Contract SFS-DEV-002

From OpenSFS Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

NOTE: This contract was completed with the final delivery on August 14th 2017

Summary

This project involves two improvements to Lustre's security features:

  • A mapping feature to allow clusters with different UID/GID sets to use a single common Lustre filesystem. This effort is divided into three sub-projects:
  1. ID mapping kernel module, covering the construction and management of the map
  2. Map synchronization, transfer and updates of the map across servers
  3. User mapping, mapping of cluster & client IDs to filesystem ID
  • A shared-key authentication and encryption scheme based on Lustre's GSS mechanism, as a simpler alternative to Kerberos.
Contract Work Item Scope statement Solution architecture High-level design Implementation Delivery
SFS-DEV-002.1 UID/GID Mapping 2012-11-20 2013-01-08 2013-02-19 Sub 1.1 2014-03-18

Sub 1.2 2015-02-05
Sub 1.3 2016-06-02

2016-06-02
SFS-DEV-002.2 Shared Key Auth 2012-11-20 2013-01-15 2013-02-19 2017-04-03 2017-08-14


Resources

Key People

Project Approval Committee (PAC)

  • Nathan Rutman - PAC chair
  • Alexander I Kulyavtsev
  • Andreas Dilger
  • Cory Spitz
  • David Dillow
  • John Carrier
  • Ned Bass

Indiana University

  • Stephen Simms - Manager, High Performance File Systems
  • Joshua Walgenbach - Software Engineer, High Performance File Systems
  • Andrew Korty - Deputy Information Security Officer
  • Kit Westneat
  • Jeremy Fitzelli - contractor

Documentation

Jira

  • [Security search] filter
  • [LU-3289] Shared-key tracker
  • [LU-3527] UID/GID Mapping task 1.1
  • [LU-3288] separate GSS from Kerb build; list of Kerb-required packages
  • [LU-3490] conditionally enable GSS build
  • [LU-4371] Mechanism-agnostic GSSAPI testing
  • [LU-4647] Add idmapping functions for nodemap
  • [LU-3778] OSP and LWP don't know sptlrpc
  • [LU-5092] nodemap: transfer idmaps between MGS, MDT, OST
  • [LU-6020] Seagate Kerberos patches for Lustre 2.5

Mailing List

Related Topics


Meetings

2015

2015-03-17 Apologies, maintaining the meeting minutes here is taking too much of my time; I'll stop posting although the meetings continue.

micro-updates

2015-03-17 Jeremy sent an email to iudev proposing to change sptlrpc to version 2 to support larger token size (LU-3855) as well as some other restructuring. See email thread "proposed version change for PTLRPC GSS"


2015-03-10 Automatic local save of nodemap on OSTs and MDT to insure access at initial startup
Adding Sebastien Buisson to email list for Kerberos updates

2015-03-03 Kit backporting nodemap to 2.5 for TACC

2014-08-07 Stopping recording regular minutes as too time intensive

2014-07-29

Attending: ken, nathan, kit, simms, andreas

Meeting Minutes:

  • Kit:
    • adding tests to security-sec
    • root squash not working in autotest

Blockers:

Milestones In Progress:

  • UID/GID Mapping CODE
  • Shared Keys CODE

2014-07-22

Attending: ken, nathan, josh, simms, andreas


Meeting Minutes:

  • Josh:
    • new nodemap patch 9299
    • needs to update ACL patch
    • will git-bisect to figure out regression with Andy's code
    • framework for shared key is written, but not yet verified/utilized
  • Kit:
    • adding security-sec tests
      • add/remove client ranges
      • client permissions, mapping functionality
      • will add ACL tests e.g. set acl on client 1, check acl from mapped client 2
    • automatic map updates using config index file


Blockers:

Milestones In Progress:

  • UID/GID Mapping CODE
  • Shared Keys CODE

2014-03-04

Attending: nathan, josh, simms, andreas

Meeting Minutes:

  • LU-3527 patches 8125, 8057, 8034 submitted
    • These comprise Milestone 1
    • AI-Simms to send a note requesting formal signoff
  • LU-4647 id mapping on MDT uploaded but fails autotest, needs fixes
  • temporary idmap loading using /proc in progress; MGS-based distribution will come later.
  • Later: ACL's, quota integration, id mapping on OST
  • LU-4371 GSS unit tests have received inspection comments; will be addressed


Actions:

  • AI: Ken, Andy to flesh out Lustre Kerberos
  • AI: Simms to send a note requesting formal signoff
  • AI: Andy to address LU-4371 comments


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Mar 11, 2014
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2014-02-18

Attending: nathan, ken, josh, andy, simms

Meeting Minutes:

  • LU-4647 id mapping on MDT submitted
  • LU-3527 patches 2 & 3 in review
    • Nathaniel Clark has checked, will add ken
  • id mapping on OST will come later
  • LU-3289 shared key scaffolding patch 8629 uploaded
  • LU-4371 generalized test framework, Andy will be fleshing this out


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Feb 25, 2014
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2014-02-04

Attending: nathan, ken, josh, andreas, simms

Meeting Minutes:

  • Contract extended for 1 year
  • Shared-key
    • infrastructure patches inspected, awaiting test
    • remaining effort estimation:
      • milestone 1: 50% done
      • milestone 2: 60% done
      • milestone 3: easy
    • shared-key code will be done by Josh going forward, Andy consulting. Not expected to resume until after Feb 28.
  • UID mapping
    • Andreas inspected latest patches, pinged Andrew P for more
    • goal is to land functional code before Feb 28 (Lustre 2.6); this would use a manual map distribution process instead of automatic MGS/IR mechanism, but would be usable.
    • John Hammond concern that dual red-black trees may use too much memory; apparently this should be only 400b per ID, so probably ok.


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Feb 11, 2014
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-12-10

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

  • Steve
    • Requesting no-cost extension for 1 year
      • Andy's allocated time is used up and will only advise going forward, Josh will work on both sets of code serially
    • Board seems amenable to additional funding to cover Kerberos technical debt; Simms to write a proposal.
  • Andy
    • 2 more patchs to gerritt - headers, added IU OIDs
    • jira ticket for sanity-gss generic tests vs sanity-krb5
      • osp missing proc files ticket still bothersome
    • reviewers can begin reviewing gss-null
    • kerb changes continuing to come in from a few people
      • stilbor patch defining symbols if nonexistent
      • removed __exit function attribute
  • Josh
    • 3 pushes, one review from Hammond
    • name change from nodemap to lu_nodemap
    • could add Andrew P to reviewers


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Dec 17, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-12-03

Attending: nathan, josh, andy, andreas, simms, ken

Meeting Minutes:

  • Josh
    • review from John Hammond
    • 2 patches refreshed, rebased
    • working on 3rd - id mapping
    • rename "nodemap" to smth else? - not needed
    • maloo test failures for unrelated problems
    • up next:
      • server-to-server nodemap copying mechanism - see imperative recovery or per-user quotas code for examples
      • actual mapping on OSS and MDS
  • Andy
    • file header: GPL + IU copyright
    • updated GSS NULL patch, sanity GSS
    • expecting some change for bugs, but can be reviewed at some level
    • notes that initialization code should probably be refactored into different modules
  • Simms notes that the contract will need an extension beyond 1 yr.
    • Andreas, Nathan see no problem with that


Actions:

  • AI: Simms to propose recover funding for some Kerberos technical debt
  • AI: Ken, Andy to flesh out Lustre Kerberos


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Dec 10, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-11-05

Attending: nathan, josh, andy, andreas

Meeting Minutes:

  • Josh - reviews from Andreas and Andrew, working on getting unit tests to pass
  • Andy - put some code up at github for the community
    • problem identifying srpc proc for OSP's - turns out it's missing; see LU-3778
  • Andreas points to mechanism to submit patches only for test wki page


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Nov 12, 2013 Nathan cannot host
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-10-29

Attending: nathan, josh, andreas, ken h, simms

Meeting Minutes:

  • Josh - nodemap and ranges for review
    • sanity-sec tests
    • idmap coming tomorrow
  • reviews are coming faster
  • Andy - tests for gss null
  • Stilbor has submitted some kerb patches, Andy and Ken added for review


