From: Jeremy Filizetti Date: Tue, 6 Sep 2016 01:49:33 +0000 (-0400) Subject: LU-3289 gss: Change the handling of keys for SK X-Git-Tag: 2.8.60~63 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=refs%2Fchanges%2F26%2F22626%2F3;p=fs%2Flustre-release.git LU-3289 gss: Change the handling of keys for SK Servers were automatically loading keys of the client type to allow server to server communication to work by only including a path to the --skpath option of mount.lustre. However, this has multiple issues due to ordering with multiple keys and can be unpredictable. Instead keys that will be used for server to server communication must be loaded manually or by a pre-mount script using lgss_sk and specifiying the client type. In addition client's should only load a single key with --skpath so a check is added to not allow directories on the client. Signed-off-by: Jeremy Filizetti Change-Id: I239753fa1a2bff19bed598e6d2a073e8567d1002 Reviewed-on: http://review.whamcloud.com/22626 Tested-by: Jenkins Reviewed-by: Andreas Dilger Reviewed-by: John L. Hammond Tested-by: Maloo Reviewed-by: Oleg Drokin --- diff --git a/lustre/utils/mount_utils.c b/lustre/utils/mount_utils.c index ec353f1..3ee400d 100644 --- a/lustre/utils/mount_utils.c +++ b/lustre/utils/mount_utils.c @@ -887,15 +887,6 @@ int load_shared_keys(struct mount_opts *mop) int type = 0; int rc; - if (IS_SERVER(&mop->mo_ldd)) { - if (IS_MGS(&mop->mo_ldd)) - type |= SK_TYPE_MGS; - if (IS_MDT(&mop->mo_ldd) || IS_OST(&mop->mo_ldd)) - type |= SK_TYPE_SERVER | SK_TYPE_CLIENT; - } else { - type |= SK_TYPE_CLIENT; - } - /* init logging */ sk_init_logging(NULL, 1, 1); @@ -906,6 +897,20 @@ int load_shared_keys(struct mount_opts *mop) return -errno; } + if (IS_SERVER(&mop->mo_ldd)) { + if (IS_MGS(&mop->mo_ldd)) + type |= SK_TYPE_MGS; + if (IS_MDT(&mop->mo_ldd) || IS_OST(&mop->mo_ldd)) + type |= SK_TYPE_SERVER; + } else { + type |= SK_TYPE_CLIENT; + if (!S_ISREG(sbuf.st_mode)) { + fprintf(stderr, "Invalid shared key path, must be a " + "file for client mounts: %s\n", path); + return -EINVAL; + } + } + /* Load individual keys or a directory of them */ if (S_ISREG(sbuf.st_mode)) { return sk_load_keyfile(path, type);