do_node ${clients_arr[0]} "keyctl show |
awk '/lustre/ { print \\\$1 }' | xargs -IX keyctl unlink X"
# generate key with bogus filesystem name
- do_node ${clients_arr[0]} "lgss_sk -w $SK_PATH/$FSNAME-bogus.key \
+ do_node ${clients_arr[0]} "$LGSS_SK -w $SK_PATH/$FSNAME-bogus.key \
-f $FSNAME.bogus -t client -d /dev/urandom" ||
error "lgss_sk failed (1)"
do_facet $SINGLEMDS lfs flushctx || error "could not run flushctx"
start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
# add mgs key type and MGS NIDs in key on MGS
- do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+ do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not modify keyfile on MGS"
# load modified key file on MGS
- do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not load keyfile on MGS"
# add MGS NIDs in key on client
- do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+ do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not modify keyfile on MGS"
start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
# add mgs key type and MGS NIDs in key on MGS
- do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+ do_nodes $mgs_HOST "$LGSS_SK -t mgs,server -g $MGSNID -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not modify keyfile on MGS"
# load modified key file on MGS
- do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+ do_nodes $mgs_HOST "$LGSS_SK -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not load keyfile on MGS"
# add MGS NIDs in key on client
- do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+ do_nodes ${clients_arr[0]} "$LGSS_SK -g $MGSNID -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
error "could not modify keyfile on MGS"
if $SHARED_KEY; then
$RPC_MODE || echo "Using GSS shared-key feature"
- which lgss_sk > /dev/null 2>&1 ||
+ [ -n "$LGSS_SK" ] ||
+ export LGSS_SK=$(which lgss_sk 2> /dev/null)
+ [ -n "$LGSS_SK" ] ||
+ export LGSS_SK="$LUSTRE/utils/gss/lgss_sk"
+ [ -n "$LGSS_SK" ] ||
error_exit "built with lgss_sk disabled! SEC=$SEC"
GSS=true
GSS_SK=true
if $GSS_SK && ! $SK_NO_KEY; then
echo "Loading basic SSK keys on all servers"
do_nodes $(comma_list $(all_server_nodes)) \
- "lgss_sk -t server -l $SK_PATH/$FSNAME.key || true"
+ "$LGSS_SK -t server -l $SK_PATH/$FSNAME.key || true"
do_nodes $(comma_list $(all_server_nodes)) \
"keyctl show | grep lustre | cut -c1-11 |
sed -e 's/ //g;' |
# and S2S now requires keys as well, both for "client"
# and for "server"
if $SK_S2S; then
- lgss_sk -t server -f$FSNAME -n $SK_S2SNMCLI \
+ $LGSS_SK -t server -f$FSNAME -n $SK_S2SNMCLI \
-w $SK_PATH/$FSNAME-nmclient.key \
-d /dev/urandom >/dev/null 2>&1
- lgss_sk -t mgs,server -f$FSNAME -n $SK_S2SNM \
+ $LGSS_SK -t mgs,server -f$FSNAME -n $SK_S2SNM \
-w $SK_PATH/$FSNAME-s2s-server.key \
-d /dev/urandom >/dev/null 2>&1
fi
# basic key create
- lgss_sk -t server -f$FSNAME -w $SK_PATH/$FSNAME.key \
+ $LGSS_SK -t server -f$FSNAME -w $SK_PATH/$FSNAME.key \
-d /dev/urandom >/dev/null 2>&1
# per-nodemap keys
for i in $(seq 0 $((numclients - 1))); do
- lgss_sk -t server -f$FSNAME -n c$i \
+ $LGSS_SK -t server -f$FSNAME -n c$i \
-w $SK_PATH/nodemap/c$i.key -d /dev/urandom \
>/dev/null 2>&1
done
fi
# Set client keys to client type to generate prime P
if local_mode; then
- do_nodes $(all_nodes) "lgss_sk -t client,server -m \
+ do_nodes $(all_nodes) "$LGSS_SK -t client,server -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1"
else
- do_nodes $clients "lgss_sk -t client -m \
+ do_nodes $clients "$LGSS_SK -t client -m \
$SK_PATH/$FSNAME.key >/dev/null 2>&1"
- do_nodes $clients "find $SK_PATH/nodemap -name \*.key | \
- xargs -IX lgss_sk -t client -m X >/dev/null 2>&1"
+ do_nodes $clients "find $SK_PATH/nodemap \
+ -name \*.key | xargs -IX $LGSS_SK -t client \
+ -m X >/dev/null 2>&1"
fi
# This is required for servers as well, if S2S in use
if $SK_S2S; then
do_nodes $(comma_list $(mdts_nodes)) \
"cp $SK_PATH/$FSNAME-s2s-server.key \
- $SK_PATH/$FSNAME-s2s-client.key; lgss_sk \
+ $SK_PATH/$FSNAME-s2s-client.key; $LGSS_SK \
-t client -m $SK_PATH/$FSNAME-s2s-client.key \
>/dev/null 2>&1"
do_nodes $(comma_list $(osts_nodes)) \
"cp $SK_PATH/$FSNAME-s2s-server.key \
- $SK_PATH/$FSNAME-s2s-client.key; lgss_sk \
+ $SK_PATH/$FSNAME-s2s-client.key; $LGSS_SK \
-t client -m $SK_PATH/$FSNAME-s2s-client.key \
>/dev/null 2>&1"
- do_nodes $clients "lgss_sk -t client \
+ do_nodes $clients "$LGSS_SK -t client \
-m $SK_PATH/$FSNAME-nmclient.key \
>/dev/null 2>&1"
fi
local i=0
# Mount all server nodes first with per-NM keys
for nmclient in ${clients//,/ }; do
- # do_nodes $(comma_list $(all_server_nodes)) "lgss_sk -t server -l $SK_PATH/nodemap/c$i.key -n c$i"
- do_nodes $(comma_list $(all_server_nodes)) "lgss_sk -t server -l $SK_PATH/nodemap/c$i.key"
+ do_nodes $(comma_list $(all_server_nodes)) \
+ "$LGSS_SK -t server -l $SK_PATH/nodemap/c$i.key"
i=$((i + 1))
done
# set perms for per-nodemap keys else permission denied
$LCTL dk > ${prefix}.debug_log.$(hostname -s).${suffix}
dmesg > ${prefix}.dmesg.$(hostname -s).${suffix}
[ "$SHARED_KEY" = true ] && find $SK_PATH -name '*.key' -exec \
- lgss_sk -r {} \; &> \
+ $LGSS_SK -r {} \; &> \
${prefix}.ssk_keys.$(hostname -s).${suffix}
[ "$SHARED_KEY" = true ] && lctl get_param 'nodemap.*.*' > \
${prefix}.nodemaps.$(hostname -s).${suffix}
dmesg > ${prefix}.dmesg.\\\$(hostname -s).${suffix}"
if [ "$SHARED_KEY" = true ]; then
do_nodesv $list "find $SK_PATH -name '*.key' -exec \
- lgss_sk -r {} \; &> \
+ $LGSS_SK -r {} \; &> \
${prefix}.ssk_keys.\\\$(hostname -s).${suffix}"
do_facet mds1 "lctl get_param 'nodemap.*.*' > \
${prefix}.nodemaps.\\\$(hostname -s).${suffix}"