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Nov 05, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-10-08

Attending: nathan, andy, josh, andreas, ken h, simms

Meeting Minutes:

  • Andrew Perepechko from Xyratex is available for inspections
  • Andy and Josh should feel free to follow up with Eric Mei if they have questions on old sptlrpc implementation
  • Andy - get tests running with keyutils and not pipefs
  • removal of capa is ok
  • Josh - andreas & fanyong to review LU-3527, add Ken
    • working on one more
    • sanity sec fails for some clients - need to use run_facet mds
  • Nathan can't host the next meeting


Closed Actions:

  • AI: Andy to add check for libkeyutils to LU-3490
  • AI: Andy to investigate gssd missing from Lustre RPM


Actions:


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Oct 15, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-10-01

Attending: nathan, andy, josh, andreas, ken h

Meeting Minutes:

  • Nathan started Lustre Kerberos page with stub content
  • Andy: lsvcgssd uses stripped-down mechglue in Lustre, can bypass this?
  • Is there any capa code impact? never finished?
  • Josh: UID/GID changes pushed, in test, will ask for reviewers


Actions:

  • AI: Andy to add check for libkeyutils to LU-3490
  • AI: Andy to investigate gssd missing from Lustre RPM
  • AI: Ken(?) to flesh out Lustre Kerberos


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Oct 08, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-09-24

Attending: nathan, andy, josh, simms, andreas, ken h

Meeting Minutes:

  • review of LAD summit
  • Nathan invited Kerberos-interested people to join the iudev mail list; general Kerberos problems and fixes can be discussed there. The goal is to get Kerberos back into working order.
  • Andy: keyring obsoletes client-side gssd - to remove?
  • unified UID/GID maps
  • inspection status: andreas ~50%
  • Intel should have a test-parameter options wiki page


Actions:

  • AI: Andy to add check for libkeyutils to LU-3490
  • AI: Andy to investigate gssd missing from Lustre RPM


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Oct 01, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-09-10

Attending: nathan, andy, josh, simms, andreas

Meeting Minutes:

  • No meeting next week due to LAD
  • Andy: [LU-3490] landed
    • Build works on test cluster
    • AI: But some build environments still lack libkeyutils, so Andy will attach another patch to LU3490 to change autoconf to detect missing libkeyutils and disable gss/kerb build
  • AI: Andy has noticed that the gssd userspace app doesn't appear to be included in the Lustre RPMs, and will check on it
  • [LU-3288] is waiting for Andy to add the GSS NULL mechanism so that GSS can be tested independently of KRB.
  • Josh: will land the changes from the [LU-3527] reviews hopefully by the end of the week, included a rebase to Master.
  • Maintenance: Andy asked who would keep the code updated; the answer is the community and/or maintenance contract, but helpful things:
    • Make sure unit tests provide good automated coverage
    • Make sure code is well documented
  • Closed actions:
    • AI: missing keyring [LU-3681] resolved for test nodes


Actions:

  • AI: Andy to add check for libkeyutils to LU-3490
  • AI: Andy to investigate gssd missing from Lustre RPM


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Sep 24, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-08-13

Attending: nathan, ken, josh, andy, simms


Meeting Minutes:

  • Josh: [LU-3527] reviews from Doug and Keith (yay!); still pending reviews from Ken, Andreas, and Fan Yong.
  • Andy: [LU-3490], [LU-3681] still awaiting inspection
  • AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
  • Ken is going to Disneyland, but will work on getting Kerberos running on the tip of the dev branch when he gets back.
  • Closed actions:
    • AI: Andy to add shared-key test list to IUDEV test list
    • AI: Andy to file a ticket on missing keyring [LU-3681]


Actions:

  • AI: Andreas, Ken, Fan Yong to add reviews
  • AI: Simms will bug Peter Jones/CDWG as needed to raise inspection priorities
  • AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Aug 20, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-07-30

Attending: nathan, josh, ken, andrew, simms, andreas


Meeting Minutes:

  • Patches awaiting inspection: [LU-3490], [LU-3527]
    • not easy to find Gerritt links - search gerritt for: "message:LU-..."
    • Simms will bug Peter Jones as needed to raise inspection priorities
  • Ken is working on the "simple Kerberos setup" page
  • Andy sent test list to reflector; will update IUDEV test list.
  • Closed actions:
    • AI: Andy to generate shared-key test list
    • AI: Andy to file a ticket on missing keyring


Actions:

  • AI: Ken to provide simple Kerberos server setup recommendations and potentially unit tests
  • AI: Andy to add shared-key test list to IUDEV test list
  • AI: Andreas, Ken (, Fan Yong) to add reviews


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Aug 6, 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-07-16

Attending: Josh, Ken, Nathan, Andy, Steve, Andreas, Alex


Meeting Minutes:

  • Josh updated [LU-3527] patches in gerritt
    • Josh - can you add a link to the gerritt item from the Jira ticket?
    • AI: Ken, Andreas, Fan Yong to review
  • Josh is planning on using SystemTap for detailed code performance impacts
    • Nathan asked for standard system performance tests as well for OpenSFS
  • Andy waiting on reviewers for [LU-3490]
    • AI: Initially assign to Andreas and Chris Gearing
  • One test node is missing the keyring
    • AI: Andy to file a ticket
  • Andy still working on segv in gss_acquire_cred


Actions:

  • AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
  • AI: Andy to add shared-key test list to IUDEV test list
  • AI: Andreas, Ken (, Fan Yong, Chris Gearing) to add reviews
  • AI: Andy to file a ticket on missing keyring


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST July 23 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-07-09

Attending: Josh, Andy, Steve, Andreas, Ken, Nathan


Meeting Minutes:

  • LU-3527 patches in gerritt
  • discussion on the right size/scope of patches:
    • should be big enough to contain an entire "thought" (no dangling, related lines outside of the patch)
    • must be small enough to be comprehensible in a single sitting (< 1k LOC)
  • Test list -- Josh had sent a list to the listserv; Nathan wiki'ed it here: IUDEV test list
  • Closed actions:
    • AI: Andy to add checks for gss libs before enable-gss (LU-3490) -- done
    • AI: Justin to develop list of required GSS/Kerberos libraries for builders -- in LU-3288
    • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations -- removing from tracking, although Nathan would love to see it.


Actions:

  • AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
  • AI: Josh to fix up Nathan's interpretation IUDEV test list
  • AI: Andy to add shared-key test list to IUDEV test list


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST July 16 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-07-02

Attending: Ken, Nathan, Josh, Steve, Andreas


Meeting Minutes:

  • Josh has uploaded patches to gerritt in the master branch of lustre-dev
    • Tracked in LU-3527
    • Inspectors: Fan Yong, Andreas, Ken
    • Trouble pushing to private branches, but pushing to master works with no ill effects.


Actions:

  • AI: Andy to add checks for gss libs before enable-gss (LU-3490)
  • AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
  • AI: Justin to develop list of required GSS/Kerberos libraries for builders
  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to insure feature coverage


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST July 09 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-06-25

Attending: steve, josh, andy, nathan, andreas, alex, ken, ned, john


Meeting Minutes:

  • There remain Gerritt and Git problems; these are slowly being worked.
  • UID mapping phase 1 (management interface, node map structures) has been uploaded to Jira (IU-3)
    • Reviewer volunteers: Andreas (or Fan Yong), Ken
    • Needs to be moved to a LU- ticket for visibility.
  • phase 3 (UID mapping) up next, working on unit tests
  • phase 2 (MGS pushing/syncing node map) will be worked on after phase 3.
  • Andy has provided a patch to enable gss by default - LU-3490
    • LU-3288 is a probably a pre-req to landing this
    • kerberos tests do pass if proper Kerberos authenticated setup
    • without gss-null landing, currently no gss tests will pass
    • we need to change the patch such that gss is only enabled if the libraries are found


Actions:

  • AI: Andy to add checks for gss libs before enable-gss (LU-3490)
  • AI: Ken to provide simply Kerberos server setup recommendations and potentially unit tests
  • AI: Justin to develop list of required GSS/Kerberos libraries for builders
  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to insure feature coverage


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST July 02 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-06-11

Attending: Josh, Andy, Andreas


Meeting Minutes:

  • Josh updated UID map to use index objects
    • this is proving faster than the llog operations
    • update test scripts to work with the new index code
  • Andy working on gssrpcd
    • adding ability to select encryption mechanism
    • Justin Miller to help maintain nodes for development build/test of code
    • Justin is collecting a list of required GSS/Kerberos libraries for builders
  • Discussed how we can begin adding this code to autotest
    • configure/build needs to autodetect GSS/Kerberos libraries for Gerrit builds
    • presumably just enabling this does not impact performance?
    • initially select tests via "Test-Parameters: testlist=", later add tests to default test list (must be able to pass w/o GSS enabled)


Actions:

  • AI: Justin to develop list of required GSS/Kerberos libraries for builders
  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to ensure feature coverage


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST June 18 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258



2013-06-04

Attending: steve, josh, andy, nathan, andreas, alex, ken hornstein


Meeting Minutes:

  • lustre gss-utils has some kerberos dependencies that Andy needs to disentangle
  • Closed Actions:
    • AI: nathan Ask Ken Hornstein about possible involvement
      • KenH has graciously volunteered to be the Lustre Kerberos maintainer! And is joining our weekly meetings and mail list.
    • AI: nathan Ask Eric Mei about sptlrpc questions
      • Eric answered back to the list, and has joined the mail list as well.
    • Andreas filed ET-1342 for installing security packages on Intel test machines


Actions:

  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to insure feature coverage


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST June 18 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258



2013-05-28

Attending: josh, andy, nathan, andreas, alex


Meeting Minutes:

  • [LU-3288] discussion - who will do this work?
    • Is there a kerberos-interested maintainer? Kerb users: PSC, Fermi, UofFL, NRL
    • Note the separation of the build options also implies a separation of #ifdef macros inside of Lustre.
  • Noted that there are 3 "null" mechanisms: gss-null != sptlrpc-null (doesn't use gss) != krb5 "plain"
  • Questions on existing sptlrpc:
    • How is non-krb security level required - mount option
    • Can a single rpc be not encrypted after connection negotiation?
  • Existing Lustre security tests eventually need to be separated:
    • sanity-gss should become sanity-krb5
      • sanity-krb5 should add tests for krb5 "plain" mechanism
    • sanity-gss should eventually use the gss-null mechanism that IU is developing
    • sanity-sptlrpc should be written to test sptlrpc "null" in the absence of GSS.
  • Closed actions
    • Andreas to provide instructions for autotest
      • tune testing for a particular patch. This allows specifying a patch is being submitted for testing (i.e. fortestonly), a list of test scripts to run (e.g. testlist=sanity-sec,sanity-gss), and setting environment variables (e.g. envdefinitions=GSS_PIPEFS=true), etc.
      • Some (sparse) documentation on how to run the test scripts: [1] [2]
      • Some older (and partly out of date) information on the specific testscripts are available at: [3] [4]


Actions:

  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to insure feature coverage
  • AI: Andreas file bug for installing security packages on intel test clusters
  • AI: nathan Ask Ken Hornstein about possible involvement
  • AI: nathan Ask Eric Mei about sptlrpc questions


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST June 04 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-05-21

Attending: simms, josh, andy, nathan, andreas, alex

Meeting Minutes:

  • LU-3288 filed to separate gss from krb5 requirement
  • Closed actions
    • AI: Nathan to pursue Xyratex kerb patches [LU-634]
    • AI: Andreas to help Josh resolve git push problems
    • Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.


Actions:

  • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • AI: Andy and Josh to determine test list to insure feature coverage


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST May 28 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-05-14

Attending: simms, josh, andy, nathan, andreas

Meeting Minutes:

  • Josh writing unit test, debuggin; official proc file name shall be "nodemap"
  • Andy working on separating Lustre GSS build from Kerberos requirements
  • J&A both working on how to use OpenSFS test cluster with help from Justin and Chris
    • AI: Andy will start a "OpenSFS test cluster HowTo" on the OpenSFS Wiki for future generations.
  • Andreas added a "kerberos" label to the security Jira tickets at Intel - everyone please include this label on future tickets.


