Re: [PATCH 0/5] add initial support for testing nfs with krb5

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Scott Mayhew <smayhew@redhat.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: "kdevops@lists.linux.dev" <kdevops@lists.linux.dev>
Subject: Re: [PATCH 0/5] add initial support for testing nfs with krb5
Date: Fri, 8 Mar 2024 10:50:46 -0500	[thread overview]
Message-ID: <Zesz1jZDMgp_U6dt@aion> (raw)
In-Reply-To: <FCCFD992-AB24-4388-A710-CDE252FBC822@oracle.com>

On Fri, 08 Mar 2024, Chuck Lever III wrote:

> 
> 
> > On Mar 7, 2024, at 8:14 AM, Scott Mayhew <smayhew@redhat.com> wrote:
> > 
> > These patches add support for running fstests on NFS with krb5.  The
> > bulk of the work is in patch 5.  There are a handful of new Kconfig
> > options (KDEVOPS_SETUP_KRB5, KRB5_REALM, KRB5_ADMIN_PW, and
> > FSTESTS_NFS_AUTH_FLAVOR) as well as a new Makefile target "krb5" which
> > should be run after "make bringup".  A KDC is spun up automatically
> > during "make bringup".  "make krb5" installs all the necessary
> > dependencies, generates keys, and updates the keytabs on the NFS client
> > and server VMs.
> 
> Would it be easy to integrate KDC bringup with the
> existing make targets? nfsd and tls, for instance,
> do not have a separate make target.

I'm assuming you mean the krb5 target.  The KDC bringup is already automatic.
I modeled it after the nfsd and tls stuff actually, which do have
separate make targets - they just don't show up on the help menu and
you don't run them directly.  The krb5 target needs to be run after the
/etc/hosts files are updated so that the clients and nfsd are able to
talk to the KDC... so something like this should work

---8<---
diff --git a/scripts/bringup.Makefile b/scripts/bringup.Makefile
index 5c6a59c3..62a77d8e 100644
--- a/scripts/bringup.Makefile
+++ b/scripts/bringup.Makefile
@@ -35,13 +35,14 @@ endif # KDEVOPS_SETUP_SIW
 
 ifeq (y,$(CONFIG_KDEVOPS_SETUP_KRB5))
 KDEVOPS_BRING_UP_DEPS += kdc
+KDEVOPS_BRING_UP_POST += krb5
 endif # KDEVOPS_SETUP_KRB5
 
 update_etc_hosts:
        $(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
                -f 30 -i hosts playbooks/update_etc_hosts.yml
 
-bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts
+bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts $(KDEVOPS_BRING_UP_POST)
 
 destroy: $(KDEVOPS_DESTROY_DEPS)
---8<---

I'll test and if it works I'll just get rid of the help text from
krb5.Makefile and we should be good to go.

-Scott
> 
> 
> > Right now you can only use krb5 with the fstests workflow, but it should
> > be straightforward to add it to the other NFS-related workflows.
> > 
> > I tested these patches using fedora-39, debian-12, and
> > opensuse-tumbleweed guestfs images.
> > 
> > -Scott
> > 
> > Scott Mayhew (5):
> >  nfsd: make sure the appropriate fsprogs package is installed
> >  update_etc_hosts: fix up hostnames on debian guestfs hosts
> >  nfsd: use EXTRA_VAR_INPUTS for export options
> >  devconfig: set /etc/hostname earlier
> >  fstests/nfs: add krb5 support
> > 
> > Makefile                                      |   5 +
> > kconfigs/Kconfig.bringup.goals                |  12 ++
> > kconfigs/Kconfig.kdc                          |  11 ++
> > playbooks/kdc.yml                             |   4 +
> > playbooks/krb5.yml                            |   4 +
> > playbooks/roles/devconfig/tasks/main.yml      |  21 ++--
> > .../fstests/tasks/install-deps/suse/main.yml  |  10 ++
> > playbooks/roles/fstests/tasks/main.yml        |  41 ++++++
> > .../roles/fstests/templates/nfs/nfsmount.conf |   2 +
> > .../roles/gen_hosts/templates/fstests.j2      |  17 +++
> > playbooks/roles/gen_nodes/tasks/main.yml      |  19 +++
> > .../kdc/tasks/install-deps/debian/main.yml    |  11 ++
> > .../roles/kdc/tasks/install-deps/main.yml     |  12 ++
> > .../kdc/tasks/install-deps/redhat/main.yml    |  16 +++
> > .../kdc/tasks/install-deps/suse/main.yml      |  10 ++
> > playbooks/roles/kdc/tasks/main.yml            | 119 ++++++++++++++++++
> > playbooks/roles/kdc/templates/kadm5.acl.j2    |   1 +
> > playbooks/roles/kdc/templates/kdc.conf.j2     |  15 +++
> > playbooks/roles/kdc/templates/krb5.conf.j2    |  29 +++++
> > playbooks/roles/kdc/vars/Debian.yml           |   7 ++
> > playbooks/roles/kdc/vars/RedHat.yml           |   7 ++
> > playbooks/roles/kdc/vars/Suse.yml             |   7 ++
> > playbooks/roles/kdc/vars/default.yml          |   1 +
> > playbooks/roles/kdc/vars/main.yml             |   1 +
> > .../krb5/tasks/install-deps/debian/main.yml   |   9 ++
> > .../roles/krb5/tasks/install-deps/main.yml    |  12 ++
> > .../krb5/tasks/install-deps/redhat/main.yml   |  15 +++
> > .../krb5/tasks/install-deps/suse/main.yml     |  16 +++
> > playbooks/roles/krb5/tasks/main.yml           |  70 +++++++++++
> > playbooks/roles/krb5/templates/krb5.conf.j2   |  31 +++++
> > .../nfsd/tasks/install-deps/debian/main.yml   |  33 ++++-
> > .../nfsd/tasks/install-deps/redhat/main.yml   |  31 +++--
> > .../nfsd/tasks/install-deps/suse/main.yml     |  32 ++++-
> > playbooks/roles/nfsd/vars/Debian.yml          |  11 ++
> > playbooks/roles/nfsd/vars/RedHat.yml          |  12 ++
> > playbooks/roles/nfsd/vars/Suse.yml            |  10 ++
> > .../roles/update_etc_hosts/tasks/main.yml     |  12 ++
> > scripts/bringup.Makefile                      |   4 +
> > scripts/kdc.Makefile                          |   8 ++
> > scripts/krb5.Makefile                         |  10 ++
> > scripts/nfsd.Makefile                         |   8 +-
> > workflows/fstests/nfs/Kconfig                 |  29 +++++
> > workflows/fstests/nfs/Makefile                |   4 +
> > 43 files changed, 712 insertions(+), 27 deletions(-)
> > create mode 100644 kconfigs/Kconfig.kdc
> > create mode 100644 playbooks/kdc.yml
> > create mode 100644 playbooks/krb5.yml
> > create mode 100644 playbooks/roles/fstests/templates/nfs/nfsmount.conf
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/debian/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/redhat/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/suse/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/main.yml
> > create mode 100644 playbooks/roles/kdc/templates/kadm5.acl.j2
> > create mode 100644 playbooks/roles/kdc/templates/kdc.conf.j2
> > create mode 100644 playbooks/roles/kdc/templates/krb5.conf.j2
> > create mode 100644 playbooks/roles/kdc/vars/Debian.yml
> > create mode 100644 playbooks/roles/kdc/vars/RedHat.yml
> > create mode 100644 playbooks/roles/kdc/vars/Suse.yml
> > create mode 100644 playbooks/roles/kdc/vars/default.yml
> > create mode 100644 playbooks/roles/kdc/vars/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/debian/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/redhat/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/suse/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/main.yml
> > create mode 100644 playbooks/roles/krb5/templates/krb5.conf.j2
> > create mode 100644 playbooks/roles/nfsd/vars/Debian.yml
> > create mode 100644 playbooks/roles/nfsd/vars/RedHat.yml
> > create mode 100644 playbooks/roles/nfsd/vars/Suse.yml
> > create mode 100644 scripts/kdc.Makefile
> > create mode 100644 scripts/krb5.Makefile
> > 
> > -- 
> > 2.43.0
> > 
> > 
> 
> --
> Chuck Lever
> 
>

     prev parent reply	other threads:[~2024-03-08 15:50 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-07 13:14 [PATCH 0/5] add initial support for testing nfs with krb5 Scott Mayhew
2024-03-07 13:14 ` [PATCH 1/5] nfsd: make sure the appropriate fsprogs package is installed Scott Mayhew
2024-03-07 13:14 ` [PATCH 2/5] update_etc_hosts: fix up hostnames on debian guestfs hosts Scott Mayhew
2024-03-07 13:14 ` [PATCH 3/5] nfsd: use EXTRA_VAR_INPUTS for export options Scott Mayhew
2024-03-07 13:14 ` [PATCH 4/5] devconfig: set /etc/hostname earlier Scott Mayhew
2024-03-07 13:14 ` [PATCH 5/5] fstests/nfs: add krb5 support Scott Mayhew
2024-03-08 16:57   ` Luis Chamberlain
2024-03-08 19:33     ` Scott Mayhew
2024-03-08 21:08       ` Scott Mayhew
2024-03-08 21:20         ` Luis Chamberlain
2024-03-08 21:18       ` Luis Chamberlain
2024-03-08 22:13         ` Scott Mayhew
2024-03-08 22:47           ` Luis Chamberlain
2024-03-08 15:01 ` [PATCH 0/5] add initial support for testing nfs with krb5 Chuck Lever III
2024-03-08 15:50   ` Scott Mayhew [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5c6a59c dfblob:62a77d8 )
 OR (
bs:"Re: [PATCH 0/5] add initial support for testing nfs with krb5" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zesz1jZDMgp_U6dt@aion \
    --to=smayhew@redhat.com \
    --cc=chuck.lever@oracle.com \
    --cc=kdevops@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.