[gpfsug-discuss] 4.2 & protocols (missing dependency?)
Simon Thompson (Research Computing - IT Services)
S.J.Thompson at bham.ac.uk
Thu Dec 17 16:02:12 GMT 2015
See, this sort of thing:
"A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local unprivileged user,
or a user with network access to the IBM Spectrum Scale cluster, to access admin passwords for object storage infrastructure.
This vulnerability only affects clusters which have installed and deployed the Object protocol."
Is exactly why we don't want to be installing components that we aren't actively using ...
Simon
From: <gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of Mathias Dietz <MDIETZ at de.ibm.com<mailto:MDIETZ at de.ibm.com>>
Reply-To: "gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Date: Wednesday, 16 December 2015 at 12:43
To: "gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?)
I see your point, but our recommendation is to always install gpfs.protocols-support-4.2.0-0.noarch on protocol nodes, even if a single protocol is used only.
This is consistent with how the Spectrum Scale installer is setting up systems.
Mit freundlichen Grüßen / Kind regards
Mathias Dietz
Spectrum Scale Development
System Health Team - Scrum Master
IBM Certified Software Engineer
----------------------------------------------------------------------------------------------------------
IBM Deutschland
Hechtsheimer Str. 2
55131 Mainz
Phone: +49-6131-84-2027
Mobile: +49-15152801035
E-Mail: mdietz at de.ibm.com<mailto:mdietz at de.ibm.com>
----------------------------------------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
From: "Simon Thompson (Research Computing - IT Services)" <S.J.Thompson at bham.ac.uk<mailto:S.J.Thompson at bham.ac.uk>>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Date: 12/16/2015 01:16 PM
Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?)
Sent by: gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>
________________________________
OK, Iooked at that. This means pulling in all the object and NFS stuff as well onto my server as well.
I only run SMB, so I don;'t want lots of other stuff installing as well ..
--> Running transaction check
---> Package gpfs.protocols-support.noarch 0:4.2.0-0 will be installed
--> Processing Dependency: spectrum-scale-object >= 4.2.0 for package: gpfs.protocols-support-4.2.0-0.noarch
--> Processing Dependency: nfs-ganesha >= 2.2 for package: gpfs.protocols-support-4.2.0-0.noarch
--> Running transaction check
---> Package gpfs.protocols-support.noarch 0:4.2.0-0 will be installed
--> Processing Dependency: spectrum-scale-object >= 4.2.0 for package: gpfs.protocols-support-4.2.0-0.noarch
---> Package nfs-ganesha.x86_64 0:2.3.0-1.el7 will be installed
--> Processing Dependency: libntirpc.so.1.3(NTIRPC_1.3.1)(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64
--> Processing Dependency: libntirpc.so.1.3()(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64
--> Processing Dependency: libjemalloc.so.1()(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64
From: <gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>> on behalf of Mathias Dietz <MDIETZ at de.ibm.com<mailto:MDIETZ at de.ibm.com>>
Reply-To: "gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Date: Wednesday, 16 December 2015 at 12:02
To: "gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?)
Hi,
you are right that python-ldap is a required dependency for 4.2 protocol nodes.
Please make sure to have the gpfs.protocols-support-4.2.0-0.noarch RPM installed on protocol nodes because this package will enforce the dependencies.
>> rpm -qi gpfs.protocols-support-4.2.0-0.noarch
Name : gpfs.protocols-support
Version : 4.2.0
Release : 0
Architecture: noarch
Install Date: Wed 16 Dec 2015 07:56:42 PM CET
Group : System Environment/Base
Size : 0
License : (C) COPYRIGHT International Business Machines Corp. 2015
Signature : (none)
Source RPM : gpfs.protocols-support-4.2.0-0.src.rpm
Build Date : Sat 14 Nov 2015 12:20:07 AM CET
Build Host : bldlnx84.pok.stglabs.ibm.com
Relocations : (not relocatable)
Summary : gpfs protocol dependencies
Description :
This package includes the dependency list for all the protocols to
enforce that all relevant Spectrum Scale protocol packages are installed.
If this package is not installed "mmchnode" will fail with an appropriate message.
[root at p8-10-rhel-71be-01 ~]# rpm -qi gpfs.protocols-support-4.2.0-0.noarch --requires
Name : gpfs.protocols-support
Version : 4.2.0
Release : 0
Architecture: noarch
Install Date: Wed 16 Dec 2015 07:56:42 PM CET
Group : System Environment/Base
Size : 0
License : (C) COPYRIGHT International Business Machines Corp. 2015
Signature : (none)
Source RPM : gpfs.protocols-support-4.2.0-0.src.rpm
Build Date : Sat 14 Nov 2015 12:20:07 AM CET
Build Host : bldlnx84.pok.stglabs.ibm.com
Relocations : (not relocatable)
Summary : gpfs protocol dependencies
Description :
This package includes the dependency list for all the protocols to
enforce that all relevant Spectrum Scale protocol packages are installed.
If this package is not installed "mmchnode" will fail with an appropriate message.
gpfs.base >= 4.2.0
nfs-ganesha >= 2.2
gpfs.smb >= 4.2.0_gpfs
spectrum-scale-object >= 4.2.0
python-ldap
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
Mit freundlichen Grüßen / Kind regards
Mathias Dietz
Spectrum Scale Development
System Health Team - Scrum Master
IBM Certified Software Engineer
----------------------------------------------------------------------------------------------------------
IBM Deutschland
Hechtsheimer Str. 2
55131 Mainz
Phone: +49-6131-84-2027
Mobile: +49-15152801035
E-Mail: mdietz at de.ibm.com<mailto:mdietz at de.ibm.com>
----------------------------------------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
From: "Simon Thompson (Research Computing - IT Services)" <S.J.Thompson at bham.ac.uk<mailto:S.J.Thompson at bham.ac.uk>>
To: "gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Date: 12/15/2015 11:50 PM
Subject: [gpfsug-discuss] 4.2 & protocols (missing dependency?)
Sent by: gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>
________________________________
Hi,
I;ve just upgraded some of my protocol nodes to 4.2, I noticed on startup that in the logs I get:
Traceback (most recent call last):
File "/usr/lpp/mmfs/bin/mmcesmon.py", line 178, in <module>
import mmcesmon.CommandHandler
File "/usr/lpp/mmfs/lib/mmcesmon/CommandHandler.py", line 29, in <module>
from FILEService import FILEService
File "/usr/lpp/mmfs/lib/mmcesmon/FILEService.py", line 19, in <module>
from ExtAuthMonitor import ActiveDirectoryServiceMonitor
File "/usr/lpp/mmfs/lib/mmcesmon/ExtAuthMonitor.py", line 15, in <module>
import ldap
ImportError: No module named ldap
Tue 15 Dec 22:39:12 GMT 2015: mmcesmonitor: Monitor has started pid=18963
Traceback (most recent call last):
File "/usr/lpp/mmfs/bin/mmcesmon.py", line 178, in <module>
import mmcesmon.CommandHandler
File "/usr/lpp/mmfs/lib/mmcesmon/CommandHandler.py", line 29, in <module>
from FILEService import FILEService
File "/usr/lpp/mmfs/lib/mmcesmon/FILEService.py", line 19, in <module>
from ExtAuthMonitor import ActiveDirectoryServiceMonitor
File "/usr/lpp/mmfs/lib/mmcesmon/ExtAuthMonitor.py", line 15, in <module>
import ldap
ImportError: No module named ldap
Error: Cannot connect to server(localhost), port(/var/mmfs/ces/mmcesmonitor.socket): No such file or directory
It looks like one EL7, you also need python-ldap installed (perhaps the installer does this, but it should really be a dependency of the RPM if its required?).
Anyway, if you see issues, add the python-ldap RPM and it should fix it.
Simon
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20151217/5765c99d/attachment-0002.htm>
More information about the gpfsug-discuss
mailing list