Summary

This project involves two improvements to Lustre's security features:

• A mapping feature to allow clusters with different UID/GID sets to use a single common Lustre filesystem. This effort is divided into three sub-projects:

1. ID mapping kernel module, covering the construction and management of the map
2. Map synchronization, transfer and updates of the map across servers
3. User mapping, mapping of cluster & client IDs to filesystem ID

• A shared-key authentication and encryption scheme based on Lustre's GSS mechanism, as a simpler alternative to Kerberos.

Resources

Key People

Project Approval Committee (PAC)

• Nathan Rutman - PAC chair
• Alexander I Kulyavtsev
• Andreas Dilger
• Cory Spitz
• David Dillow
• John Carrier
• Ned Bass

Indiana University

• Stephen Simms - Manager, High Performance File Systems
• Joshua Walgenbach - Software Engineer, High Performance File Systems
• Andrew Korty - Deputy Information Security Officer
• Kit Westneat
• Jeremy Fitzelli - contractor

Documentation

• Media:OpenSFS_Software_Contract_6-5-12_article1.pdf
• File:UID GID Scope Statement v2.pdf
• File:UID-GID Solution Architecture.pdf
• File:UID-GID HLD.docx == File:UID-GID HLDv3.pdf
• File:Shared keys scope v2.pdf
• File:Shared keys architecture.pdf
• File:Shared keys HLD.docx
• File:Shared keys RPC diagram.pdf
• File:Kerberos setup guide.pdf

Jira

• [Security search] filter
• [LU-3289] Shared-key tracker
• [LU-3527] UID/GID Mapping task 1.1
• [LU-3288] separate GSS from Kerb build; list of Kerb-required packages
• [LU-3490] conditionally enable GSS build
• [LU-4371] Mechanism-agnostic GSSAPI testing
• [LU-4647] Add idmapping functions for nodemap
• [LU-3778] OSP and LWP don't know sptlrpc
• [LU-6020] Seagate Kerberos patches for Lustre 2.5

Mailing List

• Mailing list administration
• List archives
• PAC list admin
• PAC list archive

Related Topics

• Lustre Kerberos
• Lustre GSSAPI/Kerberos Repair

Meetings

micro-updates

2015-03-17 Jeremy sent an email to iudev proposing to change sptlrpc to version 2 to support larger token size (LU-3855) as well as some other restructuring. See email thread "proposed version change for PTLRPC GSS"

2015-03-10 Automatic local save of nodemap on OSTs and MDT to insure access at initial startup
Adding Sebastien Buisson to email list for Kerberos updates

2015-03-03 Kit backporting nodemap to 2.5 for TACC

2014-08-07 Stopping recording regular minutes as too time intensive

2014-07-29

Attending: ken, nathan, kit, simms, andreas

Meeting Minutes:

• Kit:
  • adding tests to security-sec
  • root squash not working in autotest

Blockers:

• LU-3778 OSP/LWP lack of sptlrpc

Milestones In Progress:

• UID/GID Mapping CODE
• Shared Keys CODE

2014-07-22

Attending: ken, nathan, josh, simms, andreas

Meeting Minutes:

• Josh:
  • new nodemap patch 9299
  • needs to update ACL patch
  • will git-bisect to figure out regression with Andy's code
  • framework for shared key is written, but not yet verified/utilized
• Kit:
  • adding security-sec tests
    • add/remove client ranges
    • client permissions, mapping functionality
    • will add ACL tests e.g. set acl on client 1, check acl from mapped client 2
  • automatic map updates using config index file

Blockers:

• LU-3778 OSP/LWP lack of sptlrpc

Milestones In Progress:

• UID/GID Mapping CODE
• Shared Keys CODE

2014-03-04

Attending: nathan, josh, simms, andreas

Meeting Minutes:

• LU-3527 patches 8125, 8057, 8034 submitted
  • These comprise Milestone 1
  • AI-Simms to send a note requesting formal signoff
• LU-4647 id mapping on MDT uploaded but fails autotest, needs fixes
• temporary idmap loading using /proc in progress; MGS-based distribution will come later.
• Later: ACL's, quota integration, id mapping on OST
• LU-4371 GSS unit tests have received inspection comments; will be addressed

Actions:

• AI: Ken, Andy to flesh out Lustre Kerberos
• AI: Simms to send a note requesting formal signoff
• AI: Andy to address LU-4371 comments

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Mar 11, 2014
• Intercall (866) 203-7023
• Conference code: 5093670258

2014-02-18

Attending: nathan, ken, josh, andy, simms

Meeting Minutes:

• LU-4647 id mapping on MDT submitted
• LU-3527 patches 2 & 3 in review
  • Nathaniel Clark has checked, will add ken
• id mapping on OST will come later
• LU-3289 shared key scaffolding patch 8629 uploaded
• LU-4371 generalized test framework, Andy will be fleshing this out

Actions:

• AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Feb 25, 2014
• Intercall (866) 203-7023
• Conference code: 5093670258

2014-02-04

Attending: nathan, ken, josh, andreas, simms

Meeting Minutes:

• Contract extended for 1 year
• Shared-key
  • infrastructure patches inspected, awaiting test
  • remaining effort estimation:
    • milestone 1: 50% done
    • milestone 2: 60% done
    • milestone 3: easy
  • shared-key code will be done by Josh going forward, Andy consulting. Not expected to resume until after Feb 28.
• UID mapping
  • Andreas inspected latest patches, pinged Andrew P for more
  • goal is to land functional code before Feb 28 (Lustre 2.6); this would use a manual map distribution process instead of automatic MGS/IR mechanism, but would be usable.
  • John Hammond concern that dual red-black trees may use too much memory; apparently this should be only 400b per ID, so probably ok.

Actions:

• AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Feb 11, 2014
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-12-10

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

• Steve
  • Requesting no-cost extension for 1 year
    • Andy's allocated time is used up and will only advise going forward, Josh will work on both sets of code serially
  • Board seems amenable to additional funding to cover Kerberos technical debt; Simms to write a proposal.
• Andy
  • 2 more patchs to gerritt - headers, added IU OIDs
  • jira ticket for sanity-gss generic tests vs sanity-krb5
    • osp missing proc files ticket still bothersome
  • reviewers can begin reviewing gss-null
  • kerb changes continuing to come in from a few people
    • stilbor patch defining symbols if nonexistent
    • removed __exit function attribute
• Josh
  • 3 pushes, one review from Hammond
  • name change from nodemap to lu_nodemap
  • could add Andrew P to reviewers

Actions:

• AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Dec 17, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-12-03

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

• Josh
  • review from John Hammond
  • 2 patches refreshed, rebased
  • working on 3rd - id mapping
  • rename "nodemap" to smth else? - not needed
  • maloo test failures for unrelated problems
  • up next:
    • server-to-server nodemap copying mechanism - see imperative recovery or per-user quotas code for examples
    • actual mapping on OSS and MDS
• Andy
  • file header: GPL + IU copyright
  • updated GSS NULL patch, sanity GSS
  • expecting some change for bugs, but can be reviewed at some level
  • notes that initialization code should probably be refactored into different modules
• Simms notes that the contract will need an extension beyond 1 yr.
  • Andreas, Nathan see no problem with that

Actions:

• AI: Simms to propose recover funding for some Kerberos technical debt
• AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Dec 10, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-11-05

Attending: nathan, josh, andy, andreas

Meeting Minutes:

• Josh - reviews from Andreas and Andrew, working on getting unit tests to pass
• Andy - put some code up at github for the community
  • problem identifying srpc proc for OSP's - turns out it's missing; see LU-3778
• Andreas points to mechanism to submit patches only for test wki page

Actions:

• AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Nov 12, 2013 Nathan cannot host
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-10-29

Attending: nathan, josh, andreas, ken h, simms

Meeting Minutes:

• Josh - nodemap and ranges for review
  • sanity-sec tests
  • idmap coming tomorrow
• reviews are coming faster
• Andy - tests for gss null
• Stilbor has submitted some kerb patches, Andy and Ken added for review

Actions:

• AI: Ken to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Nov 05, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-10-08

Attending: nathan, andy, josh, andreas, ken h, simms

Meeting Minutes:

• Andrew Perepechko from Xyratex is available for inspections
• Andy and Josh should feel free to follow up with Eric Mei if they have questions on old sptlrpc implementation
• Andy - get tests running with keyutils and not pipefs
• removal of capa is ok
• Josh - andreas & fanyong to review LU-3527, add Ken
  • working on one more
  • sanity sec fails for some clients - need to use run_facet mds
• Nathan can't host the next meeting

Closed Actions:

• AI: Andy to add check for libkeyutils to LU-3490
• AI: Andy to investigate gssd missing from Lustre RPM

Actions:

• AI: Ken(?) to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Oct 15, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-10-01

Attending: nathan, andy, josh, andreas, ken h

Meeting Minutes:

• Nathan started Lustre Kerberos page with stub content
• Andy: lsvcgssd uses stripped-down mechglue in Lustre, can bypass this?
• Is there any capa code impact? never finished?
• Josh: UID/GID changes pushed, in test, will ask for reviewers

Actions:

• AI: Andy to add check for libkeyutils to LU-3490
• AI: Andy to investigate gssd missing from Lustre RPM
• AI: Ken(?) to flesh out Lustre Kerberos

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Oct 08, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-09-24

Attending: nathan, andy, josh, simms, andreas, ken h

Meeting Minutes:

• review of LAD summit
• Nathan invited Kerberos-interested people to join the iudev mail list; general Kerberos problems and fixes can be discussed there. The goal is to get Kerberos back into working order.
• Andy: keyring obsoletes client-side gssd - to remove?
• unified UID/GID maps
• inspection status: andreas ~50%
• Intel should have a test-parameter options wiki page

Actions:

• AI: Andy to add check for libkeyutils to LU-3490
• AI: Andy to investigate gssd missing from Lustre RPM

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Oct 01, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-09-10

Attending: nathan, andy, josh, simms, andreas

Meeting Minutes:

• No meeting next week due to LAD
• Andy: [LU-3490] landed
  • Build works on test cluster
  • AI: But some build environments still lack libkeyutils, so Andy will attach another patch to LU3490 to change autoconf to detect missing libkeyutils and disable gss/kerb build
• AI: Andy has noticed that the gssd userspace app doesn't appear to be included in the Lustre RPMs, and will check on it
• [LU-3288] is waiting for Andy to add the GSS NULL mechanism so that GSS can be tested independently of KRB.

• Josh: will land the changes from the [LU-3527] reviews hopefully by the end of the week, included a rebase to Master.
• Maintenance: Andy asked who would keep the code updated; the answer is the community and/or maintenance contract, but helpful things:
  • Make sure unit tests provide good automated coverage
  • Make sure code is well documented

• Closed actions:
  • AI: missing keyring [LU-3681] resolved for test nodes

Actions:

• AI: Andy to add check for libkeyutils to LU-3490
• AI: Andy to investigate gssd missing from Lustre RPM

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Sep 24, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-08-13

Attending: nathan, ken, josh, andy, simms

Meeting Minutes:

• Josh: [LU-3527] reviews from Doug and Keith (yay!); still pending reviews from Ken, Andreas, and Fan Yong.
• Andy: [LU-3490], [LU-3681] still awaiting inspection
• AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
• Ken is going to Disneyland, but will work on getting Kerberos running on the tip of the dev branch when he gets back.
• Closed actions:
  • AI: Andy to add shared-key test list to IUDEV test list
  • AI: Andy to file a ticket on missing keyring [LU-3681]

Actions:

• AI: Andreas, Ken, Fan Yong to add reviews
• AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
• AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Aug 20, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-07-30

Attending: nathan, josh, ken, andrew, simms, andreas

Meeting Minutes:

• Patches awaiting inspection: [LU-3490], [LU-3527]
  • not easy to find Gerritt links - search gerritt for: "message:LU-..."
  • Simms will bug Peter Jones as needed to raise inspection priorities
• Ken is working on the "simple Kerberos setup" page
• Andy sent test list to reflector; will update IUDEV test list.
• Closed actions:
  • AI: Andy to generate shared-key test list
  • AI: Andy to file a ticket on missing keyring

Actions:

• AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests
• AI: Andy to add shared-key test list to IUDEV test list
• AI: Andreas, Ken (, Fan Yong) to add reviews

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Aug 6, 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-07-16

Attending: Josh, Ken, Nathan, Andy, Steve, Andreas, Alex

Meeting Minutes:

• Josh updated [LU-3527] patches in gerritt
  • Josh - can you add a link to the gerritt item from the Jira ticket?
  • AI: Ken, Andreas, Fan Yong to review
• Josh is planning on using SystemTap for detailed code performance impacts
  • Nathan asked for standard system performance tests as well for OpenSFS
• Andy waiting on reviewers for [LU-3490]
  • AI: Initially assign to Andreas and Chris Gearing
• One test node is missing the keyring
  • AI: Andy to file a ticket
• Andy still working on segv in gss_acquire_cred

Actions:

• AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
• AI: Andy to add shared-key test list to IUDEV test list
• AI: Andreas, Ken (, Fan Yong, Chris Gearing) to add reviews
• AI: Andy to file a ticket on missing keyring

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST July 23 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-07-09

Attending: Josh, Andy, Steve, Andreas, Ken, Nathan

Meeting Minutes:

• LU-3527 patches in gerritt
• discussion on the right size/scope of patches:
  • should be big enough to contain an entire "thought" (no dangling, related lines outside of the patch)
  • must be small enough to be comprehensible in a single sitting (< 1k LOC)
• Test list -- Josh had sent a list to the listserv; Nathan wiki'ed it here: IUDEV test list

• Closed actions:
  • AI: Andy to add checks for gss libs before enable-gss (LU-3490) -- done
  • AI: Justin to develop list of required GSS/Kerberos libraries for builders -- in LU-3288
  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations -- removing from tracking, although Nathan would love to see it.

Actions:

• AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
• AI: Josh to fix up Nathan's interpretation IUDEV test list
• AI: Andy to add shared-key test list to IUDEV test list

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST July 16 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-07-02

Attending: Ken, Nathan, Josh, Steve, Andreas

Meeting Minutes:

• Josh has uploaded patches to gerritt in the master branch of lustre-dev
  • Tracked in LU-3527
  • Inspectors: Fan Yong, Andreas, Ken
  • Trouble pushing to private branches, but pushing to master works with no ill effects.

Actions:

• AI: Andy to add checks for gss libs before enable-gss (LU-3490)
• AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
• AI: Justin to develop list of required GSS/Kerberos libraries for builders
• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST July 09 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-06-25

Attending: steve, josh, andy, nathan, andreas, alex, ken, ned, john

Meeting Minutes:

• There remain Gerritt and Git problems; these are slowly being worked.
• UID mapping phase 1 (management interface, node map structures) has been uploaded to Jira (IU-3)
  • Reviewer volunteers: Andreas (or Fan Yong), Ken
  • Needs to be moved to a LU- ticket for visibility.
• phase 3 (UID mapping) up next, working on unit tests
• phase 2 (MGS pushing/syncing node map) will be worked on after phase 3.
• Andy has provided a patch to enable gss by default - LU-3490
  • LU-3288 is a probably a pre-req to landing this
  • kerberos tests do pass if proper Kerberos authenticated setup
  • without gss-null landing, currently no gss tests will pass
  • we need to change the patch such that gss is only enabled if the libraries are found

Actions:

• AI: Andy to add checks for gss libs before enable-gss (LU-3490)
• AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
• AI: Justin to develop list of required GSS/Kerberos libraries for builders
• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST July 02 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-06-11

Attending: Josh, Andy, Andreas

Meeting Minutes:

• Josh updated UID map to use index objects
  • this is proving faster than the llog operations
  • update test scripts to work with the new index code
• Andy working on gssrpcd
  • adding ability to select encryption mechanism
  • Justin Miller to help maintain nodes for development build/test of code
  • Justin is collecting a list of required GSS/Kerberos libraries for builders
• Discussed how we can begin adding this code to autotest
  • configure/build needs to autodetect GSS/Kerberos libraries for Gerrit builds
  • presumably just enabling this does not impact performance?
  • initially select tests via "Test-Parameters: testlist=", later add tests to default test list (must be able to pass w/o GSS enabled)

Actions:

• AI: Justin to develop list of required GSS/Kerberos libraries for builders
• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to ensure feature coverage

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST June 18 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-06-04

Attending: steve, josh, andy, nathan, andreas, alex, ken hornstein

Meeting Minutes:

• lustre gss-utils has some kerberos dependencies that Andy needs to disentangle
• Closed Actions:
  • AI: nathan Ask Ken Hornstein about possible involvement
    • KenH has graciously volunteered to be the Lustre Kerberos maintainer! And is joining our weekly meetings and mail list.
  • AI: nathan Ask Eric Mei about sptlrpc questions
    • Eric answered back to the list, and has joined the mail list as well.
  • Andreas filed ET-1342 for installing security packages on Intel test machines

Actions:

• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST June 18 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-05-28

Attending: josh, andy, nathan, andreas, alex

Meeting Minutes:

• [LU-3288] discussion - who will do this work?
  • Is there a kerberos-interested maintainer? Kerb users: PSC, Fermi, UofFL, NRL
  • Note the separation of the build options also implies a separation of #ifdef macros inside of Lustre.
• Noted that there are 3 "null" mechanisms: gss-null != sptlrpc-null (doesn't use gss) != krb5 "plain"
• Questions on existing sptlrpc:
  • How is non-krb security level required - mount option
  • Can a single rpc be not encrypted after connection negotiation?
• Existing Lustre security tests eventually need to be separated:
  • sanity-gss should become sanity-krb5
    • sanity-krb5 should add tests for krb5 "plain" mechanism
  • sanity-gss should eventually use the gss-null mechanism that IU is developing
  • sanity-sptlrpc should be written to test sptlrpc "null" in the absence of GSS.
• Closed actions
  • Andreas to provide instructions for autotest
    • tune testing for a particular patch. This allows specifying a patch is being submitted for testing (i.e. fortestonly), a list of test scripts to run (e.g. testlist=sanity-sec,sanity-gss), and setting environment variables (e.g. envdefinitions=GSS_PIPEFS=true), etc.
    • Some (sparse) documentation on how to run the test scripts: [1] [2]
    • Some older (and partly out of date) information on the specific testscripts are available at: [3] [4]

Actions:

• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to insure feature coverage
• AI: Andreas file bug for installing security packages on intel test clusters
• AI: nathan Ask Ken Hornstein about possible involvement
• AI: nathan Ask Eric Mei about sptlrpc questions

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST June 04 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-05-21

Attending: simms, josh, andy, nathan, andreas, alex

Meeting Minutes:

• LU-3288 filed to separate gss from krb5 requirement
• Closed actions
  • AI: Nathan to pursue Xyratex kerb patches [LU-634]
    • Described here
  • AI: Andreas to help Josh resolve git push problems
  • Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.

Actions:

• AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST May 28 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-05-14

Attending: simms, josh, andy, nathan, andreas

Meeting Minutes:

• Josh writing unit test, debuggin; official proc file name shall be "nodemap"
• Andy working on separating Lustre GSS build from Kerberos requirements
• J&A both working on how to use OpenSFS test cluster with help from Justin and Chris
  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
• Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.

Actions:

• AI: Nathan to pursue Xyratex kerb patches [LU-634] - in progress
• AI: Andreas to help Josh resolve git push problems - in progress

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST May 21 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-05-07

Attending: simms, josh, andreas, alex, nathan, andy

Meeting Minutes:

• Josh pushed config patches to Gerritt and posted usage text
  • proc file format should use YAML
  • please clarify the directory business in the usage text - Andreas asked for man page format
• Andy working on the GSS API code for shared keys and null mechanism
  • Lustre sanity-gss should be split into 3: sanity-gss (NULL), sanity-krb, and sanity-sharedkey
  • Andy filed bug [LU-3288] to remove krb requirement from --enable-gss build switch
• Andreas filed [LU-3289] top-level shared-key tracker
• Nathan added a [Security search filter] at the Intel Jira

• Closed actions
  • Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
  • Simms to contact Peter Jones to help find reviewers
  • Simms to locate test cluster: OpenSFS cluster to be used
  • Nathan to identify kerb patches - xyratex vs. intel / stilbor - patches were located, but the utility/purpose is unclear. Nathan to pursue.
  • Andy and Andreas to file a Jira about ptlrpc replay handling problems [LU-3290]

Actions:

• AI: Nathan to pursue Xyratex kerb patches - in progress
• AI: Andreas to help Josh resolve git push problems - in progress

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST May 14 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-04-30

Attending: ned, simms, josh, andreas, alex, nathan

Meeting Minutes:

• Josh - 2500 lines of code for config: management, lctl, proc files
  • proc file display of nid ranges and uid maps
  • nid ranges are specified as start/end; there is no apparent need for a "skip" functionality (e.g. even/odd ranges)

Actions:

• AI: Andy and Andreas to file a Jira about ptlrpc replay handling problems
• AI: Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
• AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor
• AI: Simms to contact Chris Gearing to help find reviewers
• AI: Andreas to help Josh resolve git push problems
• AI: Simms to locate Kerb-friendly test cluster

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST May 07 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-04-23

Attending: simms, andy, josh, andreas, john, nathan

Meeting Minutes:

• Josh - working on config
• Andy - working on test cases, build checks
• Andreas - established repo at Intel

Actions:

• AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor

lustre-2.1.0.x3_GSS-FIX.tar:
  contains Xyratex GSS-patched lustre source code 2.1.54 built
   for kernel RHEL6: 2.6.32-220.7.1.el6

• AI: Simms to contact Chris Gearing to help find reviewers

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Apr 30 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-04-09

Attending: Josh, John, Andrew, Steve, Nathan, Alex

Meeting Minutes:

• Josh - working on config
• Andy - pushed fixes for Kerberos, working on test cases

Actions:

• AI: Andreas to establish a git repo/branch hosted at Intel

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• skipping week of LUG; next meeting 12:00pm PST Apr 23 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-04-02

Attending: nathan, josh, andrew, steve, cory, alex, john

Meeting Minutes:

• Github access available to PAC members - send keys to Josh
• Andy trying to land fixes for current Lustre Kerberos LU-2392, LU-2384
• Discussion on replay attacks - replay handling is included in ptlrpc, so we shouldn't need shared-key code specific fix.
  • Andreas points out problems with current ptlrpc, but Nathan and Andy's feeling is that this should not be part of the IU contract work. But we should file a Jira describing the problem.

Actions:

• Simms to find reviewers for LU-2392 and LU-2384
• Andy to test and land LU-2392 and LU-2384
• Andy and Andreas to file a Jira about ptlrpc replay handling problems.

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Apr 09 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-03-26

Attending: Josh, Andy, Nathan, Ned, Steve, Alex

Meeting Minutes:

• Github access available to PAC members - send keys to Andy
• Andy has a fix for LU-2392 that he will attach to that ticket.
• Andy needs reviews for above. Simms will ask PJones.
• Andy wanted some direction for how to implement tests - Nathan pointed at sanity-sec.sh and sanity-gss.sh
• Josh update: finishing up part 1 (map setup): module is complete, proc interface for maps, adding lctl writing config to mgs log
  • wants to work on local identity mapping (part 3) before map shipping (part 2)
• Andy update: working on build and tests, has implemented null GSS flavor but not tested yet.

Actions:

• Simms to find reviewers for Andy's version of LU-2392
• Andy to post his fix for LU-2392 to that ticket
• Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue

Milestones In Progress:

• Shared Keys CODE
• UID/GID Mapping CODE

Next Meeting:

• 12:00pm PST Apr 02 2013 unless otherwise cancelled
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-02-19

Attending: Andreas, Alex, Josh, Nathan, Ned, Steve

Meeting Minutes:

• Shared Key HLD accepted
• UID/GID Mapping HLD accepted
• Coding phase should start now. We don't expect any useful results be next week, so we will cancel next week's meeting.
• Nathan added latest versions of HLDs to wiki page.

Actions:

• Josh and Andy to begin coding
• Josh will send out link to GitHub repository
• Josh will send email early next week with a status update, at which point we can plan for the next meeting

Milestones Completed:

• Shared Keys HLD APPROVED 2013-02-19
• UID/GID Mapping HLD APPROVED 2013-02-19

Next Meeting:

• No meeting 2013-02-26, next meeting pending code progress.
• 12:00pm PST Mar ?? 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-01-29

Attending: Andreas, Andy, Alex, Josh, Nathan, Ned

Meeting Minutes:

• Key scope: sets of keys are defined per cluster (not per-client)
• These keys are used to generate session keys for Auth and Encrypt
• Root squash - various ideas
  1. EAs on directories describe which clusters are allowed
  2. Squash per-cluster roots to distinct users, use ACLs to provide per-cluster root-like permissions
  3. Use bind-mounting to limit the visibility of the fs to a subtree
  • suggestion to add root fid/path to cluster definition for future use
  • Current plan: root is not treated specially - per-cluster roots may be mapped to the actual fs root user, or not.
• Object (OSS) security against untrusted client - out of scope
• MGS primacy
  • "MGS up before before other servers" may be a requirement for the mapping or shared key features
  • but this requirement must be relaxed if the uid/shared key feature has not been enabled

Actions:

• Nathan to send HLD example template (done)
• Nathan to propose OpenSFS contract doc templates
• Andy/Josh update HLD with detail

Milestones Under Review:

• UID HLD
• Shared Keys HLD

Next Meeting:

• I will be travelling for the next two meetings (Feb 5, 12). Can someone else host the meeting?
• 12:00pm PST Feb 5 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-01-22

Attending: Nathan, Josh, Andrew, Steve

Meeting Minutes:

• Comments on Shared Keys HLD

1. independence of auth and encrypt keys
2. encrypt-then-MAC
3. HLD should address multiple simultaneuous keys
4. interaction between shared keys and mappings
   • original assumption was key-per-client; key-per-cluster seems to make more sense for a few reasons (large-cluster manageability, shared-root clients). A hash of the keys could be added to a cluster definition. A "null" cluster could be defined for a single-cluster environment.

• Ended meeting early; we need more meeting attendees to discuss these issues.

Actions:

• Review Security HLD to provide timely feedback.

Milestones Under Review:

• UID HLD
• Shared Keys HLD

Next Meeting:

• 12:00pm PST Jan 29 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-01-15

Attending: Nathan, Ned, Josh, Andrew, Steve, Alex, Andreas, John

Meeting Minutes:

• UID/GID HLD Review
  • Comments by Nathan, Andreas, Ned returned via Word doc

Define/update cluster definition via complete file vs. incrementally

Josh: file-based cluster def changes requires walking export tree

Done rarely, probably ok

There may be security implications at the transition when redefining cluster defs

When a NID is removed from a def it should use the default mapping

Define/update UID/GID mappings via complete file vs. incrementally

incremental uid/gid mapping in order to prevent fs access blocking during replacement.

Andreas suggested atomically swap in new mapping once received/set up.

Behaviour during setup and recovery

Don't use default mapping while waiting for definitions; FS should block access to all files until mappings and cluster defs have been set up.

Need a clear signal when an update is finished/complete.

Servers currently cache the MGS Lustre config locally

May be undesirable for OSD

Perhaps this behaviour should be changed: stop caching, require MGS for server startup.

• Shared Key HLD distributed
  • Comments should be returned quickly for HLD revision next week.

Actions:

• Review Shared Key HLD to provide timely feedback.

Milestones Under Review:

• UID HLD
• Shared Keys HLD

Milestones Completed:

• Shared Key Scope Statement APPROVED 2013-01-15

Next Meeting:

• 12:00pm PST Jan 22 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2013-01-08

Attending: Nathan, Ned, Josh, Andrew, Steve, Dave, Alex

Meeting Minutes:

• Clarifying current documents:
  • Latest Shared Keys doc: arch doc. HLD expected this week.
  • Latest UID-GID doc: HLD.
• We need reviewers for both HLDs.
  • UID-GID:
    • Nathan has already sent comments
    • Ned volunteers
    • I'd like to volunteer Andreas in absentia
  • Shared Keys:
    • Not out yet; any eager volunteers?
• Document types: I think the consensus going forward is Google Docs for easier collaboration/feedback.

Actions:

• Andrew to deliver HLD be the end of this week (hopefully)
• Reviews to provide timely feedback.

Milestones Under Review:

• UID HLD
• Shared Keys Solution Arch

Milestones Completed:

• UID/GID Scope Statement APPROVED 2013-01-08

Next Meeting:

• 12:00pm PST Jan 15 2013
• Intercall (866) 203-7023
• Conference code: 5093670258

2012-12-11

Attending: Nathan, Andreas, Josh, Simms, Cory, Alex, Andrew Meeting Minutes:

• Josh and Andrew updated the arch docs with improved use cases, test plan, and acceptance criteria
• Several PAC members commented on the updates
• Alex noted we neglected to address previous discussions on allowing multiple simultaneous keys:
  • should we allow key updates on a live system, or connect-time only?
  • is there any upper limit on total keys?
  • should keys be restricted to particular nid range?

Actions:

• PAC members review docs for final approval by next week.
• The above multiple-key use case should be added to the arch doc.
• In the meantime HLD design can begin

Milestones Under Review:

• UID Solution Arch
• Shared Key Solution Arch

Next Meeting:

• 12:00pm PST Dec 18 2012
• Intercall (866) 203-7023
• Conference code: 5093670258

No meetings on Dec 25 or Jan 1.

2012-12-04

Attending: Nathan, Ned, Josh, Simms, Carrier Meeting Minutes:

• Solution Architecture document review. More detail requested in
  • Practical use case (UID)
  • Specific functional requirements (shared key)
  • Detailed, specific acceptance criteria (e.g. "Any single user on up to 100(?) separate clusters has Unix UID/GID-controlled access to his files on shared Lustre file system.", "Unknown users can be squashed to a particular UID." etc.)

Actions:

• Josh and Andrew to revise Solution Architecture docs with more detail.

Milestones Under Review:

• UID Solution Arch
• Shared Keys Solution Arch

Next Meeting:

• 12:00pm PST Dec 11 2012
• Intercall (866) 203-7023
• Conference code: 5093670258

2012-11-20

Attending: Nathan, Alex, Andreas, Steve, Cory

Meeting Minutes:

• Simms requested approval of the two scope statements as presented in email 2012-11-10. No objections were raised, and the scope statements were approved.

Actions:

• Simms et all will begin work on the Solution Architecture.

Milestones Under Review:

• none

Milestones Completed:

• UID/GID Scope Statement APPROVED 2012-11-20
• Shared Key Scope Statement APPROVED 2012-11-20

Next Meeting:

• 12:00pm PST Nov 27 2012
• Intercall (866) 203-7023
• Conference code: 5093670258