glusterfs

basic_mount-nfs-auth.t
345 строк · 9.7 Кб
Перенос по словам
1
#!/bin/bash
2

3
. $(dirname $0)/../include.rc
4
. $(dirname $0)/../nfs.rc
5

6
#G_TESTDEF_TEST_STATUS_CENTOS6=NFS_TEST
7

8
# Our mount timeout must be as long as the time for a regular configuration
9
# change to be acted upon *plus* AUTH_REFRESH_TIMEOUT, not one replacing the
10
# other.  Otherwise this process races vs. the one making the change we're
11
# trying to test, which leads to spurious failures.
12
MY_MOUNT_TIMEOUT=$((CONFIG_UPDATE_TIMEOUT+AUTH_REFRESH_INTERVAL))
13

14
cleanup;
15
## Check whether glusterd is running
16
TEST glusterd
17
TEST pidof glusterd
18
TEST $CLI volume info
19

20
# Ensure port mapper is up and running. Silently continue if it fails.
21
sudo systemctl start rpcbind || true
22

23
H0IP=$(ip addr show |grep -w inet |grep -v 127.0.0.1|awk '{ print $2 }'| cut -d "/" -f 1)
24
H0IP6=$(host $HOSTNAME | grep IPv6 | awk '{print $NF}')
25

26
# Export variables for allow & deny
27
EXPORT_ALLOW="/$V0 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
28
EXPORT_ALLOW_SLASH="/$V0/ $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
29
EXPORT_DENY="/$V0 1.2.3.4(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
30

31
# Netgroup variables for allow & deny
32
NETGROUP_ALLOW="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 ($H0,,)"
33
NETGROUP_DENY="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 (1.2.3.4,,)"
34

35
V0L1="$V0/L1"
36
V0L2="$V0L1/L2"
37
V0L3="$V0L2/L3"
38

39
# Other variations for allow & deny
40
EXPORT_ALLOW_RO="/$V0 $H0(sec=sys,ro,anonuid=0) @ngtop(sec=sys,ro,anonuid=0)"
41
EXPORT_ALLOW_L1="/$V0L1 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
42
EXPORT_WILDCARD="/$V0 *(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
43

44
function build_dirs () {
45
        mkdir -p $B0/b{0,1,2}/L1/L2/L3
46
}
47

48
function export_allow_this_host_ipv6 () {
49
        printf "$EXPORT_ALLOW6\n" > "$GLUSTERD_WORKDIR"/nfs/exports
50
}
51

52
function export_allow_this_host () {
53
        printf "$EXPORT_ALLOW\n" > ${NFSDIR}/exports
54
}
55

56
function export_allow_this_host_with_slash () {
57
        printf "$EXPORT_ALLOW_SLASH\n" > ${NFSDIR}/exports
58
}
59

60
function export_deny_this_host () {
61
        printf "$EXPORT_DENY\n" > ${NFSDIR}/exports
62
}
63

64
function export_allow_this_host_l1 () {
65
        printf "$EXPORT_ALLOW_L1\n" >> ${NFSDIR}/exports
66
}
67

68
function export_allow_wildcard () {
69
        printf "$EXPORT_WILDCARD\n" > ${NFSDIR}/exports
70
}
71

72
function export_allow_this_host_ro () {
73
        printf "$EXPORT_ALLOW_RO\n" > ${NFSDIR}/exports
74
}
75

76
function netgroup_allow_this_host () {
77
        printf "$NETGROUP_ALLOW\n" > ${NFSDIR}/netgroups
78
}
79

80
function netgroup_deny_this_host () {
81
        printf "$NETGROUP_DENY\n" > ${NFSDIR}/netgroups
82
}
83

84
function create_vol () {
85
        $CLI vol create $V0 $H0:$B0/b0
86
}
87

88
function setup_cluster() {
89
        build_dirs                      # Build directories
90
        export_allow_this_host          # Allow this host in the exports file
91
        netgroup_allow_this_host        # Allow this host in the netgroups file
92

93
        glusterd
94
        create_vol                      # Create the volume
95
}
96

97
function check_mount_success {
98
        mount_nfs $H0:/$1 $N0 nolock
99
        if [ $? -eq 0 ]; then
100
                echo "Y"
101
        else
102
                echo "N"
103
        fi
104
}
105

106
function check_mount_failure {
107
        mount_nfs $H0:/$1 $N0 nolock
108
        if [ $? -ne 0 ]; then
109
                echo "Y"
110
        else
111
                local timeout=$UMOUNT_TIMEOUT
112
                while ! umount_nfs $N0 && [$timeout -ne 0] ; do
113
                        timeout=$(( $timeout - 1 ))
114
                        sleep 1
115
                done
116
        fi
117
}
118

119
function small_write () {
120
        dd if=/dev/zero of=$N0/test-small-write count=1 bs=1k 2>&1
121
        if [ $? -ne 0 ]; then
122
                echo "N"
123
        else
124
                echo "Y"
125
        fi
126
}
127

128
function bg_write () {
129
        dd if=/dev/zero of=$N0/test-bg-write count=1 bs=1k &
130
        BG_WRITE_PID=$!
131
}
132

133
function big_write() {
134
        dd if=/dev/zero of=$N0/test-big-write count=500 bs=1024k
135
}
136

137
function create () {
138
        touch $N0/create-test
139
}
140

141
function stat_nfs () {
142
        ls $N0/
143
}
144

145
# Restarts the NFS server
146
function restart_nfs () {
147
        local NFS_PID=$(cat $GLUSTERD_PIDFILEDIR/nfs/nfs.pid)
148

149
        # kill the NFS-server if it is running
150
        while ps -q ${NFS_PID} 2>&1 > /dev/null; do
151
                kill ${NFS_PID}
152
                sleep 0.5
153
        done
154

