diff options
| author | Rajesh Joseph <rjoseph@redhat.com> | 2013-05-31 18:17:21 +0530 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2013-07-09 22:55:12 -0700 |
| commit | 03780d066ae7c78b969e2316dbde85e4ca0fcb85 (patch) | |
| tree | 8e718d39d23e067a87fcb59539a07f7135f2e8cd /tests | |
| parent | 60bdca792b7e572b4d79382dada1c6b93bebdd0e (diff) | |
nfs: AUTH support for exported sub-directories
Problem: NFS allows exporting subdirectories but there is not support for
providing AUTH on per directory basis.
Fix: Modified nfs.export-dir to include AUTH parameters
e.g. nfs.export-dir "/dir1(10.1.1.2),/dir2(10.1.1.0/24|host1)
During mount operation NFS will check if the IP from where the connection is made
is configured in the AUTH parameter, else the mount operation will fail with
EACCES error.
Updated admin-guide and volume set help message.
Change-Id: I5c6d22edb168b4f46376d1cd6878cd065fc081cc
BUG: 968227
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-on: http://review.gluster.org/5124
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/bugs/bug-887145.t | 6 | ||||
| -rwxr-xr-x | tests/bugs/bug-904300.t | 61 | ||||
| -rwxr-xr-x | tests/bugs/bug-921072.t | 47 | ||||
| -rw-r--r-- | tests/nfs.rc | 21 |
4 files changed, 98 insertions, 37 deletions
diff --git a/tests/bugs/bug-887145.t b/tests/bugs/bug-887145.t index 4d642f8c53e..e2013e50bbb 100755 --- a/tests/bugs/bug-887145.t +++ b/tests/bugs/bug-887145.t @@ -1,14 +1,10 @@ #!/bin/bash . $(dirname $0)/../include.rc +. $(dirname $0)/../nfs.rc cleanup; -function is_nfs_export_available { -exp=$(showmount -e | grep $V0 | wc -l) -echo "$exp" -} - TEST glusterd TEST pidof glusterd TEST $CLI volume create $V0 replica 2 $H0:$B0/${V0}{1,2}; diff --git a/tests/bugs/bug-904300.t b/tests/bugs/bug-904300.t new file mode 100755 index 00000000000..4276ee22921 --- /dev/null +++ b/tests/bugs/bug-904300.t @@ -0,0 +1,61 @@ +#!/bin/bash + +. $(dirname $0)/../include.rc +. $(dirname $0)/../nfs.rc + +cleanup; + +# 1-8 +TEST glusterd +TEST pidof glusterd + +TEST $CLI volume create $V0 $H0:$B0/$V0; +TEST $CLI volume start $V0 +EXPECT_WITHIN 20 1 is_nfs_export_available + +TEST mount -t nfs -o vers=3,nolock,soft,intr $H0:/$V0 $N0 +TEST mkdir $N0/dir1 +TEST umount $N0 + +# +# Case 1: Allow "dir1" to be mounted only from 127.0.0.1 +# 9-12 +TEST $CLI volume set $V0 export-dir \""/dir1(127.0.0.1)"\" +EXPECT_WITHIN 20 2 is_nfs_export_available + +TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0/dir1 $N0 +TEST umount $N0 + +# +# Case 2: Allow "dir1" to be mounted only from 8.8.8.8. This is +# a negative test case therefore the mount should fail. +# 13-16 +TEST $CLI volume set $V0 export-dir \""/dir1(8.8.8.8)"\" +EXPECT_WITHIN 20 2 is_nfs_export_available + +TEST ! mount -t nfs -o vers=3,nolock,soft,intr $H0:/$V0/dir1 $N0 +TEST ! umount $N0 + + +# Case 3: Variation of test case1. Here we are checking with hostname +# instead of ip address. +# 17-20 +TEST $CLI volume set $V0 export-dir \""/dir1($H0)"\" +EXPECT_WITHIN 20 2 is_nfs_export_available + +TEST mount -t nfs -o vers=3,nolock,soft,intr $H0:/$V0/dir1 $N0 +TEST umount $N0 + +# Case 4: Variation of test case1. Here we are checking with IP range +# 21-24 +TEST $CLI volume set $V0 export-dir \""/dir1(127.0.0.0/24)"\" +EXPECT_WITHIN 20 2 is_nfs_export_available + +TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0/dir1 $N0 +TEST umount $N0 + +## Finish up +TEST $CLI volume stop $V0; +TEST $CLI volume delete $V0; + +cleanup; diff --git a/tests/bugs/bug-921072.t b/tests/bugs/bug-921072.t index c7fff75f103..e101d5b4686 100755 --- a/tests/bugs/bug-921072.t +++ b/tests/bugs/bug-921072.t @@ -1,60 +1,43 @@ #!/bin/bash . $(dirname $0)/../include.rc +. $(dirname $0)/../nfs.rc cleanup; -# sleeps till the portmap registration of nfs services is done -# NOTE: may take some time for nfs to export all volumes, hence, -# showmount -e succeeding does NOT mean all volumes are available -# for mount. In this case, its a single single-brick volume, -# so no problem. -sleep_till_nfs_awakens () -{ - while true - do - showmount -e 0 > /dev/null 2>&1; - if [ $? -eq 0 ]; then - return; - else - sleep 1; - fi - done -} - #1 TEST glusterd TEST pidof glusterd TEST $CLI volume create $V0 $H0:$B0/$V0 TEST $CLI volume start $V0 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr $H0:/$V0 $N0 TEST umount $N0 # based on ip addresses (1-4) # case 1: allow only localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-allow 127.0.0.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 # case 2: allow only non-localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-allow 192.168.1.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available #11 TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST $CLI volume reset --mode=script $V0 # case 3: reject only localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-reject 127.0.0.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 # case 4: reject only non-localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-reject 192.168.1.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 @@ -65,21 +48,21 @@ TEST umount $N0 # CASES WITH NFS.ADDR-NAMELOOKUP ON (5-12) TEST $CLI volume reset --mode=script $V0 TEST $CLI volume set $V0 nfs.addr-namelookup on -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available #20 TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 # case 5: allow only localhost TEST $CLI volume set $V0 nfs.rpc-auth-allow localhost -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 # case 6: allow only somehost TEST $CLI volume set $V0 nfs.rpc-auth-allow somehost -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 @@ -87,13 +70,13 @@ TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST $CLI volume reset --mode=script $V0 TEST $CLI volume set $V0 nfs.addr-namelookup on TEST $CLI volume set $V0 nfs.rpc-auth-reject localhost -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available #30 TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 # case 8: reject only somehost TEST $CLI volume set $V0 nfs.rpc-auth-reject somehost -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 @@ -103,14 +86,14 @@ TEST umount $N0 TEST $CLI volume reset --mode=script $V0 TEST $CLI volume set $V0 nfs.addr-namelookup on TEST $CLI volume set $V0 nfs.rpc-auth-allow 127.0.0.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 # case 10: allow a non-localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-allow 192.168.1.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available #40 TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 @@ -118,13 +101,13 @@ TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST $CLI volume reset --mode=script $V0 TEST $CLI volume set $V0 nfs.addr-namelookup on TEST $CLI volume set $V0 nfs.rpc-auth-reject 127.0.0.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST ! mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 # case 12: reject only non-localhost ip TEST $CLI volume set $V0 nfs.rpc-auth-reject 192.168.1.1 -sleep_till_nfs_awakens +EXPECT_WITHIN 20 1 is_nfs_export_available TEST mount -t nfs -o vers=3,nolock,soft,intr localhost:/$V0 $N0 TEST umount $N0 diff --git a/tests/nfs.rc b/tests/nfs.rc new file mode 100644 index 00000000000..f3abee84280 --- /dev/null +++ b/tests/nfs.rc @@ -0,0 +1,21 @@ +#!/bin/bash + + +# Due to portmap registration NFS takes some time to +# export all volumes. Therefore tests should start only +# after exports are visible by showmount command. This +# routine will check if showmount shows the exports or not +# +function is_nfs_export_available () +{ + vol=$1 + + if [ "$vol" == "" ]; then + vol=$V0 + fi + + exp=$(showmount -e 2> /dev/null | grep $vol | wc -l) + echo "$exp" +} + + |