[lustre-discuss] Using Nodemap for security
Kolacz, John Gilbert
jgkolacz at lanl.gov
Thu Jul 23 09:30:57 PDT 2020
Hi,
I’m going to try to make this as TLDR minimal as possible.
I’m working on a project to provide better security for our lustre storage.
What I’ve found is plenty of info on nodemap with ssk, but I have a few questions-
Can I set up nodemap so it allows full access and simply restricts the IP ranges from which clients can connect?
Running lctl nodemap_info all looks like it has an option for squash_gid and squash_uid. Does that mean I can turn those off?
If I use ssk, do I still have to set up uid and gid translations?
My test environment:
Client at 192.168.57.100 at tcp1<mailto:192.168.57.100 at tcp1> • lnet router to tcp0 • mgs at 192.168.10.10 at tcp0<mailto:192.168.10.10 at tcp0> (with mds and 2 oss)
Lnet routing works, and I can give and take access using Nodemap_activate 0/1
Thanks,
John Kolacz
HPCSYS FS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20200723/882aaeeb/attachment.html>
More information about the lustre-discuss
mailing list