Loading...

XML

Word

Printable

Details

Type: New Feature
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.10.0
Affects Version/s: None
Labels:
- patch

Rank (Obsolete):
9223372036854775807

Description

We are running Lustre clients from Docker containers, and we try to have Kerberos authentication for them.
We hit an issue when Lustre code (kernel space, so running on the host) calls request_key to get Kerberos credentials. The problem is that the request_key function will call the userland helper function that is on the host, not in the container, because it has no idea that it all started from a container. The consequence is that Lustre cannot get the Kerberos credentials associated with the client in the container.

There are some ongoing discussions in the kernel to find the best way, if any, to address this problem of namespace between request_key and userland helper.
However, I think we cannot afford having a patched kernel on client side. So I started thinking about a way to be able to retrieve credentials stored inside a Docker container when Lustre is mounted from this container.
I will post a patch with my proposal.

Thanks,
Sebastien.

Attachments

Issue Links

is related to

LU-16557 don't skip add_conn with -o network mount option

Resolved

LU-8392 sanity test_27z: soft lockup - CPU#0 stuck for 22s! [ptlrpcd_rcv:6145]

Resolved

Activity

People

Assignee:: John Hammond

Reporter:: Sebastien Buisson (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 04/Mar/16 1:06 PM

Updated:: 15/Feb/23 9:26 AM

Resolved:: 17/Dec/16 2:25 PM