-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent improvements #14415
Agent improvements #14415
Conversation
Bug-tracker data: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. No errors found by checkpatch.
Test stage Functional on EL 8.8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14415/1/execution/node/1262/log |
A change further up in the stack revealed that "ERROR" wasn't accepted as a log mask string at the engine level. Signed-off-by: Kris Jacque <[email protected]>
Allow daos_agent to optionally handle unresolvable client uids via custom mapping. In deployments where the agent may not have access to the same user namespace as client applications (e.g. in containerized deployments), the client_user_map can provide a fallback mechanism for resolving the client uids to known usernames for the purpose of applying ACL permissions tests. Example agent config: credential_config: client_user_map: default: user: nobody group: nobody 1000: user: joe group: blow Features: control Required-githooks: true Change-Id: I72905ccc5ddee27fc2101aa4358a14e352c86253 Signed-off-by: Michael MacDonald <[email protected]>
On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_lifetime: 1m Features: control Required-githooks: true Change-Id: I6ae2a8be1dd97ef14e0ccef0283d65bc1fabc4ed Signed-off-by: Michael MacDonald <[email protected]>
e61bbd7
to
944c359
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. No errors found by checkpatch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. No errors found by checkpatch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. No errors found by checkpatch.
Backport PR that contains the following patches which will land on master and release/2.6:
DAOS-15849 control: Add client uid map to agent config
Allow daos_agent to optionally handle unresolvable client
uids via custom mapping. In deployments where the agent
may not have access to the same user namespace as client
applications (e.g. in containerized deployments), the
client_user_map can provide a fallback mechanism for
resolving the client uids to known usernames for the
purpose of applying ACL permissions tests.
DAOS-15874 control: Add optional credential cache to agent
On heavily-loaded client nodes where many processes are being
launched by the same user or users, the admin may optionally
enable the credential cache in the agent in order to lower
agent overhead caused by generating identical credentials
for each process owned by a user. The agent-generated
credential is presented by the client process during pool/container
connection and is used to evaluate ACL permissions for
that connection.