[lustre-discuss] Error while Mounting Lustre client with Kerberos

Neeraj Gawali neeraj.gawali at zohocorp.com
Wed Aug 7 22:36:46 PDT 2024 

Hi,
We actually followed the flow of commands according to the document attached below.

Can you suggest what may be the changes or chance of error that may not  lead to the proper configuration .




---- On Tue, 06 Aug 2024 20:26:32 +0530 Aurelien Degremont <adegremont at nvidia.com> wrote ---



>And lsvcgssd.services are not running.



It is mandatory this service is running properly for all the other steps to work.

Look at the detailed logs to see why this service is not running. Try running it in verbose mode if needed.



Did you create and deploy the proper keytabs? Verify the 'klist -k' output is correct on each Lustre servers and lustre client.



Then:

Start your lustre servers


Configure the lustre target gss flavor (some lctl commands)


Then mount the client.





See https://doc.lustre.org/lustre_manual.xhtml#managingSecurity.kerberos



Aurélien






De : Sushrut Bhokre <mailto:sushrut.bs at zohocorp.com>
 Envoyé : mardi 6 août 2024 13:33
 À : Aurelien Degremont <mailto:adegremont at nvidia.com>
 Cc : lustre-discuss <mailto:lustre-discuss at lists.lustre.org>; Neeraj Gawali <mailto:neeraj.gawali at zohocorp.com>
 Objet : RE: [lustre-discuss] Error while Mounting Lustre client with Kerberos  


External email: Use caution opening links or attachments





Hi,



We are using Lustre 2.15.5 version.



Our setup is like we want to to use Kerberos With Lustre so we build Lustre from git clone git://http://git.whamcloud.com/fs/lustre-release.git using
 the following ./configure steup with some flagsbelow is the command.

./configure --with-zfs --with-o2ib=no --disable-ldiskfs --enable-gss

and Lustre Clint is configured with the following ./configure step below

./configure --enable-gss --disable-server --enable-client --with-linux=/usr/src/kernels/$(uname -r)

This command because we want Lustre with ZFS  and with Kerberos. Can you Please tell are we correct up till now?



KDC Server:

We have tried to set kdc on a dedicated node and it is functional.





Lustre Storage Server:

Replicated same krb5.conf file from KDC server. but when we are trying to start 

configure it with lustre client but there is a issue in mounting of lustre with kerberos (attached below).
 And lsvcgssd.services are not running.
      


Same goes for client too and we are also not able to mount with kerberos. (Can you also tell is our mount step is correct or not)

mount -t lustre -o mgsnode=192.168.10.25 at tcp,flock,krb5i lustre:/mnt/lustre /mnt/lustre





Regards,

Sushrut Bhokre










---- On Tue, 06 Aug 2024 13:08:51 +0530 Aurelien Degremont <mailto:adegremont at nvidia.com> wrote ---



Hi



In order to help you, it would be great if you give way more detail of your current setup. What is your configuration, component versions, what is your Lustre error message, etc...

How does your ticket look like?



Additionally, there were lots of improvements in Lustre Kerberos support during 2.16 cycle and I would recommend targeting that version (not released yet) for a production deployment. However, testing should still be doable with 2.15. 



Aurélien






De : lustre-discuss <mailto:lustre-discuss-bounces at lists.lustre.org>
 de la part de Neeraj Gawali via lustre-discuss <mailto:lustre-discuss at lists.lustre.org>
 Envoyé : mardi 6 août 2024 07:26
 À : lustre-discuss <mailto:lustre-discuss at lists.lustre.org>
 Cc : Sushrut Bhokre <mailto:sushrut.bs at zohocorp.com>
 Objet : [lustre-discuss] Error while Mounting Lustre client with Kerberos
 


External email: Use caution opening links or attachments







Hii,



Tried configuring kerberos over lustre(built by gss enabled through gitclone repository) but at last while mounting lustre with kerberos there is a issue of keytab file not found.Can anyone please look into
 it for the support if the issue is present.
 
 Kereberos configuration(https://wiki.opensfs.org/images/8/8c/Kerberos_setup_guide.pdf)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240808/4bf61d77/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpg
Type: image/jpeg
Size: 172449 bytes
Desc: not available
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240808/4bf61d77/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.jpg
Type: image/jpeg
Size: 61343 bytes
Desc: not available
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240808/4bf61d77/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Untitled Document (2).pdf
Type: application/pdf
Size: 31255 bytes
Desc: not available
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240808/4bf61d77/attachment-0001.pdf>

More information about the lustre-discuss mailing list