September 4th, 2005
Aurélien Charbon
Introduction:
This page describes tests done on NFSv4 ACL
List of tests
- Long ACL on files (-m option of setfacl command)
- Long ACL settings on directories
- default ACL setting
- Entries suppression test (-b and -x options)
- recursive ACL testing
- interroperability testing with PPC64 Linux server
- Posix ACL testing (local test)
- Stress test (3 client stressing 1 server with random ACL request)
The used configuration is:
- kernel: 2.6.12 + linux-2.6.12-CITI_NFS4_ALL-4 patchset
- acl: acl_2.2.29 + acl-2.2.29-CITI_NFS4_ALL-2.dif
- nfs client: util-linux-2.12-3 + util-linux-2.12-CITI_NFS4_ALL-3.dif
- nfs server: nfs-utils-1.0.7 + nfs-utils-1.0.7-CITI_NFS4_ALL-2.dif
Testing long ACLs
This test aims at trying to determine what the NFSv4 Access Control Lists limits are
Test scripts
File random_gen.py
Adding on to generate random objects>
File test_long_acl.py
Testing long ACLs
Result:
When I try to add an entry to an already long ACL (the limit size seems to be 38 entries), the client shows: "getfacl: /mnt/nfs/test-acl/testfile: Remote I/O error"
In fact, when I try to get or set a too long ACL for a file, a NFS4ERR_RESOURCE error is got from the server.
The trace of the client's call:
Network File System
Program Version: 4
V4 Procedure: COMPOUND (1)
Tag:
minorversion: 0
Operations (count: 2)
Opcode: PUTFH (22)
filehandle
Opcode: GETATTR (9)
attrmask
recc_attr: FATTR4_ACL (12)
The server's reply:
Network File System
Program Version: 4
V4 Procedure: COMPOUND (1)
Status: NFS4ERR_RESOURCE (10018)
Tag:
Operations (count: 2)
Opcode: PUTFH (22)
Status: NFS4_OK (0)
Opcode: GETATTR (9)
Status: NFS4ERR_RESOURCE (10018)
Bugzilla link:
This bug has been registered by Bruce Fields in NFSv4 bugzilla: here
Stressing ACLs
Scripts
Here are some scripts that aim at stressing ACLs (posix and nfs):
File acl_stress.py
This scripts creates tests files in the specified directory and uses random opération (getfacl and setfacl) to stress ACL's
File acl_stress2.py
This scripts retrieves tests files list in the specified directory and uses random opération (getfacl and setfacl) to stress ACL's
Typically, if you want to stress ACl's with several clients, you must run the first script on the first client and the second script on the others
These script both use the random generation function supplied by:
File random_gen.py
Testing long ACLs
Results
The test run with a linux-2.6.12 NFSv4 server, and 3 linux-2.6.12 NFSv4 client without problem
Scalability limit
The network traffic reach a limit of 35Mb/s, when being "attacked" by 3 clients.
Testing default ACLs
Script
File test_acl_default.py
This scripts tests the default ACL on a directory by setting an ACL on a directory, creating a file in this directory, and verifing the conformance
of the file's ACL.
Result
The test run with a linux-2.6.12 NFSv4 server, and 3 linux-2.6.12 NFSv4 client without problem
Full test package
Tarball
File nfsacl.tar.bz2
This package is been included to the Linux Test Project and should appear in the January release of LTP
Goal
It includes most of tests python scripts described before, but it adds conformance tests
Result
The test run with a linux-2.6.14 NFSv4 server, and 3 linux-2.6.14 NFSv4 client without other problem than the problem of ACL greater than one page
