IUDEV test list: Difference between revisions
Jump to navigation
Jump to search
(Created page with "{| class="wikitable" border="1" |- ! Number ! Name ! Description ! Check result |- |1 |Load nodemap.ko |Simple test to ensure that the module loads correctly and creates a def...") |
|||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== ID Mapping == | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 57: | Line 59: | ||
|- | |- | ||
|* | |* | ||
| | |||
|Check existing uid and gid mappings for non-default nodemaps | |Check existing uid and gid mappings for non-default nodemaps | ||
|check for proper mapping value | |check for proper mapping value | ||
|- | |- | ||
|* | |* | ||
| | |||
|Check non-existing uid and gid mappings for non-defualt nodemaps | |Check non-existing uid and gid mappings for non-defualt nodemaps | ||
|check for squashed values | |check for squashed values | ||
|- | |- | ||
|* | |* | ||
| | |||
|Check uid and gid mapping for default nodemap | |Check uid and gid mapping for default nodemap | ||
|check for default squashed values | |check for default squashed values | ||
|- | |- | ||
| Line 87: | Line 89: | ||
|- | |- | ||
|17 | |17 | ||
|Remove nodemap. | |Remove nodemap.ko | ||
| | | | ||
|Check that nodemap.ko unloads | |Check that nodemap.ko unloads | ||
|} | |||
== Shared Key Privacy and Integrity == | |||
{| class="wikitable" border="1" | |||
|- | |||
! Section | |||
! Number | |||
! Name | |||
! Description | |||
! Check result | |||
|- | |||
! scope="row" rowspan="3"|1. Null GSSAPI Mechanism | |||
|1.1 | |||
|Server-side null mechanism | |||
|Attempt to start server-side gssd with null mechanism selected | |||
|gssd starts and stays running with no errors | |||
|- | |||
|1.2 | |||
|Client-side null mechanism | |||
|Attempt to start client-side gssd with null mechanism selected | |||
|gssd starts and stays running with no errors | |||
|- | |||
|1.3 | |||
|gssd null authentication | |||
|Attempt authentication to above gssds | |||
|gssd authentication succeeds | |||
|- | |||
! scope="row" rowspan="3"|2. Shared Key Null Security Flavor | |||
|2.1 | |||
|Lustre daemons with null flavor | |||
|Attempt to start Lustre daemons with null security flavor selected | |||
|Lustre daemons start and stay running with no errors | |||
|- | |||
|2.2 | |||
|Mount with null flavor | |||
|Attempt to mount file system with null security flavor selected | |||
|File system is mounted with no errors | |||
|- | |||
|2.3 | |||
|File system operations with null flavor | |||
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with null security flavor selected | |||
|File system operations succeed | |||
|- | |||
! scope="row" rowspan="3"|3. Shared Key GSSAPI Mechanism | |||
|3.1 | |||
|Server-side shared key mechanism | |||
|Attempt to start server-side gssd with shared key mechanism selected | |||
|gssd starts and stays running with no errors | |||
|- | |||
|3.2 | |||
|Client-side shared key mechanism | |||
|Attempt to start client-side gssd with shared key mechanism selected | |||
|gssd starts and stays running with no errors | |||
|- | |||
|3.3 | |||
|gssd null authentication | |||
|Attempt authentication to above gssds | |||
|gssd authentication succeeds | |||
|- | |||
! scope="row"|4. Userspace Key-Generation Tool | |||
|4.1 | |||
|Generate key | |||
|Attempt to generate a shared key using the userspace key generation tool | |||
|Key is generated and looks sane | |||
|- | |||
! scope="row"|5. Server-Side Key Loading Method | |||
|5.1 | |||
|Load server-side key | |||
|Attempt to load a shared key into the Lustre server using theprovided lctl method | |||
|Key is loaded with no errors | |||
|- | |||
! scope="row"|6. Client-Side Key Loading Method | |||
|6.1 | |||
|Load client-side key | |||
|Attempt to load a shared key into the Lustre client using theprovided lctl method | |||
|Key is loaded with no errors | |||
|- | |||
! scope="row" rowspan="5"|7. Shared Key Integrity Security Flavor | |||
|7.1 | |||
|Start Lustre daemons with ski | |||
|Attempt to start Lustre daemons with shared key integrity (ski) security flavor selected | |||
|Lustre daemons start and stay running with no errors | |||
|- | |||
|7.2 | |||
|Mount file system with ski | |||
|Attempt to mount a Lustre filesystem using the ski security flavor | |||
|File system is mounted with no errors | |||
|- | |||
|7.3 | |||
|Mount with ski with bad key | |||
|Attempt to mount a filesystem with ski with an incorrect or missing key | |||
|File system fails to mount and throws bad key error | |||
|- | |||
|7.4 | |||
|File system operations with ski flavor | |||
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected | |||
|File system operations succeed | |||
|- | |||
|7.5 | |||
|No encryption over network | |||
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet | |||
|Data can successfully be read off network (encryption was not performed) | |||
|- | |||
! scope="row" rowspan="5"|8. Shared Key Privacy and Integrity Security Flavor | |||
|8.1 | |||
|Start Lustre daemons with skpi | |||
|Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected | |||
|Lustre daemons start and stay running with no errors | |||
|- | |||
|8.2 | |||
|Mount file system with skpi | |||
|Attempt to mount a Lustre filesystem using the skpi security flavor | |||
|File system is mounted with no errors | |||
|- | |||
|8.3 | |||
|Mount with skpi and bad key | |||
|Attempt to mount a filesystem with skpi with an incorrect or missing key | |||
|File system fails to mount and throws bad key error | |||
|- | |||
|8.4 | |||
|File system operations with skpi flavor | |||
|Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected | |||
|File system operations succeed | |||
|- | |||
|8.5 | |||
|Encryption over network | |||
|Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet | |||
|Data cannot be read off network | |||
|} | |} | ||
Latest revision as of 10:57, 2 August 2013
ID Mapping
| Number | Name | Description | Check result |
|---|---|---|---|
| 1 | Load nodemap.ko | Simple test to ensure that the module loads correctly and creates a default nodemap. | nodemap.ko load is tested by lsmod, check for expectedproc entries. |
| 2 | Create nodemaps | Create 20 distinctly named nodemaps and test that the required procentries exist. | nodemaps are created, check for expected proc entries |
| 3 | Reject duplicate nodemaps | Attempt to recreate the nodemaps from test 2, and fail so that there are no duplicate nodemaps | nodemap creations should fail, check return value from lctl, check for expected proc entries |
| 4 | Create non-overlapping ranges in all non-default nodemaps | Create 20 partitioned ranges in each nodemap from test 2 | Check for expected entries in the nodemap ranges procfile |
| 5 | Reject overlapping ranges in all non-default nodemaps | Attempt to create ranges in all nodemaps that conflict withpre-existing ranges | check return value from lctl, check nodemap ranges file for duplicates |
| 6 | Reject adding ranges to the default nodemap | Attempt to create ranges in the default nodemap. | check return value of lctl |
| 7-10 | Change allowed values in the default nodemap | Change the allowed settings for the default cluster (admin_cluster,trusted_cluster, squash_uid and squash_gid). | check proc files for expected values |
| 11 | Add uid/gid maps to non-default nodemap | Create 200 uidmaps and 200 gidmaps | check proc uidmap and gidmap files for expected values |
| 12 | Add uid/gid maps to default nodemap | Check that lctl rejects setting uid and gid maps for the default nodemap | check lctl return value |
| * | For each nodemap, run the following tests with each nodmap in this configuration:
[active = {0,1} X admin_cluster = {0,1} X trusted_cluster = {0,1} Xsquash_uid = {99, 50} X squash_gid = {99, 50}] | ||
| * | Check existing uid and gid mappings for non-default nodemaps | check for proper mapping value | |
| * | Check non-existing uid and gid mappings for non-defualt nodemaps | check for squashed values | |
| * | Check uid and gid mapping for default nodemap | check for default squashed values | |
| 14 | Remove some uid/gid maps from each non-default nodemap | test values for proper mapping | |
| 15 | Remove some ranges from each non-default nodemap | test values for proper mapping | |
| 16 | Remove a nodemap | test values for proper mapping | |
| 17 | Remove nodemap.ko | Check that nodemap.ko unloads |
| Section | Number | Name | Description | Check result |
|---|---|---|---|---|
| 1. Null GSSAPI Mechanism | 1.1 | Server-side null mechanism | Attempt to start server-side gssd with null mechanism selected | gssd starts and stays running with no errors |
| 1.2 | Client-side null mechanism | Attempt to start client-side gssd with null mechanism selected | gssd starts and stays running with no errors | |
| 1.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | |
| 2. Shared Key Null Security Flavor | 2.1 | Lustre daemons with null flavor | Attempt to start Lustre daemons with null security flavor selected | Lustre daemons start and stay running with no errors |
| 2.2 | Mount with null flavor | Attempt to mount file system with null security flavor selected | File system is mounted with no errors | |
| 2.3 | File system operations with null flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with null security flavor selected | File system operations succeed | |
| 3. Shared Key GSSAPI Mechanism | 3.1 | Server-side shared key mechanism | Attempt to start server-side gssd with shared key mechanism selected | gssd starts and stays running with no errors |
| 3.2 | Client-side shared key mechanism | Attempt to start client-side gssd with shared key mechanism selected | gssd starts and stays running with no errors | |
| 3.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | |
| 4. Userspace Key-Generation Tool | 4.1 | Generate key | Attempt to generate a shared key using the userspace key generation tool | Key is generated and looks sane |
| 5. Server-Side Key Loading Method | 5.1 | Load server-side key | Attempt to load a shared key into the Lustre server using theprovided lctl method | Key is loaded with no errors |
| 6. Client-Side Key Loading Method | 6.1 | Load client-side key | Attempt to load a shared key into the Lustre client using theprovided lctl method | Key is loaded with no errors |
| 7. Shared Key Integrity Security Flavor | 7.1 | Start Lustre daemons with ski | Attempt to start Lustre daemons with shared key integrity (ski) security flavor selected | Lustre daemons start and stay running with no errors |
| 7.2 | Mount file system with ski | Attempt to mount a Lustre filesystem using the ski security flavor | File system is mounted with no errors | |
| 7.3 | Mount with ski with bad key | Attempt to mount a filesystem with ski with an incorrect or missing key | File system fails to mount and throws bad key error | |
| 7.4 | File system operations with ski flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected | File system operations succeed | |
| 7.5 | No encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet | Data can successfully be read off network (encryption was not performed) | |
| 8. Shared Key Privacy and Integrity Security Flavor | 8.1 | Start Lustre daemons with skpi | Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected | Lustre daemons start and stay running with no errors |
| 8.2 | Mount file system with skpi | Attempt to mount a Lustre filesystem using the skpi security flavor | File system is mounted with no errors | |
| 8.3 | Mount with skpi and bad key | Attempt to mount a filesystem with skpi with an incorrect or missing key | File system fails to mount and throws bad key error | |
| 8.4 | File system operations with skpi flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected | File system operations succeed | |
| 8.5 | Encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet | Data cannot be read off network |