[PATCH 9/9] nvme/044: test re-authentication

Hannes Reinecke hare at suse.de
Mon Nov 22 01:40:39 PST 2021 

On 11/22/21 10:02 AM, Sagi Grimberg wrote:
> 
> 
> On 11/22/21 9:55 AM, Hannes Reinecke wrote:
>> Signed-off-by: Hannes Reinecke <hare at suse.de>
>> ---
>>   tests/nvme/044     | 116 +++++++++++++++++++++++++++++++++++++++++++++
>>   tests/nvme/044.out |  22 +++++++++
>>   2 files changed, 138 insertions(+)
>>   create mode 100644 tests/nvme/044
>>   create mode 100644 tests/nvme/044.out
>>
>> diff --git a/tests/nvme/044 b/tests/nvme/044
>> new file mode 100644
>> index 0000000..e3a1e94
>> --- /dev/null
>> +++ b/tests/nvme/044
>> @@ -0,0 +1,116 @@
>> +#!/bin/bash
>> +# SPDX-License-Identifier: GPL-3.0+
>> +# Copyright (C) 2021 Hannes Reinecke, SUSE Labs
>> +#
>> +# Test nvme over tcp re-authentication
>> +
>> +. tests/nvme/rc
>> +
>> +DESCRIPTION="Test re-authentication for TCP connection via localhost"
>> +QUICK=1
>> +
>> +requires() {
>> +    _nvme_requires
>> +    _have_modules loop
>> +    _require_nvme_trtype_is_fabrics
>> +}
>> +
>> +
>> +test() {
>> +    local port
>> +    local genctr
>> +    local subsys="blktests-subsystem-"
>> +    local hostid="$(uuidgen)"
>> +    local hostnqn="nqn.2014-08.org.nvmexpress:uuid:${hostid}"
>> +    local scratch="/tmp/blktest-ns1.img"
>> +    local nvme_trtype="tcp"
>> +    local hostkey
>> +    local ctrlkey
>> +
>> +    echo "Running ${TEST_NAME}"
>> +
>> +    hostkey="$(nvme gen-dhchap-key -n ${subsys}1 2> /dev/null)"
>> +    if [ $? -ne 0 ] ; then
>> +        echo "nvme gen-dhchap-key command missing"
>> +        return 1
>> +    fi
>> +
>> +    ctrlkey="$(nvme gen-dhchap-key -n ${subsys}1 2> /dev/null)"
>> +    if [ $? -ne 0 ] ; then
>> +        echo "nvme gen-dhchap-key command missing"
>> +        return 1
>> +    fi
>> +
>> +    _setup_nvmet
>> +
>> +    truncate -s 512M "${scratch}"
>> +
>> +    port="$(_create_nvmet_port "${nvme_trtype}")"
>> +
>> +    _create_nvmet_subsystem "${subsys}1" "${scratch}"
>> +    _add_nvmet_subsys_to_port "${port}" "${subsys}1"
>> +    _create_nvmet_host "${subsys}1" "${hostnqn}"
>> +
>> +    _set_nvmet_dhgroup "${hostnqn}" "ffdhe2048"
>> +    _set_nvmet_hostkey "${hostnqn}" "${hostkey}"
>> +    _set_nvmet_ctrlkey "${hostnqn}" "${ctrlkey}"
>> +
>> +    nvme connect -t "${nvme_trtype}" -n "${subsys}1" \
>> +         -a "${def_traddr}" -s "${def_trsvcid}" \
>> +         -S "${hostkey}" -C "${ctrlkey}" \
>> +         --hostnqn="${hostnqn}" --hostid="${hostid}"
>> +
>> +    nvme list-subsys
>> +
>> +    ctrl=$(_find_nvme_dev "${subsys}1")
>> +
>> +    echo "Re-authenticate with original host key"
>> +
>> +    echo "${hostkey}" > /sys/class/nvme/${ctrl}/dhchap_secret
>> +
>> +    echo "Renew host key on the controller"
>> +
>> +    new_hostkey="$(nvme gen-dhchap-key -n ${subsys}1 2> /dev/null)"
>> +
>> +    _set_nvmet_hostkey "${hostnqn}" "${new_hostkey}"
>> +
>> +    echo "Re-authenticate with new host key"
>> +
>> +    echo "${new_hostkey}" > /sys/class/nvme/${ctrl}/dhchap_secret
>> +
>> +    nvme list-subsys
>> +
>> +    echo "Renew ctrl key on the controller"
>> +
>> +    new_ctrlkey="$(nvme gen-dhchap-key -n ${subsys}1 2> /dev/null)"
>> +
>> +    _set_nvmet_ctrlkey "${hostnqn}" "${new_ctrlkey}"
>> +
>> +    echo "Re-authenticate with new ctrl key"
>> +
>> +    echo "${new_ctrlkey}" > /sys/class/nvme/${ctrl}/dhchap_ctrl_secret
>> +
>> +    nvme list-subsys
>> +
>> +    echo "Change DH group to ffdhe8192"
>> +
>> +    _set_nvmet_dhgroup "${hostnqn}" "ffdhe8192"
>> +
>> +    echo "Re-authenticate with changed DH group"
>> +    echo "${new_hostkey}" > /sys/class/nvme/${ctrl}/dhchap_secret
>> +
>> +    nvme list-subsys
> 
> Here you may want to compare the lists, but why not to a local
> variable?
> 
Actually, I don't need as the list is stored in the output file; if the
lists are different we'll have a diff to the output file and the test
will fail.

But yeah, I see your point.

> If you insist of printing, how about introducing a
> generic filter helper to filter-out the transport from list-subsys?

See my comment to the previous tests.
If it's sufficient to check the return code from nvme connect we can go
with that.
Or checking for the namespace device node like I did in 43.

Lemme see.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		        Kernel Storage Architect
hare at suse.de			               +49 911 74053 688
SUSE Software Solutions Germany GmbH, 90409 Nürnberg
GF: F. Imendörffer, HRB 36809 (AG Nürnberg)

More information about the Linux-nvme mailing list