Good Morning, I'm trying to set up nodemaps on a new lustre file system. Presently when I turn on the nodemaps I get permission denied for servers in the default nodemap.
I've defined two custom nodemaps. An AdminSystems nodemap (for servers that will need to perform actions as root, and a LustreServers nodemap (for the lustre servers themselves) Every other client will be in the default map. (whose gid/uid/projid mappings we trust) I set the following: [root@scmds2501 ~]# lctl get_param nodemap.*.admin_nodemap nodemap.AdminSystems.admin_nodemap=1 nodemap.LustreServers.admin_nodemap=1 Nodemap.default.admin_nodemap=0 [root@scmds2501 ~]# lctl get_param nodemap.*.trusted_nodemap nodemap.AdminSystems.trusted_nodemap=1 nodemap.LustreServers.trusted_nodemap=1 Nodemap.default.trusted_nodemap=1 When I turn on the nodemap feature I get a permission denied when mounting on a client node that isn't in the Admin nodemap. Interestingly, on a test client that was mounted before I turned on the nodemap I can write files as myself (into a directory that I established beforehand owned by me). Our desired end state is an Admin nodemap we can add and remove systems to as needed that can take action as root, and all other lustre clients being able to access the file system, but having no root access. The LustreServers nodemap is there to keep the lustre file servers themselves safe from any unexpected changes. w/r, Kurt J. Strosahl (he/him) System Administrator: Lustre, HPC Scientific Computing Group, Thomas Jefferson National Accelerator Facility
_______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
