FedFsTestPlan0.10

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
("cn=NSDB Manager" administrator DN)
(Tests are in no particular order)
Line 23: Line 23:
==== "cn=NSDB Manager" administrator DN ====
==== "cn=NSDB Manager" administrator DN ====
-
# Create, edit, and remove NSDB records using the new "cn=NSDB Manager" DN
+
* Create, edit, and remove NSDB records using the new "cn=NSDB Manager" DN
-
# Try to create, edit, or remove NSDB records using some other non-admin DN
+
* Try to create, edit, or remove NSDB records using some other non-admin DN
-
# Try to create, edit, or remove non-NSDB records using the new "cn=NSDB Manager" DN
+
* Try to create, edit, or remove non-NSDB records using the new "cn=NSDB Manager" DN
-
# Attempt to remove and re-create an NCE (LDAP server administrator access should be required)
+
* Attempt to remove and re-create an NCE (LDAP server administrator access should be required)
==== NCE discovery mechanism ====
==== NCE discovery mechanism ====
-
# Try FSN resolution with a new fedfsNsdbContainerEntry object in place.  Debugging should show that the NSDB client performs the new subtree search to find the NCE.
+
* Try FSN resolution with a new fedfsNsdbContainerEntry object in place.  Debugging should show that the NSDB client performs the new subtree search to find the NCE.
-
# Try FSN resolution without a fedfsNsdbContainerEntry object.  Debugging should show that the NSDB client tries the subtree search then queries the fedfsNceDN attribute.
+
* Try FSN resolution without a fedfsNsdbContainerEntry object.  Debugging should show that the NSDB client tries the subtree search then queries the fedfsNceDN attribute.
-
# FSN resolution should work when TLS is enabled on the NSDB
+
* FSN resolution should work when TLS is enabled on the NSDB
-
# Try adding another NCE on the NSDB (should still fail since we still add the fedfsNceDN attribute to the root suffix)
+
* Try adding another NCE on the NSDB (should still fail since we still add the fedfsNceDN attribute to the root suffix)
-
# Try removing the new NCE
+
* Try removing the new NCE
-
# Try adding an NCE to a non-NSDB root suffix
+
* Try adding an NCE to a non-NSDB root suffix
==== The fedfs-domainroot tool ====
==== The fedfs-domainroot tool ====
-
# Create and remove domain roots while an NFSD is running
+
* Create and remove domain roots while an NFSD is running
-
# Create and remove domain roots while NFSD is shut down
+
* Create and remove domain roots while NFSD is shut down
-
# Ensure that clients follow the referrals, and behave reasonable when a domain root is removed
+
* Ensure that clients follow the referrals, and behave reasonable when a domain root is removed
==== The nsdb-jumpstart tool ====
==== The nsdb-jumpstart tool ====
-
# Try "nsdb-jumpstart install" on a blank system (openldap-servers and fedfs-utils-common installed)
+
* Try "nsdb-jumpstart install" on a blank system (openldap-servers and fedfs-utils-common installed)
-
# Try "nsdb-jumpstart install" on a system with a running NSDB
+
* Try "nsdb-jumpstart install" on a system with a running NSDB
-
# Try "nsdb-jumpstart install" with TLS security; pass out certificate and attempt NSDB operations like FSN resolution
+
* Try "nsdb-jumpstart install" with TLS security; pass out certificate and attempt NSDB operations like FSN resolution
-
# Try "nsdb-jumpstart backup" on a system with some NSDB data
+
* Try "nsdb-jumpstart backup" on a system with some NSDB data
-
# Try "nsdb-jumpstart restore" on a system with backups and some NSDB data
+
* Try "nsdb-jumpstart restore" on a system with backups and some NSDB data
==== RPCSEC GSS authentication of ADMIN protocol ====
==== RPCSEC GSS authentication of ADMIN protocol ====
-
# Kinit and attempt ADMIN operations against a fedfsd with GSS support and a known good service principal
+
* Kinit and attempt ADMIN operations against a fedfsd with GSS support and a known good service principal
-
# Do not kinit and attempt ADMIN operations against a fedfs with GSS support and a known good service principal
+
* Do not kinit and attempt ADMIN operations against a fedfs with GSS support and a known good service principal
-
# Kinit and attempt ADMIN operations against a fedfsd with no GSS support configured
+
* Kinit and attempt ADMIN operations against a fedfsd with no GSS support configured
-
# Using 0.9 fedfsc, attempt ADMIN operations against a fedfsd with GSS support and a known good service principal
+
* Using 0.9 fedfsc, attempt ADMIN operations against a fedfsd with GSS support and a known good service principal
=== Existing features ===
=== Existing features ===
Line 64: Line 64:
==== RFC 6641-compliant DNS SRV ====
==== RFC 6641-compliant DNS SRV ====
-
# Create a domain with a single DNS SRV record; ensure clients can mount the domain's root directory
+
* Create a domain with a single DNS SRV record; ensure clients can mount the domain's root directory
-
# Create a domain with multiple DNS SRV records; ensure clients can mount the domain's root directory
+
* Create a domain with multiple DNS SRV records; ensure clients can mount the domain's root directory
==== TLS support in NSDB clients ====
==== TLS support in NSDB clients ====
-
# nsdbparams support for adding NSDB with TLS security
+
* nsdbparams support for adding NSDB with TLS security
-
# fedfsd support for adding NSDB with TLS security
+
* fedfsd support for adding NSDB with TLS security
-
# Use a certificate to resolve an FSN on an NSDB using no security
+
* Use a certificate to resolve an FSN on an NSDB using no security
-
# Try to resolve an FSN with no certificate against an NSDB with TLS security
+
* Try to resolve an FSN with no certificate against an NSDB with TLS security
==== fedfsd ====
==== fedfsd ====
-
# Try all ADMIN junction operations on a FedFS-enabled server
+
* Try all ADMIN junction operations on a FedFS-enabled server
-
# Try all ADMIN NSDB operations on a FedFS-enabled server
+
* Try all ADMIN NSDB operations on a FedFS-enabled server
==== nfsref ====
==== nfsref ====
-
# Create basic junctions and verify that clients follow them
+
* Create basic junctions and verify that clients follow them
-
# Create fedfs junctions and verify that mountd resolves them correctly and that clients follow them
+
* Create fedfs junctions and verify that mountd resolves them correctly and that clients follow them
-
# List basic and fedfs junctions
+
* List basic and fedfs junctions
-
# Remove junctions
+
* Remove junctions

Revision as of 17:52, 29 October 2013

Contents

Project: fedfs-utils

[ Project Home | News | Downloads | Docs | Mailing Lists | Source Control | Issues ]


Test Plan for fedfs-utils-0.10

This article outlines a test plan for the upstream 0.10 release of fedfs-utils.

Details are not yet provided. However, there should be enough in each description to allow someone to install fedfs-utils 0.10 (when it is released) and perform functional testing, report problems, and update this document with further information (such as tests attempted and results).

New features in 0.10

The following sections describe features that are new in fedfs-utils 0.10.

"cn=NSDB Manager" administrator DN

  • Create, edit, and remove NSDB records using the new "cn=NSDB Manager" DN
  • Try to create, edit, or remove NSDB records using some other non-admin DN
  • Try to create, edit, or remove non-NSDB records using the new "cn=NSDB Manager" DN
  • Attempt to remove and re-create an NCE (LDAP server administrator access should be required)

NCE discovery mechanism

  • Try FSN resolution with a new fedfsNsdbContainerEntry object in place. Debugging should show that the NSDB client performs the new subtree search to find the NCE.
  • Try FSN resolution without a fedfsNsdbContainerEntry object. Debugging should show that the NSDB client tries the subtree search then queries the fedfsNceDN attribute.
  • FSN resolution should work when TLS is enabled on the NSDB
  • Try adding another NCE on the NSDB (should still fail since we still add the fedfsNceDN attribute to the root suffix)
  • Try removing the new NCE
  • Try adding an NCE to a non-NSDB root suffix

The fedfs-domainroot tool

  • Create and remove domain roots while an NFSD is running
  • Create and remove domain roots while NFSD is shut down
  • Ensure that clients follow the referrals, and behave reasonable when a domain root is removed

The nsdb-jumpstart tool

  • Try "nsdb-jumpstart install" on a blank system (openldap-servers and fedfs-utils-common installed)
  • Try "nsdb-jumpstart install" on a system with a running NSDB
  • Try "nsdb-jumpstart install" with TLS security; pass out certificate and attempt NSDB operations like FSN resolution
  • Try "nsdb-jumpstart backup" on a system with some NSDB data
  • Try "nsdb-jumpstart restore" on a system with backups and some NSDB data

RPCSEC GSS authentication of ADMIN protocol

  • Kinit and attempt ADMIN operations against a fedfsd with GSS support and a known good service principal
  • Do not kinit and attempt ADMIN operations against a fedfs with GSS support and a known good service principal
  • Kinit and attempt ADMIN operations against a fedfsd with no GSS support configured
  • Using 0.9 fedfsc, attempt ADMIN operations against a fedfsd with GSS support and a known good service principal

Existing features

The following sections describe features that existed in previous versions of fedfs-utils and should continue to work in fedfs-utils 0.10. These features may have been modified in 0.10 to enhance security or interoperability, or may have had bugs fixed.

RFC 6641-compliant DNS SRV

  • Create a domain with a single DNS SRV record; ensure clients can mount the domain's root directory
  • Create a domain with multiple DNS SRV records; ensure clients can mount the domain's root directory

TLS support in NSDB clients

  • nsdbparams support for adding NSDB with TLS security
  • fedfsd support for adding NSDB with TLS security
  • Use a certificate to resolve an FSN on an NSDB using no security
  • Try to resolve an FSN with no certificate against an NSDB with TLS security

fedfsd

  • Try all ADMIN junction operations on a FedFS-enabled server
  • Try all ADMIN NSDB operations on a FedFS-enabled server

nfsref

  • Create basic junctions and verify that clients follow them
  • Create fedfs junctions and verify that mountd resolves them correctly and that clients follow them
  • List basic and fedfs junctions
  • Remove junctions
Personal tools