From 89cb6bcc7335a9b5e12febcacc27f762bdcda595 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 1 Jan 2015 13:15:45 +0100 Subject: glusterd: add new NFS options for exports/netgroups and related caching The following options for the Gluster/NFS server are added : - nfs.exports-auth-enable - nfs.auth-refresh-interval-sec - nfs.auth-cache-ttl-sec BUG: 1143880 Change-Id: I37a73966c4ed27cd0f8c77200ef68a0d12b385b8 Original-author: Shreyas Siravara CC: Richard Wareing CC: Jiffin Tony Thottan Signed-off-by: Niels de Vos Reviewed-on: http://review.gluster.org/9364 Tested-by: Gluster Build System Reviewed-by: Vijay Bellur --- tests/basic/mount-nfs-auth.t | 166 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 160 insertions(+), 6 deletions(-) (limited to 'tests') diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t index 55fe9327d0e..3e466170365 100755 --- a/tests/basic/mount-nfs-auth.t +++ b/tests/basic/mount-nfs-auth.t @@ -4,8 +4,7 @@ . $(dirname $0)/../nfs.rc cleanup; - -## Start and create a volume +## Check whether glusterd is running TEST glusterd TEST pidof glusterd TEST $CLI volume info @@ -102,6 +101,14 @@ function stat_nfs () { ls $N0/ } +# Restarts the NFS server +function restart_nfs () { + PID=$(ps aux | grep nfs | grep sbin/glusterfs | awk '{print $2}') + CMD=$(ps ax | grep nfs | grep sbin/glusterfs | awk '{$1=$2=$3=$4="";print $0}') + kill $PID + $CMD +} + setup_cluster # run preliminary tests @@ -122,7 +129,7 @@ TEST umount $N0 ## Disallow host TEST export_deny_this_host TEST netgroup_deny_this_host -sleep 2 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available ## Technically deauthorized this host, but since auth is disabled we should be ## able to do mounts, writes, etc. @@ -136,9 +143,156 @@ TEST umount $N0 export_allow_this_host netgroup_allow_this_host -# -# Most functional tests will get added with http://review.gluster.org/9364 -# +## Restart NFS with auth enabled +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable on +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +## Mount NFS +TEST do_mount $V0 +## Disallow host +TEST export_deny_this_host +TEST netgroup_deny_this_host + +## nfs-server is not enable to load the changes in the export/netgroup files +## dynamically, a restart is required. + +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +## Writes should not be allowed, host is not authorized +TEST ! small_write +## Unmount so we can test mount +TEST umount $N0 +## Subsequent ounts should not be allowed, host is not authorized +TEST ! do_mount $V0 + +## Reauthorize host +TEST export_allow_this_host +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 +TEST umount $N0 + +## Allow host in netgroups but not in exports, host should be allowed +TEST export_deny_this_host +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST small_write +TEST big_write +TEST umount $N0 + +## Allow host in exports but not in netgroups, host should be allowed +TEST export_allow_this_host +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST umount $N0 + +## Finally, reauth the host in export and netgroup, test mount & write +TEST export_allow_this_host_l1 +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +sleep 2 +TEST do_mount $V0L1 +TEST small_write + +## Failover test: Restarting NFS and then doing a write should pass +bg_write +TEST restart_nfs +TEST wait $BG_WRITE_PID +TEST small_write +TEST umount $N0 + +## Test deep mounts +TEST do_mount $V0L1 +TEST small_write +TEST umount $N0 + +TEST export_allow_this_host_ro +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST ! small_write # Writes should not be allowed +TEST ! create # Create should not be allowed +TEST stat_nfs # Stat should be allowed +TEST umount $N0 + +TEST export_deny_this_host +TEST netgroup_deny_this_host +TEST export_allow_this_host_l1 # Allow this host at L1 +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST ! do_mount $V0 #V0 shouldnt be allowed +TEST do_mount $V0L1 #V0L1 should be +TEST umount $N0 + +## Test wildcard hosts +TEST export_allow_wildcard +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST small_write +TEST umount $N0 + +## Test if path is parsed correctly +## by mounting host:vol/ instead of host:vol +TEST do_mount $V0/ +TEST small_write +TEST umount $N0 + +TEST export_allow_this_host_with_slash +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 +TEST small_write +TEST umount $N0 +TEST do_mount $V0/ +TEST small_write +TEST umount $N0 + + +## Turn off exports authentication +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable off +$CLI vol start $V0 + +TEST export_deny_this_host # Deny the host +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 # Do a mount & test +TEST umount $N0 + +## Turn back on the exports authentication +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable on +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +## Do a simple test to set the refresh time to 20 seconds +TEST $CLI vol set $V0 nfs.auth-refresh-interval-sec 20 + +## Do a simple test to see if the volume option exists +TEST $CLI vol set $V0 nfs.auth-cache-ttl-sec 400 ## Finish up TEST $CLI volume stop $V0 -- cgit