Details
-
Bug
-
Resolution: Fixed
-
Major
-
Lustre 2.14.0, Lustre 2.12.5
-
3
-
9223372036854775807
Description
With CentOS/RHEL 7.8, it seems impossible for clients to authenticate with servers when a Kerberos or SSK flavor is enforced.
The client console shows:
[ 1152.954776] Lustre: DEBUG MARKER: /usr/sbin/lctl mark -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020 [ 1153.535844] Lustre: DEBUG MARKER: -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020 [ 1154.279614] Lustre: DEBUG MARKER: /usr/sbin/lctl mark == sanity test complete, duration -o sec ============================================================= 18:16:15 \(1593195375\) [ 1154.866121] Lustre: DEBUG MARKER: == sanity test complete, duration -o sec ============================================================= 18:16:15 (1593195375) [ 1156.755955] Lustre: DEBUG MARKER: /usr/sbin/lctl get_param -n version 2>/dev/null [ 1157.639632] Lustre: DEBUG MARKER: /usr/sbin/lctl mark excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f [ 1158.222239] Lustre: DEBUG MARKER: excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f [ 1158.853766] Lustre: DEBUG MARKER: /usr/sbin/lctl mark skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o [ 1159.435119] Lustre: DEBUG MARKER: skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o [ 1163.400808] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) @@@ Request sent has timed out for slow reply: [sent 1593195377/real 1593195377] req@ffff912863195680 x1670585430065920/t0(0) o801->lustre-MDT0000-mdc-ffff91287754e000@10.2.5.166@tcp:12/10 lens 224/224 e 0 to 1 dl 1593195385 ref 2 fl Rpc:XQr/0/ffffffff rc 0/-1 job:'lgss_keyring.0' [ 1163.405873] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) Skipped 31 previous similar messages [ 1163.407582] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) negotiation: rpc err -85, gss err 0 [ 1163.409156] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) Skipped 31 previous similar messages [ 1163.411036] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) ctx ffff912863eedd00(0->lustre-MDT0000_UUID) get expired: 1593195417(+32s) [ 1163.413059] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) Skipped 30 previous similar messages
So all authentication requests fail on timeout.
Attachments
Issue Links
- is related to
-
-
- Closed
-
Activity
Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/40367
Subject: LU-13754 gss: open sptlrpc init channel in R+W mode
Project: fs/lustre-release
Branch: b2_12
Current Patch Set: 1
Commit: aeb3122cf655160a7a98047e0f7376b18abf4694
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/39297/
Subject: LU-13754 gss: open sptlrpc init channel in R+W mode
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 0d59f1a2c1e88495d1d697acabb572f67ccc211e
Thanks for the heads up Jeremy.
Indeed, it will be needed to backport to b2_12 so that GSS-based authentication is fixed on CentOS 7.8 with this Lustre version as well.
It looks like this patch is sufficient, my build system kept leaving it out due to some stale cache not getting cleaned up. Sorry for the confusion earlier. This probably should get applied to 2.12.5 as well.
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/39297
Subject: LU-13754 gss: open sptlrpc init channel in R+W mode
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: df980d5b1f540505acfa02b5a6374227e5453dc9
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/40367/
Subject:
LU-13754gss: open sptlrpc init channel in R+W modeProject: fs/lustre-release
Branch: b2_12
Current Patch Set:
Commit: 85fdf484884240094ffd20eecac91089f2d197cd