glusterfs.git/tests/features, branch v3.7.0alpha0 Tests: portability fixes for ipc.t 2015-03-31T06:45:10+00:00 Emmanuel Dreyfus manu@netbsd.org 2015-03-19T11:05:16+00:00 ffb2e85ff574891639d899cc59fcd9f75d4ce51e This fixes portability problems in ipc.t so that it can run on NetBSD: 1) EOPNOTSUPP value is OS-dependent. Learn it from system headers instead of hard-coding it in the script 2) liglusterfs embbeds its own UUID implementation. The function name may be the same as in built(in implementation from libc, but with different prototype. In that case, we must make sure python will use libglusterfs's version, otherwise we will crash in libc's UUID code. Since dlopen() does not make any guarantee on what symbol will be used, me need to preload libglusterfs when loading python. This is done using LD_PRELOAD. 3) In python code we need to load with RTLD_GLOBAL global in order to have dependencies loaded 4) Python's ctypes.util.find_library does not lookup LD_LIBRARy_PATH and may therefore miss the library. On failure, retry with less portable but more reliable explicit name BUG: 1129939 Change-Id: I024cdfd03a5a42a8ec23de38a99e7349aba92ea8 Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/9944 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
This fixes portability problems in ipc.t so that it can run on NetBSD:

1) EOPNOTSUPP value is OS-dependent. Learn it from system headers
   instead of hard-coding it in the script

2) liglusterfs embbeds its own UUID implementation. The function name
   may be the same as in built(in implementation from libc, but with
   different prototype. In that case, we must make sure python will
   use libglusterfs's version, otherwise we will crash in libc's UUID
   code. Since dlopen() does not make any guarantee on what symbol
   will be used, me need to preload libglusterfs when loading python.
   This is done using LD_PRELOAD.

3) In python code we need to load with RTLD_GLOBAL global in order
   to have dependencies loaded

4) Python's ctypes.util.find_library does not lookup LD_LIBRARy_PATH
   and may therefore miss the library. On failure, retry with less
   portable but more reliable explicit name

BUG: 1129939
Change-Id: I024cdfd03a5a42a8ec23de38a99e7349aba92ea8
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/9944
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Tests: portability fixes 2015-03-30T12:32:56+00:00 Emmanuel Dreyfus manu@netbsd.org 2015-03-30T03:43:12+00:00 aff367a601351ff7bfbfc572d6ae0d4ffafae0f0 Fix various portability problems in mount-nfs-auth.t, quota-ancestry-building.t and trash.t: - dd bs=1M is not portable, use dd bs=1024k instead - dd bs=1MB is not portable iether, use dd bs=1000000 instead - After restarting NFS service, wait for it to become available - After killing a process, wait for it to terminate - BSD awk does not accept a=b="", use a=""; b="" instead - NetBSD displays the original program name in paenthesis at the end of ps output. Strip it using sed 's/ *([^()]*)$//' is we want just the command - Do no use umount $N0, which leads to many troubles solved by EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0 - The -p option for mkdir must be before the directory name - du -b is not portable. Use ls -l instead. BUG: 1129939 Change-Id: I3d44a10a37d47ebb6a263c206566487e3ffb85d8 Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/10033 Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> Reviewed-by: Anoop C S <achiraya@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
Fix various portability problems in mount-nfs-auth.t,
quota-ancestry-building.t and trash.t:

- dd bs=1M is not portable, use dd bs=1024k instead
- dd bs=1MB is not portable iether, use dd bs=1000000 instead
- After restarting NFS service, wait for it to become available
- After killing a process, wait for it to terminate
- BSD awk does not accept a=b="", use a=""; b="" instead
- NetBSD displays the original program name in paenthesis at the end
  of ps output. Strip it using sed 's/ *([^()]*)$//' is we want just
  the command
- Do no use umount $N0, which leads to many troubles solved by
  EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0
- The -p option for mkdir must be before the directory name
- du -b is not portable. Use ls -l instead.

BUG: 1129939
Change-Id: I3d44a10a37d47ebb6a263c206566487e3ffb85d8
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/10033
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-by: Anoop C S <achiraya@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
tests: fix rebalance_completed 2015-03-26T18:44:52+00:00 Jeff Darcy jdarcy@redhat.com 2015-03-25T13:21:06+00:00 02c045790136fc6e979a82d4d7fa8d1d298478fb This was causing spurious faiures in bug-884455.t and possibly elsewhere. Change-Id: Iad6b7515ca0c7c485300f79dcd2477efc76877f8 BUG: 1163543 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/9994 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com> 
This was causing spurious faiures in bug-884455.t and possibly
elsewhere.

Change-Id: Iad6b7515ca0c7c485300f79dcd2477efc76877f8
BUG: 1163543
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9994
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
every/where: add GF_FOP_IPC for inter-translator communication 2015-03-17T14:02:15+00:00 Jeff Darcy jdarcy@redhat.com 2015-03-11T00:14:47+00:00 0d2bed70faed3c63f25ed9269dc55562973ef9b7 Several features - e.g. encryption, erasure codes, or NSR - involve multiple cooperating translators which sometimes need a "private" means of communication amongst themselves. Historically we've used virtual or synthetic xattrs, but that's not very elegant and clutters up the getxattr/setxattr path which must also handle real xattr requests. This new fop should address that. The only argument is an int32_t "op" which should be recognized by the target translator. It is recommended that translators using these feature follow some convention regarding the ops that they define, to avoid conflicts. Using a hash of the target translator's type string as a base for a series of ops would probably be a good start. Any other information can be passed in both directions using xdata. The default behavior for this fop, as with any other, is to pass through to FIRST_CHILD. That makes use of this fop "transparent" to other translators that were written before it existed, but it also means that it only really works with pass-through translators. If a routing translator (such as DHT) or a fan-out translator (such as AFR) is involved, the IPC might not reach its intended destination unless those translators are modified to forward IPC fops along all paths. If an IPC gets all the way to storage/posix it is considered an error, much like an uncaught exception. We don't actually *do* anything in that case, but we do log it send back an EOPNOTSUPP error. This makes the "unrecognized opcode" condition distinguishable from the "no IPC support" condition (which would yield an RPC error instead) so clients can probe for the presence of a handler for their own favorite opcode and either use that or use old-school xattrs depending on the result. BUG: 1158628 Signed-off-by: Venky Shankar <vshankar@redhat.com> Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Change-Id: I84af1b17babe5b30ec03ecf027ae37d09b873968 Reviewed-on: http://review.gluster.org/8812 Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Several features - e.g. encryption, erasure codes, or NSR - involve
multiple cooperating translators which sometimes need a "private" means
of communication amongst themselves.  Historically we've used virtual or
synthetic xattrs, but that's not very elegant and clutters up the
getxattr/setxattr path which must also handle real xattr requests.  This
new fop should address that.

The only argument is an int32_t "op" which should be recognized by the
target translator.  It is recommended that translators using these
feature follow some convention regarding the ops that they define, to
avoid conflicts.  Using a hash of the target translator's type string as
a base for a series of ops would probably be a good start.  Any other
information can be passed in both directions using xdata.

The default behavior for this fop, as with any other, is to pass through
to FIRST_CHILD.  That makes use of this fop "transparent" to other
translators that were written before it existed, but it also means that
it only really works with pass-through translators.  If a routing
translator (such as DHT) or a fan-out translator (such as AFR) is
involved, the IPC might not reach its intended destination unless those
translators are modified to forward IPC fops along all paths.

If an IPC gets all the way to storage/posix it is considered an error,
much like an uncaught exception.  We don't actually *do* anything in
that case, but we do log it send back an EOPNOTSUPP error.  This makes
the "unrecognized opcode" condition distinguishable from the "no IPC
support" condition (which would yield an RPC error instead) so clients
can probe for the presence of a handler for their own favorite opcode
and either use that or use old-school xattrs depending on the result.

BUG: 1158628
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Change-Id: I84af1b17babe5b30ec03ecf027ae37d09b873968
Reviewed-on: http://review.gluster.org/8812
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Features/trash : Combined patches for trash translator 2015-03-16T10:36:37+00:00 Anoop C S achiraya@redhat.com 2015-02-27T09:44:08+00:00 0ef870741a2f49d47a02725aed13a95335a6e42f This is the combined patch set for supporting trash feature. http://www.gluster.org/community/documentation/index.php/Features/Trash Current patch includes the following features: * volume set options for enabling trash globally and exclusively for internal operations like self-heal and re-balance * volume set options for setting the eliminate path, trash directory path and maximum trashable file size. * test script for checking the functionality of the feature * brief documentation on different aspects of trash feature. Change-Id: Ic7486982dcd6e295d1eba0f4d5ee6d33bf1b4cb3 BUG: 1132465 Signed-off-by: Anoop C S <achiraya@redhat.com> Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Reviewed-on: http://review.gluster.org/8312 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
This is the combined patch set for supporting trash feature.
http://www.gluster.org/community/documentation/index.php/Features/Trash

Current patch includes the following features:
* volume set options for enabling trash globally and
  exclusively for internal operations like self-heal
  and re-balance
* volume set options for setting the eliminate
  path, trash directory path and maximum trashable
  file size.
* test script for checking the functionality of the
  feature
* brief documentation on different aspects of trash
  feature.

Change-Id: Ic7486982dcd6e295d1eba0f4d5ee6d33bf1b4cb3
BUG: 1132465
Signed-off-by: Anoop C S <achiraya@redhat.com>
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Reviewed-on: http://review.gluster.org/8312
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
tests/features/ssl-authz.t: Fix spurious failures 2015-01-27T14:16:48+00:00 Emmanuel Dreyfus manu@netbsd.org 2015-01-23T10:24:07+00:00 e131fccf926bc2f19fb8c9f2980f60d5fec67994 Fix two spurious failures in tests/features/ssl-authz.t 1) Wait for bricks to come online after starting a volume, so that the mount is usable without "socket not connected" error 2) For a mount that must fail, we may get the situation where there is no mount at all, which means creating a file will write to the mount point instead of failing. To cover that case, write the file and check it is absent from the brick. BUG: 1129939 Change-Id: If95e1d65ab23d11123f778c20f8110a3177b0e7f Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/9483 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> 
Fix two spurious failures in tests/features/ssl-authz.t
1) Wait for bricks to come online after starting a volume, so that
   the mount is usable without "socket not connected" error
2) For a mount that must fail, we may get the situation where there
   is no mount at all, which means creating a file will write to the
   mount point instead of failing. To cover that case, write the
   file and check it is absent from the brick.

BUG: 1129939
Change-Id: If95e1d65ab23d11123f778c20f8110a3177b0e7f
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/9483
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
transport: fix default behavior for SSL authorization 2015-01-09T18:04:11+00:00 Jeff Darcy jdarcy@redhat.com 2015-01-06T15:03:49+00:00 548547b2e41c8e2cf79b929405cf18aecbdedebc Previously, enabling SSL authentication/encryption but not authorization required explicitly setting ssl-allow=*. Now that same behavior is the default (i.e. when ssl-allow is not set). Also, there's no reason that a name used for *login* auth (typically a UUID for internal purposes or a human name when using SSL) should validate as an RFC-compliant host name or IP address. Therefore the validation only occurs when the auth type is "addr" (not "login" or anything else). Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d BUG: 1179208 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/9397 Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Previously, enabling SSL authentication/encryption but not authorization
required explicitly setting ssl-allow=*.  Now that same behavior is the
default (i.e. when ssl-allow is not set).

Also, there's no reason that a name used for *login* auth (typically a
UUID for internal purposes or a human name when using SSL) should
validate as an RFC-compliant host name or IP address.  Therefore the
validation only occurs when the auth type is "addr" (not "login" or
anything else).

Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d
BUG: 1179208
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9397
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
glupy: portability fixes 2014-11-06T06:28:09+00:00 Emmanuel Dreyfus manu@netbsd.org 2014-10-29T19:35:10+00:00 1a735e300a0ecd35d41f68f3c776350bb18f763a Fixes portability problems so that NetBSD passes tests/features/glupy.t - Use python-config to detect python build environment on all systems, not just Linux and Darwin. - Get the site-package directory from python and make sure we install glupy.py there, Previously we installed within glusterfs prefix, which caused a problem if it was different that python's prefix. - Set PYTHONPATH for tests so that the detected site-packages is used in python's search path. This should be useless, but let us have it just in case. - Pass glupy.so path from glusterfsd to glupy.py through an environment variable and use it in CDLL instead of "", as the later seems not portable (at least it fails on NetBSD). - Use gil_init_key pthread_getspecific to avoid deadlocks (that code was #ifdef out, perhaps because it was not needed on Linux, but it seems to be required for NetBSD. - Recover the error message from Python and send it to the logs to help debugging problems. BUG: 1129939 Change-Id: Icc71e77d6940f0759cc14c5c5cf7ca6fa431e0d2 Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/8978 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> 
Fixes portability problems so that NetBSD passes tests/features/glupy.t

- Use python-config to detect python build environment on all systems,
  not just Linux and Darwin.
- Get the site-package directory from python and make sure we install
  glupy.py there, Previously we installed within glusterfs prefix,
  which caused a problem if it was different that python's prefix.
- Set PYTHONPATH for tests so that the detected site-packages is used
  in python's search path. This should be useless, but let us have it
  just in case.
- Pass glupy.so path from glusterfsd to glupy.py through an
  environment variable and use it in CDLL instead of "", as the
  later seems not portable (at least it fails on NetBSD).
- Use gil_init_key pthread_getspecific to avoid deadlocks (that
  code was #ifdef out, perhaps because it was not needed on Linux,
  but it seems to be required for NetBSD.
- Recover the error message from Python and send it to the logs
  to help debugging problems.

BUG: 1129939
Change-Id: Icc71e77d6940f0759cc14c5c5cf7ca6fa431e0d2
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8978
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Regression test portability: loopback devices 2014-10-30T08:34:11+00:00 Emmanuel Dreyfus manu@netbsd.org 2014-10-09T07:08:57+00:00 d2da726fe76e61f4c499421d8d2bd588ca41b770 Introduce functions to deal with loopback devices setup, mount and umount. Remove test for xfsprogs for non Linux systems, as loopback devices can be populated with other filesystems (e.g.: FFS for NetBSD) While there, remove mount.nfs test for non Linux systems. At least NetBSD has it in base system as mount_nfs. BUG: 1129939 Change-Id: I816b36e1d3e6933f92acf19d9be8eeaaa333356e Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/8914 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Introduce functions to deal with loopback devices setup, mount
and umount.

Remove test for xfsprogs for non Linux systems, as loopback devices
can be populated with other filesystems (e.g.: FFS for NetBSD)

While there, remove mount.nfs test for non Linux systems. At least
NetBSD has it in base system as mount_nfs.

BUG: 1129939
Change-Id: I816b36e1d3e6933f92acf19d9be8eeaaa333356e
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8914
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
socket: disallow CBC cipher modes 2014-10-27T11:40:55+00:00 Jeff Darcy jdarcy@redhat.com 2014-10-21T20:54:48+00:00 378a0a19d95e552220d71b13be685f4772c576cd This is related to CVE-2014-3566 a.k.a. POODLE. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 POODLE is specific to CBC cipher modes in SSLv3. Because there is no way to prevent SSLv3 fallback on a system with an unpatched version of OpenSSL, users of such systems can only be protected by disallowing CBC modes. The default cipher-mode specification in our code has been changed accordingly. Users can still set their own cipher modes if they wish. To support them, the ssl-authz.t test script provides an example of how to combine the CBC exclusion with other criteria in a script. Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5 BUG: 1155328 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8962 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.  Users can still set their own cipher modes if they
wish.  To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.

Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1155328
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8962
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>