Re: [PATCH 0/5] add initial support for testing nfs with krb5

public inbox for kdevops@lists.linux.dev
 help / color / mirror / Atom feed

From: Scott Mayhew <smayhew@redhat.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: "kdevops@lists.linux.dev" <kdevops@lists.linux.dev>
Subject: Re: [PATCH 0/5] add initial support for testing nfs with krb5
Date: Fri, 8 Mar 2024 10:50:46 -0500	[thread overview]
Message-ID: <Zesz1jZDMgp_U6dt@aion> (raw)
In-Reply-To: <FCCFD992-AB24-4388-A710-CDE252FBC822@oracle.com>

On Fri, 08 Mar 2024, Chuck Lever III wrote:

> 
> 
> > On Mar 7, 2024, at 8:14 AM, Scott Mayhew <smayhew@redhat.com> wrote:
> > 
> > These patches add support for running fstests on NFS with krb5.  The
> > bulk of the work is in patch 5.  There are a handful of new Kconfig
> > options (KDEVOPS_SETUP_KRB5, KRB5_REALM, KRB5_ADMIN_PW, and
> > FSTESTS_NFS_AUTH_FLAVOR) as well as a new Makefile target "krb5" which
> > should be run after "make bringup".  A KDC is spun up automatically
> > during "make bringup".  "make krb5" installs all the necessary
> > dependencies, generates keys, and updates the keytabs on the NFS client
> > and server VMs.
> 
> Would it be easy to integrate KDC bringup with the
> existing make targets? nfsd and tls, for instance,
> do not have a separate make target.

I'm assuming you mean the krb5 target.  The KDC bringup is already automatic.
I modeled it after the nfsd and tls stuff actually, which do have
separate make targets - they just don't show up on the help menu and
you don't run them directly.  The krb5 target needs to be run after the
/etc/hosts files are updated so that the clients and nfsd are able to
talk to the KDC... so something like this should work

---8<---
diff --git a/scripts/bringup.Makefile b/scripts/bringup.Makefile
index 5c6a59c3..62a77d8e 100644
--- a/scripts/bringup.Makefile
+++ b/scripts/bringup.Makefile
@@ -35,13 +35,14 @@ endif # KDEVOPS_SETUP_SIW
 
 ifeq (y,$(CONFIG_KDEVOPS_SETUP_KRB5))
 KDEVOPS_BRING_UP_DEPS += kdc
+KDEVOPS_BRING_UP_POST += krb5
 endif # KDEVOPS_SETUP_KRB5
 
 update_etc_hosts:
        $(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
                -f 30 -i hosts playbooks/update_etc_hosts.yml
 
-bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts
+bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts $(KDEVOPS_BRING_UP_POST)
 
 destroy: $(KDEVOPS_DESTROY_DEPS)
---8<---

I'll test and if it works I'll just get rid of the help text from
krb5.Makefile and we should be good to go.

-Scott
> 
> 
> > Right now you can only use krb5 with the fstests workflow, but it should
> > be straightforward to add it to the other NFS-related workflows.
> > 
> > I tested these patches using fedora-39, debian-12, and
> > opensuse-tumbleweed guestfs images.
> > 
> > -Scott
> > 
> > Scott Mayhew (5):
> >  nfsd: make sure the appropriate fsprogs package is installed
> >  update_etc_hosts: fix up hostnames on debian guestfs hosts
> >  nfsd: use EXTRA_VAR_INPUTS for export options
> >  devconfig: set /etc/hostname earlier
> >  fstests/nfs: add krb5 support
> > 
> > Makefile                                      |   5 +
> > kconfigs/Kconfig.bringup.goals                |  12 ++
> > kconfigs/Kconfig.kdc                          |  11 ++
> > playbooks/kdc.yml                             |   4 +
> > playbooks/krb5.yml                            |   4 +
> > playbooks/roles/devconfig/tasks/main.yml      |  21 ++--
> > .../fstests/tasks/install-deps/suse/main.yml  |  10 ++
> > playbooks/roles/fstests/tasks/main.yml        |  41 ++++++
> > .../roles/fstests/templates/nfs/nfsmount.conf |   2 +
> > .../roles/gen_hosts/templates/fstests.j2      |  17 +++
> > playbooks/roles/gen_nodes/tasks/main.yml      |  19 +++
> > .../kdc/tasks/install-deps/debian/main.yml    |  11 ++
> > .../roles/kdc/tasks/install-deps/main.yml     |  12 ++
> > .../kdc/tasks/install-deps/redhat/main.yml    |  16 +++
> > .../kdc/tasks/install-deps/suse/main.yml      |  10 ++
> > playbooks/roles/kdc/tasks/main.yml            | 119 ++++++++++++++++++
> > playbooks/roles/kdc/templates/kadm5.acl.j2    |   1 +
> > playbooks/roles/kdc/templates/kdc.conf.j2     |  15 +++
> > playbooks/roles/kdc/templates/krb5.conf.j2    |  29 +++++
> > playbooks/roles/kdc/vars/Debian.yml           |   7 ++
> > playbooks/roles/kdc/vars/RedHat.yml           |   7 ++
> > playbooks/roles/kdc/vars/Suse.yml             |   7 ++
> > playbooks/roles/kdc/vars/default.yml          |   1 +
> > playbooks/roles/kdc/vars/main.yml             |   1 +
> > .../krb5/tasks/install-deps/debian/main.yml   |   9 ++
> > .../roles/krb5/tasks/install-deps/main.yml    |  12 ++
> > .../krb5/tasks/install-deps/redhat/main.yml   |  15 +++
> > .../krb5/tasks/install-deps/suse/main.yml     |  16 +++
> > playbooks/roles/krb5/tasks/main.yml           |  70 +++++++++++
> > playbooks/roles/krb5/templates/krb5.conf.j2   |  31 +++++
> > .../nfsd/tasks/install-deps/debian/main.yml   |  33 ++++-
> > .../nfsd/tasks/install-deps/redhat/main.yml   |  31 +++--
> > .../nfsd/tasks/install-deps/suse/main.yml     |  32 ++++-
> > playbooks/roles/nfsd/vars/Debian.yml          |  11 ++
> > playbooks/roles/nfsd/vars/RedHat.yml          |  12 ++
> > playbooks/roles/nfsd/vars/Suse.yml            |  10 ++
> > .../roles/update_etc_hosts/tasks/main.yml     |  12 ++
> > scripts/bringup.Makefile                      |   4 +
> > scripts/kdc.Makefile                          |   8 ++
> > scripts/krb5.Makefile                         |  10 ++
> > scripts/nfsd.Makefile                         |   8 +-
> > workflows/fstests/nfs/Kconfig                 |  29 +++++
> > workflows/fstests/nfs/Makefile                |   4 +
> > 43 files changed, 712 insertions(+), 27 deletions(-)
> > create mode 100644 kconfigs/Kconfig.kdc
> > create mode 100644 playbooks/kdc.yml
> > create mode 100644 playbooks/krb5.yml
> > create mode 100644 playbooks/roles/fstests/templates/nfs/nfsmount.conf
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/debian/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/redhat/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/install-deps/suse/main.yml
> > create mode 100644 playbooks/roles/kdc/tasks/main.yml
> > create mode 100644 playbooks/roles/kdc/templates/kadm5.acl.j2
> > create mode 100644 playbooks/roles/kdc/templates/kdc.conf.j2
> > create mode 100644 playbooks/roles/kdc/templates/krb5.conf.j2
> > create mode 100644 playbooks/roles/kdc/vars/Debian.yml
> > create mode 100644 playbooks/roles/kdc/vars/RedHat.yml
> > create mode 100644 playbooks/roles/kdc/vars/Suse.yml
> > create mode 100644 playbooks/roles/kdc/vars/default.yml
> > create mode 100644 playbooks/roles/kdc/vars/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/debian/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/redhat/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/install-deps/suse/main.yml
> > create mode 100644 playbooks/roles/krb5/tasks/main.yml
> > create mode 100644 playbooks/roles/krb5/templates/krb5.conf.j2
> > create mode 100644 playbooks/roles/nfsd/vars/Debian.yml
> > create mode 100644 playbooks/roles/nfsd/vars/RedHat.yml
> > create mode 100644 playbooks/roles/nfsd/vars/Suse.yml
> > create mode 100644 scripts/kdc.Makefile
> > create mode 100644 scripts/krb5.Makefile
> > 
> > -- 
> > 2.43.0
> > 
> > 
> 
> --
> Chuck Lever
> 
>

     prev parent reply	other threads:[~2024-03-08 15:50 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-07 13:14 [PATCH 0/5] add initial support for testing nfs with krb5 Scott Mayhew
2024-03-07 13:14 ` [PATCH 1/5] nfsd: make sure the appropriate fsprogs package is installed Scott Mayhew
2024-03-07 13:14 ` [PATCH 2/5] update_etc_hosts: fix up hostnames on debian guestfs hosts Scott Mayhew
2024-03-07 13:14 ` [PATCH 3/5] nfsd: use EXTRA_VAR_INPUTS for export options Scott Mayhew
2024-03-07 13:14 ` [PATCH 4/5] devconfig: set /etc/hostname earlier Scott Mayhew
2024-03-07 13:14 ` [PATCH 5/5] fstests/nfs: add krb5 support Scott Mayhew
2024-03-08 16:57   ` Luis Chamberlain
2024-03-08 19:33     ` Scott Mayhew
2024-03-08 21:08       ` Scott Mayhew
2024-03-08 21:20         ` Luis Chamberlain
2024-03-08 21:18       ` Luis Chamberlain
2024-03-08 22:13         ` Scott Mayhew
2024-03-08 22:47           ` Luis Chamberlain
2024-03-08 15:01 ` [PATCH 0/5] add initial support for testing nfs with krb5 Chuck Lever III
2024-03-08 15:50   ` Scott Mayhew [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5c6a59c dfblob:62a77d8 )
 OR (
bs:"Re: [PATCH 0/5] add initial support for testing nfs with krb5" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zesz1jZDMgp_U6dt@aion \
    --to=smayhew@redhat.com \
    --cc=chuck.lever@oracle.com \
    --cc=kdevops@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox