IUDEV test list
Jump to navigation
Jump to search
ID Mapping
| Number | Name | Description | Check result |
|---|---|---|---|
| 1 | Load nodemap.ko | Simple test to ensure that the module loads correctly and creates a default nodemap. | nodemap.ko load is tested by lsmod, check for expectedproc entries. |
| 2 | Create nodemaps | Create 20 distinctly named nodemaps and test that the required procentries exist. | nodemaps are created, check for expected proc entries |
| 3 | Reject duplicate nodemaps | Attempt to recreate the nodemaps from test 2, and fail so that there are no duplicate nodemaps | nodemap creations should fail, check return value from lctl, check for expected proc entries |
| 4 | Create non-overlapping ranges in all non-default nodemaps | Create 20 partitioned ranges in each nodemap from test 2 | Check for expected entries in the nodemap ranges procfile |
| 5 | Reject overlapping ranges in all non-default nodemaps | Attempt to create ranges in all nodemaps that conflict withpre-existing ranges | check return value from lctl, check nodemap ranges file for duplicates |
| 6 | Reject adding ranges to the default nodemap | Attempt to create ranges in the default nodemap. | check return value of lctl |
| 7-10 | Change allowed values in the default nodemap | Change the allowed settings for the default cluster (admin_cluster,trusted_cluster, squash_uid and squash_gid). | check proc files for expected values |
| 11 | Add uid/gid maps to non-default nodemap | Create 200 uidmaps and 200 gidmaps | check proc uidmap and gidmap files for expected values |
| 12 | Add uid/gid maps to default nodemap | Check that lctl rejects setting uid and gid maps for the default nodemap | check lctl return value |
| * | For each nodemap, run the following tests with each nodmap in this configuration:
[active = {0,1} X admin_cluster = {0,1} X trusted_cluster = {0,1} Xsquash_uid = {99, 50} X squash_gid = {99, 50}] | ||
| * | Check existing uid and gid mappings for non-default nodemaps | check for proper mapping value | |
| * | Check non-existing uid and gid mappings for non-defualt nodemaps | check for squashed values | |
| * | Check uid and gid mapping for default nodemap | check for default squashed values | |
| 14 | Remove some uid/gid maps from each non-default nodemap | test values for proper mapping | |
| 15 | Remove some ranges from each non-default nodemap | test values for proper mapping | |
| 16 | Remove a nodemap | test values for proper mapping | |
| 17 | Remove nodemap.ko | Check that nodemap.ko unloads |
| Section | Number | Name | Description | Check result | |||||
|---|---|---|---|---|---|---|---|---|---|
| 1. Null GSSAPI Mechanism | 1.1 | Server-side null mechanism | Attempt to start server-side gssd with null mechanism selected | gssd starts and stays running with no errors | |||||
| 1.2 | Client-side null mechanism | Attempt to start client-side gssd with null mechanism selected | gssd starts and stays running with no errors | ||||||
| 1.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | ||||||
| 2. Shared Key Null Security Flavor | 2.1 | Lustre daemons with null flavor | Attempt to start Lustre daemons with null security flavor selected | Lustre daemons start and stay running with no errors | |||||
| 2.2 | Mount with null flavor | Attempt to mount file system with null security flavor selected | File system is mounted with no errors | ||||||
| 2.3 | File system operations with null flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with null security flavor selected | File system operations succeed | ||||||
| 3. Shared Key GSSAPI Mechanism | 3.1 | Server-side shared key mechanism | Attempt to start server-side gssd with shared key mechanism selected | gssd starts and stays running with no errors | |||||
| 3.2 | Client-side shared key mechanism | Attempt to start client-side gssd with shared key mechanism selected | gssd starts and stays running with no errors | ||||||
| 3.3 | gssd null authentication | Attempt authentication to above gssds | gssd authentication succeeds | ||||||
| 4. Userspace Key-Generation Tool | 4.1 | Generate key | Attempt to generate a shared key using the userspace key generation tool | Key is generated and looks sane | |||||
| 5. Server-Side Key Loading Method | 5.1 | Load server-side key | Attempt to load a shared key into the Lustre server using theprovided lctl method | Key is loaded with no errors | |||||
| 6. Client-Side Key Loading Method | 6.1 | Load client-side key | Attempt to load a shared key into the Lustre client using theprovided lctl method | Key is loaded with no errors | |||||
| Mount file system with ski | Attempt to mount a Lustre filesystem using the ski security flavor | - | 7.3 | Mount with ski with bad key | Attempt to mount a filesystem with ski with an incorrect or missing key | File system fails to mount and throws bad key error | |||
| File system operations with ski flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the ski security flavor selected | File system operations succeed | |||||||
| No encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure a match for the actual file data is found in the packet | -|rowspan="5"|8. Shared Key Privacy and Integrity Security Flavor|8.1|Start Lustre daemons with skpi|Attempt to start Lustre daemons with shared key privacy and integrity (skpi) security flavor selected|Lustre daemons start and stay running with no errors|-|8.2 | Mount file system with skpi | Attempt to mount a Lustre filesystem using the skpi security flavor | - | 8.3 | Mount with skpi and bad key | Attempt to mount a filesystem with skpi with an incorrect or missing key | File system fails to mount and throws bad key error |
| File system operations with skpi flavor | Attempt to perform normal file system operations (create file, write to file, delete file, etc.) on file system mounted with the skpi security flavor selected | File system operations succeed | |||||||
| Encryption over network | Simulate a network eavesdropper by extracting a file data packet from the network layer, and ensure no match for the actual file data is found in the packet | Data cannot be read off network
} |