...
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
localhost$ eval $(ssh-agent)
Agent pid 5095
localhost$ ssh-add
Identity added: /Users/deiter/.ssh/id_rsa (/Users/deiter/.ssh/id_rsa)
localhost$ ssh -A stack@20.62.171.73
Last login: Tue Aug 24 19:11:18 2021 from 181.241.16.227
[stack@exascaler-cloud-65f1-mgs0 ~]$ loci hosts
10.0.0.7 exascaler-cloud-65f1-cls0
10.0.0.5 exascaler-cloud-65f1-cls1
10.0.0.8 exascaler-cloud-65f1-cls2
10.0.0.13 exascaler-cloud-65f1-cls3
10.0.0.12 exascaler-cloud-65f1-mds0
10.0.0.11 exascaler-cloud-65f1-mgs0
10.0.0.10 exascaler-cloud-65f1-oss0
10.0.0.4 exascaler-cloud-65f1-oss1
10.0.0.6 exascaler-cloud-65f1-oss2
10.0.0.9 exascaler-cloud-65f1-oss3
[stack@exascaler-cloud-65f1-mgs0 ~]$ ssh exascaler-cloud-65f1-cls0
[stack@exascaler-cloud-65f1-cls0 ~]$ lfs df
UUID 1K-blocks Used Available Use% Mounted on
exacloud-MDT0000_UUID 315302464 5744 309928012 1% /mnt/exacloud[MDT:0]
exacloud-OST0000_UUID 3181466888 570662088 2578541648 19% /mnt/exacloud[OST:0]
exacloud-OST0001_UUID 3181466888 590910696 2558305972 19% /mnt/exacloud[OST:1]
exacloud-OST0002_UUID 3181466888 580374740 2568825852 19% /mnt/exacloud[OST:2]
exacloud-OST0003_UUID 3181466888 570645704 2578552816 19% /mnt/exacloud[OST:3]
filesystem_summary: 12725867552 2312593228 10284226288 19% /mnt/exacloud
|
How to install new EXAScaler Cloud clients
New EXAScaler Cloud client instances must be in the same location and connected to the virtual network and subnet. The process of installing and configuring new clients can be performed automatically. All required information is contained in the Terraform output. To configure EXAScaler Cloud filesystem on a new client instance create a configuration file /etc/esc-client.cfg
using the actual IP address of the management server:
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
{
"Version": "2.0.0",
"MountConfig": {
"ClientDevice": "10.0.0.10@tcp:/exacloud",
"Mountpoint": "/mnt/exacloud",
"PackageSource": "http://10.0.0.10/client-packages"
}
} |
To install and setup EXAScaler Cloud filesystem on a new client run the following commands on the client with root privileges:
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
# curl -fsSL http://10.0.0.10/client-setup-tool -o /usr/sbin/esc-client
# chmod +x /usr/sbin/esc-client
# esc-client auto setup --config /etc/esc-client.cfg |
Ubuntu Linux
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy
# esc-client auto setup --config /etc/esc-client.cfg
Discovering platform ... Done.
Configuring firewall rules for Lustre ... Done.
Configuring Lustre client package source ... Done.
Installing Lustre client packages and building DKMS modules ... Done.
Mounting 10.0.0.10@tcp0:/exacloud at /mnt/exacloud ... Done.
# mount -t lustre
10.0.0.10@tcp:/exacloud on /mnt/exacloud type lustre (rw,flock,user_xattr,lazystatfs,encrypt) |
RHEL, CentOS, Alma and Rocky Linux
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
# cat /etc/redhat-release
AlmaLinux release 8.6 (Sky Tiger)
# esc-client auto setup --config /etc/esc-client.cfg
Discovering platform ... Done.
Configuring firewall rules for Lustre ... Done.
Configuring Lustre client package source ... Done.
Installing Lustre client packages ... Done.
Mounting 10.0.0.10@tcp0:/exacloud at /mnt/exacloud ... Done.
# mount -t lustre
10.0.0.10@tcp:/exacloud on /mnt/exacloud type lustre (rw,seclabel,flock,user_xattr,lazystatfs,encrypt) |
How to use client-side encryption
The purpose that client-side encryption wants to serve is to be able to provide a special directory for each user, to safely store sensitive files. The goals are to protect data in transit between clients and servers, and protect data at rest.
This feature is implemented directly at the Lustre client level. Lustre client-side encryption relies on kernel fscrypt. fscrypt is a library which filesystems can hook into to support transparent encryption of files and directories. As a consequence, the key points described below are extracted from fscrypt documentation.
The client-side encryption feature is available natively on Lustre clients running a Linux distributions, including RHEL/CentOS 8.1 and later, Ubuntu 18.04 and later.
Client-side encryption supports data encryption and file and directory names encryption. Ability to encrypt file and directory names is governed by parameter named enable_filename_encryption
and set to 0
by default. When this parameter is 0
, new empty directories configured as encrypted use content encryption only, and not name encryption. This mode is inherited for all subdirectories and files. When enable_filename_encryption
parameter is set to 1
, new empty directories configured as encrypted use full encryption capabilities by encrypting file content and also file and directory names. This mode is inherited for all subdirectories and files. To set the enable_filename_encryption
parameter globally for all clients, one can do on the management server:
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
|
# lctl set_param -P llite.*.enable_filename_encryption=1 |
...