From: Scott Mayhew <smayhew@redhat.com>
To: kdevops@lists.linux.dev
Subject: [PATCH v2 00/10] add initial support for testing nfs with krb5
Date: Sat, 9 Mar 2024 18:35:53 -0500 [thread overview]
Message-ID: <20240309233603.1306533-1-smayhew@redhat.com> (raw)
These patches add support for running fstests on NFS with krb5. There
are numerous other fixes and cleanups, but the bulk of the work is in
patch 10.
There are a handful of new Kconfig options (KDEVOPS_SETUP_KRB5,
KRB5_REALM, KRB5_ADMIN_PW, and FSTESTS_NFS_AUTH_FLAVOR) as well as some
new Makefile targets ("kdc" and "krb5", both of which get executed
automatically). During "make bringup", a KDC is spun up automatically,
and all the necessary package dependencies are installed, keys are
generated, and the keytabs are updated on the NFS client and server VMs.
Right now you can only use krb5 with the fstests workflow, but it should
be straightforward to add it to the other NFS-related workflows.
-Scott
Changes since v1:
- Added a pipefs-directory config in nfs.conf to fix a debian issue.
- Moved update_etc_hosts target to run as an early bringup dependency.
- Cleaned up the top level Makefile and bringup.Makefile by moving some
directives into lower level makefiles for nfsd, ktls, siw, and krb5.
- Added a kdevops_nfsd_enable variable and use that instead of checking
if nfsd_threads is defined in several places.
- Cleaned up the hosts file by making sure "nfsd" and "nfsd:vars"
stanzas do not get created if nfsd isn't enabled.
- Cleaned up the hosts file by making sure "krb5", "krb5:vars", "kdc",
and "kdc:vars" stanzas do not get created if krb5 isn't enabled.
- Cleaned up Kconfig.bringup.goals by moving some directives into lower
level kconfigs for nfsd and krb5.
- Added a kdevops_krb5_enable variable and use that instead of checking
if krb5_realm is defined in several places.
- Folded the kdc.Makefile into the krb5.Makefile (there's no reason for
them to have two separate makefiles).
- Added some default vars settings for the KDC.
- Got rid of some unnecessary tasks in the krb5 role that check to see
if a principal existed before creating it, and also before adding it
to the keytab (in reality these checks were just triggering errors that
needed to be ignored).
- Forced the restart rpc.gssd task in the krb5 role to only run on the
nfsd server (because rpc.gssd isn't installed on the clients yet at
the point when the krb5 role is executed).
- Made the krb5 target to run automatically as a late bringup dependency.
Scott Mayhew (10):
nfsd: make sure the appropriate fsprogs package is installed
update_etc_hosts: fix up hostnames on debian guestfs hosts
nfsd: use EXTRA_VAR_INPUTS for export options
devconfig: set /etc/hostname earlier
nfsd: add a pipefs-directory config to nfs.conf
bringup: move the update_etc_hosts task to run early
bringup: clean up the nfs-related make targets
gen_hosts/gen_nodes: clean up nfsd-related stuff
kconfigs: clean up Kconfig.bringup.goals
fstests/nfs: add krb5 support
Makefile | 10 +-
kconfigs/Kconfig.bringup.goals | 13 +-
kconfigs/Kconfig.krb5 | 25 ++++
kconfigs/Kconfig.nfsd | 16 +++
playbooks/kdc.yml | 4 +
playbooks/krb5.yml | 4 +
playbooks/roles/devconfig/tasks/main.yml | 21 ++--
.../fstests/tasks/install-deps/suse/main.yml | 10 ++
playbooks/roles/fstests/tasks/main.yml | 41 ++++++
.../roles/fstests/templates/nfs/nfsmount.conf | 2 +
playbooks/roles/gen_hosts/defaults/main.yml | 3 +
.../roles/gen_hosts/templates/fstests.j2 | 19 ++-
playbooks/roles/gen_hosts/templates/gitr.j2 | 4 +-
playbooks/roles/gen_hosts/templates/hosts.j2 | 6 +-
playbooks/roles/gen_nodes/defaults/main.yml | 2 +
playbooks/roles/gen_nodes/tasks/main.yml | 25 +++-
.../kdc/tasks/install-deps/debian/main.yml | 11 ++
.../roles/kdc/tasks/install-deps/main.yml | 12 ++
.../kdc/tasks/install-deps/redhat/main.yml | 16 +++
.../kdc/tasks/install-deps/suse/main.yml | 10 ++
playbooks/roles/kdc/tasks/main.yml | 119 ++++++++++++++++++
playbooks/roles/kdc/templates/kadm5.acl.j2 | 1 +
playbooks/roles/kdc/templates/kdc.conf.j2 | 15 +++
playbooks/roles/kdc/templates/krb5.conf.j2 | 29 +++++
playbooks/roles/kdc/vars/Debian.yml | 7 ++
playbooks/roles/kdc/vars/RedHat.yml | 7 ++
playbooks/roles/kdc/vars/Suse.yml | 7 ++
playbooks/roles/kdc/vars/default.yml | 7 ++
playbooks/roles/kdc/vars/main.yml | 1 +
.../krb5/tasks/install-deps/debian/main.yml | 9 ++
.../roles/krb5/tasks/install-deps/main.yml | 12 ++
.../krb5/tasks/install-deps/redhat/main.yml | 15 +++
.../krb5/tasks/install-deps/suse/main.yml | 16 +++
playbooks/roles/krb5/tasks/main.yml | 52 ++++++++
playbooks/roles/krb5/templates/krb5.conf.j2 | 31 +++++
.../nfsd/tasks/install-deps/debian/main.yml | 33 ++++-
.../nfsd/tasks/install-deps/redhat/main.yml | 31 +++--
.../nfsd/tasks/install-deps/suse/main.yml | 32 ++++-
playbooks/roles/nfsd/templates/nfs.conf.j2 | 3 +
playbooks/roles/nfsd/vars/Debian.yml | 13 ++
playbooks/roles/nfsd/vars/RedHat.yml | 14 +++
playbooks/roles/nfsd/vars/Suse.yml | 12 ++
.../roles/update_etc_hosts/tasks/main.yml | 26 +++-
playbooks/update_etc_hosts.yml | 1 +
scripts/bringup.Makefile | 19 +--
scripts/krb5.Makefile | 22 ++++
scripts/ktls.Makefile | 7 ++
scripts/nfsd.Makefile | 17 ++-
scripts/siw.Makefile | 6 +
scripts/update_etc_hosts.Makefile | 7 ++
workflows/fstests/nfs/Kconfig | 29 +++++
workflows/fstests/nfs/Makefile | 4 +
52 files changed, 778 insertions(+), 80 deletions(-)
create mode 100644 kconfigs/Kconfig.krb5
create mode 100644 playbooks/kdc.yml
create mode 100644 playbooks/krb5.yml
create mode 100644 playbooks/roles/fstests/templates/nfs/nfsmount.conf
create mode 100644 playbooks/roles/kdc/tasks/install-deps/debian/main.yml
create mode 100644 playbooks/roles/kdc/tasks/install-deps/main.yml
create mode 100644 playbooks/roles/kdc/tasks/install-deps/redhat/main.yml
create mode 100644 playbooks/roles/kdc/tasks/install-deps/suse/main.yml
create mode 100644 playbooks/roles/kdc/tasks/main.yml
create mode 100644 playbooks/roles/kdc/templates/kadm5.acl.j2
create mode 100644 playbooks/roles/kdc/templates/kdc.conf.j2
create mode 100644 playbooks/roles/kdc/templates/krb5.conf.j2
create mode 100644 playbooks/roles/kdc/vars/Debian.yml
create mode 100644 playbooks/roles/kdc/vars/RedHat.yml
create mode 100644 playbooks/roles/kdc/vars/Suse.yml
create mode 100644 playbooks/roles/kdc/vars/default.yml
create mode 100644 playbooks/roles/kdc/vars/main.yml
create mode 100644 playbooks/roles/krb5/tasks/install-deps/debian/main.yml
create mode 100644 playbooks/roles/krb5/tasks/install-deps/main.yml
create mode 100644 playbooks/roles/krb5/tasks/install-deps/redhat/main.yml
create mode 100644 playbooks/roles/krb5/tasks/install-deps/suse/main.yml
create mode 100644 playbooks/roles/krb5/tasks/main.yml
create mode 100644 playbooks/roles/krb5/templates/krb5.conf.j2
create mode 100644 playbooks/roles/nfsd/vars/Debian.yml
create mode 100644 playbooks/roles/nfsd/vars/RedHat.yml
create mode 100644 playbooks/roles/nfsd/vars/Suse.yml
create mode 100644 scripts/krb5.Makefile
create mode 100644 scripts/update_etc_hosts.Makefile
--
2.43.0
next reply other threads:[~2024-03-09 23:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-09 23:35 Scott Mayhew [this message]
2024-03-09 23:35 ` [PATCH v2 01/10] nfsd: make sure the appropriate fsprogs package is installed Scott Mayhew
2024-03-09 23:35 ` [PATCH v2 02/10] update_etc_hosts: fix up hostnames on debian guestfs hosts Scott Mayhew
2024-03-09 23:35 ` [PATCH v2 03/10] nfsd: use EXTRA_VAR_INPUTS for export options Scott Mayhew
2024-03-09 23:35 ` [PATCH v2 04/10] devconfig: set /etc/hostname earlier Scott Mayhew
2024-03-09 23:35 ` [PATCH v2 05/10] nfsd: add a pipefs-directory config to nfs.conf Scott Mayhew
2024-03-09 23:35 ` [PATCH v2 06/10] bringup: move the update_etc_hosts task to run early Scott Mayhew
2024-03-09 23:36 ` [PATCH v2 07/10] bringup: clean up the nfs-related make targets Scott Mayhew
2024-03-09 23:36 ` [PATCH v2 08/10] gen_hosts/gen_nodes: clean up nfsd-related stuff Scott Mayhew
2024-03-09 23:36 ` [PATCH v2 09/10] kconfigs: clean up Kconfig.bringup.goals Scott Mayhew
2024-03-09 23:36 ` [PATCH v2 10/10] fstests/nfs: add krb5 support Scott Mayhew
2024-03-11 12:57 ` [PATCH v2 00/10] add initial support for testing nfs with krb5 Jeff Layton
2024-03-11 22:05 ` Luis Chamberlain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240309233603.1306533-1-smayhew@redhat.com \
--to=smayhew@redhat.com \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox