From c4b48676f835285cd87a6935b1db3c460ac91e7e Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Thu, 16 Mar 2023 17:59:59 +0100
Subject: [PATCH] LU-16642 tests: improve sanity-sec test_61

Improve sanity-sec test_61 by using a client-specific nodemap rather
than the default nodemap.

Lustre-change: https://review.whamcloud.com/50317
Lustre-commit: a7222127c7a6437e3f3561fc55f3dc4ba69a97e5

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ie0c9e381e42a93d89558947dee9a60537cf01e65
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Sergey Cheremencev <scherementsev@ddn.com>

LU-16683 tests: fix sanity-sec test_61 for SSK

When SHARED_KEY is in use, nodemap specific shared keys must be loaded
explicitly because sanity-sec test_61 defines a nodemap dedicated to
the client.

Lustre-change: https://review.whamcloud.com/50476
Lustre-commit: 05e5cb0b0c07e15f51ce4e8fa26e12c178ab404a

Fixes: a7222127c7 ("LU-16642 tests: improve sanity-sec test_61")
Test-Parameters: trivial
Test-Parameters: testlist=sanity-sec env=ONLY=61
Test-Parameters: testlist=sanity-sec env=SHARED_KEY=true,ONLY=61
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I206205496352b6f36341c8b962bb7de4b71541d5
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/50502
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
---
 lustre/tests/sanity-sec.sh | 89 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 71 insertions(+), 18 deletions(-)

diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index 36be165..bbe1b9f 100755
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -5081,6 +5081,59 @@ test_60() {
 }
 run_test 60 "Subdirmount of encrypted dir"
 
+setup_61() {
+	if $SHARED_KEY; then
+		export SK_UNIQUE_NM=true
+		export FILESET="/"
+	fi
+
+	do_facet mgs $LCTL nodemap_activate 1
+	wait_nm_sync active
+
+	do_facet mgs $LCTL nodemap_del c0 || true
+	wait_nm_sync c0 id ''
+
+	do_facet mgs $LCTL nodemap_modify --name default \
+		--property admin --value 1
+	do_facet mgs $LCTL nodemap_modify --name default \
+		--property trusted --value 1
+	wait_nm_sync default admin_nodemap
+	wait_nm_sync default trusted_nodemap
+
+	client_ip=$(host_nids_address $HOSTNAME $NETTYPE)
+	client_nid=$(h2nettype $client_ip)
+	do_facet mgs $LCTL nodemap_add c0
+	do_facet mgs $LCTL nodemap_add_range \
+		 --name c0 --range $client_nid
+	do_facet mgs $LCTL nodemap_modify --name c0 \
+		 --property admin --value 1
+	do_facet mgs $LCTL nodemap_modify --name c0 \
+		 --property trusted --value 1
+	wait_nm_sync c0 admin_nodemap
+	wait_nm_sync c0 trusted_nodemap
+}
+
+cleanup_61() {
+	do_facet mgs $LCTL nodemap_del c0
+	do_facet mgs $LCTL nodemap_modify --name default \
+		 --property admin --value 0
+	do_facet mgs $LCTL nodemap_modify --name default \
+		 --property trusted --value 0
+	wait_nm_sync default admin_nodemap
+	wait_nm_sync default trusted_nodemap
+
+	do_facet mgs $LCTL nodemap_activate 0
+	wait_nm_sync active 0
+
+	if $SHARED_KEY; then
+		unset FILESET
+		export SK_UNIQUE_NM=false
+	fi
+
+	mount_client $MOUNT ${MOUNT_OPTS} || error "re-mount failed"
+	wait_ssk
+}
+
 test_61() {
 	local testfile=$DIR/$tdir/$tfile
 	local readonly
@@ -5090,25 +5143,25 @@ test_61() {
 	[ -n "$readonly" ] ||
 		skip "Server does not have readonly_mount nodemap flag"
 
-	stack_trap cleanup_nodemap_after_enc_tests EXIT
+	stack_trap cleanup_61 EXIT
+	for idx in $(seq 1 $MDSCOUNT); do
+		wait_recovery_complete mds$idx
+	done
 	umount_client $MOUNT || error "umount $MOUNT failed (1)"
 
 	# Activate nodemap, and mount rw.
-	# Should succeed as rw mount is not forbidden on default nodemap
-	# by default.
-	do_facet mgs $LCTL nodemap_activate 1
-	wait_nm_sync active
-	do_facet mgs $LCTL nodemap_modify --name default \
-		--property admin --value 1
-	do_facet mgs $LCTL nodemap_modify --name default \
-		--property trusted --value 1
-	wait_nm_sync default admin_nodemap
-	wait_nm_sync default trusted_nodemap
+	# Should succeed as rw mount is not forbidden by default.
+	setup_61
 	readonly=$(do_facet mgs \
 			lctl get_param -n nodemap.default.readonly_mount)
-	[ $readonly -eq 0 ] || error "wrong default value for readonly_mount"
+	[ $readonly -eq 0 ] ||
+		error "wrong default value for readonly_mount on default nodemap"
+	readonly=$(do_facet mgs \
+			lctl get_param -n nodemap.c0.readonly_mount)
+	[ $readonly -eq 0 ] ||
+		error "wrong default value for readonly_mount on nodemap c0"
 
-	mount_client $MOUNT ${MOUNT_OPTS},rw ||
+	zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
 		error "mount '-o rw' failed with default"
 	wait_ssk
 	findmnt $MOUNT --output=options -n -f | grep -q "rw," ||
@@ -5118,24 +5171,24 @@ test_61() {
 	umount_client $MOUNT || error "umount $MOUNT failed (2)"
 
 	# Now enforce read-only, and retry.
-	do_facet mgs $LCTL nodemap_modify --name default \
+	do_facet mgs $LCTL nodemap_modify --name c0 \
 		--property readonly_mount --value 1
-	wait_nm_sync default readonly_mount
-	mount_client $MOUNT ${MOUNT_OPTS} ||
+	wait_nm_sync c0 readonly_mount
+	zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS} ||
 		error "mount failed"
 	findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
 		error "mount should have been turned into ro"
 	cat $testfile || error "read $testfile failed (1)"
 	echo b > $testfile && error "write $testfile should fail (1)"
 	umount_client $MOUNT || error "umount $MOUNT failed (3)"
-	mount_client $MOUNT ${MOUNT_OPTS},rw ||
+	zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},rw ||
 		error "mount '-o rw' failed"
 	findmnt $MOUNT --output=options -n -f | grep -q "ro," ||
 		error "mount rw should have been turned into ro"
 	cat $testfile || error "read $testfile failed (2)"
 	echo b > $testfile && error "write $testfile should fail (2)"
 	umount_client $MOUNT || error "umount $MOUNT failed (4)"
-	mount_client $MOUNT ${MOUNT_OPTS},ro ||
+	zconf_mount_clients $HOSTNAME $MOUNT ${MOUNT_OPTS},ro ||
 		error "mount '-o ro' failed"
 	wait_ssk
 	cat $testfile || error "read $testfile failed (3)"
-- 
1.8.3.1