Re: NFS client to pNFS DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 9, 2024 at 12:27 PM marc eshel <eshel.marc@xxxxxxxxx> wrote:
>
>
> On 8/9/24 8:15 AM, Olga Kornievskaia wrote:
> > On Fri, Aug 9, 2024 at 10:09 AM marc eshel <eshel.marc@xxxxxxxxx> wrote:
> >> Thanks for the replies, I am a little rusty with debugging NFS but this what I see when the NFS client tried to create a session with the DS.
> >>
> >> Ganesha was configured for sec=sys and the client mount had the option sec=sys, I assume flavor 390004 means it was trying to use krb5i.
> > For 4.1, the client will always try to do state operations with krb5i
> > even when sec=sys when the client detects that it's configured to do
> > Kerberos (ie., gssd is running). This context creation is triggered
> > regardless of whether the rpc client is used for MDS or DS.
> >
> > My question to you: is the MDS configured with Kerberos but the DS
> > isn't? And also, does this lead to a failure?
> Both MDS DS are configured for sec=sys and it is leading to client
> switching from DS to MDS so yes, it is pNFS failure. What I see on the
> DS is the client creating a session and than imminently destroying it
> before committing it. If the is something else that I can debug I will
> be happy to.

pnfs failure is unexpected. I'm pretty confident that a non-kerberos
configured client can do normal pnfs with sec=sys. I can help debug,
if you want to send me a network trace and tracepoint output. Btw what
kernel/distro are you using?

>
> Marc.
>
> >
> >> Jul 30 11:10:58 svl-marcrh-node-1 kernel: RPC:       Couldn't create
> >> auth handle (flavor 390004)
> >>
> >> Marc.
> >>
> >> On 8/9/24 6:06 AM, Anna Schumaker wrote:
> >>
> >> On Thu, Aug 8, 2024 at 6:07 PM Olga Kornievskaia <aglo@xxxxxxxxx> wrote:
> >>
> >> On Mon, Aug 5, 2024 at 5:51 PM marc eshel <eshel.marc@xxxxxxxxx> wrote:
> >>
> >> Hi Trond,
> >>
> >> Will the Linux NFS client try to us krb5i regardless of the MDS
> >> configuration?
> >>
> >> Is there any option to avoid it?
> >>
> >> I was under the impression the linux client has no way of choosing a
> >> different auth_gss security flavor for the DS than the MDS. Meaning
> >>
> >> That's a good point, I completely missed that this is specifically for the DS.
> >>
> >> that if mount command has say sec=krb5i then both MDS and DS
> >> connections have to do krb5i and if say the DS isn't configured for
> >> Kerberos, then IO would fallback to MDS. I no longer have a pnfs
> >>
> >> That's what I would expect, too.
> >>
> >> server to verify whether or not what I say is true but that is what my
> >> memory tells me is the case.
> >>
> >>
> >> Thanks, Marc.
> >>
> >> ul 30 11:10:58 svl-marcrh-node-1 kernel: nfs4_fl_alloc_deviceid_node
> >> stripe count  1
> >> Jul 30 11:10:58 svl-marcrh-node-1 kernel: nfs4_fl_alloc_deviceid_node
> >> ds_num 1
> >> Jul 30 11:10:58 svl-marcrh-node-1 kernel: RPC:       Couldn't create
> >> auth handle (flavor 390004)
> >>
> >>
>





[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux