[Lustre-devel] Security configuration
Nathaniel Rutman
Nathan.Rutman at Sun.COM
Thu Mar 5 10:05:22 PST 2009
Eric Barton wrote:
> Nathan,
>
> We'd like to be able to describe a set of nodes and say that
> as far as security is concerned, they are all equivalent - i.e. if
> an MDT authorizes eeb at node1 to perform a certain action, then
> eeb at nodex is implicitly authorized provided node1 and nodex are in
> the same set.
>
> Leaving aside for now, the question of how the sets are described
> (they could be whole LNETs or whole Kerberos realms, or NID lists),
> is the MGS the right place to stash this config?
>
Yes, I think the MGS is the right place to stash any config.
FWIW we're pretty seriously thinking about removing all the distributed
configuration we can (mkfs/tunefs.lustre settings and module parameters)
and concentrating it all on the MGS node in a text-based config file.
Exceptions would have to be made for the network setup, so that everyone
could talk to the MGS -- so lnet networks and MGS nids would still have
to be stored locally.
More information about the lustre-devel
mailing list