From: Sebastien Buisson <sbuisson@ddn.com>
Date: Fri, 11 Mar 2022 16:16:53 +0000 (+0100)
Subject: LUDOC-504 nodemap: servers must be in a trusted+admin group
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=refs%2Fchanges%2F01%2F46801%2F3;p=doc%2Fmanual.git

LUDOC-504 nodemap: servers must be in a trusted+admin group

Make it clear that Lustre requires a "TrustedSystems" nodemap covering
all servers, with both admin and trusted properties set.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I364557a5dc35abe597ae53658f1839c900863fbf
Reviewed-on: https://review.whamcloud.com/46801
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
---

diff --git a/LustreNodemap.xml b/LustreNodemap.xml
index 72ec50d..8f0d08c 100644
--- a/LustreNodemap.xml
+++ b/LustreNodemap.xml
@@ -104,6 +104,30 @@
     </section>
 
     <section remap="h3">
+      <title>Defining a Servers Specific Group</title>
+
+      <para>For proper operations, the Lustre file system
+      <emphasis role="bold">requires</emphasis> to have a privileged group that
+      covers all Lustre server nodes. So the very first step when working with
+      nodemaps is to create such a group with both properties
+      <literal>admin</literal> and <literal>trusted</literal> set. It is
+      recommended to give this group an explicit label such as âTrustedSystemsâ
+      or some identifier that makes the association clear.</para>
+
+      <para>Let's consider a deployment where the server nodes are in the NID
+      range <literal>192.168.0.[1-10]@tcp</literal>. Create the policy group,
+      add the NID range to that group, and set the properties accordingly using
+      the <literal>lctl</literal> command on the MGS:</para>
+
+      <screen>mgs# lctl nodemap_add <replaceable>TrustedSystems</replaceable>
+mgs# lctl nodemap_add_range --name <replaceable>TrustedSystems</replaceable> --range 192.168.0.[1-10]@tcp
+mgs# lctl nodemap_modify --name <replaceable>TrustedSystems</replaceable> --property admin --value 1
+mgs# lctl nodemap_modify --name <replaceable>TrustedSystems</replaceable> --property trusted --value 1
+</screen>
+
+    </section>
+
+    <section remap="h3">
       <title>Describing and Deploying a Sample Mapping</title>
 
       <para>Deploy nodemap by first considering which users need to be
@@ -240,6 +264,13 @@ drwxr-xr-x 3 root root     4096 Jul 23 09:02 ..
     to user <literal>nobody</literal>, which interferes with most
     administrative actions.</para>
 
+    <para>For proper operations, the Lustre file system
+    <emphasis role="bold">requires</emphasis> a group that covers all Lustre
+    server nodes, with both properties <literal>admin</literal> and
+    <literal>trusted</literal> set. It is recommended to give this group an
+    explicit label such as âTrustedSystemsâ or some identifier that makes the
+    association clear.</para>
+
     <section remap="h3">
       <title>Managing the Properties</title>
 
@@ -344,9 +375,9 @@ mgs# lctl nodemap_modify --name <replaceable>BirdAdminSite</replaceable> --prope
       order to perform maintenance or to perform administrative tasks. </para>
 
       <warning>
-        <para>MDS systems <emphasis role="bold">must</emphasis> be in a policy
-        group with both these properties set to 1. It is recommended to put the
-        MDS in a policy group labeled âTrustedSystemsâ or some identifier that
+        <para>Lustre server nodes <emphasis role="bold">must</emphasis> be in a
+        policy group with both these properties set to 1. It is recommended to
+        use a policy group labeled âTrustedSystemsâ or some identifier that
         makes the association clear.</para>
       </warning>
 
