test_64a() {
local testfile=$DIR/$tdir/$tfile
+ local srv_uc=""
local rbac
(( MDS1_VERSION >= $(version_code 2.14.0.86) )) ||
skip "Need MDS >= 2.14.0.86 for role-based controls"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
stack_trap cleanup_64 EXIT
mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
setup_64
byfid_ops \
chlg_ops \
fscrypt_admin \
- server_upcall \
+ $srv_uc \
;
do
[[ "$rbac" =~ "$role" ]] ||
error "role '$role' not in default '$rbac'"
done
+ rbac="file_perms"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 \
- --property rbac --value server_upcall,file_perms
+ --property rbac --value $rbac
wait_nm_sync c0 rbac
touch $testfile
stack_trap "set +vx"
$LFS project -p 1000 $testfile || error "setting project failed"
set +vx
rm -f $testfile
+ rbac="none"
+ if [ -z "$srv_uc" ]; then
+ rbac="none"
+ else
+ rbac="$srv_uc"
+ fi
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall
+ --value $rbac
wait_nm_sync c0 rbac
touch $testfile
set -vx
test_64b() {
local testdir=$DIR/$tdir/${tfile}.d
local dir_restripe
+ local srv_uc=""
+ local rbac
(( MDS1_VERSION >= $(version_code 2.14.0.86) )) ||
skip "Need MDS >= 2.14.0.86 for role-based controls"
(( MDSCOUNT >= 2 )) || skip "mdt count $MDSCOUNT, skipping dne_ops role"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
stack_trap cleanup_64 EXIT
mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
setup_64
error "enabling dir_restripe failed"
stack_trap "do_nodes $(comma_list $(all_mdts_nodes)) \
$LCTL set_param mdt.*.enable_dir_restripe=$dir_restripe" EXIT
+ rbac="dne_ops"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall,dne_ops
+ --value $rbac
wait_nm_sync c0 rbac
$LFS mkdir -i 0 ${testdir}_for_migr ||
error "$LFS mkdir ${testdir}_for_migr failed (1)"
$LFS mkdir -i 1 ${testdir}_mdt1 ||
error "$LFS mkdir ${testdir}_mdt1 failed (2)"
+ rbac="none"
+ if [ -z "$srv_uc" ]; then
+ rbac="none"
+ else
+ rbac="$srv_uc"
+ fi
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall
+ --value $rbac
wait_nm_sync c0 rbac
set -vx
$LFS mkdir -i 1 $testdir && error "$LFS mkdir should fail (1)"
run_test 64b "Nodemap enforces dne_ops RBAC roles"
test_64c() {
+ local srv_uc=""
+ local rbac
+
(( MDS1_VERSION >= $(version_code 2.14.0.86) )) ||
skip "Need MDS >= 2.14.0.86 for role-based controls"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
stack_trap cleanup_64 EXIT
mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
setup_64
+ rbac="quota_ops"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 \
- --property rbac --value server_upcall,quota_ops
+ --property rbac --value $rbac
wait_nm_sync c0 rbac
set -vx
$LFS setquota -u $USER0 -b 307200 -B 309200 -i 10000 -I 11000 $MOUNT ||
$LFS setquota -p 1000 --delete $MOUNT
set +vx
+ rbac="none"
+ if [ -z "$srv_uc" ]; then
+ rbac="none"
+ else
+ rbac="$srv_uc"
+ fi
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall
+ --value $rbac
wait_nm_sync c0 rbac
set -vx
test_64d() {
local testfile=$DIR/$tdir/$tfile
+ local srv_uc=""
+ local rbac
local fid
(( MDS1_VERSION >= $(version_code 2.14.0.86) )) ||
skip "Need MDS >= 2.14.0.86 for role-based controls"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
stack_trap cleanup_64 EXIT
mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
setup_64
+ rbac="byfid_ops"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 \
- --property rbac --value server_upcall,byfid_ops
+ --property rbac --value $rbac
wait_nm_sync c0 rbac
touch $testfile
lfs rmfid $MOUNT $fid || error "lfs rmfid failed"
set +vx
+ rbac="none"
+ if [ -z "$srv_uc" ]; then
+ rbac="none"
+ else
+ rbac="$srv_uc"
+ fi
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall
+ --value $rbac
wait_nm_sync c0 rbac
touch $testfile
test_64e() {
local testfile=$DIR/$tdir/$tfile
local testdir=$DIR/$tdir/${tfile}.d
+ local rbac
+ local fid
(( MDS1_VERSION >= $(version_code 2.14.0.86) )) ||
skip "Need MDS >= 2.14.0.86 for role-based controls"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
stack_trap cleanup_64 EXIT
mkdir -p $DIR/$tdir || error "mkdir $DIR/$tdir failed"
setup_64
mkdir $testdir || error "failed to mkdir $testdir"
touch $testfile || error "failed to touch $testfile"
+ rbac="chlg_ops"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 \
- --property rbac --value server_upcall,chlg_ops
+ --property rbac --value $rbac
wait_nm_sync c0 rbac
# access changelogs
rm -rf $testdir $testfile || error "rm -rf $testdir $testfile failed"
+ rbac="none"
+ if [ -z "$srv_uc" ]; then
+ rbac="none"
+ else
+ rbac="$srv_uc"
+ fi
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall
+ --value $rbac
wait_nm_sync c0 rbac
# do some IOs
local cli_enc
local policy
local protector
+ local rbac
+ local fid
(( MDS1_VERSION >= $(version_code 2.15.54) )) ||
skip "Need MDS >= 2.15.54 for role-based controls"
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) &&
+ srv_uc="server_upcall"
+
cli_enc=$($LCTL get_param mdc.*.import | grep client_encryption)
[ -n "$cli_enc" ] || skip "Need enc support, skip fscrypt_admin role"
which fscrypt || skip "Need fscrypt, skip fscrypt_admin role"
stack_trap "rm -rf $MOUNT/.fscrypt"
# file_perms is required because fscrypt uses chmod/chown
+ rbac="fscrypt_admin,file_perms"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall,fscrypt_admin,file_perms
+ --value $rbac
wait_nm_sync c0 rbac
mkdir -p $vaultdir
cancel_lru_locks
# file_perms is required because fscrypt uses chmod/chown
+ rbac="file_perms"
+ [ -z "$srv_uc" ] || rbac="$rbac,$srv_uc"
do_facet mgs $LCTL nodemap_modify --name c0 --property rbac \
- --value server_upcall,file_perms
+ --value $rbac
wait_nm_sync c0 rbac
set -vx
local testfile=$DIR/$tdir/$tfile
local fid
- (( MDS1_VERSION >= $(version_code 2.14.0.138) )) ||
+ (( MDS1_VERSION >= $(version_code 2.14.0.146) )) ||
skip "Need MDS >= 2.14.0.138 for role-based controls"
# Add groups, and client to new group, on client only.
git://git.whamcloud.com / fs / lustre-release.git / commitdiff