summaryrefslogtreecommitdiffstats
path: root/tests/basic
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2015-01-01 13:15:45 +0100
committerVijay Bellur <vbellur@redhat.com>2015-03-15 07:01:38 -0700
commitaa66b8404f45712c45d75d6a2a37f32e2792cc83 (patch)
tree11d7a95bd6286204ec0ec33e4cdd8ba0c5b48028 /tests/basic
parentaac1ec0a61d9267b6ae7a280b368dfd357b7dcdc (diff)
gNFS: Export / Netgroup authentication on Gluster NFS mount
* Parses linux style export file/netgroups file into a structure that can be lookedup. * This parser turns each line into a structure called an "export directory". Each of these has a dictionary of hosts and netgroups which can be looked up during the mount authentication process. (See Change-Id Ic060aac and I7e6aa6bc) * A string beginning withan '@' is treated as a netgroup and a string beginning without an @ is a host. (See Change-Id Ie04800d) * This parser does not currently support all the options in the man page ('man exports'), but we can easily add them. BUG: 1143880 URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication Change-Id: I181e8c1814d6ef3cae5b4d88353622734f0c0f0b Original-author: Shreyas Siravara <shreyas.siravara@gmail.com> CC: Richard Wareing <rwareing@fb.com> CC: Jiffin Tony Thottan <jthottan@redhat.com> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8758 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'tests/basic')
-rwxr-xr-xtests/basic/mount-nfs-auth.t148
1 files changed, 148 insertions, 0 deletions
diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t
new file mode 100755
index 00000000000..55fe9327d0e
--- /dev/null
+++ b/tests/basic/mount-nfs-auth.t
@@ -0,0 +1,148 @@
+#!/bin/bash
+
+. $(dirname $0)/../include.rc
+. $(dirname $0)/../nfs.rc
+
+cleanup;
+
+## Start and create a volume
+TEST glusterd
+TEST pidof glusterd
+TEST $CLI volume info
+
+# Export variables for allow & deny
+EXPORT_ALLOW="/$V0 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
+EXPORT_ALLOW_SLASH="/$V0/ $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
+EXPORT_DENY="/$V0 1.2.3.4(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
+
+# Netgroup variables for allow & deny
+NETGROUP_ALLOW="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 ($H0,,)"
+NETGROUP_DENY="ngtop ng1000\nng1000 ng999\nng999 ng1\nng1 ng2\nng2 (1.2.3.4,,)"
+
+V0L1="$V0/L1"
+V0L2="$V0L1/L2"
+V0L3="$V0L2/L3"
+
+# Other variations for allow & deny
+EXPORT_ALLOW_RO="/$V0 $H0(sec=sys,ro,anonuid=0) @ngtop(sec=sys,ro,anonuid=0)"
+EXPORT_ALLOW_L1="/$V0L1 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
+EXPORT_WILDCARD="/$V0 *(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)"
+
+function build_dirs () {
+ mkdir -p $B0/b{0,1,2}/L1/L2/L3
+}
+
+function export_allow_this_host () {
+ printf "$EXPORT_ALLOW\n" > /var/lib/glusterd/nfs/exports
+}
+
+function export_allow_this_host_with_slash () {
+ printf "$EXPORT_ALLOW_SLASH\n" > /var/lib/glusterd/nfs/exports
+}
+
+function export_deny_this_host () {
+ printf "$EXPORT_DENY\n" > /var/lib/glusterd/nfs/exports
+}
+
+function export_allow_this_host_l1 () {
+ printf "$EXPORT_ALLOW_L1\n" >> /var/lib/glusterd/nfs/exports
+}
+
+function export_allow_wildcard () {
+ printf "$EXPORT_WILDCARD\n" >> /var/lib/glusterd/nfs/exports
+}
+
+function export_allow_this_host_ro () {
+ printf "$EXPORT_ALLOW_RO\n" > /var/lib/glusterd/nfs/exports
+}
+
+function netgroup_allow_this_host () {
+ printf "$NETGROUP_ALLOW\n" > /var/lib/glusterd/nfs/netgroups
+}
+
+function netgroup_deny_this_host () {
+ printf "$NETGROUP_DENY\n" > /var/lib/glusterd/nfs/netgroups
+}
+
+function create_vol () {
+ TEST $CLI vol create $V0 replica 3 $H0:$B0/b0 $H0:$B0/b1 $H0:$B0/b2
+}
+
+function setup_cluster() {
+ build_dirs # Build directories
+ export_allow_this_host # Allow this host in the exports file
+ netgroup_allow_this_host # Allow this host in the netgroups file
+
+ glusterd
+ create_vol # Create the volume
+}
+
+function do_mount () {
+ mount_nfs $H0:/$1 $N0 nolock
+}
+
+function small_write () {
+ dd if=/dev/zero of=$N0/test-small-write count=1 bs=1k 2>&1
+}
+
+function bg_write () {
+ dd if=/dev/zero of=$N0/test-bg-write count=1 bs=1k &
+ BG_WRITE_PID=$!
+}
+
+function big_write() {
+ dd if=/dev/zero of=$N0/test-big-write count=500 bs=1M
+}
+
+function create () {
+ touch $N0/create-test
+}
+
+function stat_nfs () {
+ ls $N0/
+}
+
+setup_cluster
+
+# run preliminary tests
+TEST $CLI vol set $V0 cluster.self-heal-daemon off
+TEST $CLI vol set $V0 nfs.disable off
+TEST $CLI vol set $V0 cluster.choose-local off
+TEST $CLI vol start $V0
+
+## Wait for volume to register with rpc.mountd
+EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available
+
+## NFS server starts with auth disabled
+## Do some tests to verify that.
+
+TEST do_mount $V0
+TEST umount $N0
+
+## Disallow host
+TEST export_deny_this_host
+TEST netgroup_deny_this_host
+sleep 2
+
+## Technically deauthorized this host, but since auth is disabled we should be
+## able to do mounts, writes, etc.
+TEST do_mount $V0
+TEST small_write
+TEST umount $N0
+TEST do_mount $V0
+TEST umount $N0
+
+## Reauthorize this host
+export_allow_this_host
+netgroup_allow_this_host
+
+#
+# Most functional tests will get added with http://review.gluster.org/9364
+#
+
+## Finish up
+TEST $CLI volume stop $V0
+TEST $CLI volume delete $V0;
+TEST ! $CLI volume info $V0;
+
+cleanup