Details
-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
Lustre 2.15.0
-
3
-
9223372036854775807
Description
On Client 1:
# fscrypt setup Defaulting to policy_version 1 because kernel doesn't support v2. Customizing passphrase hashing difficulty for this system... Created global config file at "/etc/fscrypt.conf". Metadata directories created at "/.fscrypt". [root@trevis-90vm4 ~]# fscrypt setup /mnt/lustre Metadata directories created at "/mnt/lustre/.fscrypt". Change in /etc/fscrypt.conf policy_version field from 1 to 2
On Client 2:
# fscrypt setup Defaulting to policy_version 1 because kernel doesn't support v2. Customizing passphrase hashing difficulty for this system... Created global config file at "/etc/fscrypt.conf". Metadata directories created at "/.fscrypt". Change in /etc/fscrypt.conf policy_version field from 1 to 2
On Client 1:
# mkdir /mnt/lustre/private # ls -la /mnt/lustre/ total 16 drwxr-xr-x 5 root root 4096 Apr 20 12:37 . drwxr-xr-x. 3 root root 4096 Mar 1 02:01 .. drwxr-xr-x 4 root root 4096 Apr 20 08:41 .fscrypt drwxr-xr-x 2 root root 4096 Apr 20 12:37 private
On Client 2:
[root@trevis-90vm5 ~]# ls -la /mnt/lustre/
total 16
drwxr-xr-x 5 root root 4096 Apr 20 12:37 .
drwxr-xr-x. 3 root root 4096 Mar 1 02:01 ..
drwxr-xr-x 4 root root 4096 Apr 20 08:41 .fscrypt
drwxr-xr-x 2 root root 4096 Apr 20 12:37 private
On Client 1:
# fscrypt encrypt /mnt/lustre/private The following protector sources are available: 1 - Your login passphrase (pam_passphrase) 2 - A custom passphrase (custom_passphrase) 3 - A raw 256-bit key (raw_key) Enter the source number for the new protector [2 - custom_passphrase]: 2 Enter a name for the new protector: shield Enter custom passphrase for protector "shield": Confirm passphrase: "/mnt/lustre/private" is now encrypted, unlocked, and ready for use. # echo "encrypt data" > /mnt/lustre/private/encrypt_file1 # echo "encrypt data" > /mnt/lustre/private/encrypt_file2 # ls -la /mnt/lustre/private total 8 drwx------ 2 root root 4096 Apr 20 12:42 . drwxr-xr-x 5 root root 4096 Apr 20 12:37 .. -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file1 -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file2 # cat /mnt/lustre/private/encrypt_file1 encrypt data # cat /mnt/lustre/private/encrypt_file2 encrypt data
On Client 2:
# ls -la /mnt/lustre/private/ total 8 drwx------ 2 root root 4096 Apr 20 12:42 . drwxr-xr-x 5 root root 4096 Apr 20 12:37 .. -rw-r--r-- 1 root root 0 Apr 20 12:42 1SSaHn+b7U0XyzL82SNzjWDOS6PGKx3pAjn7WD8I1vC -rw-r--r-- 1 root root 0 Apr 20 12:42 piJmwoKUzymPjQ+53PFWANKGtXX82h0+HFPC7gFLR1B # cat /mnt/lustre/private/1SSaHn+b7U0XyzL82SNzjWDOS6PGKx3pAjn7WD8I1vC cat: /mnt/lustre/private/1SSaHn+b7U0XyzL82SNzjWDOS6PGKx3pAjn7WD8I1vC: Required key not available # cat /mnt/lustre/private/piJmwoKUzymPjQ+53PFWANKGtXX82h0+HFPC7gFLR1B cat: /mnt/lustre/private/piJmwoKUzymPjQ+53PFWANKGtXX82h0+HFPC7gFLR1B: Required key not available # echo "new data" > /mnt/lustre/private/1SSaHn+b7U0XyzL82SNzjWDOS6PGKx3pAjn7WD8I1vC -bash: /mnt/lustre/private/1SSaHn+b7U0XyzL82SNzjWDOS6PGKx3pAjn7WD8I1vC: Required key not available # echo "new data" > /mnt/lustre/private/piJmwoKUzymPjQ+53PFWANKGtXX82h0+HFPC7gFLR1B -bash: /mnt/lustre/private/piJmwoKUzymPjQ+53PFWANKGtXX82h0+HFPC7gFLR1B: Required key not available
On Client 2:
# fscrypt unlock /mnt/lustre/private Enter custom passphrase for protector "shield": "/mnt/lustre/private" is now unlocked and ready for use.
After that the file size is 0
On Client 1:
# ls -la /mnt/lustre/private/ total 8 drwx------ 2 root root 4096 Apr 20 12:42 . drwxr-xr-x 6 root root 4096 Apr 20 13:00 .. -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file1 -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file2 # cat /mnt/lustre/private/encrypt_file1 # cat /mnt/lustre/private/encrypt_file2
On Client 2:
# ls -la /mnt/lustre/private/ total 8 drwx------ 2 root root 4096 Apr 20 12:42 . drwxr-xr-x 6 root root 4096 Apr 20 13:00 .. -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file1 -rw-r--r-- 1 root root 0 Apr 20 12:42 encrypt_file2 # cat /mnt/lustre/private/encrypt_file1 # cat /mnt/lustre/private/encrypt_file2
This is the first encrypted directory on this file system.
With all the following encrypted directories, the bug could not be repeated.
Could not be reproduced, perhaps addressed by
LU-15787