE $testfile $sz
3509 cancel_lru_locks osc ; cancel_lru_locks mdc
3510 cmp -bl $tmpfile $testfile ||
3511 error "file $testfile is corrupted (7)"
3513 sync ; echo 3 > /proc/sys/vm/drop_caches
3515 # remove fscrypt key from keyring
3516 keyctl revoke $(keyctl show | awk '$7 ~ "^fscrypt:" {print $1}')
3519 scrambledfile=$(find $DIR/$tdir/ -maxdepth 1 -type f)
3520 $TRUNCATE $scrambledfile 0 &&
3521 error "truncate $scrambledfile should have failed without key"
3523 rm -f $tmpfile $tmpfile2
3525 run_test 48a "encrypted file access semantics: truncate"
3527 cleanup_for_enc_tests_othercli() {
3530 # remount othercli normally
3531 zconf_umount $othercli $MOUNT ||
3532 error "umount $othercli $MOUNT failed"
3533 zconf_mount $othercli $MOUNT ||
3534 error "remount $othercli $MOUNT failed"
3540 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3541 skip "client encryption not supported"
3543 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3544 skip "need dummy encryption support"
3546 [ "$num_clients" -ge 2 ] || skip "Need at least 2 clients"
3548 if [ "$HOSTNAME" == ${clients_arr[0]} ]; then
3549 othercli=${clients_arr[1]}
3551 othercli=${clients_arr[0]}
3554 stack_trap cleanup_for_enc_tests EXIT
3555 stack_trap "cleanup_for_enc_tests_othercli $othercli" EXIT
3557 zconf_umount $othercli $MOUNT ||
3558 error "umount $othercli $MOUNT failed"
3560 cp /bin/sleep $DIR/$tdir/
3561 cancel_lru_locks osc ; cancel_lru_locks mdc
3562 $DIR/$tdir/sleep 30 &
3563 # mount and IOs must be done in the same shell session, otherwise
3564 # encryption key in session keyring is missing
3565 do_node $othercli "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3566 $MGSNID:/$FSNAME $MOUNT && \
3567 $TRUNCATE $DIR/$tdir/sleep 7"
3568 wait || error "wait error"
3569 cmp --silent /bin/sleep $DIR/$tdir/sleep ||
3570 error "/bin/sleep and $DIR/$tdir/sleep differ"
3572 run_test 48b "encrypted file: concurrent truncate"
3576 local xattr_name="security.c"
3579 $LCTL set_param debug=+info
3584 [ $? -eq 0 ] || error "$cmd failed"
3586 $LCTL dk | grep -E "get xattr '${xattr_name}'|get xattrs"
3587 [ $? -ne 0 ] || error "get xattr event was triggered"
3591 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3592 skip "client encryption not supported"
3594 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3595 skip "need dummy encryption support"
3597 stack_trap cleanup_for_enc_tests EXIT
3600 local dirname=$DIR/$tdir/subdir
3604 trace_cmd stat $dirname
3605 trace_cmd touch $dirname/f1
3606 trace_cmd stat $dirname/f1
3607 trace_cmd cat $dirname/f1
3608 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3609 trace_cmd $TRUNCATE $dirname/f1 10240
3610 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3611 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3613 if [[ $MDSCOUNT -gt 1 ]]; then
3614 trace_cmd $LFS setdirstripe -i 1 $dirname/d2
3615 trace_cmd $LFS migrate -m 0 $dirname/d2
3616 touch $dirname/d2/subf
3617 # migrate a non-empty encrypted dir
3618 trace_cmd $LFS migrate -m 1 $dirname/d2
3620 $LFS setdirstripe -i 1 -c 1 $dirname/d3
3621 dirname=$dirname/d3/subdir
3624 trace_cmd stat $dirname
3625 trace_cmd touch $dirname/f1
3626 trace_cmd stat $dirname/f1
3627 trace_cmd cat $dirname/f1
3628 dd if=/dev/zero of=$dirname/f1 bs=1M count=10 conv=fsync
3629 trace_cmd $TRUNCATE $dirname/f1 10240
3630 trace_cmd $LFS setstripe -E -1 -S 4M $dirname/f2
3631 trace_cmd $LFS migrate -E -1 -S 256K $dirname/f2
3633 skip_noexit "2nd part needs >= 2 MDTs"
3636 run_test 49 "Avoid getxattr for encryption context"
3639 local testfile=$DIR/$tdir/$tfile
3640 local tmpfile=$TMP/abc
3641 local pagesz=$(getconf PAGESIZE)
3644 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3645 skip "client encryption not supported"
3647 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3648 skip "need dummy encryption support"
3650 stack_trap cleanup_for_enc_tests EXIT
3653 # write small file, data on MDT only
3654 tr '\0' '1' < /dev/zero |
3655 dd of=$tmpfile bs=1 count=5000 conv=fsync
3656 $LFS setstripe -E 1M -L mdt -E EOF $testfile
3657 cp $tmpfile $testfile
3659 # check that in-memory representation of file is correct
3660 cmp -bl $tmpfile $testfile ||
3661 error "file $testfile is corrupted in memory"
3663 cancel_lru_locks osc ; cancel_lru_locks mdc
3665 # check that file read from server is correct
3666 cmp -bl $tmpfile $testfile ||
3667 error "file $testfile is corrupted on server"
3669 # decrease size: truncate to PAGE_SIZE
3670 $TRUNCATE $tmpfile $pagesz
3671 $TRUNCATE $testfile $pagesz
3672 cancel_lru_locks osc ; cancel_lru_locks mdc
3673 cmp -bl $tmpfile $testfile ||
3674 error "file $testfile is corrupted (1)"
3676 # increase size: truncate to 2 x PAGE_SIZE
3678 $TRUNCATE $tmpfile $sz
3679 $TRUNCATE $testfile $sz
3680 cancel_lru_locks osc ; cancel_lru_locks mdc
3681 cmp -bl $tmpfile $testfile ||
3682 error "file $testfile is corrupted (2)"
3684 # truncate to PAGE_SIZE / 2
3686 $TRUNCATE $tmpfile $sz
3687 $TRUNCATE $testfile $sz
3688 cancel_lru_locks osc ; cancel_lru_locks mdc
3689 cmp -bl $tmpfile $testfile ||
3690 error "file $testfile is corrupted (3)"
3692 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16
3694 $TRUNCATE $tmpfile $sz
3695 $TRUNCATE $testfile $sz
3696 cancel_lru_locks osc ; cancel_lru_locks mdc
3697 cmp -bl $tmpfile $testfile ||
3698 error "file $testfile is corrupted (4)"
3700 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16
3702 $TRUNCATE $tmpfile $sz
3703 $TRUNCATE $testfile $sz
3704 cancel_lru_locks osc ; cancel_lru_locks mdc
3705 cmp -bl $tmpfile $testfile ||
3706 error "file $testfile is corrupted (5)"
3708 # truncate to a larger, non-multiple of PAGE_SIZE, in a different page
3709 sz=$((sz+pagesz+30))
3710 $TRUNCATE $tmpfile $sz
3711 $TRUNCATE $testfile $sz
3712 cancel_lru_locks osc ; cancel_lru_locks mdc
3713 cmp -bl $tmpfile $testfile ||
3714 error "file $testfile is corrupted (6)"
3717 cancel_lru_locks osc ; cancel_lru_locks mdc
3719 # write hole in file, data spread on MDT and OST
3720 tr '\0' '2' < /dev/zero |
3721 dd of=$tmpfile bs=1 count=1539 seek=1539074 conv=fsync,notrunc
3722 $LFS setstripe -E 1M -L mdt -E EOF $testfile
3723 cp --sparse=always $tmpfile $testfile
3725 # check that in-memory representation of file is correct
3726 cmp -bl $tmpfile $testfile ||
3727 error "file $testfile is corrupted in memory"
3729 cancel_lru_locks osc ; cancel_lru_locks mdc
3731 # check that file read from server is correct
3732 cmp -bl $tmpfile $testfile ||
3733 error "file $testfile is corrupted on server"
3735 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
3736 # inside OST part of data
3737 sz=$((1024*1024+13))
3738 $TRUNCATE $tmpfile $sz
3739 $TRUNCATE $testfile $sz
3740 cancel_lru_locks osc ; cancel_lru_locks mdc
3741 cmp -bl $tmpfile $testfile ||
3742 error "file $testfile is corrupted (7)"
3744 # truncate to a smaller, non-multiple of PAGE_SIZE, non-multiple of 16,
3745 # inside MDT part of data
3747 $TRUNCATE $tmpfile $sz
3748 $TRUNCATE $testfile $sz
3749 cancel_lru_locks osc ; cancel_lru_locks mdc
3750 cmp -bl $tmpfile $testfile ||
3751 error "file $testfile is corrupted (8)"
3753 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
3754 # inside MDT part of data
3755 sz=$((1024*1024-13))
3756 $TRUNCATE $tmpfile $sz
3757 $TRUNCATE $testfile $sz
3758 cancel_lru_locks osc ; cancel_lru_locks mdc
3759 cmp -bl $tmpfile $testfile ||
3760 error "file $testfile is corrupted (9)"
3762 # truncate to a larger, non-multiple of PAGE_SIZE, non-multiple of 16,
3763 # inside OST part of data
3765 $TRUNCATE $tmpfile $sz
3766 $TRUNCATE $testfile $sz
3767 cancel_lru_locks osc ; cancel_lru_locks mdc
3768 cmp -bl $tmpfile $testfile ||
3769 error "file $testfile is corrupted (10)"
3773 run_test 50 "DoM encrypted file"
3776 [ "$MDS1_VERSION" -gt $(version_code 2.13.53) ] ||
3777 skip "Need MDS version at least 2.13.53"
3779 mkdir $DIR/$tdir || error "mkdir $tdir"
3781 touch $DIR/$tdir/$tfile || error "touch $tfile"
3782 cp $(which chown) $DIR/$tdir || error "cp chown"
3783 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile &&
3784 error "chown $tfile should fail"
3785 setcap 'CAP_CHOWN=ep' $DIR/$tdir/chown || error "setcap CAP_CHOWN"
3786 $RUNAS_CMD -u $ID0 $DIR/$tdir/chown $ID0 $DIR/$tdir/$tfile ||
3787 error "chown $tfile"
3788 rm $DIR/$tdir/$tfile || error "rm $tfile"
3790 touch $DIR/$tdir/$tfile || error "touch $tfile"
3791 cp $(which touch) $DIR/$tdir || error "cp touch"
3792 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile &&
3793 error "touch should fail"
3794 setcap 'CAP_FOWNER=ep' $DIR/$tdir/touch || error "setcap CAP_FOWNER"
3795 $RUNAS_CMD -u $ID0 $DIR/$tdir/touch $DIR/$tdir/$tfile ||
3796 error "touch $tfile"
3797 rm $DIR/$tdir/$tfile || error "rm $tfile"
3800 for cap in "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH"; do
3801 touch $DIR/$tdir/$tfile || error "touch $tfile"
3802 chmod 600 $DIR/$tdir/$tfile || error "chmod $tfile"
3803 cp $(which cat) $DIR/$tdir || error "cp cat"
3804 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile &&
3805 error "cat should fail"
3806 setcap $cap=ep $DIR/$tdir/cat || error "setcap $cap"
3807 $RUNAS_CMD -u $ID0 $DIR/$tdir/cat $DIR/$tdir/$tfile ||
3809 rm $DIR/$tdir/$tfile || error "rm $tfile"
3812 run_test 51 "FS capabilities ==============="
3815 local testfile=$DIR/$tdir/$tfile
3816 local tmpfile=$TMP/$tfile
3817 local mirror1=$TMP/$tfile.mirror1
