Hi all, We are trying to get Lustre secure client mount with distributed key:
[root@dh5-mds01 ger]# rpm -qa | grep lustre lustre-2.15.3-1.el8.x86_64 kmod-lustre-2.15.3-1.el8.x86_64 lustre-osd-ldiskfs-mount-2.15.3-1.el8.x86_64 kmod-lustre-osd-ldiskfs-2.15.3-1.el8.x86_64 followed the instructions: - created key - distributed key to mds/oss/client - set SPTLRPC security flavor to Shared Key Integrity(ski) on MGS - create /etc/request-key.d/lgssc.conf on all systems - create /etc/sysconfig/lsvcgss on mds - create /etc/sysconfig/lsvcgss on oss - systemctl start lsvcgss on mds/oss - modprobe ptlrpc_gss on mds/oss - mount mgs: mount -t lustre -o skpath=/root/umcg2.key /dev/mapper/mgs01-umcg /lustre/umcg/mgs01 - mount mdt: mount -t lustre -o skpath=/root/umcg2.key /dev/mapper/mdt01-umcg /lustre/umcg/mdt01/ - mount oss: mount -t lustre -o skpath=/root/umcg2.key /dev/mapper/umcg_ost01-01_v0000 /lustre/umcg/umcg_ost01-01_v0000/ - mount cli: mount -t lustre -o skpath=/root/umcg2.key 172.23.15.xxx@tcp15 :172.23.15.xx2@tcp15:/umcg /test - works! - but also this works (should fail): - mount cli without key: mount -t lustre 172.23.15.xxx@tcp15 :172.23.15.xxx2@tcp15:/umcg /test If I check the rcp_flavor/bulk flavor (should be ski) I get: lctl get_param *.*.srpc_* : mdc.umcg-MDT0000-mdc-ffff9c7e5e416000.srpc_info= rpc flavor: null bulk flavor: null [email protected]_info= rpc flavor: null bulk flavor: null Clearly the ski bits are not working. What are we missing? Do we need the lustre-software to recompile with GSS enabled? Please enlighten us, -- Vriendelijke groet, Ger Strikwerdasenior expert multidisciplinary enabler simple solution architect Rijksuniversiteit Groningen CIT/RDMS/HPC Smitsborg Nettelbosje 1 9747 AJ Groningen Tel. 050 363 9276 "God is hard, God is fair some men he gave brains, others he gave hair"
_______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
