On Thu, Dec 15, 2016 at 4:31 PM, Bjoern Laessig <b.laessig@xxxxxxxxxxxxxx> wrote: > On Mi, 2016-12-14 at 18:01 +0100, Ilya Dryomov wrote: >> On Wed, Dec 14, 2016 at 5:10 PM, Bjoern Laessig <b.laessig@xxxxxxxxxxxxxx> wrote: >> > i triggered a Kernel bug in the ceph-krbd code >> > * http://www.spinics.net/lists/ceph-devel/msg33802.html >> >> The fix is ready and is set to be merged into 4.10-rc1. >> >> How often can you hit it? > > I cannot hit it. My kernel guy says it is more probable, that the server > room burns down before that happens again. But if you send me the patch > at least i can test it on top of 4.9. I concur with your kernel guy ;) If you relieve the memory pressure, it won't happen again. The patch [1] is based on a few other auth-related changes. If you checkout [2], you'll get all of them - v4.9..b3bbd3f2ab19. [1] https://github.com/ceph/ceph-client/commit/7af3ea189a9a13f090de51c97f676215dabc1205 [2] https://github.com/ceph/ceph-client/commit/b3bbd3f2ab19c8ca319003b4b51ce4c4ca74da06 > > The whole disabling-cephx-sign-message thing is a test, whether i *can* > disable it, if it happens again. > >> > Actually i do not have to delete the logfiles every 12 hours, so my pain >> > has gone but its a workaround for a workaround. That is painful. What >> > could i do to disable cephx-message-signing only for the krbd clients? >> >> I don't think you can enable/disable message signing on a per >> connection basis - once the feature bit is negotiated, messengers on >> both sides expect everything to be signed. Feature bits are static and >> the MSG_AUTH feature bit is enabled since bobtail and kernel 3.19. >> >> It has to be disabled both on the server side (via ceph.conf, all >> daemons need to be restarted) and on the client side (via rbd map -o >> nocephx_sign_messages). > > I will not disable security Foo. It is simple to disable, but often it > is huge mess to enable it again. Enabling it is the reverse: cephx_sign_messages = true and rbd map as usual. Nothing to it, but I hear you. Thanks, Ilya _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |