[lustre-discuss] Error while Mounting Lustre client with Kerberos

Aurelien Degremont adegremont at nvidia.com
Mon Aug 12 00:43:00 PDT 2024 

> Is this mandatory for kerberos to work

Neerak, I can try to help you, but if you don't read the e-mail I send, it will be useless.

>From my latest e-mail:
>It is mandatory this service is running properly for all the other steps to work.
>Look at the detailed logs to see why this service is not running. Try running it in verbose mode if needed.

So, yes, the service is mandatory on server side, and if it is not running, the first thing is the check for its logs. Please do that.

Aurélien
________________________________
De : Neeraj Gawali <neeraj.gawali at zohocorp.com>
Envoyé : lundi 12 août 2024 08:38
À : Aurelien Degremont <adegremont at nvidia.com>
Cc : Sushrut Bhokre <sushrut.bs at zohocorp.com>; lustre-discuss <lustre-discuss at lists.lustre.org>
Objet : RE: [lustre-discuss] Error while Mounting Lustre client with Kerberos

External email: Use caution opening links or attachments

Hi,
We have configured lustre storage with the below command
./configure --with-zfs --with-o2ib=no --disable-ldiskfs --enable-gss --with-krb5=/usr --enable-crypto=yes
And everything is configured as client also get connected but when we are trying to check the status of lvscgssd it is not starting(sudo systemctl status lsvcgssd).
Is this mandatory for kerberos to work.
[cid:0.28869241780.4901403562401298583.191454ef948__inline__img__src]

Regards
Neeraj,



---- On Thu, 08 Aug 2024 11:06:46 +0530 Neeraj Gawali <neeraj.gawali at zohocorp.com> wrote ---

Hi,
We actually followed the flow of commands according to the document attached below.
Can you suggest what may be the changes or chance of error that may not  lead to the proper configuration .


---- On Tue, 06 Aug 2024 20:26:32 +0530 Aurelien Degremont <adegremont at nvidia.com<mailto:adegremont at nvidia.com>> wrote ---



>And lsvcgssd.services are not running.

It is mandatory this service is running properly for all the other steps to work.
Look at the detailed logs to see why this service is not running. Try running it in verbose mode if needed.

Did you create and deploy the proper keytabs? Verify the 'klist -k' output is correct on each Lustre servers and lustre client.

Then:

  *
Start your lustre servers
  *
Configure the lustre target gss flavor (some lctl commands)
  *
Then mount the client.

See https://doc.lustre.org/lustre_manual.xhtml#managingSecurity.kerberos

Aurélien


________________________________
De : Sushrut Bhokre <sushrut.bs at zohocorp.com<mailto:sushrut.bs at zohocorp.com>>
Envoyé : mardi 6 août 2024 13:33
À : Aurelien Degremont <adegremont at nvidia.com<mailto:adegremont at nvidia.com>>
Cc : lustre-discuss <lustre-discuss at lists.lustre.org<mailto:lustre-discuss at lists.lustre.org>>; Neeraj Gawali <neeraj.gawali at zohocorp.com<mailto:neeraj.gawali at zohocorp.com>>
Objet : RE: [lustre-discuss] Error while Mounting Lustre client with Kerberos

External email: Use caution opening links or attachments

Hi,

We are using Lustre 2.15.5 version.

Our setup is like we want to to use Kerberos With Lustre so we build Lustre from git clone git://git.whamcloud.com/fs/lustre-release.git<http://git.whamcloud.com/fs/lustre-release.git> using the following ./configure steup with some flagsbelow is the command.
./configure --with-zfs --with-o2ib=no --disable-ldiskfs --enable-gss
and Lustre Clint is configured with the following ./configure step below
./configure --enable-gss --disable-server --enable-client --with-linux=/usr/src/kernels/$(uname -r)
This command because we want Lustre with ZFS  and with Kerberos. Can you Please tell are we correct up till now?

KDC Server:
We have tried to set kdc on a dedicated node and it is functional.
[Capture2.JPG]

Lustre Storage Server:
Replicated same krb5.conf file from KDC server. but when we are trying to start
configure it with lustre client but there is a issue in mounting of lustre with kerberos (attached below).
And lsvcgssd.services are not running.
     [Capture1.JPG]

Same goes for client too and we are also not able to mount with kerberos. (Can you also tell is our mount step is correct or not)
mount -t lustre -o mgsnode=192.168.10.25 at tcp,flock,krb5i lustre:/mnt/lustre /mnt/lustre


Regards,
Sushrut Bhokre




---- On Tue, 06 Aug 2024 13:08:51 +0530 Aurelien Degremont <adegremont at nvidia.com<mailto:adegremont at nvidia.com>> wrote ---

Hi

In order to help you, it would be great if you give way more detail of your current setup. What is your configuration, component versions, what is your Lustre error message, etc...
How does your ticket look like?

Additionally, there were lots of improvements in Lustre Kerberos support during 2.16 cycle and I would recommend targeting that version (not released yet) for a production deployment. However, testing should still be doable with 2.15.

Aurélien

________________________________

De : lustre-discuss <lustre-discuss-bounces at lists.lustre.org<mailto:lustre-discuss-bounces at lists.lustre.org>> de la part de Neeraj Gawali via lustre-discuss <lustre-discuss at lists.lustre.org<mailto:lustre-discuss at lists.lustre.org>>
Envoyé : mardi 6 août 2024 07:26
À : lustre-discuss <lustre-discuss at lists.lustre.org<mailto:lustre-discuss at lists.lustre.org>>
Cc : Sushrut Bhokre <sushrut.bs at zohocorp.com<mailto:sushrut.bs at zohocorp.com>>
Objet : [lustre-discuss] Error while Mounting Lustre client with Kerberos

External email: Use caution opening links or attachments

Hii,

Tried configuring kerberos over lustre(built by gss enabled through gitclone repository) but at last while mounting lustre with kerberos there is a issue of keytab file not found.Can anyone please look into it for the support if the issue is present.

Kereberos configuration(https://wiki.opensfs.org/images/8/8c/Kerberos_setup_guide.pdf)







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240812/c1a61ea3/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png.png
Type: image/png
Size: 26616 bytes
Desc: image.png.png
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240812/c1a61ea3/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpg
Type: image/jpeg
Size: 172449 bytes
Desc: 1.jpg
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240812/c1a61ea3/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.jpg
Type: image/jpeg
Size: 61343 bytes
Desc: 2.jpg
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20240812/c1a61ea3/attachment-0003.jpg>

More information about the lustre-discuss mailing list