2 # -*- mode: Bash; tab-width: 4; indent-tabs-mode: t; -*-
3 # vim:shiftwidth=4:softtabstop=4:tabstop=4:
6 # setup_kerberos.sh - setup the Kerberos environment on Lustre cluster
9 # * Only one KDC involved, no slave KDC.
10 # * Only one Kerberos realm involved, no multiple Kerberos realms.
12 ###############################################################################
17 Usage: $(basename $0) <KDC_distro> <KDC_node> <MGS_node> <MDS_node>[:MDS_node:...]
18 <OSS_node>[:OSS_node:...] <CLIENT_node>[:CLIENT_node:...]
20 This script is used to setup the Kerberos environment on Lustre cluster.
22 KDC_distro distribution on the KDC node (rhel5 or sles10)
23 KDC_node KDC node name
24 MGS_node Lustre MGS node name
25 MDS_node Lustre MDS node name
26 OSS_node Lustre OSS node name
27 CLIENT_node Lustre client node name
29 e.g.: $(basename $0) rhel5 scsi2 scsi2 sata2 sata3 client5
30 e.g.: $(basename $0) sles10 scsi2 scsi2 scsi2 sata3:sata5 client2:client3
31 e.g.: $(basename $0) rhel5 scsi2 scsi2 scsi2 scsi2 scsi2
34 1) The script will destroy all the old Kerberos settings by default. If you
35 want to reserve the original krb5.conf and KDC configuration, please set
38 2) The script will create principals for some runas users and add them into
39 the Kerberos database by default. The UIDs of the runas users specified in
40 "LOCAL_UIDS" variable need exist on KDC, MDS and Client nodes. If you do not
41 need runas users, please set "CFG_RUNAS=false".
46 # ************************ Parameters and Variables ************************ #
54 # translate to lower case letters
55 MY_KDC_DISTRO=$(echo $MY_KDC_DISTRO | tr '[A-Z]' '[a-z]')
57 if [ -z "$MY_KDC_DISTRO" -o -z "$MY_KDCNODE" -o -z "$MY_MDSNODES" -o \
58 -z "$MY_OSSNODES" -o -z "$MY_CLIENTNODES" -o -z "$MY_MGSNODE" ]; then
63 LUSTRE=${LUSTRE:-$(dirname $0)/..}
64 . $LUSTRE/tests/test-framework.sh
68 ACCEPTOR_PORT=${ACCEPTOR_PORT:-988}
70 # check and configure runas users
71 CFG_RUNAS=${CFG_RUNAS:-true}
72 # uids for local users
73 LOCAL_UIDS=${LOCAL_UIDS:-"500 501"}
75 # remove the original Kerberos and KDC settings
76 RESET_KDC=${RESET_KDC:-true}
78 # generate unique keytab for each client node
79 SPLIT_KEYTAB=${SPLIT_KEYTAB:-true}
81 # encryption types for generating keytab
82 MDS_ENCTYPE=${MDS_ENCTYPE:-"aes128-cts"}
83 MGS_ENCTYPE=${MGS_ENCTYPE:-"$MDS_ENCTYPE"}
84 OSS_ENCTYPE=${OSS_ENCTYPE:-"aes128-cts"}
85 CLIENT_ENCTYPE=${CLIENT_ENCTYPE:-"aes128-cts"}
87 # configuration file for Kerberos
88 KRB5_CONF=${KRB5_CONF:-"/etc/krb5.conf"}
89 KRB5_KEYTAB=${KRB5_KEYTAB:-"/etc/krb5.keytab"}
90 KRB5_TICKET_LIFETIME=${KRB5_TICKET_LIFETIME:-"24h"}
92 # configuration files for libgssapi and keyutils
93 GSSAPI_MECH_CONF=${GSSAPI_MECH_CONF:-"/etc/gssapi_mech.conf"}
94 REQUEST_KEY_CONF=${REQUEST_KEY_CONF:-"/etc/request-key.conf"}
97 KRB5_REALM=${KRB5_REALM:-"CO.CFS"}
98 KRB5_DOMAIN=$(echo $KRB5_REALM | tr '[A-Z]' '[a-z]')
100 MY_MDSNODES=${MY_MDSNODES//:/ }
101 MY_OSSNODES=${MY_OSSNODES//:/ }
102 MY_CLIENTNODES=${MY_CLIENTNODES//:/ }
104 # set vars according to the KDC distribution
105 KRB5PKG_SVR="krb5-server"
106 KRB5PKG_DEV="krb5-devel"
107 case $MY_KDC_DISTRO in
109 KRB5PKG_CLI="krb5-workstation"
110 KRB5PKG_LIB="krb5-libs"
111 KDC_CONF_DIR="/var/kerberos/krb5kdc"
114 KRB5PKG_CLI="krb5-client"
116 KDC_CONF_DIR="/var/lib/kerberos/krb5kdc"
119 echo "Unsupported KDC distro: $MY_KDC_DISTRO!"
122 KDC_CONF="$KDC_CONF_DIR/kdc.conf"
123 KDC_ACL="$KDC_CONF_DIR/kadm5.acl"
125 # ******************************** Functions ******************************** #
131 if [ -z "$name" -o -z "$list" ]; then
136 if [[ " $list " == *\ $name\ * ]]; then
148 local nodename=${node%.$KRB5_DOMAIN}
149 do_node $node "PATH=\$PATH:/usr/kerberos/sbin:/usr/kerberos/bin:\
150 /usr/lib/mit/sbin:/usr/lib/mit/bin $@" | sed "s/^${nodename}: //"
151 return ${PIPESTATUS[0]}
156 output=$(my_do_node "$@" 2>&1)
157 return ${PIPESTATUS[0]}
161 my_do_node $MY_KDCNODE "$@"
162 return ${PIPESTATUS[0]}
166 do_node_mute $MY_KDCNODE "$@"
167 return ${PIPESTATUS[0]}
171 # convert a space-delimited node name list to a canonical name list
174 local nodename_list="$@"
180 for name in $nodename_list; do
181 fqdn=$(do_kdc "gethostip -n $name 2>&1")
183 if [ $rc -ne 0 ]; then
184 echo "Can not get the FQDN of node $name: $fqdn"
187 [ -z "$fqdn_list" ] && fqdn_list="$fqdn" \
188 || fqdn_list="$fqdn_list $fqdn"
197 # convert MDS/OSS nodes to their canonical name, it required by
198 # kerberos. we also convert kdc and client too in order to make
199 # node name comparison easier
205 MY_KDCNODE=$(get_fqdn $MY_KDCNODE)
207 if [ $rc -ne 0 ]; then
213 MY_MGSNODE=$(get_fqdn $MY_MGSNODE)
215 if [ $rc -ne 0 ]; then
221 MY_MDSNODES=$(get_fqdn $MY_MDSNODES)
223 if [ $rc -ne 0 ]; then
229 MY_OSSNODES=$(get_fqdn $MY_OSSNODES)
231 if [ $rc -ne 0 ]; then
237 MY_CLIENTNODES=$(get_fqdn $MY_CLIENTNODES)
239 if [ $rc -ne 0 ]; then
248 # verify remote shell works on all nodes
254 echo "+++ Checking remote shell"
256 for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES
258 is_part_of $node $checked && continue
260 echo -n "Checking remote shell on $node..."
261 do_node_mute $node true || return ${PIPESTATUS[0]}
264 checked="$checked $node"
269 # verify the entropy (random numbers) on the KDC node, which is
270 # used by kdb5_util to create Kerberos database
276 echo "+++ Checking the entropy on the KDC"
278 echo -n "Checking $MY_KDCNODE..."
279 avail=$(do_kdc "sysctl -n kernel.random.entropy_avail")
280 local rc=${PIPESTATUS[0]}
281 if [ $rc -eq 0 ]; then
282 if [ $avail -lt $limit ]; then
283 echo -e "\nWarning: The entropy on the KDC node is only $avail, \
284 which is not enough for kdb5_util to create Kerberos database! \
285 Let's use /dev/urandom!"
286 do_kdc "rm -f /dev/random.bak && mv /dev/random{,.bak} && \
287 mknod /dev/random c 1 9"
288 return ${PIPESTATUS[0]}
291 echo "Can not get the entropy on the KDC node!"
298 # verify runas users and groups
306 echo "+++ Checking users and groups"
308 for node in $MY_KDCNODE $MY_MGSNODE $MY_MDSNODES $MY_CLIENTNODES; do
309 is_part_of $node $checked && continue
311 for id in $LOCAL_UIDS; do
312 echo -n "Checking uid/gid $id/$id on $node..."
313 user=$(my_do_node $node getent passwd | grep :$id:$id: | cut -d: -f1)
314 if [ -z "$user" ]; then
315 echo -e "\nPlease set LOCAL_UIDS to some users \
316 which exist on KDC, MDS and client or add user/group $id/$id on these nodes."
321 checked="$checked $node"
330 echo -n "Checking $dev mount on $node..."
331 if do_node_mute $node "grep -q $dir' ' /proc/mounts"; then
336 if ! do_node_mute $node "grep -q ^$dev /etc/fstab"; then
337 my_do_node $node "echo '$dev $dir $dev defaults 0 0' >> /etc/fstab" || \
338 return ${PIPESTATUS[0]}
340 my_do_node $node "mkdir -p $dir && mount $dir" || true
342 if ! do_node_mute $node "grep -q $dir' ' /proc/mounts"; then
343 echo "Failed to mount fs $dev at $dir!"
350 # configure nfsd mount on MDS and OSS nodes
356 echo "+++ Configuring nfsd mount"
358 for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES; do
359 is_part_of $node $checked && continue
360 cfg_mount $node nfsd /proc/fs/nfsd || return ${PIPESTATUS[0]}
361 checked="$checked $node"
369 my_do_node $node "rpm -q $pkg 2>&1" | tail -n1
370 return ${PIPESTATUS[0]}
377 my_do_node $node cat /etc/SuSE-release 2>/dev/null | \
378 grep -q 'Enterprise Server 10'
379 if [ ${PIPESTATUS[1]} -eq 0 ]; then
381 cli) echo "krb5-client";;
386 cli) echo "krb5-workstation";;
387 lib) echo "krb5-libs";;
396 echo "+++ Checking KDC installation"
398 echo -n "Checking $MY_KDCNODE..."
399 pkg=$(get_pkgname $MY_KDCNODE $KRB5PKG_SVR)
401 if [ $rc -ne 0 ]; then
402 echo -e "\nCan not find $KRB5PKG_SVR package on $MY_KDCNODE: $pkg"
414 echo "+++ Checking Kerberos 5 installation"
415 for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do
416 is_part_of $node $checked && continue
418 echo -n "Checking $node..."
419 krb5pkg_cli=$(get_krb5pkgname $node cli)
421 pkg=$(get_pkgname $node $krb5pkg_cli)
423 if [ $rc -ne 0 ]; then
424 echo -e "\nCan not find $krb5pkg_cli package on $node: $pkg"
428 checked="$checked $node"
438 echo "+++ Checking libgssapi installation"
440 LIBGSSAPI=$(get_pkgname $MY_KDCNODE libgssapi)
442 if [ $rc -ne 0 ]; then
443 echo "Can not find libgssapi package on $MY_KDCNODE: $LIBGSSAPI"
447 for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do
448 is_part_of $node $checked && continue
450 echo -n "Checking $node..."
451 pkg=$(get_pkgname $node libgssapi)
453 if [ $rc -ne 0 ]; then
454 echo -e "\nCan not find libgssapi package on $node: $pkg"
458 checked="$checked $node"
463 # check and update the /etc/gssapi_mech.conf file on each node
464 # We only support MIT Kerberos 5 GSS-API mechanism.
