From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E553B25757 for ; Fri, 8 Mar 2024 15:50:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709913053; cv=none; b=T4SKlSedNC9F7J3KfEOFKyNXxt+DCAioBXCiJOeVnM3iriUOL3Vse0jkpdxXR6gHMG+WIfwQtwhXjtBKbhTIDKCg+zx/vVVG54/aSa/jYkAGWiI0tx8Qfpv2zDqnHGsh8VOY6zzK1K6CJNAec2sG09+c8K4e40kyOH6kGdyaaBU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709913053; c=relaxed/simple; bh=AwlFC6Ecee6TRx45oPcKdJB7VsgCGPlQsDHkZhRdwAM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: In-Reply-To:Content-Type:Content-Disposition; b=arH9KKM+vCtiukWJ4W9aX49tHlmOp6Msx7NzdvQE8F0Nj7TyYH9pRo83ojYfCFsYB/APP5IWYbk+aajjpUMC7nxD6raIh6Odawv6FjR9/B/+50OrM81SyjlcpJ9LCHwWzeYH4W4kMAzPSwUA+NSmI6LJU8Ul+Y7nH4/+8qbpWBY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XWnccybt; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XWnccybt" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709913050; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a/xLEL2rRdlkcsU2ijZTAt0HpBGmk9XdPBX1lyz6wac=; b=XWnccybtBSBkG/xzwf8ULm4HjBOhPmHbfZPVPNtdIPPHi91b2OB3m9/qlCyAmTOepJrxdU Ncd3USFd8AjxvSvhzhIqx1NIDCU6sa8nX+Dfib4WNE0pV8alTk8nKCTiGoKYrRS8Ep+xpt k9k04DBubNgdJJcHqN9MjEeS7r8fauE= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-124-eh9n5ZP9O_eg4jAMSlatpA-1; Fri, 08 Mar 2024 10:50:47 -0500 X-MC-Unique: eh9n5ZP9O_eg4jAMSlatpA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 326643C02B7B; Fri, 8 Mar 2024 15:50:47 +0000 (UTC) Received: from aion.redhat.com (unknown [10.22.16.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1ADFD2166AF1; Fri, 8 Mar 2024 15:50:47 +0000 (UTC) Received: by aion.redhat.com (Postfix, from userid 1000) id AA21212CFF0; Fri, 8 Mar 2024 10:50:46 -0500 (EST) Date: Fri, 8 Mar 2024 10:50:46 -0500 From: Scott Mayhew To: Chuck Lever III Cc: "kdevops@lists.linux.dev" Subject: Re: [PATCH 0/5] add initial support for testing nfs with krb5 Message-ID: References: <20240307131414.1244984-1-smayhew@redhat.com> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, 08 Mar 2024, Chuck Lever III wrote: >=20 >=20 > > On Mar 7, 2024, at 8:14=E2=80=AFAM, Scott Mayhew w= rote: > >=20 > > These patches add support for running fstests on NFS with krb5. The > > bulk of the work is in patch 5. There are a handful of new Kconfig > > options (KDEVOPS_SETUP_KRB5, KRB5_REALM, KRB5_ADMIN_PW, and > > FSTESTS_NFS_AUTH_FLAVOR) as well as a new Makefile target "krb5" which > > should be run after "make bringup". A KDC is spun up automatically > > during "make bringup". "make krb5" installs all the necessary > > dependencies, generates keys, and updates the keytabs on the NFS client > > and server VMs. >=20 > Would it be easy to integrate KDC bringup with the > existing make targets? nfsd and tls, for instance, > do not have a separate make target. I'm assuming you mean the krb5 target. The KDC bringup is already automati= c. I modeled it after the nfsd and tls stuff actually, which do have separate make targets - they just don't show up on the help menu and you don't run them directly. The krb5 target needs to be run after the /etc/hosts files are updated so that the clients and nfsd are able to talk to the KDC... so something like this should work ---8<--- diff --git a/scripts/bringup.Makefile b/scripts/bringup.Makefile index 5c6a59c3..62a77d8e 100644 --- a/scripts/bringup.Makefile +++ b/scripts/bringup.Makefile @@ -35,13 +35,14 @@ endif # KDEVOPS_SETUP_SIW =20 ifeq (y,$(CONFIG_KDEVOPS_SETUP_KRB5)) KDEVOPS_BRING_UP_DEPS +=3D kdc +KDEVOPS_BRING_UP_POST +=3D krb5 endif # KDEVOPS_SETUP_KRB5 =20 update_etc_hosts: $(Q)ansible-playbook $(ANSIBLE_VERBOSE) \ -f 30 -i hosts playbooks/update_etc_hosts.yml =20 -bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts +bringup: $(KDEVOPS_BRING_UP_DEPS) update_etc_hosts $(KDEVOPS_BRING_UP_POST= ) =20 destroy: $(KDEVOPS_DESTROY_DEPS) ---8<--- I'll test and if it works I'll just get rid of the help text from krb5.Makefile and we should be good to go. -Scott >=20 >=20 > > Right now you can only use krb5 with the fstests workflow, but it shoul= d > > be straightforward to add it to the other NFS-related workflows. > >=20 > > I tested these patches using fedora-39, debian-12, and > > opensuse-tumbleweed guestfs images. > >=20 > > -Scott > >=20 > > Scott Mayhew (5): > > nfsd: make sure the appropriate fsprogs package is installed > > update_etc_hosts: fix up hostnames on debian guestfs hosts > > nfsd: use EXTRA_VAR_INPUTS for export options > > devconfig: set /etc/hostname earlier > > fstests/nfs: add krb5 support > >=20 > > Makefile | 5 + > > kconfigs/Kconfig.bringup.goals | 12 ++ > > kconfigs/Kconfig.kdc | 11 ++ > > playbooks/kdc.yml | 4 + > > playbooks/krb5.yml | 4 + > > playbooks/roles/devconfig/tasks/main.yml | 21 ++-- > > .../fstests/tasks/install-deps/suse/main.yml | 10 ++ > > playbooks/roles/fstests/tasks/main.yml | 41 ++++++ > > .../roles/fstests/templates/nfs/nfsmount.conf | 2 + > > .../roles/gen_hosts/templates/fstests.j2 | 17 +++ > > playbooks/roles/gen_nodes/tasks/main.yml | 19 +++ > > .../kdc/tasks/install-deps/debian/main.yml | 11 ++ > > .../roles/kdc/tasks/install-deps/main.yml | 12 ++ > > .../kdc/tasks/install-deps/redhat/main.yml | 16 +++ > > .../kdc/tasks/install-deps/suse/main.yml | 10 ++ > > playbooks/roles/kdc/tasks/main.yml | 119 ++++++++++++++++++ > > playbooks/roles/kdc/templates/kadm5.acl.j2 | 1 + > > playbooks/roles/kdc/templates/kdc.conf.j2 | 15 +++ > > playbooks/roles/kdc/templates/krb5.conf.j2 | 29 +++++ > > playbooks/roles/kdc/vars/Debian.yml | 7 ++ > > playbooks/roles/kdc/vars/RedHat.yml | 7 ++ > > playbooks/roles/kdc/vars/Suse.yml | 7 ++ > > playbooks/roles/kdc/vars/default.yml | 1 + > > playbooks/roles/kdc/vars/main.yml | 1 + > > .../krb5/tasks/install-deps/debian/main.yml | 9 ++ > > .../roles/krb5/tasks/install-deps/main.yml | 12 ++ > > .../krb5/tasks/install-deps/redhat/main.yml | 15 +++ > > .../krb5/tasks/install-deps/suse/main.yml | 16 +++ > > playbooks/roles/krb5/tasks/main.yml | 70 +++++++++++ > > playbooks/roles/krb5/templates/krb5.conf.j2 | 31 +++++ > > .../nfsd/tasks/install-deps/debian/main.yml | 33 ++++- > > .../nfsd/tasks/install-deps/redhat/main.yml | 31 +++-- > > .../nfsd/tasks/install-deps/suse/main.yml | 32 ++++- > > playbooks/roles/nfsd/vars/Debian.yml | 11 ++ > > playbooks/roles/nfsd/vars/RedHat.yml | 12 ++ > > playbooks/roles/nfsd/vars/Suse.yml | 10 ++ > > .../roles/update_etc_hosts/tasks/main.yml | 12 ++ > > scripts/bringup.Makefile | 4 + > > scripts/kdc.Makefile | 8 ++ > > scripts/krb5.Makefile | 10 ++ > > scripts/nfsd.Makefile | 8 +- > > workflows/fstests/nfs/Kconfig | 29 +++++ > > workflows/fstests/nfs/Makefile | 4 + > > 43 files changed, 712 insertions(+), 27 deletions(-) > > create mode 100644 kconfigs/Kconfig.kdc > > create mode 100644 playbooks/kdc.yml > > create mode 100644 playbooks/krb5.yml > > create mode 100644 playbooks/roles/fstests/templates/nfs/nfsmount.conf > > create mode 100644 playbooks/roles/kdc/tasks/install-deps/debian/main.y= ml > > create mode 100644 playbooks/roles/kdc/tasks/install-deps/main.yml > > create mode 100644 playbooks/roles/kdc/tasks/install-deps/redhat/main.y= ml > > create mode 100644 playbooks/roles/kdc/tasks/install-deps/suse/main.yml > > create mode 100644 playbooks/roles/kdc/tasks/main.yml > > create mode 100644 playbooks/roles/kdc/templates/kadm5.acl.j2 > > create mode 100644 playbooks/roles/kdc/templates/kdc.conf.j2 > > create mode 100644 playbooks/roles/kdc/templates/krb5.conf.j2 > > create mode 100644 playbooks/roles/kdc/vars/Debian.yml > > create mode 100644 playbooks/roles/kdc/vars/RedHat.yml > > create mode 100644 playbooks/roles/kdc/vars/Suse.yml > > create mode 100644 playbooks/roles/kdc/vars/default.yml > > create mode 100644 playbooks/roles/kdc/vars/main.yml > > create mode 100644 playbooks/roles/krb5/tasks/install-deps/debian/main.= yml > > create mode 100644 playbooks/roles/krb5/tasks/install-deps/main.yml > > create mode 100644 playbooks/roles/krb5/tasks/install-deps/redhat/main.= yml > > create mode 100644 playbooks/roles/krb5/tasks/install-deps/suse/main.ym= l > > create mode 100644 playbooks/roles/krb5/tasks/main.yml > > create mode 100644 playbooks/roles/krb5/templates/krb5.conf.j2 > > create mode 100644 playbooks/roles/nfsd/vars/Debian.yml > > create mode 100644 playbooks/roles/nfsd/vars/RedHat.yml > > create mode 100644 playbooks/roles/nfsd/vars/Suse.yml > > create mode 100644 scripts/kdc.Makefile > > create mode 100644 scripts/krb5.Makefile > >=20 > > --=20 > > 2.43.0 > >=20 > >=20 >=20 > -- > Chuck Lever >=20 >=20