Summary: | sys-cluster/maui-3.3.1-r2 build time secret key configuration | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Volkmar Glauche <volkmar.glauche> |
Component: | [OLD] Server | Assignee: | Gentoo Cluster Team <cluster> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bircoph, treecleaner |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Volkmar Glauche
2012-02-22 15:03:15 UTC
(In reply to comment #0) > sys-cluster/maui uses a secret key defined at compile time to encrypt > communication between server and client programs. Looking at the ebuild, there > seems to be provision for a MAUI_KEY variable in make.conf when it is compiled > for slurm. > When using torque as a resource manager, there seems to be no way to set this > key explicitly before emerge. This results in different secret keys being used > each time maui is emerged (e.g. on different nodes in a cluster). As a > consequence, client binaries built on one host can not communicate to server > binaries on another host. > If present, the ebuild should honour a MAUI_KEY variable also when compiled for > torque. I don't know why it was added in the first place. You don't want something secret to be in a publicly accessible file. The preferred mechanism for injecting key is using EXTRA_ECONF="--with-key=1234" emerge maui. @alexxy ^^ ? Out of curiosity why do you install maui on slave nodes? (In reply to comment #1) Indeed, using EXTRA_ECONF to pass the secret key is a better way of keeping it secret. The reason to install maui on some of the cluster nodes is that I want to have the diagnostic and status commands available on e.g. submit hosts. Best, Volkmar (In reply to comment #2) Replying to myself: EXTRA_ECONF must be set for each emerge of maui (e.g. re-emerge or update as well). Thus, the key needs to be stored somewhere. Portage has support of per-package environment variables: /etc/portage/package.env /etc/portage/env/ It would be nice if the maui ebuild or doc could suggest to 1) echo "sys-cluster/maui maui_key.conf" >> /etc/portage/package.env 2) mkdir /etc/portage/env 3) echo EXTRA_ECONF="--with-key=YOURKEY" >> /etc/portage/env/maui_key.conf This way, a common key can be set without cluttering /etc/make.conf. Obviously, security considerations apply to /etc/portage/env now. Best, Volkmar The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a05c24f0122b62cae823c3123b545014eefd9189 commit a05c24f0122b62cae823c3123b545014eefd9189 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-10-24 14:19:47 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-10-24 14:19:47 +0000 package.mask: Last rite sys-cluster/maui Bug: https://bugs.gentoo.org/365713 Bug: https://bugs.gentoo.org/405277 Bug: https://bugs.gentoo.org/405437 Bug: https://bugs.gentoo.org/414793 Bug: https://bugs.gentoo.org/415699 Bug: https://bugs.gentoo.org/422799 Bug: https://bugs.gentoo.org/479288 Bug: https://bugs.gentoo.org/740928 Signed-off-by: David Seifert <soap@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23c2fcae268d01a7bcb593febcd963875a822b7c commit 23c2fcae268d01a7bcb593febcd963875a822b7c Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-11-22 14:54:12 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-11-22 14:54:12 +0000 sys-cluster/maui: Remove last-rited package Closes: https://bugs.gentoo.org/365713 Closes: https://bugs.gentoo.org/405277 Closes: https://bugs.gentoo.org/405437 Closes: https://bugs.gentoo.org/414793 Closes: https://bugs.gentoo.org/415699 Closes: https://bugs.gentoo.org/422799 Closes: https://bugs.gentoo.org/479288 Closes: https://bugs.gentoo.org/740928 Signed-off-by: David Seifert <soap@gentoo.org> profiles/package.mask | 6 --- sys-cluster/maui/Manifest | 1 - sys-cluster/maui/files/maui-3.3.1-torque_4.patch | 14 ------ sys-cluster/maui/files/maui.initd | 23 --------- sys-cluster/maui/maui-3.3.1-r3.ebuild | 61 ------------------------ sys-cluster/maui/metadata.xml | 12 ----- 6 files changed, 117 deletions(-) |