Details
-
Technical task
-
Resolution: Fixed
-
Major
-
Lustre 2.3.0, Lustre 2.4.0, Lustre 2.5.0
-
any
-
3
-
8142
Description
Lustre's autoconf scripts require Kerberos to be installed when --enable-gss is specified. Currently, only the Kerberos GSSAPI mechanism supported by Lustre, but others are planned in the future, such as those being developed for shared key authentication (project SFS-DEV-001.2). GSSAPI is meant to allow calling code to be mechanism-agnostic, so requiring Kerberos defeats that purpose.
The definition of the LC_CONFIG_GSS macro in lustre/autoconf/lustre-core.m4 unconditionally calls AC_KERBEROS_V5 from lustre/autoconf/kerberos.m4, which fails when Kerberos isn't found:
dnl We didn't find a usable Kerberos environment
if test "x$KRBDIR" = "x"; then
if test "x$krb5_with" = "x"; then
AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
else
AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
fi
fi
AC_MSG_RESULT($KRBDIR)
This macro ought to instead note the location of the Kerberos headers and libraries but not result in a fatal error if they don't exist. I don't know if this approach will result in link-time or runtime errors that would also need to be corrected.
Ubuntu also needs GSS libraries:
configure: error: libkeyutils is not found, which is required by gss keyring backend
Attachments
Issue Links
Activity
Andrew,
Let me know if there's anything else or I can close this ticket. I will close if I don't hear from you by the end of this week.
Sounds good. Probably a good idea, then, to close this ticket and open one specifically for Ubuntu.
afaik, LU-3490 has landed and all issues have been resolved. I am not sure what else needs to be done for this ticket. As for the Ubuntu, similar to sles11, it needs more works to include the proper functions
Assign-ing to Minh, as I believe he is working on the Ubuntu libs issue.
seems like we need krb5-libs for suse.
build on suse failed due to
checking for Kerberos v5... /usr
The current KRBDIR is /usr
checking for gss_krb5_export_lucid_sec_context in -lgssapi_krb5... yes
checking for gss_krb5_set_allowable_enctypes in -lgssapi_krb5... yes
checking for gss_krb5_ccache_name in -lgssapi_krb5... yes
checking for krb5_get_error_message in -lgssapi_krb5... yes
checking for krb5_get_init_creds_opt_set_addressless in -lgssapi_krb5... no
checking for krb5int_derive_key in -lgssapi_krb5... no
FYI, we caught a problem with GSSAPI prerequisites checking from change #6740 and updated LU-3490.
From the meeting today, it at least looks like the packages are running configure and completing the build.
At this point, we aren't yet sure if the gssd is actually being built, or if it is missing from the lustre.spec file, but it looks like that needs to be tested locally by Andrew (using "make rpms" on a system with http://review.whamcloud.com/6740/ applied is probably the easiest). Any issues with what gets built will probably be addressed by a patch to the Lustre code.
Yes, I believe this ticket has been resolved. Thanks!