Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7845

Support namespace in credentials retrieval

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Minor
    • Lustre 2.10.0
    • None
    • 9223372036854775807

    Description

      We are running Lustre clients from Docker containers, and we try to have Kerberos authentication for them.
      We hit an issue when Lustre code (kernel space, so running on the host) calls request_key to get Kerberos credentials. The problem is that the request_key function will call the userland helper function that is on the host, not in the container, because it has no idea that it all started from a container. The consequence is that Lustre cannot get the Kerberos credentials associated with the client in the container.

      There are some ongoing discussions in the kernel to find the best way, if any, to address this problem of namespace between request_key and userland helper.
      However, I think we cannot afford having a patched kernel on client side. So I started thinking about a way to be able to retrieve credentials stored inside a Docker container when Lustre is mounted from this container.
      I will post a patch with my proposal.

      Thanks,
      Sebastien.

      Attachments

        Issue Links

          Activity

            People

              jhammond John Hammond
              sbuisson Sebastien Buisson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: