Details

    • Technical task
    • Resolution: Fixed
    • Critical
    • Lustre 2.8.0
    • Lustre 2.4.0
    • 9779

    Description

      Trying to use a GSS-enabled Lustre build with Kerberos authentication with 2.4.0 leads to instand LBUGs on connect because gss_internal.h::import_to_gss_svc() only knows about mgc, mdc, and osc. It bails out as soon as another component like osp or lwp tries to initiate an authenticated connection. It depends on the srpc configuration, which of the components triggers the LBUG first, but the root cause is always the proxies trying to use GSS authentication while the GSS subsystem doesn't known about them.

      Attachments

        Issue Links

          Activity

            [LU-3778] GSS doesn't know about proxy subsystems
            pjones Peter Jones added a comment -

            Landed for 2.8

            pjones Peter Jones added a comment - Landed for 2.8

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14040/
            Subject: LU-3778 sptlrpc: OSP and LWP don't know sptlrpc
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: cf57dfc4c9bf4b9d36e356d6f33550676b21e066

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14040/ Subject: LU-3778 sptlrpc: OSP and LWP don't know sptlrpc Project: fs/lustre-release Branch: master Current Patch Set: Commit: cf57dfc4c9bf4b9d36e356d6f33550676b21e066

            Sebastien Buisson (sebastien.buisson@bull.net) uploaded a new patch: http://review.whamcloud.com/14040
            Subject: LU-3778 sptlrpc: OSP and LWP don't know sptlrpc
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: fa5a6d591d883c6940179dd09e3288483769bfb6

            gerrit Gerrit Updater added a comment - Sebastien Buisson (sebastien.buisson@bull.net) uploaded a new patch: http://review.whamcloud.com/14040 Subject: LU-3778 sptlrpc: OSP and LWP don't know sptlrpc Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: fa5a6d591d883c6940179dd09e3288483769bfb6

            Hi,

            Following Andreas' advice, I have made a patch that initializes the sptlrpc subsystem for OSP and LWP connections, by calling sptlrpc_lprocfs_cliobd_attach(). I also found that GSS related functions must not return an LBUG when dealing with OSP and LWP OBDs.

            Sebastien.

            sebastien.buisson Sebastien Buisson (Inactive) added a comment - Hi, Following Andreas' advice, I have made a patch that initializes the sptlrpc subsystem for OSP and LWP connections, by calling sptlrpc_lprocfs_cliobd_attach(). I also found that GSS related functions must not return an LBUG when dealing with OSP and LWP OBDs. Sebastien.

            Shared key crypto will not be in the 2.7 Release.

            jlevi Jodi Levi (Inactive) added a comment - Shared key crypto will not be in the 2.7 Release.

            It looks like we need to initialize the sptlrpc subsystem for OSP and LWP connections, presumably using sptlrpc_lprocfs_cliobd_attach(). That will also configure the srpc_info and srpc_contexts files in /proc that test-framework.sh::flvr_cnt_mdt2ost->get_mdtosc_proc_path() needs for sanity-gss.sh to work.

            adilger Andreas Dilger added a comment - It looks like we need to initialize the sptlrpc subsystem for OSP and LWP connections, presumably using sptlrpc_lprocfs_cliobd_attach(). That will also configure the srpc_info and srpc_contexts files in /proc that test-framework.sh::flvr_cnt_mdt2ost->get_mdtosc_proc_path() needs for sanity-gss.sh to work.

            So far, I haven't found a way to avoid this bug when trying to use GSS with 2.4. From my testing, osp and lwp seem to be treated as 'clients' by sptlrpc: The LBUG is hit if krb5p is configured for directions default, cli2mdt, and cli2ost. It might not trigger if only mdt2mdt or mdt2ost are used, but I haven't verified these combinations.

            The easiest reproducer is:

            • Start MGS
            • Run lctl conf_param <fsname>.srpc.flavor.default=krb5p
            • Start MDT -> immediate LBUG.
            kobras Daniel Kobras (Inactive) added a comment - So far, I haven't found a way to avoid this bug when trying to use GSS with 2.4. From my testing, osp and lwp seem to be treated as 'clients' by sptlrpc: The LBUG is hit if krb5p is configured for directions default, cli2mdt, and cli2ost. It might not trigger if only mdt2mdt or mdt2ost are used, but I haven't verified these combinations. The easiest reproducer is: Start MGS Run lctl conf_param <fsname>.srpc.flavor.default=krb5p Start MDT -> immediate LBUG.

            I remember seeing this LBUG when testing GSS/Kerberos on 2.4; according to my notes, it happened soon after the Kerberos mode was switched to krb5p.

            nangelinas Nikitas Angelinas added a comment - I remember seeing this LBUG when testing GSS/Kerberos on 2.4; according to my notes, it happened soon after the Kerberos mode was switched to krb5p.

            Is this a problem with any GSS usage in 2.4, or do you need to do something specific?

            nrutman Nathan Rutman added a comment - Is this a problem with any GSS usage in 2.4, or do you need to do something specific?

            Mike,
            Could you please comment on this one?
            Thank you!

            jlevi Jodi Levi (Inactive) added a comment - Mike, Could you please comment on this one? Thank you!

            People

              wc-triage WC Triage
              kobras Daniel Kobras (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: