The lsvcgss service can fail to start if the daemon is invoked with
the '-k' option whereas no proper Kerberos configuration is in place
on the server. The daemon should ignore the '-k' option is such case
and try to start the other provided modes if any (SSK, Null).
And in case the daemon is started with the '-s' option (SSK), it
spawns a temporary additional thread to compute the number of rounds
used for Miller-Rabin prime testing. So the lsvcgss_sysd script should
support that.
Fixes:
c6878334a1 ("LU-17741 gss: fix lsvcgss service for systemd")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Iba632bd0ea9696ccea52bff5982a4d4e490597a7
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55293
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Jian Yu <yujian@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
/usr/sbin/lsvcgssd ${LSVCGSSDARGS}
RETVAL=$?
-[ $RETVAL -eq 0 ] && echo $(pidof lsvcgssd) > $PIDFILE
+[ $RETVAL -eq 0 ] && echo $(pidof -s lsvcgssd) > $PIDFILE
exit $RETVAL
if (gssd_check_mechs()) {
printerr(LL_ERR,
"ERROR: problem with gssapi library\n");
- exit(1);
+ ret = -1;
+ goto err_krb;
}
ret = gss_get_realm(realm);
if (ret) {
printerr(LL_ERR, "ERROR: no Kerberos realm: %s\n",
error_message(ret));
- exit(1);
+ goto err_krb;
}
printerr(LL_WARN, "Kerberos realm: %s\n", krb5_this_realm);
if (get_creds &&
"unable to obtain root (machine) credentials\n");
printerr(LL_ERR,
"do you have a keytab entry for <lustre_xxs>/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?\n");
- exit(1);
+ ret = -1;
+ goto err_krb;
+ }
+
+err_krb:
+ if (ret) {
+ krb_enabled = 0;
+ printerr(LL_ERR, "ERROR: disabling Kerberos support\n");
+ if (!sk_enabled && !krb_enabled && !null_enabled)
+ exit(EXIT_FAILURE);
}
}
git://git.whamcloud.com / fs / lustre-release.git / commitdiff