Actions:

  • AI: Nathan to pursue Xyratex kerb patches [LU-634] - in progress
  • AI: Andreas to help Josh resolve git push problems - in progress


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST May 21 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-05-07

Attending: simms, josh, andreas, alex, nathan, andy

Meeting Minutes:

  • Josh pushed config patches to Gerritt and posted usage text
    • proc file format should use YAML
    • please clarify the directory business in the usage text - Andreas asked for man page format
  • Andy working on the GSS API code for shared keys and null mechanism
    • Lustre sanity-gss should be split into 3: sanity-gss (NULL), sanity-krb, and sanity-sharedkey
    • Andy filed bug [LU-3288] to remove krb requirement from --enable-gss build switch
  • Andreas filed [LU-3289] top-level shared-key tracker
  • Nathan added a [Security search filter] at the Intel Jira
  • Closed actions
    • Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
    • Simms to contact Peter Jones to help find reviewers
    • Simms to locate test cluster: OpenSFS cluster to be used
    • Nathan to identify kerb patches - xyratex vs. intel / stilbor - patches were located, but the utility/purpose is unclear. Nathan to pursue.
    • Andy and Andreas to file a Jira about ptlrpc replay handling problems [LU-3290]


Actions:

  • AI: Nathan to pursue Xyratex kerb patches - in progress
  • AI: Andreas to help Josh resolve git push problems - in progress


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST May 14 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-04-30

Attending: ned, simms, josh, andreas, alex, nathan

Meeting Minutes:

  • Josh - 2500 lines of code for config: management, lctl, proc files
    • proc file display of nid ranges and uid maps
    • nid ranges are specified as start/end; there is no apparent need for a "skip" functionality (e.g. even/odd ranges)


Actions:

  • AI: Andy and Andreas to file a Jira about ptlrpc replay handling problems
  • AI: Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue [LU-3137]
  • AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor
  • AI: Simms to contact Chris Gearing to help find reviewers
  • AI: Andreas to help Josh resolve git push problems
  • AI: Simms to locate Kerb-friendly test cluster


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST May 07 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-04-23

Attending: simms, andy, josh, andreas, john, nathan

Meeting Minutes:

  • Josh - working on config
  • Andy - working on test cases, build checks
  • Andreas - established repo at Intel


Actions:

  • AI: Nathan to identify kerb patches - xyratex vs. intel / stilbor

lustre-2.1.0.x3_GSS-FIX.tar:
  contains Xyratex GSS-patched lustre source code 2.1.54 built
   for kernel RHEL6: 2.6.32-220.7.1.el6

  • AI: Simms to contact Chris Gearing to help find reviewers


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Apr 30 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-04-09

Attending: Josh, John, Andrew, Steve, Nathan, Alex

Meeting Minutes:

  • Josh - working on config
  • Andy - pushed fixes for Kerberos, working on test cases


Actions:

  • AI: Andreas to establish a git repo/branch hosted at Intel


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • skipping week of LUG; next meeting 12:00pm PST Apr 23 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-04-02

Attending: nathan, josh, andrew, steve, cory, alex, john

Meeting Minutes:

  • Github access available to PAC members - send keys to Josh
  • Andy trying to land fixes for current Lustre Kerberos LU-2392, LU-2384
  • Discussion on replay attacks - replay handling is included in ptlrpc, so we shouldn't need shared-key code specific fix.
    • Andreas points out problems with current ptlrpc, but Nathan and Andy's feeling is that this should not be part of the IU contract work. But we should file a Jira describing the problem.


Actions:

  • Simms to find reviewers for LU-2392 and LU-2384
  • Andy to test and land LU-2392 and LU-2384
  • Andy and Andreas to file a Jira about ptlrpc replay handling problems.


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Apr 09 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-03-26

Attending: Josh, Andy, Nathan, Ned, Steve, Alex

Meeting Minutes:

  • Github access available to PAC members - send keys to Andy
  • Andy has a fix for LU-2392 that he will attach to that ticket.
  • Andy needs reviews for above. Simms will ask PJones.
  • Andy wanted some direction for how to implement tests - Nathan pointed at sanity-sec.sh and sanity-gss.sh
  • Josh update: finishing up part 1 (map setup): module is complete, proc interface for maps, adding lctl writing config to mgs log
    • wants to work on local identity mapping (part 3) before map shipping (part 2)
  • Andy update: working on build and tests, has implemented null GSS flavor but not tested yet.


Actions:

  • Simms to find reviewers for Andy's version of LU-2392
  • Andy to post his fix for LU-2392 to that ticket
  • Andy to file a new ticket with Autoconf fix for libgssapi rename to libgssglue


Milestones In Progress:

  • Shared Keys CODE
  • UID/GID Mapping CODE


Next Meeting:

  • 12:00pm PST Apr 02 2013 unless otherwise cancelled
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-02-19

Attending: Andreas, Alex, Josh, Nathan, Ned, Steve

Meeting Minutes:

  • Shared Key HLD accepted
  • UID/GID Mapping HLD accepted
  • Coding phase should start now. We don't expect any useful results be next week, so we will cancel next week's meeting.
  • Nathan added latest versions of HLDs to wiki page.


Actions:

  • Josh and Andy to begin coding
  • Josh will send out link to GitHub repository
  • Josh will send email early next week with a status update, at which point we can plan for the next meeting


Milestones Completed:

  • Shared Keys HLD APPROVED 2013-02-19
  • UID/GID Mapping HLD APPROVED 2013-02-19


Next Meeting:

  • No meeting 2013-02-26, next meeting pending code progress.
  • 12:00pm PST Mar ?? 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-01-29

Attending: Andreas, Andy, Alex, Josh, Nathan, Ned

Meeting Minutes:

  • Key scope: sets of keys are defined per cluster (not per-client)
  • These keys are used to generate session keys for Auth and Encrypt
  • Root squash - various ideas
    1. EAs on directories describe which clusters are allowed
    2. Squash per-cluster roots to distinct users, use ACLs to provide per-cluster root-like permissions
    3. Use bind-mounting to limit the visibility of the fs to a subtree
    • suggestion to add root fid/path to cluster definition for future use
    • Current plan: root is not treated specially - per-cluster roots may be mapped to the actual fs root user, or not.
  • Object (OSS) security against untrusted client - out of scope
  • MGS primacy
    • "MGS up before before other servers" may be a requirement for the mapping or shared key features
    • but this requirement must be relaxed if the uid/shared key feature has not been enabled


Actions:

  • Nathan to send HLD example template (done)
  • Nathan to propose OpenSFS contract doc templates
  • Andy/Josh update HLD with detail

Milestones Under Review:

  • UID HLD
  • Shared Keys HLD

Next Meeting:

  • I will be travelling for the next two meetings (Feb 5, 12). Can someone else host the meeting?
  • 12:00pm PST Feb 5 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-01-22

Attending: Nathan, Josh, Andrew, Steve

Meeting Minutes:

  • Comments on Shared Keys HLD
  1. independence of auth and encrypt keys
  2. encrypt-then-MAC
  3. HLD should address multiple simultaneuous keys
  4. interaction between shared keys and mappings
    • original assumption was key-per-client; key-per-cluster seems to make more sense for a few reasons (large-cluster manageability, shared-root clients). A hash of the keys could be added to a cluster definition. A "null" cluster could be defined for a single-cluster environment.
  • Ended meeting early; we need more meeting attendees to discuss these issues.


Actions:

  • Review Security HLD to provide timely feedback.


Milestones Under Review:

  • UID HLD
  • Shared Keys HLD

Next Meeting:

  • 12:00pm PST Jan 29 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-01-15

Attending: Nathan, Ned, Josh, Andrew, Steve, Alex, Andreas, John

Meeting Minutes:

  • UID/GID HLD Review
    • Comments by Nathan, Andreas, Ned returned via Word doc
Define/update cluster definition via complete file vs. incrementally
Josh: file-based cluster def changes requires walking export tree
Done rarely, probably ok
There may be security implications at the transition when redefining cluster defs
When a NID is removed from a def it should use the default mapping
Define/update UID/GID mappings via complete file vs. incrementally
incremental uid/gid mapping in order to prevent fs access blocking during replacement.
Andreas suggested atomically swap in new mapping once received/set up.
Behaviour during setup and recovery
Don't use default mapping while waiting for definitions; FS should block access to all files until mappings and cluster defs have been set up.
Need a clear signal when an update is finished/complete.
Servers currently cache the MGS Lustre config locally
May be undesirable for OSD
Perhaps this behaviour should be changed: stop caching, require MGS for server startup.
  • Shared Key HLD distributed
    • Comments should be returned quickly for HLD revision next week.


Actions:

  • Review Shared Key HLD to provide timely feedback.


Milestones Under Review:

  • UID HLD
  • Shared Keys HLD

Milestones Completed:

  • Shared Key Scope Statement APPROVED 2013-01-15

Next Meeting:

  • 12:00pm PST Jan 22 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2013-01-08

Attending: Nathan, Ned, Josh, Andrew, Steve, Dave, Alex

Meeting Minutes:

  • Clarifying current documents:
    • Latest Shared Keys doc: arch doc. HLD expected this week.
    • Latest UID-GID doc: HLD.
  • We need reviewers for both HLDs.
    • UID-GID:
      • Nathan has already sent comments
      • Ned volunteers
      • I'd like to volunteer Andreas in absentia
    • Shared Keys:
      • Not out yet; any eager volunteers?
  • Document types: I think the consensus going forward is Google Docs for easier collaboration/feedback.

Actions:

  • Andrew to deliver HLD be the end of this week (hopefully)
  • Reviews to provide timely feedback.


Milestones Under Review:

  • UID HLD
  • Shared Keys Solution Arch

Milestones Completed:

  • UID/GID Scope Statement APPROVED 2013-01-08

Next Meeting:

  • 12:00pm PST Jan 15 2013
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2012-12-11

Attending: Nathan, Andreas, Josh, Simms, Cory, Alex, Andrew Meeting Minutes:

  • Josh and Andrew updated the arch docs with improved use cases, test plan, and acceptance criteria
  • Several PAC members commented on the updates
  • Alex noted we neglected to address previous discussions on allowing multiple simultaneous keys:
    • should we allow key updates on a live system, or connect-time only?
    • is there any upper limit on total keys?
    • should keys be restricted to particular nid range?

Actions:

  • PAC members review docs for final approval by next week.
  • The above multiple-key use case should be added to the arch doc.
  • In the meantime HLD design can begin


Milestones Under Review:

  • UID Solution Arch
  • Shared Key Solution Arch

Next Meeting:

  • 12:00pm PST Dec 18 2012
  • Intercall (866) 203-7023
  • Conference code: 5093670258

No meetings on Dec 25 or Jan 1.


2012-12-04

Attending: Nathan, Ned, Josh, Simms, Carrier Meeting Minutes:

  • Solution Architecture document review. More detail requested in
    • Practical use case (UID)
    • Specific functional requirements (shared key)
    • Detailed, specific acceptance criteria (e.g. "Any single user on up to 100(?) separate clusters has Unix UID/GID-controlled access to his files on shared Lustre file system.", "Unknown users can be squashed to a particular UID." etc.)

Actions:

  • Josh and Andrew to revise Solution Architecture docs with more detail.


Milestones Under Review:

  • UID Solution Arch
  • Shared Keys Solution Arch

Next Meeting:

  • 12:00pm PST Dec 11 2012
  • Intercall (866) 203-7023
  • Conference code: 5093670258


2012-11-20

Attending: Nathan, Alex, Andreas, Steve, Cory

Meeting Minutes:

  • Simms requested approval of the two scope statements as presented in email 2012-11-10. No objections were raised, and the scope statements were approved.

Actions:

  • Simms et all will begin work on the Solution Architecture.

Milestones Under Review:

  • none

Milestones Completed:

  • UID/GID Scope Statement APPROVED 2012-11-20
  • Shared Key Scope Statement APPROVED 2012-11-20

Next Meeting:

  • 12:00pm PST Nov 27 2012
  • Intercall (866) 203-7023
  • Conference code: 5093670258