== sanity-sec test 64i: Nodemap quota enforcement with local_admin RBAC and offsets ========================================================== 10:23:30 (1773671010) mdt.lustre-MDT0000.identity_upcall=NONE mdt.lustre-MDT0001.identity_upcall=NONE oleg108-server: error: nodemap 'c0' does not exist oleg108-server: nodemap_del: Invalid argument pdsh@oleg108-client: oleg108-server: ssh exited with exit code 1 On MGS 192.168.201.108, active = nodemap.active=1 Waiting 90s for 'u' Updated after 2s: want 'u' got 'u' Waiting 90s for 'u' osd-ldiskfs.lustre-MDT0000.quota_slave_dt.enabled=u osd-ldiskfs.lustre-MDT0001.quota_slave_dt.enabled=u Current MOUNT: total 72 drwxr-xr-x 19 root root 4096 Mar 16 10:23 . drwxr-xr-x 4 root root 0 Mar 16 10:11 .. drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:54 d17.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:58 d18.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 10:06 d21.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:09 d25c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:10 d35.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:14 d51.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:14 d55.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:19 d60.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:19 d61.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64a.sanity-sec drwxr-xr-x 5 root root 4096 Mar 16 10:21 d64b.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64d.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64e.sanity-sec drwxrwx---+ 2 root 5000 4096 Mar 16 10:23 d64g.sanity-sec drwxrwxrwx 2 root root 4096 Mar 16 10:23 d64h.sanity-sec drwxr-xr-x 2 100000 root 4096 Mar 16 10:23 d64i.sanity-sec On MGS 192.168.201.108, c0.offset = nodemap.c0.offset= { start_uid: 100000, limit_uid: 100000, start_gid: 100000, limit_gid: 100000, start_projid: 100000, limit_projid: 100000 } Current MOUNT: total 72 drwxr-xr-x 19 root root 4096 Mar 16 10:23 . drwxr-xr-x 4 root root 0 Mar 16 10:11 .. drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:54 d17.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:58 d18.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 10:06 d21.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:09 d25c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:10 d35.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:14 d51.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:14 d55.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:19 d60.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:19 d61.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64a.sanity-sec drwxr-xr-x 5 root root 4096 Mar 16 10:21 d64b.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64d.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64e.sanity-sec drwxrwx---+ 2 root 5000 4096 Mar 16 10:23 d64g.sanity-sec drwxrwxrwx 2 root root 4096 Mar 16 10:23 d64h.sanity-sec drwxr-xr-x 2 100000 root 4096 Mar 16 10:23 d64i.sanity-sec Test 1: admin_nodemap=1, local_admin in RBAC, trusted=1 Expected: root can bypass quota (write succeeds) On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall,local_admin 15+0 records in 15+0 records out 15728640 bytes (16 MB, 15 MiB) copied, 0.295549 s, 53.2 MB/s Waiting for MDT destroys to complete Test 2: admin_nodemap=1, local_admin NOT in RBAC, trusted=1 Expected: root must respect quota (write fails with EDQUOT) On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall dd output: dd: error writing '/mnt/lustre/d64i.sanity-sec/f64i.sanity-sec': Disk quota exceeded 10+0 records in 9+0 records out 9437184 bytes (9.4 MB, 9.0 MiB) copied, 0.205701 s, 45.9 MB/s Waiting for MDT destroys to complete Test 3: admin_nodemap=1, local_admin NOT in RBAC, trusted=0 Expected: root must respect quota (write fails with EDQUOT) On MGS 192.168.201.108, c0.trusted_nodemap = nodemap.c0.trusted_nodemap=0 dd output: dd: error writing '/mnt/lustre/d64i.sanity-sec/f64i.sanity-sec': Disk quota exceeded 10+0 records in 9+0 records out 9437184 bytes (9.4 MB, 9.0 MiB) copied, 0.174169 s, 54.2 MB/s Waiting for MDT destroys to complete Test 4: admin_nodemap=1, local_admin in RBAC, trusted=0 Expected: root can bypass quota (write succeeds) On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall,local_admin 15+0 records in 15+0 records out 15728640 bytes (16 MB, 15 MiB) copied, 0.2438 s, 64.5 MB/s Waiting for MDT destroys to complete Test 5: admin_nodemap=0, local_admin in RBAC Expected: root is squashed, permission denied On MGS 192.168.201.108, c0.admin_nodemap = nodemap.c0.admin_nodemap=0 Current MOUNT: total 72 drwxr-xr-x 19 root root 4096 Mar 16 10:23 . drwxr-xr-x 4 root root 0 Mar 16 10:11 .. drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:54 d17.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 09:58 d18.sanity-sec drwxrwxrwx 2 quota_usr root 4096 Mar 16 10:06 d21.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:09 d25c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:10 d35.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:14 d51.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:14 d55.sanity-sec drwxr-xr-x 3 root root 4096 Mar 16 10:19 d60.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:19 d61.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64a.sanity-sec drwxr-xr-x 5 root root 4096 Mar 16 10:21 d64b.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:21 d64c.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64d.sanity-sec drwxr-xr-x 2 root root 4096 Mar 16 10:22 d64e.sanity-sec drwxrwx---+ 2 root 5000 4096 Mar 16 10:23 d64g.sanity-sec drwxrwxrwx 2 root root 4096 Mar 16 10:23 d64h.sanity-sec drwxr-xr-x 2 nobody nobody 4096 Mar 16 10:24 d64i.sanity-sec dd output: dd: failed to open '/mnt/lustre/d64i.sanity-sec/f64i.sanity-sec': Permission denied Waiting for MDT destroys to complete Test 6: admin_nodemap=0, local_admin NOT in RBAC Expected: root is squashed, permission denied On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall dd output: dd: failed to open '/mnt/lustre/d64i.sanity-sec/f64i.sanity-sec': Permission denied On MGS 192.168.201.108, c0.trusted_nodemap = nodemap.c0.trusted_nodemap=1 Waiting for MDT destroys to complete Test 7: admin=1, trusted=1, local_admin in RBAC (DOM only) Expected: root can bypass quota (DOM write succeeds) On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall,local_admin 15+0 records in 15+0 records out 15728640 bytes (16 MB, 15 MiB) copied, 0.470097 s, 33.5 MB/s Waiting for MDT destroys to complete Test 8: admin=1, trusted=1, local_admin NOT in RBAC (DOM only) Expected: root must respect quota (DOM write fails EDQUOT) On MGS 192.168.201.108, c0.rbac = nodemap.c0.rbac=file_perms,quota_ops,server_upcall dd DOM output: dd: error writing '/mnt/lustre/d64i.sanity-sec/f64i.sanity-sec': Disk quota exceeded 11+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.364088 s, 28.8 MB/s osd-ldiskfs.lustre-MDT0000.quota_slave_dt.enabled=none osd-ldiskfs.lustre-MDT0001.quota_slave_dt.enabled=none Waiting 90s for 'none' 192.168.201.108@tcp:/lustre /mnt/lustre lustre rw,checksum,encrypt,flock,lazystatfs,lruresize,nolock,statfs_project,nouser_fid2path,user_xattr,verbose 0 0 Stopping client oleg108-client.virtnet /mnt/lustre (opts:) On MGS 192.168.201.108, active = nodemap.active=0 Starting client: oleg108-client.virtnet: -o user_xattr,flock 192.168.201.108@tcp:/lustre /mnt/lustre