diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-18 03:16:42 -0700 |
commit | 89cb6bcc7335a9b5e12febcacc27f762bdcda595 (patch) | |
tree | e8319e2a0cfd54d4db15da3ae51e79e9b8ae1740 /tests | |
parent | 1bf69fc65d777e1bbea28619c144a9cb373b47ab (diff) |
glusterd: add new NFS options for exports/netgroups and related caching
The following options for the Gluster/NFS server are added :
- nfs.exports-auth-enable
- nfs.auth-refresh-interval-sec
- nfs.auth-cache-ttl-sec
BUG: 1143880
Change-Id: I37a73966c4ed27cd0f8c77200ef68a0d12b385b8
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9364
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/basic/mount-nfs-auth.t | 166 |
1 files changed, 160 insertions, 6 deletions
diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t index 55fe9327d0e..3e466170365 100755 --- a/tests/basic/mount-nfs-auth.t +++ b/tests/basic/mount-nfs-auth.t @@ -4,8 +4,7 @@ . $(dirname $0)/../nfs.rc cleanup; - -## Start and create a volume +## Check whether glusterd is running TEST glusterd TEST pidof glusterd TEST $CLI volume info @@ -102,6 +101,14 @@ function stat_nfs () { ls $N0/ } +# Restarts the NFS server +function restart_nfs () { + PID=$(ps aux | grep nfs | grep sbin/glusterfs | awk '{print $2}') + CMD=$(ps ax | grep nfs | grep sbin/glusterfs | awk '{$1=$2=$3=$4="";print $0}') + kill $PID + $CMD +} + setup_cluster # run preliminary tests @@ -122,7 +129,7 @@ TEST umount $N0 ## Disallow host TEST export_deny_this_host TEST netgroup_deny_this_host -sleep 2 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available ## Technically deauthorized this host, but since auth is disabled we should be ## able to do mounts, writes, etc. @@ -136,9 +143,156 @@ TEST umount $N0 export_allow_this_host netgroup_allow_this_host -# -# Most functional tests will get added with http://review.gluster.org/9364 -# +## Restart NFS with auth enabled +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable on +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +## Mount NFS +TEST do_mount $V0 +## Disallow host +TEST export_deny_this_host +TEST netgroup_deny_this_host + +## nfs-server is not enable to load the changes in the export/netgroup files +## dynamically, a restart is required. + +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +## Writes should not be allowed, host is not authorized +TEST ! small_write +## Unmount so we can test mount +TEST umount $N0 +## Subsequent ounts should not be allowed, host is not authorized +TEST ! do_mount $V0 + +## Reauthorize host +TEST export_allow_this_host +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 +TEST umount $N0 + +## Allow host in netgroups but not in exports, host should be allowed +TEST export_deny_this_host +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST small_write +TEST big_write +TEST umount $N0 + +## Allow host in exports but not in netgroups, host should be allowed +TEST export_allow_this_host +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST umount $N0 + +## Finally, reauth the host in export and netgroup, test mount & write +TEST export_allow_this_host_l1 +TEST netgroup_allow_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +sleep 2 +TEST do_mount $V0L1 +TEST small_write + +## Failover test: Restarting NFS and then doing a write should pass +bg_write +TEST restart_nfs +TEST wait $BG_WRITE_PID +TEST small_write +TEST umount $N0 + +## Test deep mounts +TEST do_mount $V0L1 +TEST small_write +TEST umount $N0 + +TEST export_allow_this_host_ro +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST ! small_write # Writes should not be allowed +TEST ! create # Create should not be allowed +TEST stat_nfs # Stat should be allowed +TEST umount $N0 + +TEST export_deny_this_host +TEST netgroup_deny_this_host +TEST export_allow_this_host_l1 # Allow this host at L1 +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST ! do_mount $V0 #V0 shouldnt be allowed +TEST do_mount $V0L1 #V0L1 should be +TEST umount $N0 + +## Test wildcard hosts +TEST export_allow_wildcard +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST do_mount $V0 +TEST small_write +TEST umount $N0 + +## Test if path is parsed correctly +## by mounting host:vol/ instead of host:vol +TEST do_mount $V0/ +TEST small_write +TEST umount $N0 + +TEST export_allow_this_host_with_slash +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 +TEST small_write +TEST umount $N0 +TEST do_mount $V0/ +TEST small_write +TEST umount $N0 + + +## Turn off exports authentication +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable off +$CLI vol start $V0 + +TEST export_deny_this_host # Deny the host +TEST netgroup_deny_this_host +$CLI vol stop $V0 +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available + +TEST do_mount $V0 # Do a mount & test +TEST umount $N0 + +## Turn back on the exports authentication +$CLI vol stop $V0 +TEST $CLI vol set $V0 nfs.exports-auth-enable on +$CLI vol start $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +## Do a simple test to set the refresh time to 20 seconds +TEST $CLI vol set $V0 nfs.auth-refresh-interval-sec 20 + +## Do a simple test to see if the volume option exists +TEST $CLI vol set $V0 nfs.auth-cache-ttl-sec 400 ## Finish up TEST $CLI volume stop $V0 |