From 1725880dabd2bac8739043c4cb5f9d844557f86e Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Mon, 17 Jun 2019 16:49:48 +0530 Subject: encryption/crypt: remove from volume file The feature is not supported and is moved out of the codebase from glusterfs-5.x release. Doesn't make sense to keep the code to support it. For those who want to upgrade from an version supporting it to higher version, please do a 'gluster volume reset $VOL encryption reset' and then continue with the upgrade process. updates: bz#1648169 Change-Id: I8cf822c0d7195940bd37f6af2432a3cac68d44d1 Signed-off-by: Amar Tumballi --- extras/distributed-testing/distributed-test-env | 1 - ...ile-snapshot-features-encrypt-opts-validation.t | 43 --- tests/encryption/crypt.t | 90 ------ tests/encryption/frag.c | 324 --------------------- xlators/mgmt/glusterd/src/glusterd-volgen.c | 11 - xlators/mgmt/glusterd/src/glusterd-volume-set.c | 23 -- 6 files changed, 492 deletions(-) delete mode 100644 tests/bugs/snapshot/bug-1140162-file-snapshot-features-encrypt-opts-validation.t delete mode 100755 tests/encryption/crypt.t delete mode 100644 tests/encryption/frag.c diff --git a/extras/distributed-testing/distributed-test-env b/extras/distributed-testing/distributed-test-env index 0d57d5237dd..36fdd82e5dd 100644 --- a/extras/distributed-testing/distributed-test-env +++ b/extras/distributed-testing/distributed-test-env @@ -32,7 +32,6 @@ BROKEN_TESTS="\ tests/bugs/gfapi/bug-1093594.t\ tests/bugs/replicate/bug-1473026.t\ tests/bugs/replicate/bug-802417.t\ - tests/encryption/crypt.t\ tests/basic/inode-leak.t\ tests/basic/distribute/force-migration.t\ tests/basic/ec/heal-info.t\ diff --git a/tests/bugs/snapshot/bug-1140162-file-snapshot-features-encrypt-opts-validation.t b/tests/bugs/snapshot/bug-1140162-file-snapshot-features-encrypt-opts-validation.t deleted file mode 100644 index c536c8261e4..00000000000 --- a/tests/bugs/snapshot/bug-1140162-file-snapshot-features-encrypt-opts-validation.t +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -## Test case for BZ-1140160 Volume option set and -## command input should validate correctly. - -. $(dirname $0)/../../include.rc -. $(dirname $0)/../../volume.rc - -cleanup; - -## Start glusterd -TEST glusterd; -TEST pidof glusterd; - -## Lets create and start volume -TEST $CLI volume create $V0 $H0:$B0/${V0}{1,2}; -TEST $CLI volume start $V0 - -## Set features.file-snapshot and features.encryption option with non-boolean -## value. These options should fail. -TEST ! $CLI volume set $V0 features.file-snapshot abcd -TEST ! $CLI volume set $V0 features.encryption redhat - -## Set other options with valid value. These options should succeed. -TEST $CLI volume set $V0 barrier enable -TEST $CLI volume set $V0 ping-timeout 60 - -## Set features.file-snapshot and features.encryption option with valid boolean -## value. These options should succeed. -TEST $CLI volume set $V0 features.file-snapshot on - -## Before setting the crypt xlator on, it is required to create master key -## Otherwise glusterfs client process will fail to start -echo "0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff" > $GLUSTERD_WORKDIR/$V0-master-key - -## Specify location of master key -TEST $CLI volume set $V0 encryption.master-key $GLUSTERD_WORKDIR/$V0-master-key - -TEST $CLI volume set $V0 features.encryption on - -cleanup; -#G_TESTDEF_TEST_STATUS_NETBSD7=BAD_TEST,BUG=000000 -#G_TESTDEF_TEST_STATUS_CENTOS6=BAD_TEST,BUG=000000 diff --git a/tests/encryption/crypt.t b/tests/encryption/crypt.t deleted file mode 100755 index 2f965b0e8b7..00000000000 --- a/tests/encryption/crypt.t +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash - -. $(dirname $0)/../include.rc -. $(dirname $0)/../volume.rc - -cleanup; - -TEST glusterd -TEST pidof glusterd - -## Create a volume with one brick -TEST $CLI volume create $V0 $H0:$B0/${V0}1; -EXPECT "$V0" volinfo_field $V0 'Volume Name'; -EXPECT 'Created' volinfo_field $V0 'Status'; -EXPECT '1' brick_count $V0 - -## Turn off performance translators - -TEST $CLI volume set $V0 performance.quick-read off -EXPECT 'off' volinfo_field $V0 'performance.quick-read' -TEST $CLI volume set $V0 performance.write-behind off -EXPECT 'off' volinfo_field $V0 'performance.write-behind' -TEST $CLI volume set $V0 performance.open-behind off -EXPECT 'off' volinfo_field $V0 'performance.open-behind' - -## Create a file with master key - -echo "0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff" > $GLUSTERD_WORKDIR/$V0-master-key - -## Specify location of master key -TEST $CLI volume set $V0 encryption.master-key $GLUSTERD_WORKDIR/$V0-master-key - -## Turn on crypt xlator by setting features.encryption to on -TEST $CLI volume set $V0 encryption on -EXPECT 'on' volinfo_field $V0 'features.encryption' - -## Start the volume -TEST $CLI volume start $V0; -EXPECT 'Started' volinfo_field $V0 'Status'; - -## Mount the volume -TEST $GFS --volfile-server=$H0 --volfile-id=$V0 $M0; - -## Testing writev, readv, ftruncate: -## Create fragmented files and compare them with the reference files - -build_tester $(dirname $0)/frag.c -TEST $(dirname $0)/frag $M0/testfile /tmp/$V0-goodfile 262144 500 - -## Testing link, unlink, symlink, rename - -TEST ln $M0/testfile $M0/testfile-link -TEST mv $M0/testfile $M0/testfile-renamed -TEST ln -s $M0/testfile-link $M0/testfile-symlink -TEST rm -f $M0/testfile-renamed - -## Remount the volume -EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 -TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; - -TEST diff -u $M0/testfile-symlink /tmp/$V0-goodfile -EXPECT '' - -TEST rm -f $M0/testfile-symlink -TEST rm -f $M0/testfile-link - -## Cleanup files - -TEST rm -f /tmp/$V0-master-key -TEST rm -f /tmp/$V0-goodfile - -EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 - -## Reset crypt options -TEST $CLI volume reset $V0 encryption.block-size -TEST $CLI volume reset $V0 encryption.data-key-size - -## Stop the volume -TEST $CLI volume stop $V0; -EXPECT 'Stopped' volinfo_field $V0 'Status'; - -## Delete the volume -TEST $CLI volume delete $V0; -TEST ! $CLI volume info $V0; - -TEST rm -rf $(dirname $0)/frag -cleanup; - -#G_TESTDEF_TEST_STATUS_CENTOS6=BAD_TEST,BUG=000000 -#G_TESTDEF_TEST_STATUS_NETBSD7=BAD_TEST,BUG=000000 diff --git a/tests/encryption/frag.c b/tests/encryption/frag.c deleted file mode 100644 index 7b4510f6a4d..00000000000 --- a/tests/encryption/frag.c +++ /dev/null @@ -1,324 +0,0 @@ -/* - Copyright (c) 2008-2013 Red Hat, Inc. - This file is part of GlusterFS. - - This file is licensed to you under your choice of the GNU Lesser - General Public License, version 3 or any later version (LGPLv3 or - later), or the GNU General Public License, version 2 (GPLv2), in all - cases as published by the Free Software Foundation. -*/ - -#include -#include -#include -#include -#include -#include -#include -#include - -#define MAX_NUM_OPS (1 << 20) -#define MAX_FILE_SIZE (1 << 30) - -typedef enum { READ_OP, WRITE_OP, TRUNC_OP, LAST_OP } frag_op; - -struct frag_ctx { - int test_fd; - int good_fd; - char *test_buf; - char *good_buf; - char *content; - int max_file_size; -}; - -typedef int (*frag_op_t)(struct frag_ctx *ctx, off_t offset, size_t count); - -static int -doread(int fd, off_t offset, size_t count, char *buf, int max_file_size) -{ - int ret = 0; - int was_read = 0; - - if (lseek(fd, offset, SEEK_SET) == -1) { - perror("lseek failed"); - return -1; - } - while (count) { - ret = read(fd, buf + offset + was_read, count); - if (ret < 0) - return -1; - if (ret == 0) - break; - if (ret > count) { - fprintf(stderr, "READ: read more than asked\n"); - return -1; - } - count -= ret; - was_read += ret; - } - return ret; -} - -static int -dowrite(int fd, off_t offset, size_t count, char *buf) -{ - int ret; - - ret = lseek(fd, offset, SEEK_SET); - if (ret == -1) - return ret; - return write(fd, buf, count); -} - -static int -dotrunc(int fd, off_t offset) -{ - int ret; - - ret = ftruncate(fd, offset); - if (ret == -1) - perror("truncate failed"); - return ret; -} - -static int -prepare_file(char *filename, int *fd, char **buf, int max_file_size) -{ - int ret; - - *buf = malloc(max_file_size); - if (*buf == NULL) { - perror("malloc failed"); - return -1; - } - *fd = open(filename, O_CREAT | O_RDWR, S_IRWXU); - if (*fd == -1) { - perror("open failed"); - free(*buf); - *buf = NULL; - return -1; - } - return 0; -} - -/* - * @offset, @count: random values from [0, max_file_size - 1] - */ -static int -frag_write(struct frag_ctx *ctx, off_t offset, size_t count) -{ - int ret; - struct stat test_stbuf; - struct stat good_stbuf; - - if (offset + count > ctx->max_file_size) - offset = offset / 2; - if (offset + count > ctx->max_file_size) - count = count / 2; - - if (fstat(ctx->test_fd, &test_stbuf)) { - fprintf(stderr, "WRITE: fstat of test file failed\n"); - return -1; - } - if (offset > test_stbuf.st_size) - printf("writing hole\n"); - - ret = dowrite(ctx->test_fd, offset, count, ctx->content); - if (ret < 0 || ret != count) { - fprintf(stderr, "WRITE: failed to write test file\n"); - return -1; - } - ret = dowrite(ctx->good_fd, offset, count, ctx->content); - if (ret < 0 || ret != count) { - fprintf(stderr, "WRITE: failed to write test file\n"); - return -1; - } - if (fstat(ctx->test_fd, &test_stbuf)) { - fprintf(stderr, "WRITE: fstat of test file failed\n"); - return -1; - } - if (fstat(ctx->good_fd, &good_stbuf)) { - fprintf(stderr, "WRITE: fstat of good file failed\n"); - return -1; - } - if (test_stbuf.st_size != good_stbuf.st_size) { - fprintf(stderr, "READ: Bad file size %d (expected %d)\n", - (int)test_stbuf.st_size, (int)good_stbuf.st_size); - return -1; - } - return 0; -} - -/* - * @offset, @count: random values from [0, max_file_size - 1] - */ -static int -frag_read(struct frag_ctx *ctx, off_t offset, size_t count) -{ - ssize_t test_ret; - ssize_t good_ret; - - test_ret = doread(ctx->test_fd, offset, count, ctx->test_buf, - ctx->max_file_size); - if (test_ret < 0) { - fprintf(stderr, "READ: failed to read test file\n"); - return -1; - } - good_ret = doread(ctx->good_fd, offset, count, ctx->good_buf, - ctx->max_file_size); - if (good_ret < 0) { - fprintf(stderr, "READ: failed to read good file\n"); - return -1; - } - if (test_ret != good_ret) { - fprintf(stderr, "READ: Bad return value %d (expected %d\n)", test_ret, - good_ret); - return -1; - } - if (memcmp(ctx->test_buf + offset, ctx->good_buf + offset, good_ret)) { - fprintf(stderr, "READ: bad data\n"); - return -1; - } - return 0; -} - -/* - * @offset: random value from [0, max_file_size - 1] - */ -static int -frag_truncate(struct frag_ctx *ctx, off_t offset, - __attribute__((unused)) size_t count) -{ - int ret; - struct stat test_stbuf; - struct stat good_stbuf; - - if (fstat(ctx->test_fd, &test_stbuf)) { - fprintf(stderr, "TRUNCATE: fstat of test file failed\n"); - return -1; - } - if (offset > test_stbuf.st_size) - printf("expanding truncate to %d\n", offset); - else if (offset < test_stbuf.st_size) - printf("shrinking truncate to %d\n", offset); - else - printf("trivial truncate\n"); - - ret = dotrunc(ctx->test_fd, offset); - if (ret == -1) { - fprintf(stderr, "TRUNCATE: failed for test file\n"); - return -1; - } - ret = dotrunc(ctx->good_fd, offset); - if (ret == -1) { - fprintf(stderr, "TRUNCATE: failed for good file\n"); - return -1; - } - if (fstat(ctx->test_fd, &test_stbuf)) { - fprintf(stderr, "TRUNCATE: fstat of test file failed\n"); - return -1; - } - if (fstat(ctx->good_fd, &good_stbuf)) { - fprintf(stderr, "TRUNCATE: fstat of good file failed\n"); - return -1; - } - if (test_stbuf.st_size != good_stbuf.st_size) { - fprintf(stderr, "TRUNCATE: bad test file size %d (expected %d)\n", - test_stbuf.st_size, good_stbuf.st_size); - return -1; - } - return 0; -} - -frag_op_t frag_ops[LAST_OP] = {[READ_OP] = frag_read, - [WRITE_OP] = frag_write, - [TRUNC_OP] = frag_truncate}; - -static void -put_ctx(struct frag_ctx *ctx) -{ - if (ctx->test_buf) - free(ctx->test_buf); - if (ctx->good_buf) - free(ctx->good_buf); - if (ctx->content) - free(ctx->content); -} - -main(int argc, char *argv[]) -{ - int i; - int ret = 0; - struct frag_ctx ctx; - char *test_filename = NULL; - char *good_filename = NULL; - int num_ops; - int max_file_size; - - memset(&ctx, 0, sizeof(ctx)); - if (argc != 5) { - fprintf(stderr, - "usage: %s " - "\n", - argv[0]); - ret = -1; - goto exit; - } - test_filename = argv[1]; - good_filename = argv[2]; - max_file_size = atoi(argv[3]); - if (max_file_size > MAX_FILE_SIZE) - max_file_size = MAX_FILE_SIZE; - num_ops = atoi(argv[4]); - if (num_ops > MAX_NUM_OPS) - num_ops = MAX_NUM_OPS; - - ret = prepare_file(test_filename, &ctx.test_fd, &ctx.test_buf, - max_file_size); - if (ret) - goto exit; - ret = prepare_file(good_filename, &ctx.good_fd, &ctx.good_buf, - max_file_size); - if (ret) { - if (close(ctx.test_fd) == -1) - perror("close test_buf failed"); - goto exit; - } - ctx.content = malloc(max_file_size); - if (!ctx.content) { - perror("malloc failed"); - goto close; - } - ctx.max_file_size = max_file_size; - for (i = 0; i < max_file_size; i++) - ctx.content[i] = random() % 256; - - for (i = 0; i < num_ops; i++) { - ret = frag_ops[random() % LAST_OP]( - &ctx, random() % max_file_size, /* offset */ - random() % max_file_size /* count */); - if (ret) - break; - } -close: - if (close(ctx.test_fd) == -1) - perror("close test_fd failed"); - if (close(ctx.good_fd) == -1) - perror("close good_fd failed"); -exit: - put_ctx(&ctx); - if (ret) - exit(1); - exit(0); -} - -/* - Local variables: - c-indentation-style: "K&R" - mode-name: "LC" - c-basic-offset: 8 - tab-width: 8 - fill-column: 80 - scroll-step: 1 - End: -*/ diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c index 69312c44227..479ae779f66 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c @@ -4093,17 +4093,6 @@ client_graph_builder(volgen_graph_t *graph, glusterd_volinfo_t *volinfo, goto out; } - ret = dict_get_str_boolean(set_dict, "features.encryption", _gf_false); - if (ret == -1) - goto out; - if (ret) { - xl = volgen_graph_add(graph, "encryption/crypt", volname); - if (!xl) { - ret = -1; - goto out; - } - } - /* gfproxy needs the quiesce translator */ if (gfproxy_clnt) { xl = volgen_graph_add(graph, "features/quiesce", volname); diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c index abc1573f372..5622afbe47d 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c +++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c @@ -1439,29 +1439,6 @@ struct volopt_map_entry glusterd_volopt_map[] = { .voltype = "performance/nl-cache", .option = "pass-through", .op_version = GD_OP_VERSION_4_1_0}, - /* Crypt xlator options */ - - {.key = "features.encryption", - .voltype = "encryption/crypt", - .option = "!feat", - .value = "off", - .op_version = 3, - .description = "enable/disable client-side encryption for " - "the volume.", - .flags = VOLOPT_FLAG_CLIENT_OPT | VOLOPT_FLAG_XLATOR_OPT}, - - {.key = "encryption.master-key", - .voltype = "encryption/crypt", - .op_version = 3, - .flags = VOLOPT_FLAG_CLIENT_OPT}, - {.key = "encryption.data-key-size", - .voltype = "encryption/crypt", - .op_version = 3, - .flags = VOLOPT_FLAG_CLIENT_OPT}, - {.key = "encryption.block-size", - .voltype = "encryption/crypt", - .op_version = 3, - .flags = VOLOPT_FLAG_CLIENT_OPT}, /* Client xlator options */ {.key = "network.frame-timeout", -- cgit