glusterd: add new NFS options for exports/netgroups and related caching

The following options for the Gluster/NFS server are added :
- nfs.exports-auth-enable
- nfs.auth-refresh-interval-sec
- nfs.auth-cache-ttl-sec

BUG: 1143880
Change-Id: I37a73966c4ed27cd0f8c77200ef68a0d12b385b8
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9364
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

1 files changed, 160 insertions, 6 deletions

diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t
index 55fe9327d0e..3e466170365 100755
--- a/tests/basic/mount-nfs-auth.t
+++ b/tests/basic/mount-nfs-auth.t
@@ -4,8 +4,7 @@
 . $(dirname $0)/../nfs.rc
 
 cleanup;
-
-## Start and create a volume
+## Check whether glusterd is running
 TEST glusterd
 TEST pidof glusterd
 TEST $CLI volume info
@@ -102,6 +101,14 @@ function stat_nfs () {
         ls $N0/
 }
 
+# Restarts the NFS server
+function restart_nfs () {
+        PID=$(ps aux | grep nfs | grep sbin/glusterfs | awk '{print $2}')
+        CMD=$(ps ax | grep nfs | grep sbin/glusterfs | awk '{$1=$2=$3=$4="";print $0}')
+        kill $PID
+        $CMD
+}
+
 setup_cluster
 
 # run preliminary tests
@@ -122,7 +129,7 @@ TEST umount $N0
 ## Disallow host
 TEST export_deny_this_host
 TEST netgroup_deny_this_host
-sleep 2
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
 
 ## Technically deauthorized this host, but since auth is disabled we should be
 ## able to do mounts, writes, etc.
@@ -136,9 +143,156 @@ TEST umount $N0
 export_allow_this_host
 netgroup_allow_this_host
 
-#
-# Most functional tests will get added with http://review.gluster.org/9364
-#
+## Restart NFS with auth enabled
+$CLI vol stop $V0
+TEST $CLI vol set $V0 nfs.exports-auth-enable on
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+## Mount NFS
+TEST do_mount $V0
+## Disallow host
+TEST export_deny_this_host
+TEST netgroup_deny_this_host
+
+## nfs-server is not enable to load the changes in the export/netgroup files
+## dynamically, a restart is required.
+
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+## Writes should not be allowed, host is not authorized
+TEST ! small_write
+## Unmount so we can test mount
+TEST umount $N0
+## Subsequent ounts should not be allowed, host is not authorized
+TEST ! do_mount $V0
+
+## Reauthorize host
+TEST export_allow_this_host
+TEST netgroup_allow_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+TEST do_mount $V0
+TEST umount $N0
+
+## Allow host in netgroups but not in exports, host should be allowed
+TEST export_deny_this_host
+TEST netgroup_allow_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+TEST do_mount $V0
+TEST small_write
+TEST big_write
+TEST umount $N0
+
+## Allow host in exports but not in netgroups, host should be allowed
+TEST export_allow_this_host
+TEST netgroup_deny_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+TEST do_mount $V0
+TEST umount $N0
+
+## Finally, reauth the host in export and netgroup, test mount & write
+TEST export_allow_this_host_l1
+TEST netgroup_allow_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+sleep 2
+TEST do_mount $V0L1
+TEST small_write
+
+## Failover test: Restarting NFS and then doing a write should pass
+bg_write
+TEST restart_nfs
+TEST wait $BG_WRITE_PID
+TEST small_write
+TEST umount $N0
+
+## Test deep mounts
+TEST do_mount $V0L1
+TEST small_write
+TEST umount $N0
+
+TEST export_allow_this_host_ro
+TEST netgroup_deny_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+TEST do_mount $V0
+TEST ! small_write # Writes should not be allowed
+TEST ! create      # Create should not be allowed
+TEST stat_nfs      # Stat should be allowed
+TEST umount $N0
+
+TEST export_deny_this_host
+TEST netgroup_deny_this_host
+TEST export_allow_this_host_l1 # Allow this host at L1
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+TEST ! do_mount $V0 #V0 shouldnt be allowed
+TEST do_mount $V0L1 #V0L1 should be
+TEST umount $N0
+
+## Test wildcard hosts
+TEST export_allow_wildcard
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+TEST do_mount $V0
+TEST small_write
+TEST umount $N0
+
+## Test if path is parsed correctly
+## by mounting host:vol/ instead of host:vol
+TEST do_mount $V0/
+TEST small_write
+TEST umount $N0
+
+TEST export_allow_this_host_with_slash
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+TEST do_mount $V0
+TEST small_write
+TEST umount $N0
+TEST do_mount $V0/
+TEST small_write
+TEST umount $N0
+
+
+## Turn off exports authentication
+$CLI vol stop $V0
+TEST $CLI vol set $V0 nfs.exports-auth-enable off
+$CLI vol start $V0
+
+TEST export_deny_this_host # Deny the host
+TEST netgroup_deny_this_host
+$CLI vol stop $V0
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+TEST do_mount $V0 # Do a mount & test
+TEST umount $N0
+
+## Turn back on the exports authentication
+$CLI vol stop $V0
+TEST $CLI vol set $V0 nfs.exports-auth-enable on
+$CLI vol start $V0
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+## Do a simple test to set the refresh time to 20 seconds
+TEST $CLI vol set $V0 nfs.auth-refresh-interval-sec 20
+
+## Do a simple test to see if the volume option exists
+TEST $CLI vol set $V0 nfs.auth-cache-ttl-sec 400
 
 ## Finish up
 TEST $CLI volume stop $V0