155
        # start-force starts the NFS-server again
156
        $CLI vol start patchy force
157
}
158

159
setup_cluster
160

161
# run preliminary tests
162
TEST $CLI vol set $V0 nfs.disable off
163
TEST $CLI vol start $V0
164

165
# Get NFS state directory
166
NFSDIR=$( $CLI volume get patchy nfs.mount-rmtab | \
167
          awk '/^nfs.mount-rmtab/{print $2}' | \
168
          xargs dirname )
169

170
## Wait for volume to register with rpc.mountd
171
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
172

173
## NFS server starts with auth disabled
174
## Do some tests to verify that.
175

176
EXPECT "Y" check_mount_success $V0
177
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
178

179
## Disallow host
180
TEST export_deny_this_host
181
TEST netgroup_deny_this_host
182

183
## Technically deauthorized this host, but since auth is disabled we should be
184
## able to do mounts, writes, etc.
185
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
186
EXPECT "Y" small_write
187
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
188

189
## Reauthorize this host
190
export_allow_this_host
191
netgroup_allow_this_host
192

193
## Restart NFS with auth enabled
194
$CLI vol stop $V0
195
TEST $CLI vol set $V0 nfs.exports-auth-enable on
196
$CLI vol start $V0
197
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
198

199
## Mount NFS
200
EXPECT "Y" check_mount_success $V0
201
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
202

203
## Mount NFS using the IPv6 export
204
export_allow_this_host_ipv6
205
EXPECT "Y" check_mount_success $V0
206

207
## Disallow host
208
TEST export_deny_this_host
209
TEST netgroup_deny_this_host
210

211
## Writes should not be allowed, host is not authorized
212
EXPECT_WITHIN $AUTH_REFRESH_INTERVAL "N" small_write
213

214
## Unmount so we can test mount
215
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
216

217
## Subsequent ounts should not be allowed, host is not authorized
218
EXPECT "Y" check_mount_failure $V0
219

220
## Reauthorize host
221
TEST export_allow_this_host
222
TEST netgroup_allow_this_host
223

224
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
225
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
226

227
## Allow host in netgroups but not in exports, host should be allowed
228
TEST export_deny_this_host
229
TEST netgroup_allow_this_host
230

231
# wait for the mount authentication to rebuild
232
sleep $[$AUTH_REFRESH_INTERVAL + 1]
233

234
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
235
EXPECT "Y" small_write
236
TEST big_write
237
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
238

239
## Allow host in exports but not in netgroups, host should be allowed
240
TEST export_allow_this_host
241
TEST netgroup_deny_this_host
242

243
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
244
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
245

246
## Finally, reauth the host in export and netgroup, test mount & write
247
TEST export_allow_this_host_l1
248
TEST netgroup_allow_this_host
249

250
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0L1
251
EXPECT "Y" small_write
252

253
## Failover test: Restarting NFS and then doing a write should pass
254
bg_write
255
TEST restart_nfs
256
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
257

258
TEST wait $BG_WRITE_PID
259
EXPECT "Y" small_write
260
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
261

262
## Test deep mounts
263
EXPECT "Y" check_mount_success $V0L1
264
EXPECT "Y" small_write
265
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
266

267
TEST export_allow_this_host_ro
268
TEST netgroup_deny_this_host
269

270
## Restart the nfs server to avoid spurious failure(BZ1256352)
271
restart_nfs
272
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
273

274
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
275
EXPECT "N" small_write # Writes should not be allowed
276
TEST ! create      # Create should not be allowed
277
TEST stat_nfs      # Stat should be allowed
278
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
279

280
TEST export_deny_this_host
281
TEST netgroup_deny_this_host
282
TEST export_allow_this_host_l1 # Allow this host at L1
283

284
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_failure $V0 #V0 shouldnt be allowed
285
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0L1 #V0L1 should be
286
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
287

288
## Test wildcard hosts
289
TEST export_allow_wildcard
290

291
# the $MY_MOUNT_TIMEOUT might not be long enough? restart should do
292
restart_nfs
293
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
294

295
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
296
EXPECT_WITHIN $AUTH_REFRESH_INTERVAL "Y" small_write
297
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
298

299
## Test if path is parsed correctly
300
## by mounting host:vol/ instead of host:vol
301
EXPECT "Y" check_mount_success $V0/
302
EXPECT "Y" small_write
303
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
304

305
TEST export_allow_this_host_with_slash
306

307
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0
308
EXPECT "Y" small_write
309
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
310

311
EXPECT "Y" check_mount_success $V0/
312
EXPECT "Y" small_write
313
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
314

315

316
## Turn off exports authentication
317
$CLI vol stop $V0
318
TEST $CLI vol set $V0 nfs.exports-auth-enable off
319
$CLI vol start $V0
320
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
321

322
TEST export_deny_this_host # Deny the host
323
TEST netgroup_deny_this_host
324

325
EXPECT_WITHIN $MY_MOUNT_TIMEOUT "Y" check_mount_success $V0 # Do a mount & test
326
EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
327

328
## Turn back on the exports authentication
329
$CLI vol stop $V0
330
TEST $CLI vol set $V0 nfs.exports-auth-enable on
331
$CLI vol start $V0
332
EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
333

334
## Do a simple test to set the refresh time to 20 seconds
335
TEST $CLI vol set $V0 nfs.auth-refresh-interval-sec 20
336

337
## Do a simple test to see if the volume option exists
338
TEST $CLI vol set $V0 nfs.auth-cache-ttl-sec 400
339

340
## Finish up
341
TEST $CLI volume stop $V0
342
TEST $CLI volume delete $V0;
343
TEST ! $CLI volume info $V0;
344

345
cleanup
346
glusterfs

Использование cookies
