On Jun 27, 2018, at 06:05, Mark Roper wrote:
>
> Hi Jeremy & All,
> I got a request to share the results of my SSK performance investigation with
> this group from Mark Hahn, which I'm happy to do! If you're not interested
> in the impact on throughput for encryption of client-to-mds and clien
Hi Jeremy & All,
I got a request to share the results of my SSK performance investigation
with this group from Mark Hahn, which I'm happy to do! If you're not
interested in the impact on throughput for encryption of client-to-mds and
client-to-oss communication using the SSK feature, you can stop
Thanks again Jermey. This is pretty strange but here goes: SSK encryption
works end to end if I ssh as root into the server and client nodes to
mount. If I ssh as another user (say, centos) and `sudo` or `sudo -s` the
same commands with --skpath, the client mount fails.
So it seems like there is
I have encountered this issue before as well. Something on the system is
creating a new root user session keyring and keyctl_read fails after that
happens. For now reloading the key into the keyring is what I have done.
For the client you could mount with --skpath option so any time it's
mounted
Hi Jeremy,
Thanks for taking a look at my question. I have validated that the key on
the server and the client match and that the client key has the prime
generated.
When I ssh to the client node and run
sudo mount -t lustre -o skpath=/secure_directory/scratch.client.key
172.31.46.245@tcp:/scra
GSS error 0x6 is GSS bad signature which would mean the HMAC was
invalid. Can you verify your key file's have the same shared key? Do you
have any logs for the server side as well? You can increase server
verbosity by adding some extra v's to LSVCGSSDARGS in
/etc/sysconfig/lsvcgss.
Jeremy
Hi Lustre Admins,
I am hoping someone can help me understand what I'm doing wrong with SSK
setup. I have set up a lustre 2.11 server and worked through the steps to
use shared secret keys (SSKs) to encrypt data in transit between client
nodes and the MDT and OSS. I followed the manual instruction
