Agent improvements #14415

mjmac · 2024-05-22T01:17:48Z

Backport PR that contains the following patches which will land on master and release/2.6:

DAOS-15849 control: Add client uid map to agent config
Allow daos_agent to optionally handle unresolvable client
uids via custom mapping. In deployments where the agent
may not have access to the same user namespace as client
applications (e.g. in containerized deployments), the
client_user_map can provide a fallback mechanism for
resolving the client uids to known usernames for the
purpose of applying ACL permissions tests.
```
  Example agent config:

  credential_config:
    client_user_map:
      default:
        user: nobody
        group: nobody
      1000:
        user: joe
        group: blow
```
DAOS-15874 control: Add optional credential cache to agent
On heavily-loaded client nodes where many processes are being
launched by the same user or users, the admin may optionally
enable the credential cache in the agent in order to lower
agent overhead caused by generating identical credentials
for each process owned by a user. The agent-generated
credential is presented by the client process during pool/container
connection and is used to evaluate ACL permissions for
that connection.
```
  Example config:
  credential_config:
    cache_lifetime: 1m
```

github-actions · 2024-05-22T01:18:11Z

Bug-tracker data:
Errors are component not formatted correctly,Ticket number prefix incorrect,PR title is malformatted. See https://daosio.atlassian.net/wiki/spaces/DC/pages/11133911069/Commit+Comments,Unable to load ticket data
https://daosio.atlassian.net/browse/Agent

daosbuild1

LGTM. No errors found by checkpatch.

daosbuild1 · 2024-05-22T05:15:38Z

Test stage Functional on EL 8.8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14415/1/execution/node/1262/log

A change further up in the stack revealed that "ERROR" wasn't accepted as a log mask string at the engine level. Signed-off-by: Kris Jacque <kris.jacque@intel.com>

Allow daos_agent to optionally handle unresolvable client uids via custom mapping. In deployments where the agent may not have access to the same user namespace as client applications (e.g. in containerized deployments), the client_user_map can provide a fallback mechanism for resolving the client uids to known usernames for the purpose of applying ACL permissions tests. Example agent config: credential_config: client_user_map: default: user: nobody group: nobody 1000: user: joe group: blow Features: control Required-githooks: true Change-Id: I72905ccc5ddee27fc2101aa4358a14e352c86253 Signed-off-by: Michael MacDonald <mjmac@google.com>

On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_lifetime: 1m Features: control Required-githooks: true Change-Id: I6ae2a8be1dd97ef14e0ccef0283d65bc1fabc4ed Signed-off-by: Michael MacDonald <mjmac@google.com>

daosbuild1

LGTM. No errors found by checkpatch.

daosbuild1

LGTM. No errors found by checkpatch.

daosbuild1

LGTM. No errors found by checkpatch.

mjmac changed the title ~~dev/mjmac/DAOS 15849~~ Agent improvements May 22, 2024

daosbuild1 reviewed May 22, 2024

View reviewed changes

kjacque and others added 3 commits May 22, 2024 13:17

DAOS-15686 gurt: Accept ERROR as a log mask string (#14211)

946bb72

A change further up in the stack revealed that "ERROR" wasn't accepted as a log mask string at the engine level. Signed-off-by: Kris Jacque <kris.jacque@intel.com>

mjmac force-pushed the dev/mjmac/DAOS-15849 branch from e61bbd7 to 944c359 Compare May 22, 2024 13:18

daosbuild1 reviewed May 22, 2024

View reviewed changes

Merge branch 'google/2.4' into dev/mjmac/DAOS-15849

b48795b

daosbuild1 reviewed May 22, 2024

View reviewed changes

mjmac requested review from jolivier23 and johannlombardi May 24, 2024 15:10

Merge branch 'google/2.4' into dev/mjmac/DAOS-15849

d470a3b

daosbuild1 reviewed May 28, 2024

View reviewed changes

jolivier23 approved these changes May 28, 2024

View reviewed changes

jolivier23 merged commit 922ffe3 into google/2.4 May 28, 2024
32 of 35 checks passed

jolivier23 deleted the dev/mjmac/DAOS-15849 branch May 28, 2024 14:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Agent improvements #14415

Agent improvements #14415

mjmac commented May 22, 2024 •

edited

Loading

github-actions bot commented May 22, 2024 •

edited

Loading

daosbuild1 left a comment

daosbuild1 commented May 22, 2024

daosbuild1 left a comment

daosbuild1 left a comment

daosbuild1 left a comment

Agent improvements #14415

Agent improvements #14415

Conversation

mjmac commented May 22, 2024 • edited Loading

github-actions bot commented May 22, 2024 • edited Loading

daosbuild1 left a comment

Choose a reason for hiding this comment

daosbuild1 commented May 22, 2024

daosbuild1 left a comment

Choose a reason for hiding this comment

daosbuild1 left a comment

Choose a reason for hiding this comment

daosbuild1 left a comment

Choose a reason for hiding this comment

mjmac commented May 22, 2024 •

edited

Loading

github-actions bot commented May 22, 2024 •

edited

Loading