IUDEV test list: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 121: | Line 121: | ||
|gssd authentication succeeds | |gssd authentication succeeds | ||
|- | |- | ||
| | |rowspan="3"|2. Shared Key Null Security Flavor | ||
|2.1 | |2.1 | ||
|Lustre daemons with null flavor | |Lustre daemons with null flavor | ||
Line 152: | Line 152: | ||
|Attempt authentication to above gssds | |Attempt authentication to above gssds | ||
|gssd authentication succeeds | |gssd authentication succeeds | ||
| | |- | ||
|4. Userspace Key-Generation Tool | |||
|4.1 | |||
|Generate key | |||
|Attempt to generate a shared key using the userspace key generation tool | |||
|Key is generated and looks sane | |||
|- | |||
|5. Server-Side Key Loading Method | |||
|5.1 | |||
|Load server-side key | |||
|Attempt to load a shared key into the Lustre server using theprovided lctl method | |||
|Key is loaded with no errors | |||
|- | |||
|6. Client-Side Key Loading Method | |||
|6.1 | |||
|Load client-side key | |||
|Attempt to load a shared key into the Lustre client using theprovided lctl method | |||
|Key is loaded with no errors | |||
|-|rowspan="5"|7. Shared Key Integrity Security Flavor|7.1|Start Lustre daemons with ski|Attempt to start Lustre daemons with shared key integrity (ski) security flavor selected|Lustre daemons start and stay running with no errors|-|7.2 | |||
|Mount file system with ski | |||
|Attempt to mount a Lustre filesystem using the ski security flavor | |||
|File system is mounted with no errors|- | |||
|7.3 | |||
|Mount with ski with bad key | |||
|Attempt to mount a filesystem with ski with an incorrect or missing key | |||
|File system fails to mount and throws bad key error | |||
|-|7.4 | |||
|File system operations with ski flavor | |||
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected | |||
|File system operations succeed | |||
|-|7.5 | |||
|No encryption over network | |||
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet | |||
|Data can successfully be read off network (encryption was not performed)|-|rowspan="5"|8. Shared Key Privacy and Integrity Security Flavor|8.1|Start Lustre daemons with skpi|Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected|Lustre daemons start and stay running with no errors|-|8.2 | |||
|Mount file system with skpi | |||
|Attempt to mount a Lustre filesystem using the skpi security flavor | |||
|File system is mounted with no errors|- | |||
|8.3 | |||
|Mount with skpi and bad key | |||
|Attempt to mount a filesystem with skpi with an incorrect or missing key | |||
|File system fails to mount and throws bad key error | |||
|-|8.4 | |||
|File system operations with skpi flavor | |||
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected | |||
|File system operations succeed | |||
|-|8.5 | |||
|Encryption over network | |||
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet | |||
|Data cannot be read off network | |||
} |
Revision as of 10:51, 2 August 2013
ID Mapping
Number | Name | Description | Check result |
---|---|---|---|
1 | Load nodemap.ko | Simple test to ensure that the module loads correctly and creates a default nodemap. | nodemap.ko load is tested by lsmod, check for expectedproc entries. |
2 | Create nodemaps | Create 20 distinctly named nodemaps and test that the required procentries exist. | nodemaps are created, check for expected proc entries |
3 | Reject duplicate nodemaps | Attempt to recreate the nodemaps from test 2, and fail so that there are no duplicate nodemaps | nodemap creations should fail, check return value from lctl, check for expected proc entries |
4 | Create non-overlapping ranges in all non-default nodemaps | Create 20 partitioned ranges in each nodemap from test 2 | Check for expected entries in the nodemap ranges procfile |
5 | Reject overlapping ranges in all non-default nodemaps | Attempt to create ranges in all nodemaps that conflict withpre-existing ranges | check return value from lctl, check nodemap ranges file for duplicates |
6 | Reject adding ranges to the default nodemap | Attempt to create ranges in the default nodemap. | check return value of lctl |
7-10 | Change allowed values in the default nodemap | Change the allowed settings for the default cluster (admin_cluster,trusted_cluster, squash_uid and squash_gid). | check proc files for expected values |
11 | Add uid/gid maps to non-default nodemap | Create 200 uidmaps and 200 gidmaps | check proc uidmap and gidmap files for expected values |
12 | Add uid/gid maps to default nodemap | Check that lctl rejects setting uid and gid maps for the default nodemap | check lctl return value |
* | For each nodemap, run the following tests with each nodmap in this configuration:
[active = {0,1} X admin_cluster = {0,1} X trusted_cluster = {0,1} Xsquash_uid = {99, 50} X squash_gid = {99, 50}] | ||
* | Check existing uid and gid mappings for non-default nodemaps | check for proper mapping value | |
* | Check non-existing uid and gid mappings for non-defualt nodemaps | check for squashed values | |
* | Check uid and gid mapping for default nodemap | check for default squashed values | |
14 | Remove some uid/gid maps from each non-default nodemap | test values for proper mapping | |
15 | Remove some ranges from each non-default nodemap | test values for proper mapping | |
16 | Remove a nodemap | test values for proper mapping | |
17 | Remove nodemap.ko | Check that nodemap.ko unloads |
Section | Number | Name | Description | Check result | |||||
---|---|---|---|---|---|---|---|---|---|
1. Null GSSAPI Mechanism | 1.1 | Server-side null mechanism | Attempt to start server-side gssd with null mechanism selected | gssd starts and stays running with no errors | |||||
1.2 | Client-side null mechanism | Attempt to start client-side gssd with null mechanism selected | gssd starts and stays running with no errors | ||||||
1.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | ||||||
2. Shared Key Null Security Flavor | 2.1 | Lustre daemons with null flavor | Attempt to start Lustre daemons with null security flavor selected | Lustre daemons start and stay running with no errors | |||||
2.2 | Mount with null flavor | Attempt to mount file system with null security flavor selected | File system is mounted with no errors | ||||||
2.3 | File system operations with null flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with null security flavor selected | File system operations succeed | ||||||
3. Shared Key GSSAPI Mechanism | 3.1 | Server-side shared key mechanism | Attempt to start server-side gssd with shared key mechanism selected | gssd starts and stays running with no errors | |||||
3.2 | Client-side shared key mechanism | Attempt to start client-side gssd with shared key mechanism selected | gssd starts and stays running with no errors | ||||||
3.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | ||||||
4. Userspace Key-Generation Tool | 4.1 | Generate key | Attempt to generate a shared key using the userspace key generation tool | Key is generated and looks sane | |||||
5. Server-Side Key Loading Method | 5.1 | Load server-side key | Attempt to load a shared key into the Lustre server using theprovided lctl method | Key is loaded with no errors | |||||
6. Client-Side Key Loading Method | 6.1 | Load client-side key | Attempt to load a shared key into the Lustre client using theprovided lctl method | Key is loaded with no errors | |||||
Mount file system with ski | Attempt to mount a Lustre filesystem using the ski security flavor | - | 7.3 | Mount with ski with bad key | Attempt to mount a filesystem with ski with an incorrect or missing key | File system fails to mount and throws bad key error | |||
File system operations with ski flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected | File system operations succeed | |||||||
No encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet | -|rowspan="5"|8. Shared Key Privacy and Integrity Security Flavor|8.1|Start Lustre daemons with skpi|Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected|Lustre daemons start and stay running with no errors|-|8.2 | Mount file system with skpi | Attempt to mount a Lustre filesystem using the skpi security flavor | - | 8.3 | Mount with skpi and bad key | Attempt to mount a filesystem with skpi with an incorrect or missing key | File system fails to mount and throws bad key error |
File system operations with skpi flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected | File system operations succeed | |||||||
Encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet | Data cannot be read off network
} |