474 echo "+++ Updating $GSSAPI_MECH_CONF"
476 for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES
478 is_part_of $node $checked && continue
480 krb5pkg_lib=$(get_krb5pkgname $node lib)
481 pkg=$(get_pkgname $node $krb5pkg_lib)
483 if [ $rc -ne 0 ]; then
484 echo -e "\nCan not find $krb5pkg_lib package on $node: $pkg"
488 krb5_lib=$(my_do_node $node "rpm -ql $pkg" | \
489 grep libgssapi_krb5.so | head -n1)
491 if ! do_node_mute $node \
492 "egrep -q \\\"^$krb5_lib|^$(basename $krb5_lib)\\\" $GSSAPI_MECH_CONF"; then
494 "echo '$krb5_lib mechglue_internal_krb5_init' >> $GSSAPI_MECH_CONF"
496 checked="$checked $node"
502 # check and update the /etc/request-key.conf file on each MDS and client node
509 echo "+++ Updating $REQUEST_KEY_CONF"
511 for node in $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do
512 is_part_of $node $checked && continue
513 lgss_keyring=$(my_do_node $node "which lgss_keyring") || \
514 return ${PIPESTATUS[0]}
516 if ! do_node_mute $node \
517 "grep -q \\\"^create.*$lgss_keyring\\\" $REQUEST_KEY_CONF"; then
519 "echo 'create lgssc * * $lgss_keyring %o %k %t %d %c %u %g %T %P %S' \
520 >> $REQUEST_KEY_CONF"
522 checked="$checked $node"
531 echo -n "Creating service principal lustre_$type/$fqdn@$KRB5_REALM..."
532 do_kdc_mute "kadmin.local -r $KRB5_REALM <<EOF
533 addprinc -randkey lustre_$type/$fqdn@$KRB5_REALM
535 local rc=${PIPESTATUS[0]}
536 [ $rc -ne 0 ] && echo "Failed!" || echo "OK!"
541 add_svc_princ_root() {
542 echo -n "Creating service principal lustre_root@$KRB5_REALM..."
543 do_kdc_mute "kadmin.local -r $KRB5_REALM <<EOF
544 addprinc -randkey lustre_root@$KRB5_REALM
546 local rc=${PIPESTATUS[0]}
547 [ $rc -ne 0 ] && echo "Failed!" || echo "OK!"
555 echo -n "Creating user principal $user@$KRB5_REALM..."
556 do_kdc_mute "kadmin.local -r $KRB5_REALM <<EOF
557 addprinc -pw $user $user@$KRB5_REALM
559 local rc=${PIPESTATUS[0]}
560 [ $rc -ne 0 ] && echo "Failed!" || echo "OK!"
565 add_test_princ_id() {
569 user=$(do_kdc getent passwd $id | cut -d: -f1)
570 if [ -z "$user" ]; then
571 echo "Can not find the user with uid $id on the KDC!"
575 add_user_princ $user || return ${PIPESTATUS[0]}
579 # create principals for the client, MDS, OSS, runas users and add them to
580 # the Kerberos database
585 add_svc_princ $MY_MGSNODE mgs || return ${PIPESTATUS[0]}
587 for node in $MY_MDSNODES; do
588 add_svc_princ $node mds || return ${PIPESTATUS[0]}
591 for node in $MY_OSSNODES; do
592 add_svc_princ $node oss || return ${PIPESTATUS[0]}
595 for node in $MY_CLIENTNODES; do
596 if $SPLIT_KEYTAB; then
597 add_svc_princ $node root || return ${PIPESTATUS[0]}
599 add_svc_princ_root || return ${PIPESTATUS[0]}
603 if ! $SPLIT_KEYTAB; then
604 add_user_princ lustre_root || return ${PIPESTATUS[0]}
606 add_user_princ bin || return ${PIPESTATUS[0]}
607 add_user_princ daemon || return ${PIPESTATUS[0]}
608 add_user_princ games || return ${PIPESTATUS[0]}
611 for uid in $LOCAL_UIDS; do
612 add_test_princ_id $uid || return ${PIPESTATUS[0]}
618 # create and install the KDC configuration file kdc.conf on the KDC, which
619 # will destroy the old KDC setting
622 local tmpdir="$TMP/krb5_cfg_tmp_$UID"
623 local tmpcfg=$tmpdir/kdc.conf
624 local tmpacl=$tmpdir/kadm5.acl
626 echo "+++ Configuring KDC on $MY_KDCNODE"
627 echo "Warning: old KDC setting on $MY_KDCNODE will be destroied!!!"
629 echo -n "Checking the existence of KDC config dir..."
630 do_kdc_mute "[ -d $KDC_CONF_DIR ]"
631 if [ ${PIPESTATUS[0]} -ne 0 ]; then
632 echo -e "\nUnrecognized krb5 distribution!"
639 do_kdc_mute "/etc/init.d/krb5kdc stop < /dev/null" || true
641 echo -n "Removing old KDC configurations..."
642 do_kdc_mute "rm -f $KDC_CONF_DIR/*"
645 # create kdc.conf locally
647 mkdir -p $tmpdir || return ${PIPESTATUS[0]}
654 master_key_type = aes128-cts
655 supported_enctypes = des3-hmac-sha1:normal aes128-cts:normal aes256-cts:normal des-cbc-md5:normal
659 # install kdc.conf remotely
660 echo -n "Installing kdc.conf on $MY_KDCNODE..."
661 $SCP $tmpcfg root@$MY_KDCNODE:$KDC_CONF || return ${PIPESTATUS[0]}
664 # initialize KDC database
665 echo -n "Creating Kerberos database on $MY_KDCNODE..."
666 do_kdc_mute "kdb5_util create -r $KRB5_REALM -s -P 111111"
667 local rc=${PIPESTATUS[0]}
668 if [ $rc -ne 0 ]; then
675 # create ACL file locally & install remotely
677 */admin@$KRB5_REALM *
680 echo -n "Installing kadm5.acl on $MY_KDCNODE..."
681 $SCP $tmpacl root@$MY_KDCNODE:$KDC_ACL || return ${PIPESTATUS[0]}
683 rm -rf $tmpdir || true
686 do_kdc "/etc/init.d/krb5kdc restart < /dev/null" || return ${PIPESTATUS[0]}
690 # create and install the Kerberos configuration file krb5.conf on the KDC,
691 # client, MDS and OSS
694 local tmpdir="$TMP/krb5_cfg_tmp_$UID"
695 local tmpcfg="$tmpdir/krb5.conf"
698 echo "+++ Installing krb5.conf on all nodes"
700 # create krb5.conf locally
702 mkdir -p $tmpdir || return ${PIPESTATUS[0]}
705 default_realm = $KRB5_REALM
706 dns_lookup_realm = false
707 dns_lookup_kdc = false
708 ticket_lifetime = $KRB5_TICKET_LIFETIME
714 admin_server = $MY_KDCNODE:749
715 default_domain = $KRB5_DOMAIN
719 .$KRB5_DOMAIN = $KRB5_REALM
720 $KRB5_DOMAIN = $KRB5_REALM
733 # install krb5.conf remotely
734 for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES
736 is_part_of $node $checked && continue
738 echo -n "Installing krb5.conf on $node..."
739 $SCP $tmpcfg root@$node:$KRB5_CONF || return ${PIPESTATUS[0]}
742 checked="$checked $node"
744 rm -rf $tmpdir || true
752 do_kdc_mute "kadmin.local -r $KRB5_REALM <<EOF
753 ktadd -k $tab -e $enctype:normal $princ@$KRB5_REALM
763 add_keytab $tab lustre_$type/$fqdn $enctype
770 add_keytab $tab lustre_root $enctype
777 $SCP $tab root@$node:$tab || return ${PIPESTATUS[0]}
778 do_node_mute $node "ktutil <<EOF
781 EOF" || return ${PIPESTATUS[0]}
785 # create and install the keytab file krb5.keytab on the client, MDS and OSS
788 local tmptab="$TMP/keytab.tmp"
791 echo "+++ Generating keytabs"
794 echo -n "Deleting old keytabs on all nodes..."
795 for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do
796 do_node_mute $node "rm -f $KRB5_KEYTAB $TMP/krb5cc*"
800 # install for MDS nodes
801 for node in $MY_MDSNODES; do
802 echo -n "Preparing for MDS $node..."
803 do_kdc_mute "rm -f $tmptab"
804 add_keytab_svc $tmptab $node mds $MDS_ENCTYPE || return ${PIPESTATUS[0]}
806 if is_part_of $node $MY_MGSNODE; then
807 echo -n "also be an MGS..."
808 add_keytab_svc $tmptab $node mgs $MGS_ENCTYPE || \
809 return ${PIPESTATUS[0]}
812 if is_part_of $node $MY_OSSNODES; then
813 echo -n "also be an OSS..."
814 add_keytab_svc $tmptab $node oss $OSS_ENCTYPE || \
815 return ${PIPESTATUS[0]}
819 echo -n "Installing krb5.keytab on $node..."
820 $SCP root@$MY_KDCNODE:$tmptab $tmptab || return ${PIPESTATUS[0]}
821 $SCP $tmptab root@$node:$KRB5_KEYTAB || return ${PIPESTATUS[0]}
826 # install for MGS node
827 echo -n "Preparing for MGS $MY_MGSNODE..."
828 if ! is_part_of $MY_MGSNODE $MY_MDSNODES; then
829 do_kdc_mute "rm -f $tmptab"
830 add_keytab_svc $tmptab $MY_MGSNODE mgs $MGS_ENCTYPE || \
831 return ${PIPESTATUS[0]}
833 if is_part_of $MY_MGSNODE $MY_OSSNODES; then
834 echo -n "also be an OSS..."
835 add_keytab_svc $tmptab $MY_MGSNODE oss $OSS_ENCTYPE || \
836 return ${PIPESTATUS[0]}
840 echo -n "Installing krb5.keytab on $MY_MGSNODE..."
841 $SCP root@$MY_KDCNODE:$tmptab $tmptab || return ${PIPESTATUS[0]}
842 $SCP $tmptab root@$MY_MGSNODE:$KRB5_KEYTAB || return ${PIPESTATUS[0]}
846 echo "also be an MDS, already done, skip"
849 # install for OSS nodes
850 for node in $MY_OSSNODES; do
851 echo -n "Preparing for OSS $node..."
852 if is_part_of $node $MY_MDSNODES; then
853 echo "also be an MDS, already done, skip"
854 elif is_part_of $node $MY_MGSNODE; then
855 echo "also be an MGS, already done, skip"
857 do_kdc_mute "rm -f $tmptab"
858 add_keytab_svc $tmptab $node oss $OSS_ENCTYPE || \
859 return ${PIPESTATUS[0]}
862 echo -n "Installing krb5.keytab on $node..."
863 $SCP root@$MY_KDCNODE:$tmptab $tmptab || return ${PIPESTATUS[0]}
864 $SCP $tmptab root@$node:$KRB5_KEYTAB || return ${PIPESTATUS[0]}
870 # install for client nodes
871 do_kdc_mute "rm -f $tmptab"
872 if ! $SPLIT_KEYTAB; then
873 echo -n "Preparing for client..."
874 add_keytab_root $tmptab $CLIENT_ENCTYPE || return ${PIPESTATUS[0]}
875 $SCP root@$MY_KDCNODE:$tmptab $tmptab || return ${PIPESTATUS[0]}
878 for node in $MY_CLIENTNODES; do
879 echo -n "Preparing for client $node..."
880 # don't generate keytabs if it's also an MDS
881 if is_part_of $node $MY_MDSNODES; then
882 echo "also be an MDS, already done, skip"
886 add_keytab_svc $tmptab $node root $CLIENT_ENCTYPE || \
887 return ${PIPESTATUS[0]}
888 $SCP root@$MY_KDCNODE:$tmptab $tmptab || return ${PIPESTATUS[0]}
892 for node in $MY_CLIENTNODES; do
893 echo -n "Installing krb5.keytab on client $node..."
895 # don't install if it's also an MDS
896 if is_part_of $node $MY_MDSNODES; then
897 echo "also be an MDS, already done, skip"
901 # merge keytab if it's also an MGS
902 if is_part_of $node $MY_MGSNODE; then
903 echo -n "also be an MGS, merging keytab..."
904 merge_keytab $tmptab $node || return ${PIPESTATUS[0]}
909 # merge keytab if it's also an OSS
910 if is_part_of $node $MY_OSSNODES; then
911 echo -n "also be an OSS, merging keytab..."
912 merge_keytab $tmptab $node || return ${PIPESTATUS[0]}
917 # simply install otherwise
918 $SCP $tmptab root@$node:$KRB5_KEYTAB || return ${PIPESTATUS[0]}
921 rm -f $tmptab || true
924 check_acceptor_port() {
928 if [ -z "$port" ]; then
929 echo "Missing acceptor port!"
935 while [ $WAIT -lt $MAX_WAIT ]; do
937 my_do_node $node "netstat -tpan" | grep -q ":$port .*TIME_WAIT"
938 if [ ${PIPESTATUS[1]} -ne 0 ]; then
944 echo "LNET acceptor port $port is in use on node $node!"
955 # get the fqdn of the local host
956 local_fqdn=$(get_fqdn $HOSTNAME)
958 if [ $rc -ne 0 ]; then
963 for node in $MY_CLIENTNODES; do
964 my_do_node $node lsmod | grep -q lnet || \
965 my_do_node $node "modprobe lnet" || {
966 if [ "$node" = "$local_fqdn" ]; then
967 lsmod | grep -q lnet || load_modules
969 echo "Failed to load lnet module on node $node!"
974 check_acceptor_port $node $ACCEPTOR_PORT || return ${PIPESTATUS[0]}
976 nid=$(set +x; my_do_node $node \
977 "$LCTL net up 1>/dev/null && $LCTL list_nids" 2>&1 | head -n1
978 exit ${PIPESTATUS[0]})
980 if [ $rc -ne 0 ]; then
981 echo "Failed to get the nid for node $node: $nid"
984 [ -z "$client_nids" ] && client_nids="$nid" \
985 || client_nids="$client_nids $nid"
987 my_do_node $node "$LCTL net down 1>/dev/null" || true
994 # ******************************** Main Flow ******************************** #
995 normalize_names || exit ${PIPESTATUS[0]}
996 check_rsh || exit ${PIPESTATUS[0]}
997 check_entropy || exit ${PIPESTATUS[0]}
1000 check_users || exit ${PIPESTATUS[0]}
1003 check_kdc || exit ${PIPESTATUS[0]}
1004 check_krb5 || exit ${PIPESTATUS[0]}
1005 check_libgssapi || exit ${PIPESTATUS[0]}
1007 echo "===================================================================="
1008 echo " Configure Kerberos testing environment for Lustre"
1009 echo " KDC: $MY_KDCNODE"
1010 echo " realm: $KRB5_REALM, domain: $KRB5_DOMAIN"
1011 echo " Using gssapi package: $LIBGSSAPI"
1015 for i in $MY_OSSNODES; do echo " $i"; done
1017 for i in $MY_MDSNODES; do echo " $i"; done
1018 echo " CLIENT nodes:"
1019 for i in $MY_CLIENTNODES; do echo " $i"; done
1020 echo "===================================================================="
1022 cfg_nfs_mount || exit ${PIPESTATUS[0]}
1023 cfg_libgssapi || exit ${PIPESTATUS[0]}
1024 cfg_keyutils || exit ${PIPESTATUS[0]}
1027 cfg_krb5_conf || exit ${PIPESTATUS[0]}
1028 cfg_kdc || exit ${PIPESTATUS[0]}
1031 cfg_kdc_princs || exit ${PIPESTATUS[0]}
1032 cfg_keytab || exit ${PIPESTATUS[0]}
1034 echo "Complete successfully!"