3818 local mirror2=$TMP/$tfile.mirror2
3820 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3821 skip "client encryption not supported"
3823 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3824 skip "need dummy encryption support"
3826 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
3828 stack_trap cleanup_for_enc_tests EXIT
3831 dd if=/dev/urandom of=$tmpfile bs=5000 count=1 conv=fsync
3833 $LFS mirror create -N -i0 -N -i1 $testfile ||
3834 error "could not create mirror"
3836 dd if=$tmpfile of=$testfile bs=5000 count=1 conv=fsync ||
3837 error "could not write to $testfile"
3839 $LFS mirror resync $testfile ||
3840 error "could not resync mirror"
3842 $LFS mirror verify -v $testfile ||
3843 error "verify mirror failed"
3845 $LFS mirror read -N 1 -o $mirror1 $testfile ||
3846 error "could not read from mirror 1"
3848 cmp -bl $tmpfile $mirror1 ||
3849 error "mirror 1 is corrupted"
3851 $LFS mirror read -N 2 -o $mirror2 $testfile ||
3852 error "could not read from mirror 2"
3854 cmp -bl $tmpfile $mirror2 ||
3855 error "mirror 2 is corrupted"
3857 tr '\0' '2' < /dev/zero |
3858 dd of=$tmpfile bs=1 count=9000 conv=fsync
3860 $LFS mirror write -N 1 -i $tmpfile $testfile ||
3861 error "could not write to mirror 1"
3863 $LFS mirror verify -v $testfile &&
3864 error "mirrors should be different"
3866 rm -f $tmpfile $mirror1 $mirror2
3868 run_test 52 "Mirrored encrypted file"
3871 local testfile=$DIR/$tdir/$tfile
3872 local testfile2=$DIR2/$tdir/$tfile
3873 local tmpfile=$TMP/$tfile.tmp
3874 local resfile=$TMP/$tfile.res
3878 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3879 skip "client encryption not supported"
3881 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3882 skip "need dummy encryption support"
3884 pagesz=$(getconf PAGESIZE)
3885 [[ $pagesz == 65536 ]] || skip "Need 64K PAGE_SIZE client"
3887 do_node $mds1_HOST \
3888 "mount.lustre --help |& grep -q 'test_dummy_encryption:'" ||
3889 skip "need dummy encryption support on MDS client mount"
3891 # this test is probably useless now, but may turn out to be useful when
3892 # Lustre supports servers with PAGE_SIZE != 4KB
3893 pagesz=$(do_node $mds1_HOST getconf PAGESIZE)
3894 [[ $pagesz == 4096 ]] || skip "Need 4K PAGE_SIZE MDS client"
3896 stack_trap cleanup_for_enc_tests EXIT
3897 stack_trap "zconf_umount $mds1_HOST $MOUNT2" EXIT
3900 $LFS setstripe -c1 -i0 $testfile
3902 # write from 1st client
3903 cat /dev/urandom | tr -dc 'a-zA-Z0-9' |
3904 dd of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
3905 dd if=$tmpfile of=$testfile bs=$((pagesz+3)) count=2 conv=fsync ||
3906 error "could not write to $testfile (1)"
3908 # read from 2nd client
3909 # mount and IOs must be done in the same shell session, otherwise
3910 # encryption key in session keyring is missing
3911 do_node $mds1_HOST "mkdir -p $MOUNT2"
3912 do_node $mds1_HOST \
3913 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3914 $MGSNID:/$FSNAME $MOUNT2 && \
3915 dd if=$testfile2 of=$resfile bs=$((pagesz+3)) count=2" ||
3916 error "could not read from $testfile2 (1)"
3919 filemd5=$(do_node $mds1_HOST md5sum $resfile | awk '{print $1}')
3920 [ $filemd5 = $(md5sum $tmpfile | awk '{print $1}') ] ||
3921 error "file is corrupted (1)"
3922 do_node $mds1_HOST rm -f $resfile
3925 # truncate from 2nd client
3926 $TRUNCATE $tmpfile $((pagesz+3))
3927 zconf_umount $mds1_HOST $MOUNT2 ||
3928 error "umount $mds1_HOST $MOUNT2 failed (1)"
3929 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3930 $MGSNID:/$FSNAME $MOUNT2 && \
3931 $TRUNCATE $testfile2 $((pagesz+3))" ||
3932 error "could not truncate $testfile2 (1)"
3935 cmp -bl $tmpfile $testfile ||
3936 error "file is corrupted (2)"
3937 rm -f $tmpfile $testfile
3939 zconf_umount $mds1_HOST $MOUNT2 ||
3940 error "umount $mds1_HOST $MOUNT2 failed (2)"
3943 do_node $mds1_HOST \
3944 dd if=/dev/urandom of=$tmpfile bs=$((pagesz+3)) count=2 conv=fsync
3945 # write from 2nd client
3946 do_node $mds1_HOST \
3947 "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3948 $MGSNID:/$FSNAME $MOUNT2 && \
3949 dd if=$tmpfile of=$testfile2 bs=$((pagesz+3)) count=2 conv=fsync" ||
3950 error "could not write to $testfile2 (2)"
3952 # read from 1st client
3953 dd if=$testfile of=$resfile bs=$((pagesz+3)) count=2 ||
3954 error "could not read from $testfile (2)"
3957 filemd5=$(do_node $mds1_HOST md5sum -b $tmpfile | awk '{print $1}')
3958 [ $filemd5 = $(md5sum -b $resfile | awk '{print $1}') ] ||
3959 error "file is corrupted (3)"
3963 # truncate from 1st client
3964 do_node $mds1_HOST "$TRUNCATE $tmpfile $((pagesz+3))"
3965 $TRUNCATE $testfile $((pagesz+3)) ||
3966 error "could not truncate $testfile (2)"
3969 zconf_umount $mds1_HOST $MOUNT2 ||
3970 error "umount $mds1_HOST $MOUNT2 failed (3)"
3971 do_node $mds1_HOST "$MOUNT_CMD -o ${MOUNT_OPTS},test_dummy_encryption \
3972 $MGSNID:/$FSNAME $MOUNT2 && \
3973 cmp -bl $tmpfile $testfile2" ||
3974 error "file is corrupted (4)"
3976 do_node $mds1_HOST rm -f $tmpfile
3979 run_test 53 "Mixed PAGE_SIZE clients"
3982 local testdir=$DIR/$tdir/$ID0
3983 local testfile=$testdir/$tfile
3984 local testfile2=$testdir/${tfile}2
3985 local tmpfile=$TMP/${tfile}.tmp
3986 local resfile=$TMP/${tfile}.res
3988 $LCTL get_param mdc.*.import | grep -q client_encryption ||
3989 skip "client encryption not supported"
3991 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
3992 skip "need dummy encryption support"
3994 which fscrypt || skip "This test needs fscrypt userspace tool"
3996 fscrypt setup --force --verbose || error "fscrypt global setup failed"
3997 sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
3999 fscrypt setup --verbose $MOUNT || error "fscrypt setup $MOUNT failed"
4001 chown -R $ID0:$ID0 $testdir
4003 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4004 --source=custom_passphrase --name=protector $testdir" ||
4005 error "fscrypt encrypt failed"
4007 echo -e 'mypass\nmypass' | su - $USER0 -c "fscrypt encrypt --verbose \
4008 --source=custom_passphrase --name=protector2 $testdir" &&
4009 error "second fscrypt encrypt should have failed"
4011 mkdir -p ${testdir}2 || error "mkdir ${testdir}2 failed"
4012 touch ${testdir}2/f || error "mkdir ${testdir}2/f failed"
4015 echo -e 'mypass\nmypass' | fscrypt encrypt --verbose \
4016 --source=custom_passphrase --name=protector3 ${testdir}2 &&
4017 error "fscrypt encrypt on non-empty dir should have failed"
4019 $RUNAS dd if=/dev/urandom of=$testfile bs=127 count=1 conv=fsync ||
4020 error "write to encrypted file $testfile failed"
4021 cp $testfile $tmpfile
4022 $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
4023 error "write to encrypted file $testfile2 failed"
4024 $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
4025 $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
4027 $RUNAS fscrypt lock --verbose $testdir ||
4028 error "fscrypt lock $testdir failed (1)"
4030 $RUNAS ls -R $testdir || error "ls -R $testdir failed"
4031 local filecount=$($RUNAS find $testdir -type f | wc -l)
4032 [ $filecount -eq 3 ] || error "found $filecount files"
4034 $RUNAS hexdump -C $testfile &&
4035 error "reading $testfile should have failed without key"
4037 $RUNAS touch ${testfile}.nokey &&
4038 error "touch ${testfile}.nokey should have failed without key"
4040 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4041 error "fscrypt unlock $testdir failed (1)"
4043 $RUNAS cat $testfile > $resfile ||
4044 error "reading $testfile failed"
4046 cmp -bl $tmpfile $resfile || error "file read differs from file written"
4048 $RUNAS fscrypt lock --verbose $testdir ||
4049 error "fscrypt lock $testdir failed (2)"
4051 $RUNAS hexdump -C $testfile2 &&
4052 error "reading $testfile2 should have failed without key"
4054 echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
4055 error "fscrypt unlock $testdir failed (2)"
4058 $RUNAS fscrypt lock --verbose $testdir ||
4059 error "fscrypt lock $testdir failed (3)"
4061 rm -f $tmpfile $resfile
4063 run_test 54 "Encryption policies with fscrypt"
4067 if is_mounted $MOUNT; then
4068 umount_client $MOUNT || error "umount $MOUNT failed"
4071 do_facet mgs $LCTL nodemap_del c0
4072 do_facet mgs $LCTL nodemap_modify --name default \
4073 --property admin --value 0
4074 do_facet mgs $LCTL nodemap_modify --name default \
4075 --property trusted --value 0
4076 wait_nm_sync default admin_nodemap
4077 wait_nm_sync default trusted_nodemap
4079 do_facet mgs $LCTL nodemap_activate 0
4080 wait_nm_sync active 0
4082 if $SHARED_KEY; then
4083 export SK_UNIQUE_NM=false
4087 mount_client $MOUNT ${MOUNT_OPTS} || error "remount failed"
4088 if [ "$MOUNT_2" ]; then
4089 mount_client $MOUNT2 ${MOUNT_OPTS} || error "remount failed"
4097 mkdir -p $DIR/$tdir/$USER0/testdir_groups
4098 chown root:$ID0 $DIR/$tdir/$USER0
4099 chmod 770 $DIR/$tdir/$USER0
4100 chmod g+s $DIR/$tdir/$USER0
4101 chown $ID0:$ID0 $DIR/$tdir/$USER0/testdir_groups
4102 chmod 770 $DIR/$tdir/$USER0/testdir_groups
4103 chmod g+s $DIR/$tdir/$USER0/testdir_groups
4105 # unmount client completely
4106 umount_client $MOUNT || error "umount $MOUNT failed"
4107 if is_mounted $MOUNT2; then
4108 umount_client $MOUNT2 || error "umount $MOUNT2 failed"
4111 do_nodes $(comma_list $(all_mdts_nodes)) \
4112 $LCTL set_param mdt.*.identity_upcall=NONE
4114 stack_trap cleanup_55 EXIT
4116 do_facet mgs $LCTL nodemap_activate 1
4119 do_facet mgs $LCTL nodemap_del c0 || true
4120 wait_nm_sync c0 id ''
4122 do_facet mgs $LCTL nodemap_modify --name default \
4123 --property admin --value 1
4124 do_facet mgs $LCTL nodemap_modify --name default \
4125 --property trusted --value 1
4126 wait_nm_sync default admin_nodemap
4127 wait_nm_sync default trusted_nodemap
4129 client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
4130 client_nid=$(h2nettype $client_ip)
4131 do_facet mgs $LCTL nodemap_add c0
4132 do_facet mgs $LCTL nodemap_add_range \
4133 --name c0 --range $client_nid
4134 do_facet mgs $LCTL nodemap_modify --name c0 \
4135 --property admin --value 0
4136 do_facet mgs $LCTL nodemap_modify --name c0 \
4137 --property trusted --value 1
4138 wait_nm_sync c0 admin_nodemap
4139 wait_nm_sync c0 trusted_nodemap
4141 if $SHARED_KEY; then
4142 export SK_UNIQUE_NM=true
4143 # set some generic fileset to trigger SSK code
4147 # remount client to take nodemap into account
4148 zconf_mount_clients $HOSTNAME $MOUNT $MOUNT_OPTS ||
4149 error "remount failed"
4152 euid_access $USER0 $DIR/$tdir/$USER0/testdir_groups/file
4154 run_test 55 "access with seteuid"
4157 local testfile=$DIR/$tdir/$tfile
4159 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4161 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4162 skip "client encryption not supported"
4164 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4165 skip "need dummy encryption support"
4167 [[ $OSTCOUNT -lt 2 ]] && skip_env "needs >= 2 OSTs"
4169 stack_trap cleanup_for_enc_tests EXIT
4172 $LFS setstripe -c1 $testfile
4173 dd if=/dev/urandom of=$testfile bs=1M count=3 conv=fsync
4174 filefrag -v $testfile || error "filefrag $testfile failed"
4175 (( $(filefrag -v $testfile | grep -c encrypted) >= 1 )) ||
4176 error "filefrag $testfile does not show encrypted flag"
4177 (( $(filefrag -v $testfile | grep -c encoded) >= 1 )) ||
4178 error "filefrag $testfile does not show encoded flag"
4180 run_test 56 "FIEMAP on encrypted file"
4183 local testdir=$DIR/$tdir/mytestdir
4184 local testfile=$DIR/$tdir/$tfile
4186 [[ $(facet_fstype ost1) == zfs ]] && skip "skip ZFS backend"
4188 $LCTL get_param mdc.*.import | grep -q client_encryption ||
4189 skip "client encryption not supported"
4191 mount.lustre --help |& grep -q "test_dummy_encryption:" ||
4192 skip "need dummy encryption support"
4196 setfattr -n security.c -v myval $testdir &&
4197 error "setting xattr on $testdir should have failed (1)"
4199 setfattr -n security.c -v myval $testfile &&
4200 error "setting xattr on $testfile should have failed (1)"
4204 stack_trap cleanup_for_enc_tests EXIT
4208 setfattr -n security.c -v myval $testdir &&
4209 error "setting xattr on $testdir should have failed (2)"
4211 setfattr -n security.c -v myval $testfile &&
4212 error "setting xattr on $testfile should have failed (2)"
4215 run_test 57 "security.c xattr protection"
4217 log "cleanup: ======================================================"
4220 for num in $(seq $MDSCOUNT); do
4221 if [ "${identity_old[$num]}" = 1 ]; then
4222 switch_identity $num false || identity_old[$num]=$?
4226 $RUNAS_CMD -u $ID0 ls $DIR
4227 $RUNAS_CMD -u $ID1 ls $DIR
4232 check_and_cleanup_lustre