Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18126

split INTERNAL upcall cache into a per-nodemap cache

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      The INTERNAL upcall stores the supplementary group list in an MDT-wide, in-memory cache. This helps limiting the performance impact, however, the same cache will be used for all clients. If a client is not trustworthy or is misconfigured then it can cause incorrect group data to be cached on the MDT, affecting all clients using that MDT.

      So the use of the INTERNAL upcall should be limited to clients that are known for doing metadata intensive operations while using a large number of supplementary groups or ACLs.

      Rather than limiting the use of INTERNAL to only particular clients/tenants, would the task here be to split the MDT-wide cache into a per-nodemap cache.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-17961 Support supplementary groups from client

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            [LU-18126] split INTERNAL upcall cache into a per-nodemap cache
            sebastien Sebastien Buisson added a comment -

            Rather than limiting the use of INTERNAL to only particular clients/tenants, would the task here be to split the MDT-wide cache into a per-nodemap cache.

            Please note that with the INTERNAL upcall as implemented via https://review.whamcloud.com/55474 and https://review.whamcloud.com/55475 , the upcall cache used for clients belonging to nodemaps where the 'server_upcall' rbac role is not enabled (the INTERNAL one) is separated from the upcall cache used by the identity upcall (as defined via mdt.*.identity_upcall).

            sebastien Sebastien Buisson added a comment - Rather than limiting the use of INTERNAL to only particular clients/tenants, would the task here be to split the MDT-wide cache into a per-nodemap cache. Please note that with the INTERNAL upcall as implemented via https://review.whamcloud.com/55474 and https://review.whamcloud.com/55475 , the upcall cache used for clients belonging to nodemaps where the 'server_upcall' rbac role is not enabled (the INTERNAL one) is separated from the upcall cache used by the identity upcall (as defined via mdt.*.identity_upcall ).

            People

              wc-triage WC Triage
              adilger Andreas Dilger
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: