Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13754

GSS-based authentication fails on CentOS/RHEL 7.8

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Lustre 2.14.0, Lustre 2.12.5
    • Fix Version/s: Lustre 2.14.0
    • Labels:
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      With CentOS/RHEL 7.8, it seems impossible for clients to authenticate with servers when a Kerberos or SSK flavor is enforced.

      The client console shows:

      [ 1152.954776] Lustre: DEBUG MARKER: /usr/sbin/lctl mark -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020
      [ 1153.535844] Lustre: DEBUG MARKER: -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020
      [ 1154.279614] Lustre: DEBUG MARKER: /usr/sbin/lctl mark == sanity test complete, duration -o sec ============================================================= 18:16:15 \(1593195375\)
      [ 1154.866121] Lustre: DEBUG MARKER: == sanity test complete, duration -o sec ============================================================= 18:16:15 (1593195375)
      [ 1156.755955] Lustre: DEBUG MARKER: /usr/sbin/lctl get_param -n version 2>/dev/null
      [ 1157.639632] Lustre: DEBUG MARKER: /usr/sbin/lctl mark excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f
      [ 1158.222239] Lustre: DEBUG MARKER: excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f
      [ 1158.853766] Lustre: DEBUG MARKER: /usr/sbin/lctl mark skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o
      [ 1159.435119] Lustre: DEBUG MARKER: skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o
      [ 1163.400808] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) @@@ Request sent has timed out for slow reply: [sent 1593195377/real 1593195377]  req@ffff912863195680 x1670585430065920/t0(0) o801->lustre-MDT0000-mdc-ffff91287754e000@10.2.5.166@tcp:12/10 lens 224/224 e 0 to 1 dl 1593195385 ref 2 fl Rpc:XQr/0/ffffffff rc 0/-1 job:'lgss_keyring.0'
      [ 1163.405873] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) Skipped 31 previous similar messages
      [ 1163.407582] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) negotiation: rpc err -85, gss err 0
      [ 1163.409156] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) Skipped 31 previous similar messages
      [ 1163.411036] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) ctx ffff912863eedd00(0->lustre-MDT0000_UUID) get expired: 1593195417(+32s)
      [ 1163.413059] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) Skipped 30 previous similar messages
      

      So all authentication requests fail on timeout.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sebastien Sebastien Buisson
                Reporter:
                sebastien Sebastien Buisson
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: