Latest revision as of 11:20, 30 August 2017

NOTE: This contract was completed with the final delivery on August 14th 2017

Summary

This project involves two improvements to Lustre's security features:

A mapping feature to allow clusters with different UID/GID sets to use a single common Lustre filesystem. This effort is divided into three sub-projects:

ID mapping kernel module, covering the construction and management of the map
Map synchronization, transfer and updates of the map across servers
User mapping, mapping of cluster & client IDs to filesystem ID

A shared-key authentication and encryption scheme based on Lustre's GSS mechanism, as a simpler alternative to Kerberos.

Contract	Work Item	Scope statement	Solution architecture	High-level design	Implementation	Delivery
SFS-DEV-002.1	UID/GID Mapping	2012-11-20	2013-01-08	2013-02-19	Sub 1.1 2014-03-18 Sub 1.2 2015-02-05 Sub 1.3 2016-06-02	2016-06-02
SFS-DEV-002.2	Shared Key Auth	2012-11-20	2013-01-15	2013-02-19	2017-04-03	2017-08-14

Resources

Key People

Project Approval Committee (PAC)

Nathan Rutman - PAC chair
Alexander I Kulyavtsev
Andreas Dilger
Cory Spitz
~~David Dillow~~
~~John Carrier~~
Ned Bass

Indiana University

Stephen Simms - Manager, High Performance File Systems
Joshua Walgenbach - Software Engineer, High Performance File Systems
Andrew Korty - Deputy Information Security Officer
Kit Westneat
Jeremy Fitzelli - contractor

Documentation

Jira

[Security search] filter
[LU-3289] Shared-key tracker
[LU-3527] UID/GID Mapping task 1.1
[LU-3288] separate GSS from Kerb build; list of Kerb-required packages
[LU-3490] conditionally enable GSS build
[LU-4371] Mechanism-agnostic GSSAPI testing
[LU-4647] Add idmapping functions for nodemap
[LU-3778] OSP and LWP don't know sptlrpc
[LU-5092] nodemap: transfer idmaps between MGS, MDT, OST
[LU-6020] Seagate Kerberos patches for Lustre 2.5

Mailing List

Meetings

2015

2015-03-17 Apologies, maintaining the meeting minutes here is taking too much of my time; I'll stop posting although the meetings continue.

micro-updates

2015-03-17 Jeremy sent an email to iudev proposing to change sptlrpc to version 2 to support larger token size (LU-3855) as well as some other restructuring. See email thread "proposed version change for PTLRPC GSS"

2015-03-10 Automatic local save of nodemap on OSTs and MDT to insure access at initial startup
Adding Sebastien Buisson to email list for Kerberos updates

2015-03-03 Kit backporting nodemap to 2.5 for TACC

2014-08-07 Stopping recording regular minutes as too time intensive

2014-07-29

Attending: ken, nathan, kit, simms, andreas

Meeting Minutes:

Kit:
- adding tests to security-sec
- root squash not working in autotest

Blockers:

LU-3778 OSP/LWP lack of sptlrpc

Milestones In Progress:

UID/GID Mapping CODE
Shared Keys CODE

2014-07-22

Attending: ken, nathan, josh, simms, andreas

Meeting Minutes:

Josh:
- new nodemap patch 9299
- needs to update ACL patch
- will git-bisect to figure out regression with Andy's code
- framework for shared key is written, but not yet verified/utilized
Kit:
- adding security-sec tests
  - add/remove client ranges
  - client permissions, mapping functionality
  - will add ACL tests e.g. set acl on client 1, check acl from mapped client 2
- automatic map updates using config index file

Blockers:

LU-3778 OSP/LWP lack of sptlrpc

Milestones In Progress:

UID/GID Mapping CODE
Shared Keys CODE

2014-03-04

Attending: nathan, josh, simms, andreas

Meeting Minutes:

LU-3527 patches 8125, 8057, 8034 submitted
- These comprise Milestone 1
- AI-Simms to send a note requesting formal signoff
LU-4647 id mapping on MDT uploaded but fails autotest, needs fixes
temporary idmap loading using /proc in progress; MGS-based distribution will come later.
Later: ACL's, quota integration, id mapping on OST
LU-4371 GSS unit tests have received inspection comments; will be addressed

Actions:

AI: Ken, Andy to flesh out Lustre Kerberos
AI: Simms to send a note requesting formal signoff
AI: Andy to address LU-4371 comments

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Mar 11, 2014
Intercall (866) 203-7023
Conference code: 5093670258

2014-02-18

Attending: nathan, ken, josh, andy, simms

Meeting Minutes:

LU-4647 id mapping on MDT submitted
LU-3527 patches 2 & 3 in review
- Nathaniel Clark has checked, will add ken
id mapping on OST will come later
LU-3289 shared key scaffolding patch 8629 uploaded
LU-4371 generalized test framework, Andy will be fleshing this out

Actions:

AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Feb 25, 2014
Intercall (866) 203-7023
Conference code: 5093670258

2014-02-04

Attending: nathan, ken, josh, andreas, simms

Meeting Minutes:

Contract extended for 1 year
Shared-key
- infrastructure patches inspected, awaiting test
- remaining effort estimation:
  - milestone 1: 50% done
  - milestone 2: 60% done
  - milestone 3: easy
- shared-key code will be done by Josh going forward, Andy consulting. Not expected to resume until after Feb 28.
UID mapping
- Andreas inspected latest patches, pinged Andrew P for more
- goal is to land functional code before Feb 28 (Lustre 2.6); this would use a manual map distribution process instead of automatic MGS/IR mechanism, but would be usable.
- John Hammond concern that dual red-black trees may use too much memory; apparently this should be only 400b per ID, so probably ok.

Actions:

AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Feb 11, 2014
Intercall (866) 203-7023
Conference code: 5093670258

2013-12-10

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

Steve
- Requesting no-cost extension for 1 year
  - Andy's allocated time is used up and will only advise going forward, Josh will work on both sets of code serially
- Board seems amenable to additional funding to cover Kerberos technical debt; Simms to write a proposal.
Andy
- 2 more patchs to gerritt - headers, added IU OIDs
- jira ticket for sanity-gss generic tests vs sanity-krb5
  - osp missing proc files ticket still bothersome
- reviewers can begin reviewing gss-null
- kerb changes continuing to come in from a few people
  - stilbor patch defining symbols if nonexistent
  - removed __exit function attribute
Josh
- 3 pushes, one review from Hammond
- name change from nodemap to lu_nodemap
- could add Andrew P to reviewers

Actions:

AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Dec 17, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-12-03

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

Josh
- review from John Hammond
- 2 patches refreshed, rebased
- working on 3rd - id mapping
- rename "nodemap" to smth else? - not needed
- maloo test failures for unrelated problems
- up next:
  - server-to-server nodemap copying mechanism - see imperative recovery or per-user quotas code for examples
  - actual mapping on OSS and MDS
Andy
- file header: GPL + IU copyright
- updated GSS NULL patch, sanity GSS
- expecting some change for bugs, but can be reviewed at some level
- notes that initialization code should probably be refactored into different modules
Simms notes that the contract will need an extension beyond 1 yr.
- Andreas, Nathan see no problem with that

Actions:

AI: Simms to propose recover funding for some Kerberos technical debt
AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Dec 10, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-11-05

Attending: nathan, josh, andy, andreas

Meeting Minutes:

Josh - reviews from Andreas and Andrew, working on getting unit tests to pass
Andy - put some code up at github for the community
- problem identifying srpc proc for OSP's - turns out it's missing; see LU-3778
Andreas points to mechanism to submit patches only for test wki page

Actions:

AI: Ken, Andy to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Nov 12, 2013 Nathan cannot host
Intercall (866) 203-7023
Conference code: 5093670258

2013-10-29

Attending: nathan, josh, andreas, ken h, simms

Meeting Minutes:

Josh - nodemap and ranges for review
- sanity-sec tests
- idmap coming tomorrow
reviews are coming faster
Andy - tests for gss null
Stilbor has submitted some kerb patches, Andy and Ken added for review

Actions:

AI: Ken to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Nov 05, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-10-08

Attending: nathan, andy, josh, andreas, ken h, simms

Meeting Minutes:

Andrew Perepechko from Xyratex is available for inspections
Andy and Josh should feel free to follow up with Eric Mei if they have questions on old sptlrpc implementation
Andy - get tests running with keyutils and not pipefs
removal of capa is ok
Josh - andreas & fanyong to review LU-3527, add Ken
- working on one more
- sanity sec fails for some clients - need to use run_facet mds
Nathan can't host the next meeting

Closed Actions:

AI: Andy to add check for libkeyutils to LU-3490
AI: Andy to investigate gssd missing from Lustre RPM

Actions:

AI: Ken(?) to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Oct 15, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-10-01

Attending: nathan, andy, josh, andreas, ken h

Meeting Minutes:

Nathan started Lustre Kerberos page with stub content
Andy: lsvcgssd uses stripped-down mechglue in Lustre, can bypass this?
Is there any capa code impact? never finished?
Josh: UID/GID changes pushed, in test, will ask for reviewers

Actions:

AI: Andy to add check for libkeyutils to LU-3490
AI: Andy to investigate gssd missing from Lustre RPM
AI: Ken(?) to flesh out Lustre Kerberos

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Oct 08, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-09-24

Attending: nathan, andy, josh, simms, andreas, ken h

Meeting Minutes:

review of LAD summit
Nathan invited Kerberos-interested people to join the iudev mail list; general Kerberos problems and fixes can be discussed there. The goal is to get Kerberos back into working order.
Andy: keyring obsoletes client-side gssd - to remove?
unified UID/GID maps
inspection status: andreas ~50%
Intel should have a test-parameter options wiki page

Actions:

AI: Andy to add check for libkeyutils to LU-3490
AI: Andy to investigate gssd missing from Lustre RPM

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Oct 01, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-09-10

Attending: nathan, andy, josh, simms, andreas

Meeting Minutes:

No meeting next week due to LAD
Andy: [LU-3490] landed
- Build works on test cluster
- AI: But some build environments still lack libkeyutils, so Andy will attach another patch to LU3490 to change autoconf to detect missing libkeyutils and disable gss/kerb build
AI: Andy has noticed that the gssd userspace app doesn't appear to be included in the Lustre RPMs, and will check on it
[LU-3288] is waiting for Andy to add the GSS NULL mechanism so that GSS can be tested independently of KRB.

Josh: will land the changes from the [LU-3527] reviews hopefully by the end of the week, included a rebase to Master.
Maintenance: Andy asked who would keep the code updated; the answer is the community and/or maintenance contract, but helpful things:
- Make sure unit tests provide good automated coverage
- Make sure code is well documented

Closed actions:
- AI: missing keyring [LU-3681] resolved for test nodes

Actions:

AI: Andy to add check for libkeyutils to LU-3490
AI: Andy to investigate gssd missing from Lustre RPM

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Sep 24, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-08-13

Attending: nathan, ken, josh, andy, simms

Meeting Minutes:

Josh: [LU-3527] reviews from Doug and Keith (yay!); still pending reviews from Ken, Andreas, and Fan Yong.
Andy: [LU-3490], [LU-3681] still awaiting inspection
AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
Ken is going to Disneyland, but will work on getting Kerberos running on the tip of the dev branch when he gets back.
Closed actions:
- AI: Andy to add shared-key test list to IUDEV test list
- AI: Andy to file a ticket on missing keyring [LU-3681]

Actions:

AI: Andreas, Ken, Fan Yong to add reviews
AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Aug 20, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-07-30

Attending: nathan, josh, ken, andrew, simms, andreas

Meeting Minutes:

Patches awaiting inspection: [LU-3490], [LU-3527]
- not easy to find Gerritt links - search gerritt for: "message:LU-..."
- Simms will bug Peter Jones as needed to raise inspection priorities
Ken is working on the "simple Kerberos setup" page
Andy sent test list to reflector; will update IUDEV test list.
Closed actions:
- AI: Andy to generate shared-key test list
- AI: Andy to file a ticket on missing keyring

Actions:

AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests
AI: Andy to add shared-key test list to IUDEV test list
AI: Andreas, Ken (, Fan Yong) to add reviews

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Aug 6, 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-07-16

Attending: Josh, Ken, Nathan, Andy, Steve, Andreas, Alex

Meeting Minutes:

Josh updated [LU-3527] patches in gerritt
- Josh - can you add a link to the gerritt item from the Jira ticket?
- AI: Ken, Andreas, Fan Yong to review
Josh is planning on using SystemTap for detailed code performance impacts
- Nathan asked for standard system performance tests as well for OpenSFS
Andy waiting on reviewers for [LU-3490]
- AI: Initially assign to Andreas and Chris Gearing
One test node is missing the keyring
- AI: Andy to file a ticket
Andy still working on segv in gss_acquire_cred

Actions:

AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
AI: Andy to add shared-key test list to IUDEV test list
AI: Andreas, Ken (, Fan Yong, Chris Gearing) to add reviews
AI: Andy to file a ticket on missing keyring

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST July 23 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-07-09

Attending: Josh, Andy, Steve, Andreas, Ken, Nathan

Meeting Minutes:

LU-3527 patches in gerritt
discussion on the right size/scope of patches:
- should be big enough to contain an entire "thought" (no dangling, related lines outside of the patch)
- must be small enough to be comprehensible in a single sitting (< 1k LOC)
Test list -- Josh had sent a list to the listserv; Nathan wiki'ed it here: IUDEV test list

Closed actions:
- AI: Andy to add checks for gss libs before enable-gss (LU-3490) -- done
- AI: Justin to develop list of required GSS/Kerberos libraries for builders -- in LU-3288
- AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations -- removing from tracking, although Nathan would love to see it.

Actions:

AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
AI: Josh to fix up Nathan's interpretation IUDEV test list
AI: Andy to add shared-key test list to IUDEV test list

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST July 16 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-07-02

Attending: Ken, Nathan, Josh, Steve, Andreas

Meeting Minutes:

Josh has uploaded patches to gerritt in the master branch of lustre-dev
- Tracked in LU-3527
- Inspectors: Fan Yong, Andreas, Ken
- Trouble pushing to private branches, but pushing to master works with no ill effects.

Actions:

AI: Andy to add checks for gss libs before enable-gss (LU-3490)
AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
AI: Justin to develop list of required GSS/Kerberos libraries for builders
AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST July 09 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-06-25

Attending: steve, josh, andy, nathan, andreas, alex, ken, ned, john

Meeting Minutes:

There remain Gerritt and Git problems; these are slowly being worked.
UID mapping phase 1 (management interface, node map structures) has been uploaded to Jira (IU-3)
- Reviewer volunteers: Andreas (or Fan Yong), Ken
- Needs to be moved to a LU- ticket for visibility.
phase 3 (UID mapping) up next, working on unit tests
phase 2 (MGS pushing/syncing node map) will be worked on after phase 3.
Andy has provided a patch to enable gss by default - LU-3490
- LU-3288 is a probably a pre-req to landing this
- kerberos tests do pass if proper Kerberos authenticated setup
- without gss-null landing, currently no gss tests will pass
- we need to change the patch such that gss is only enabled if the libraries are found

Actions:

AI: Andy to add checks for gss libs before enable-gss (LU-3490)
AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
AI: Justin to develop list of required GSS/Kerberos libraries for builders
AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST July 02 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-06-11

Attending: Josh, Andy, Andreas

Meeting Minutes:

Josh updated UID map to use index objects
- this is proving faster than the llog operations
- update test scripts to work with the new index code
Andy working on gssrpcd
- adding ability to select encryption mechanism
- Justin Miller to help maintain nodes for development build/test of code
- Justin is collecting a list of required GSS/Kerberos libraries for builders
Discussed how we can begin adding this code to autotest
- configure/build needs to autodetect GSS/Kerberos libraries for Gerrit builds
- presumably just enabling this does not impact performance?
- initially select tests via "Test-Parameters: testlist=", later add tests to default test list (must be able to pass w/o GSS enabled)

Actions:

AI: Justin to develop list of required GSS/Kerberos libraries for builders
AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to ensure feature coverage

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST June 18 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-06-04

Attending: steve, josh, andy, nathan, andreas, alex, ken hornstein

Meeting Minutes:

lustre gss-utils has some kerberos dependencies that Andy needs to disentangle
Closed Actions:
- AI: nathan Ask Ken Hornstein about possible involvement
  - KenH has graciously volunteered to be the Lustre Kerberos maintainer! And is joining our weekly meetings and mail list.
- AI: nathan Ask Eric Mei about sptlrpc questions
  - Eric answered back to the list, and has joined the mail list as well.
- Andreas filed ET-1342 for installing security packages on Intel test machines

Actions:

AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST June 18 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-05-28

Attending: josh, andy, nathan, andreas, alex

Meeting Minutes:

[LU-3288] discussion - who will do this work?
- Is there a kerberos-interested maintainer? Kerb users: PSC, Fermi, UofFL, NRL
- Note the separation of the build options also implies a separation of #ifdef macros inside of Lustre.
Noted that there are 3 "null" mechanisms: gss-null != sptlrpc-null (doesn't use gss) != krb5 "plain"
Questions on existing sptlrpc:
- How is non-krb security level required - mount option
- Can a single rpc be not encrypted after connection negotiation?
Existing Lustre security tests eventually need to be separated:
- sanity-gss should become sanity-krb5
  - sanity-krb5 should add tests for krb5 "plain" mechanism
- sanity-gss should eventually use the gss-null mechanism that IU is developing
- sanity-sptlrpc should be written to test sptlrpc "null" in the absence of GSS.
Closed actions
- Andreas to provide instructions for autotest
  - tune testing for a particular patch. This allows specifying a patch is being submitted for testing (i.e. fortestonly), a list of test scripts to run (e.g. testlist=sanity-sec,sanity-gss), and setting environment variables (e.g. envdefinitions=GSS_PIPEFS=true), etc.
  - Some (sparse) documentation on how to run the test scripts: [1] [2]
  - Some older (and partly out of date) information on the specific testscripts are available at: [3] [4]

Actions:

AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to insure feature coverage
AI: Andreas file bug for installing security packages on intel test clusters
AI: nathan Ask Ken Hornstein about possible involvement
AI: nathan Ask Eric Mei about sptlrpc questions

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST June 04 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-05-21

Attending: simms, josh, andy, nathan, andreas, alex

Meeting Minutes:

LU-3288 filed to separate gss from krb5 requirement
Closed actions
- AI: Nathan to pursue Xyratex kerb patches [LU-634]
  - Described here
- AI: Andreas to help Josh resolve git push problems
- Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.

Actions:

AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
AI: Andy and Josh to determine test list to insure feature coverage

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST May 28 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-05-14

Attending: simms, josh, andy, nathan, andreas

Meeting Minutes:

Josh writing unit test, debuggin; official proc file name shall be "nodemap"
Andy working on separating Lustre GSS build from Kerberos requirements
J&A both working on how to use OpenSFS test cluster with help from Justin and Chris
- AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.

Actions:

AI: Nathan to pursue Xyratex kerb patches [LU-634] - in progress
AI: Andreas to help Josh resolve git push problems - in progress

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST May 21 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-05-07

Attending: simms, josh, andreas, alex, nathan, andy

Meeting Minutes:

Josh pushed config patches to Gerritt and posted usage text
- proc file format should use YAML
- please clarify the directory business in the usage text - Andreas asked for man page format
Andy working on the GSS API code for shared keys and null mechanism
- Lustre sanity-gss should be split into 3: sanity-gss (NULL), sanity-krb, and sanity-sharedkey
- Andy filed bug [LU-3288] to remove krb requirement from --enable-gss build switch
Andreas filed [LU-3289] top-level shared-key tracker
Nathan added a [Security search filter] at the Intel Jira

Closed actions
- Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
- Simms to contact Peter Jones to help find reviewers
- Simms to locate test cluster: OpenSFS cluster to be used
- Nathan to identify kerb patches - xyratex vs. intel / stilbor - patches were located, but the utility/purpose is unclear. Nathan to pursue.
- Andy and Andreas to file a Jira about ptlrpc replay handling problems [LU-3290]

Actions:

AI: Nathan to pursue Xyratex kerb patches - in progress
AI: Andreas to help Josh resolve git push problems - in progress

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST May 14 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-04-30

Attending: ned, simms, josh, andreas, alex, nathan

Meeting Minutes:

Josh - 2500 lines of code for config: management, lctl, proc files
- proc file display of nid ranges and uid maps
- nid ranges are specified as start/end; there is no apparent need for a "skip" functionality (e.g. even/odd ranges)

Actions:

AI: Andy and Andreas to file a Jira about ptlrpc replay handling problems
AI: Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor
AI: Simms to contact Chris Gearing to help find reviewers
AI: Andreas to help Josh resolve git push problems
AI: Simms to locate Kerb-friendly test cluster

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST May 07 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-04-23

Attending: simms, andy, josh, andreas, john, nathan

Meeting Minutes:

Josh - working on config
Andy - working on test cases, build checks
Andreas - established repo at Intel

Actions:

AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor

lustre-2.1.0.x3_GSS-FIX.tar:
  contains Xyratex GSS-patched lustre source code 2.1.54 built
   for kernel RHEL6: 2.6.32-220.7.1.el6

AI: Simms to contact Chris Gearing to help find reviewers

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Apr 30 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-04-09

Attending: Josh, John, Andrew, Steve, Nathan, Alex

Meeting Minutes:

Josh - working on config
Andy - pushed fixes for Kerberos, working on test cases

Actions:

AI: Andreas to establish a git repo/branch hosted at Intel

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

skipping week of LUG; next meeting 12:00pm PST Apr 23 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-04-02

Attending: nathan, josh, andrew, steve, cory, alex, john

Meeting Minutes:

Github access available to PAC members - send keys to Josh
Andy trying to land fixes for current Lustre Kerberos LU-2392, LU-2384
Discussion on replay attacks - replay handling is included in ptlrpc, so we shouldn't need shared-key code specific fix.
- Andreas points out problems with current ptlrpc, but Nathan and Andy's feeling is that this should not be part of the IU contract work. But we should file a Jira describing the problem.

Actions:

Simms to find reviewers for LU-2392 and LU-2384
Andy to test and land LU-2392 and LU-2384
Andy and Andreas to file a Jira about ptlrpc replay handling problems.

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Apr 09 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-03-26

Attending: Josh, Andy, Nathan, Ned, Steve, Alex

Meeting Minutes:

Github access available to PAC members - send keys to Andy
Andy has a fix for LU-2392 that he will attach to that ticket.
Andy needs reviews for above. Simms will ask PJones.
Andy wanted some direction for how to implement tests - Nathan pointed at sanity-sec.sh and sanity-gss.sh
Josh update: finishing up part 1 (map setup): module is complete, proc interface for maps, adding lctl writing config to mgs log
- wants to work on local identity mapping (part 3) before map shipping (part 2)
Andy update: working on build and tests, has implemented null GSS flavor but not tested yet.

Actions:

Simms to find reviewers for Andy's version of LU-2392
Andy to post his fix for LU-2392 to that ticket
Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue

Milestones In Progress:

Shared Keys CODE
UID/GID Mapping CODE

Next Meeting:

12:00pm PST Apr 02 2013 unless otherwise cancelled
Intercall (866) 203-7023
Conference code: 5093670258

2013-02-19

Attending: Andreas, Alex, Josh, Nathan, Ned, Steve

Meeting Minutes:

Shared Key HLD accepted
UID/GID Mapping HLD accepted
Coding phase should start now. We don't expect any useful results be next week, so we will cancel next week's meeting.
Nathan added latest versions of HLDs to wiki page.

Actions:

Josh and Andy to begin coding
Josh will send out link to GitHub repository
Josh will send email early next week with a status update, at which point we can plan for the next meeting

Milestones Completed:

Shared Keys HLD APPROVED 2013-02-19
UID/GID Mapping HLD APPROVED 2013-02-19

Next Meeting:

No meeting 2013-02-26, next meeting pending code progress.
12:00pm PST Mar ?? 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-01-29

Attending: Andreas, Andy, Alex, Josh, Nathan, Ned

Meeting Minutes:

Key scope: sets of keys are defined per cluster (not per-client)
These keys are used to generate session keys for Auth and Encrypt
Root squash - various ideas
1. EAs on directories describe which clusters are allowed
2. Squash per-cluster roots to distinct users, use ACLs to provide per-cluster root-like permissions
3. Use bind-mounting to limit the visibility of the fs to a subtree
- suggestion to add root fid/path to cluster definition for future use
- Current plan: root is not treated specially - per-cluster roots may be mapped to the actual fs root user, or not.
Object (OSS) security against untrusted client - out of scope
MGS primacy
- "MGS up before before other servers" may be a requirement for the mapping or shared key features
- but this requirement must be relaxed if the uid/shared key feature has not been enabled

Actions:

Nathan to send HLD example template (done)
Nathan to propose OpenSFS contract doc templates
Andy/Josh update HLD with detail

Milestones Under Review:

UID HLD
Shared Keys HLD

Next Meeting:

I will be travelling for the next two meetings (Feb 5, 12). Can someone else host the meeting?
12:00pm PST Feb 5 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-01-22

Attending: Nathan, Josh, Andrew, Steve

Meeting Minutes:

Comments on Shared Keys HLD

independence of auth and encrypt keys
encrypt-then-MAC
HLD should address multiple simultaneuous keys
interaction between shared keys and mappings
- original assumption was key-per-client; key-per-cluster seems to make more sense for a few reasons (large-cluster manageability, shared-root clients). A hash of the keys could be added to a cluster definition. A "null" cluster could be defined for a single-cluster environment.

Ended meeting early; we need more meeting attendees to discuss these issues.

Actions:

Review Security HLD to provide timely feedback.

Milestones Under Review:

UID HLD
Shared Keys HLD

Next Meeting:

12:00pm PST Jan 29 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-01-15

Attending: Nathan, Ned, Josh, Andrew, Steve, Alex, Andreas, John

Meeting Minutes:

UID/GID HLD Review
- Comments by Nathan, Andreas, Ned returned via Word doc

Define/update cluster definition via complete file vs. incrementally: Josh: file-based cluster def changes requires walking export tree; Done rarely, probably ok; There may be security implications at the transition when redefining cluster defs; When a NID is removed from a def it should use the default mapping

Define/update UID/GID mappings via complete file vs. incrementally: incremental uid/gid mapping in order to prevent fs access blocking during replacement.; Andreas suggested atomically swap in new mapping once received/set up.

Behaviour during setup and recovery

Don't use default mapping while waiting for definitions; FS should block access to all files until mappings and cluster defs have been set up.

Need a clear signal when an update is finished/complete.

Servers currently cache the MGS Lustre config locally

May be undesirable for OSD

Perhaps this behaviour should be changed: stop caching, require MGS for server startup.

Shared Key HLD distributed
- Comments should be returned quickly for HLD revision next week.

Actions:

Review Shared Key HLD to provide timely feedback.

Milestones Under Review:

UID HLD
Shared Keys HLD

Milestones Completed:

Shared Key Scope Statement APPROVED 2013-01-15

Next Meeting:

12:00pm PST Jan 22 2013
Intercall (866) 203-7023
Conference code: 5093670258

2013-01-08

Attending: Nathan, Ned, Josh, Andrew, Steve, Dave, Alex

Meeting Minutes:

Clarifying current documents:
- Latest Shared Keys doc: arch doc. HLD expected this week.
- Latest UID-GID doc: HLD.
We need reviewers for both HLDs.
- UID-GID:
  - Nathan has already sent comments
  - Ned volunteers
  - I'd like to volunteer Andreas in absentia
- Shared Keys:
  - Not out yet; any eager volunteers?
Document types: I think the consensus going forward is Google Docs for easier collaboration/feedback.

Actions:

Andrew to deliver HLD be the end of this week (hopefully)
Reviews to provide timely feedback.

Milestones Under Review:

UID HLD
Shared Keys Solution Arch

Milestones Completed:

UID/GID Scope Statement APPROVED 2013-01-08

Next Meeting:

12:00pm PST Jan 15 2013
Intercall (866) 203-7023
Conference code: 5093670258

2012-12-11

Attending: Nathan, Andreas, Josh, Simms, Cory, Alex, Andrew Meeting Minutes:

Josh and Andrew updated the arch docs with improved use cases, test plan, and acceptance criteria
Several PAC members commented on the updates
Alex noted we neglected to address previous discussions on allowing multiple simultaneous keys:
- should we allow key updates on a live system, or connect-time only?
- is there any upper limit on total keys?
- should keys be restricted to particular nid range?

Actions:

PAC members review docs for final approval by next week.
The above multiple-key use case should be added to the arch doc.
In the meantime HLD design can begin

Milestones Under Review:

UID Solution Arch
Shared Key Solution Arch

Next Meeting:

12:00pm PST Dec 18 2012
Intercall (866) 203-7023
Conference code: 5093670258

No meetings on Dec 25 or Jan 1.

2012-12-04

Attending: Nathan, Ned, Josh, Simms, Carrier Meeting Minutes:

Solution Architecture document review. More detail requested in
- Practical use case (UID)
- Specific functional requirements (shared key)
- Detailed, specific acceptance criteria (e.g. "Any single user on up to 100(?) separate clusters has Unix UID/GID-controlled access to his files on shared Lustre file system.", "Unknown users can be squashed to a particular UID." etc.)

Actions:

Josh and Andrew to revise Solution Architecture docs with more detail.

Milestones Under Review:

UID Solution Arch
Shared Keys Solution Arch

Next Meeting:

12:00pm PST Dec 11 2012
Intercall (866) 203-7023
Conference code: 5093670258

2012-11-20

Attending: Nathan, Alex, Andreas, Steve, Cory

Meeting Minutes:

Simms requested approval of the two scope statements as presented in email 2012-11-10. No objections were raised, and the scope statements were approved.

Actions:

Simms et all will begin work on the Solution Architecture.

Milestones Under Review:

none

Milestones Completed:

UID/GID Scope Statement APPROVED 2012-11-20
Shared Key Scope Statement APPROVED 2012-11-20

Next Meeting:

12:00pm PST Nov 27 2012
Intercall (866) 203-7023
Conference code: 5093670258

Contract SFS-DEV-002: Difference between revisions

Latest revision as of 11:20, 30 August 2017

Summary

Resources

Key People

Documentation

Jira

Mailing List

Related Topics

Meetings

2015

micro-updates

2014-07-29

2014-07-22

2014-03-04

2014-02-18

2014-02-04

2013-12-10

2013-12-03

2013-11-05

2013-10-29

2013-10-08

2013-10-01

2013-09-24

2013-09-10

2013-08-13

2013-07-30

2013-07-16

2013-07-09

2013-07-02

2013-06-25

2013-06-11

2013-06-04

2013-05-28

2013-05-21

2013-05-14

2013-05-07

2013-04-30

2013-04-23

2013-04-09

2013-04-02

2013-03-26

2013-02-19

2013-01-29

2013-01-22

2013-01-15

2013-01-08

2012-12-11

2012-12-04

2012-11-20

Navigation menu

Search