Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13999

sanity-sec test_54: fscrypt encrypt: user keyring not linked into session keyring

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • Lustre 2.15.0
    • None
    • 3
    • 9223372036854775807

    Description

      This issue was created by maloo for wangshilong <wshilong@ddn.com>

      This issue relates to the following test suite run: https://testing.whamcloud.com/test_sets/80d98472-3223-4cd2-b009-4c3d6dce5639

      test_54 failed with the following error:

      fscrypt encrypt failed

      <<Please provide additional information about the failure here>>

      VVVVVVV DO NOT REMOVE LINES BELOW, Added by Maloo for auto-association VVVVVVV
      sanity-sec test_54 - fscrypt encrypt failed

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-14401 Fix migrate for encrypted directory

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          mentioned in

          [Whamcloud Community Wiki] Page Page No Confluence page found with the given URL.

          [Whamcloud Community Wiki] Page Page No Confluence page found with the given URL.

          Activity

            [LU-13999] sanity-sec test_54: fscrypt encrypt: user keyring not linked into session keyring
            vilapa Vikentsi Lapa added a comment - - edited

            Just update with more details. I can reproduce this error with AlmaLinux 8.6. Ubuntu 20.04 does not show such issue.
            Error: [ERROR] fscrypt encrypt: user keyring for "runas" is not linked into the session keyring

            This is usually the result of a bad PAM configuration. Either correct the
problem in your PAM stack, enable pam_keyinit.so, or run "keyctl link @u @s".
2022/06/15 11:59:49 creating policy for "/lustre/es01a/client/userenc"
2022/06/15 11:59:49 keyringID(_uid.500) = 703180163, <nil>
2022/06/15 11:59:49 KeyctlLink(703180163, -1) = <nil>
2022/06/15 11:59:49 keyringID(session) = 55270648, <nil>
2022/06/15 11:59:49 KeyctlSearch(55270648, keyring, _uid.500) = -1, required key not available

            Tested fscrypt version was v0.2.9
            Also this error can be related to issues
            https://github.com/google/fscrypt/issues/194
            https://github.com/google/fscrypt/issues/34

            as workaround suggested command was started "keyctl link @u @s" . After that fscrypt encrypt completed successfully.

            vilapa Vikentsi Lapa added a comment - - edited Just update with more details. I can reproduce this error with AlmaLinux 8.6. Ubuntu 20.04 does not show such issue. Error: [ERROR] fscrypt encrypt: user keyring for "runas" is not linked into the session keyring This is usually the result of a bad PAM configuration. Either correct the problem in your PAM stack, enable pam_keyinit.so, or run "keyctl link @u @s" . 2022/06/15 11:59:49 creating policy for "/lustre/es01a/client/userenc" 2022/06/15 11:59:49 keyringID(_uid.500) = 703180163, <nil> 2022/06/15 11:59:49 KeyctlLink(703180163, -1) = <nil> 2022/06/15 11:59:49 keyringID(session) = 55270648, <nil> 2022/06/15 11:59:49 KeyctlSearch(55270648, keyring, _uid.500) = -1, required key not available Tested fscrypt version was v0.2.9 Also this error can be related to issues https://github.com/google/fscrypt/issues/194 https://github.com/google/fscrypt/issues/34 as workaround suggested command was started "keyctl link @u @s" . After that fscrypt encrypt completed successfully.
            sarah Sarah Liu added a comment -

            Hit the same error in interop testing between master and 2.14 client
            https://testing.whamcloud.com/test_sets/09838ea8-8c85-4a92-ba12-775d8994ed12

            sarah Sarah Liu added a comment - Hit the same error in interop testing between master and 2.14 client https://testing.whamcloud.com/test_sets/09838ea8-8c85-4a92-ba12-775d8994ed12
            sebastien Sebastien Buisson added a comment -

            Problem stems from the fscrypt version installed on Ubuntu client nodes. It is too old, and is not able to handle encryption policies v2, required for proper Lustre operation.

            sebastien Sebastien Buisson added a comment - Problem stems from the fscrypt version installed on Ubuntu client nodes. It is too old, and is not able to handle encryption policies v2, required for proper Lustre operation.

            People

              sebastien Sebastien Buisson
              maloo Maloo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: