diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-15 07:01:38 -0700 |
commit | aa66b8404f45712c45d75d6a2a37f32e2792cc83 (patch) | |
tree | 11d7a95bd6286204ec0ec33e4cdd8ba0c5b48028 /tests/basic | |
parent | aac1ec0a61d9267b6ae7a280b368dfd357b7dcdc (diff) |
gNFS: Export / Netgroup authentication on Gluster NFS mount
* Parses linux style export file/netgroups file into a structure that
can be lookedup.
* This parser turns each line into a structure called an "export
directory". Each of these has a dictionary of hosts and netgroups
which can be looked up during the mount authentication process.
(See Change-Id Ic060aac and I7e6aa6bc)
* A string beginning withan '@' is treated as a netgroup and a string
beginning without an @ is a host.
(See Change-Id Ie04800d)
* This parser does not currently support all the options in the man page
('man exports'), but we can easily add them.
BUG: 1143880
URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication
Change-Id: I181e8c1814d6ef3cae5b4d88353622734f0c0f0b
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8758
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'tests/basic')
-rwxr-xr-x | tests/basic/mount-nfs-auth.t | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t new file mode 100755 index 00000000000..55fe9327d0e --- /dev/null +++ b/tests/basic/mount-nfs-auth.t @@ -0,0 +1,148 @@ +#!/bin/bash + +. $(dirname $0)/../include.rc +. $(dirname $0)/../nfs.rc + +cleanup; + +## Start and create a volume +TEST glusterd +TEST pidof glusterd +TEST $CLI volume info + +# Export variables for allow & deny +EXPORT_ALLOW="/$V0 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" +EXPORT_ALLOW_SLASH="/$V0/ $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" +EXPORT_DENY="/$V0 1.2.3.4(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" + +# Netgroup variables for allow & deny +NETGROUP_ALLOW="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 ($H0,,)" +NETGROUP_DENY="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 (1.2.3.4,,)" + +V0L1="$V0/L1" +V0L2="$V0L1/L2" +V0L3="$V0L2/L3" + +# Other variations for allow & deny +EXPORT_ALLOW_RO="/$V0 $H0(sec=sys,ro,anonuid=0) @ngtop(sec=sys,ro,anonuid=0)" +EXPORT_ALLOW_L1="/$V0L1 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" +EXPORT_WILDCARD="/$V0 *(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" + +function build_dirs () { + mkdir -p $B0/b{0,1,2}/L1/L2/L3 +} + +function export_allow_this_host () { + printf "$EXPORT_ALLOW\n" > /var/lib/glusterd/nfs/exports +} + +function export_allow_this_host_with_slash () { + printf "$EXPORT_ALLOW_SLASH\n" > /var/lib/glusterd/nfs/exports +} + +function export_deny_this_host () { + printf "$EXPORT_DENY\n" > /var/lib/glusterd/nfs/exports +} + +function export_allow_this_host_l1 () { + printf "$EXPORT_ALLOW_L1\n" >> /var/lib/glusterd/nfs/exports +} + +function export_allow_wildcard () { + printf "$EXPORT_WILDCARD\n" >> /var/lib/glusterd/nfs/exports +} + +function export_allow_this_host_ro () { + printf "$EXPORT_ALLOW_RO\n" > /var/lib/glusterd/nfs/exports +} + +function netgroup_allow_this_host () { + printf "$NETGROUP_ALLOW\n" > /var/lib/glusterd/nfs/netgroups +} + +function netgroup_deny_this_host () { + printf "$NETGROUP_DENY\n" > /var/lib/glusterd/nfs/netgroups +} + +function create_vol () { + TEST $CLI vol create $V0 replica 3 $H0:$B0/b0 $H0:$B0/b1 $H0:$B0/b2 +} + +function setup_cluster() { + build_dirs # Build directories + export_allow_this_host # Allow this host in the exports file + netgroup_allow_this_host # Allow this host in the netgroups file + + glusterd + create_vol # Create the volume +} + +function do_mount () { + mount_nfs $H0:/$1 $N0 nolock +} + +function small_write () { + dd if=/dev/zero of=$N0/test-small-write count=1 bs=1k 2>&1 +} + +function bg_write () { + dd if=/dev/zero of=$N0/test-bg-write count=1 bs=1k & + BG_WRITE_PID=$! +} + +function big_write() { + dd if=/dev/zero of=$N0/test-big-write count=500 bs=1M +} + +function create () { + touch $N0/create-test +} + +function stat_nfs () { + ls $N0/ +} + +setup_cluster + +# run preliminary tests +TEST $CLI vol set $V0 cluster.self-heal-daemon off +TEST $CLI vol set $V0 nfs.disable off +TEST $CLI vol set $V0 cluster.choose-local off +TEST $CLI vol start $V0 + +## Wait for volume to register with rpc.mountd +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +## NFS server starts with auth disabled +## Do some tests to verify that. + +TEST do_mount $V0 +TEST umount $N0 + +## Disallow host +TEST export_deny_this_host +TEST netgroup_deny_this_host +sleep 2 + +## Technically deauthorized this host, but since auth is disabled we should be +## able to do mounts, writes, etc. +TEST do_mount $V0 +TEST small_write +TEST umount $N0 +TEST do_mount $V0 +TEST umount $N0 + +## Reauthorize this host +export_allow_this_host +netgroup_allow_this_host + +# +# Most functional tests will get added with http://review.gluster.org/9364 +# + +## Finish up +TEST $CLI volume stop $V0 +TEST $CLI volume delete $V0; +TEST ! $CLI volume info $V0; + +cleanup |