Contract SFS-DEV-002
Summary
Contract | Work Item | Scope statement | Solution architecture | High-level design | Implementation | Demonstration | Delivery |
---|---|---|---|---|---|---|---|
SFS-DEV-002.1 | UID/GID Mapping | 2012-11-20 | 2013-01-08 | 2013-02-19 | 2013-03-12 | ||
SFS-DEV-002.2 | Shared Key Auth | 2012-11-20 | 2013-01-15 | 2013-02-19 | 2013-03-12 |
Documentation
- File:OpenSFS Software Contract 6-5-12 article1.pdf
- File:UID GID Scope Statement v2.pdf
- File:UID-GID Solution Architecture.pdf
- File:UID-GID HLD.docx
- File:Shared keys scope v2.pdf
- File:Shared keys architecture.pdf
- File:Shared keys HLD.docx
Sample HLD:
Meetings
2013-04-23
Attending: simms, andy, josh, andreas, john, nathan
Meeting Minutes:
- Josh - working on config
- Andy - working on test cases, build checks
- autoconf issues: libgssapi comes from two sources; libgssglue distinguish between versions
- Andreas - established repo at Intel
Actions:
- AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor
lustre-2.1.0.x3_GSS-FIX.tar:
contains Xyratex GSS-patched lustre source code 2.1.54 built
for kernel RHEL6: 2.6.32-220.7.1.el6
- AI: Simms to contact Chris Gearing to help find reviewers
Milestones In Progress:
- Shared Keys CODE
- UID/GID Mapping CODE
Next Meeting:
- 12:00pm PST Apr 30 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-04-09
Attending: Josh, John, Andrew, Steve, Nathan, Alex
Meeting Minutes:
- Josh - working on config
- Andy - pushed fixes for Kerberos, working on test cases
Actions:
- AI: Andreas to establish a git repo/branch hosted at Intel
Milestones In Progress:
- Shared Keys CODE
- UID/GID Mapping CODE
Next Meeting:
- skipping week of LUG; next meeting 12:00pm PST Apr 23 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-04-02
Attending: nathan, josh, andrew, steve, cory, alex, john
Meeting Minutes:
- Github access available to PAC members - send keys to Josh
- Andy trying to land fixes for current Lustre Kerberos LU-2392, LU-2384
- Discussion on replay attacks - replay handling is included in ptlrpc, so we shouldn't need shared-key code specific fix.
- Andreas points out problems with current ptlrpc, but Nathan and Andy's feeling is that this should not be part of the IU contract work. But we should file a Jira describing the problem.
Actions:
- Simms to find reviewers for LU-2392 and LU-2384
- Andy to test and land LU-2392 and LU-2384
- Andy and Andreas to file a Jira about ptlrpc replay handling problems.
Milestones In Progress:
- Shared Keys CODE
- UID/GID Mapping CODE
Next Meeting:
- 12:00pm PST Apr 09 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-03-26
Attending: Josh, Andy, Nathan, Ned, Steve, Alex
Meeting Minutes:
- Github access available to PAC members - send keys to Andy
- Andy has a fix for LU-2392 that he will attach to that ticket.
- Andy needs reviews for above. Simms will ask PJones.
- Andy wanted some direction for how to implement tests - Nathan pointed at sanity-sec.sh and sanity-gss.sh
- Josh update: finishing up part 1 (map setup): module is complete, proc interface for maps, adding lctl writing config to mgs log
- wants to work on local identity mapping (part 3) before map shipping (part 2)
- Andy update: working on build and tests, has implemented null GSS flavor but not tested yet.
Actions:
- Simms to find reviewers for Andy's version of LU-2392
- Andy to post his fix for LU-2392 to that ticket
- Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue
Milestones In Progress:
- Shared Keys CODE
- UID/GID Mapping CODE
Next Meeting:
- 12:00pm PST Apr 02 2013 unless otherwise cancelled
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-02-19
Attending: Andreas, Alex, Josh, Nathan, Ned, Steve
Meeting Minutes:
- Shared Key HLD accepted
- UID/GID Mapping HLD accepted
- Coding phase should start now. We don't expect any useful results be next week, so we will cancel next week's meeting.
- Nathan added latest versions of HLDs to wiki page.
Actions:
- Josh and Andy to begin coding
- Josh will send out link to GitHub repository
- Josh will send email early next week with a status update, at which point we can plan for the next meeting
Milestones Completed:
- Shared Keys HLD APPROVED 2013-02-19
- UID/GID Mapping HLD APPROVED 2013-02-19
Next Meeting:
- No meeting 2013-02-26, next meeting pending code progress.
- 12:00pm PST Mar ?? 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-01-29
Attending: Andreas, Andy, Alex, Josh, Nathan, Ned
Meeting Minutes:
- Key scope: sets of keys are defined per cluster (not per-client)
- These keys are used to generate session keys for Auth and Encrypt
- Root squash - various ideas
- EAs on directories describe which clusters are allowed
- Squash per-cluster roots to distinct users, use ACLs to provide per-cluster root-like permissions
- Use bind-mounting to limit the visibility of the fs to a subtree
- suggestion to add root fid/path to cluster definition for future use
- Current plan: root is not treated specially - per-cluster roots may be mapped to the actual fs root user, or not.
- Object (OSS) security against untrusted client - out of scope
- MGS primacy
- "MGS up before before other servers" may be a requirement for the mapping or shared key features
- but this requirement must be relaxed if the uid/shared key feature has not been enabled
Actions:
- Nathan to send HLD example template (done)
- Nathan to propose OpenSFS contract doc templates
- Andy/Josh update HLD with detail
Milestones Under Review:
- UID HLD
- Shared Keys HLD
Next Meeting:
- I will be travelling for the next two meetings (Feb 5, 12). Can someone else host the meeting?
- 12:00pm PST Feb 5 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-01-22
Attending: Nathan, Josh, Andrew, Steve
Meeting Minutes:
- Comments on Shared Keys HLD
- independence of auth and encrypt keys
- encrypt-then-MAC
- HLD should address multiple simultaneuous keys
- interaction between shared keys and mappings
- original assumption was key-per-client; key-per-cluster seems to make more sense for a few reasons (large-cluster manageability, shared-root clients). A hash of the keys could be added to a cluster definition. A "null" cluster could be defined for a single-cluster environment.
- Ended meeting early; we need more meeting attendees to discuss these issues.
Actions:
- Review Security HLD to provide timely feedback.
Milestones Under Review:
- UID HLD
- Shared Keys HLD
Next Meeting:
- 12:00pm PST Jan 29 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-01-15
Attending: Nathan, Ned, Josh, Andrew, Steve, Alex, Andreas, John
Meeting Minutes:
- UID/GID HLD Review
- Comments by Nathan, Andreas, Ned returned via Word doc
- Define/update cluster definition via complete file vs. incrementally
- Josh: file-based cluster def changes requires walking export tree
- Done rarely, probably ok
- There may be security implications at the transition when redefining cluster defs
- When a NID is removed from a def it should use the default mapping
- Define/update UID/GID mappings via complete file vs. incrementally
- incremental uid/gid mapping in order to prevent fs access blocking during replacement.
- Andreas suggested atomically swap in new mapping once received/set up.
- Behaviour during setup and recovery
- Don't use default mapping while waiting for definitions; FS should block access to all files until mappings and cluster defs have been set up.
- Need a clear signal when an update is finished/complete.
- Servers currently cache the MGS Lustre config locally
- May be undesirable for OSD
- Perhaps this behaviour should be changed: stop caching, require MGS for server startup.
- Shared Key HLD distributed
- Comments should be returned quickly for HLD revision next week.
Actions:
- Review Shared Key HLD to provide timely feedback.
Milestones Under Review:
- UID HLD
- Shared Keys HLD
Milestones Completed:
- Shared Key Scope Statement APPROVED 2013-01-15
Next Meeting:
- 12:00pm PST Jan 22 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2013-01-08
Attending: Nathan, Ned, Josh, Andrew, Steve, Dave, Alex
Meeting Minutes:
- Clarifying current documents:
- Latest Shared Keys doc: arch doc. HLD expected this week.
- Latest UID-GID doc: HLD.
- We need reviewers for both HLDs.
- UID-GID:
- Nathan has already sent comments
- Ned volunteers
- I'd like to volunteer Andreas in absentia
- Shared Keys:
- Not out yet; any eager volunteers?
- UID-GID:
- Document types: I think the consensus going forward is Google Docs for easier collaboration/feedback.
Actions:
- Andrew to deliver HLD be the end of this week (hopefully)
- Reviews to provide timely feedback.
Milestones Under Review:
- UID HLD
- Shared Keys Solution Arch
Milestones Completed:
- UID/GID Scope Statement APPROVED 2013-01-08
Next Meeting:
- 12:00pm PST Jan 15 2013
- Intercall (866) 203-7023
- Conference code: 5093670258
2012-12-11
Attending: Nathan, Andreas, Josh, Simms, Cory, Alex, Andrew Meeting Minutes:
- Josh and Andrew updated the arch docs with improved use cases, test plan, and acceptance criteria
- Several PAC members commented on the updates
- Alex noted we neglected to address previous discussions on allowing multiple simultaneous keys:
- should we allow key updates on a live system, or connect-time only?
- is there any upper limit on total keys?
- should keys be restricted to particular nid range?
Actions:
- PAC members review docs for final approval by next week.
- The above multiple-key use case should be added to the arch doc.
- In the meantime HLD design can begin
Milestones Under Review:
- UID Solution Arch
- Shared Key Solution Arch
Next Meeting:
- 12:00pm PST Dec 18 2012
- Intercall (866) 203-7023
- Conference code: 5093670258
No meetings on Dec 25 or Jan 1.
2012-12-04
Attending: Nathan, Ned, Josh, Simms, Carrier Meeting Minutes:
- Solution Architecture document review. More detail requested in
- Practical use case (UID)
- Specific functional requirements (shared key)
- Detailed, specific acceptance criteria (e.g. "Any single user on up to 100(?) separate clusters has Unix UID/GID-controlled access to his files on shared Lustre file system.", "Unknown users can be squashed to a particular UID." etc.)
Actions:
- Josh and Andrew to revise Solution Architecture docs with more detail.
Milestones Under Review:
- UID Solution Arch
- Shared Keys Solution Arch
Next Meeting:
- 12:00pm PST Dec 11 2012
- Intercall (866) 203-7023
- Conference code: 5093670258
2012-11-20
Attending: Nathan, Alex, Andreas, Steve, Cory
Meeting Minutes:
- Simms requested approval of the two scope statements as presented in email 2012-11-10. No objections were raised, and the scope statements were approved.
Actions:
- Simms et all will begin work on the Solution Architecture.
Milestones Under Review:
- none
Milestones Completed:
- UID/GID Scope Statement APPROVED 2012-11-20
- Shared Key Scope Statement APPROVED 2012-11-20
Next Meeting:
- 12:00pm PST Nov 27 2012
- Intercall (866) 203-7023
- Conference code: 5093670258