Hi, I’m going to try to make this as TLDR minimal as possible.
I’m working on a project to provide better security for our lustre storage. What I’ve found is plenty of info on nodemap with ssk, but I have a few questions- Can I set up nodemap so it allows full access and simply restricts the IP ranges from which clients can connect? Running lctl nodemap_info all looks like it has an option for squash_gid and squash_uid. Does that mean I can turn those off? If I use ssk, do I still have to set up uid and gid translations? My test environment: Client at 192.168.57.100@tcp1<mailto:192.168.57.100@tcp1> • lnet router to tcp0 • mgs at 192.168.10.10@tcp0<mailto:192.168.10.10@tcp0> (with mds and 2 oss) Lnet routing works, and I can give and take access using Nodemap_activate 0/1 Thanks, John Kolacz HPCSYS FS
_______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
