See, this sort of thing: "A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local unprivileged user, or a user with network access to the IBM Spectrum Scale cluster, to access admin passwords for object storage infrastructure. This vulnerability only affects clusters which have installed and deployed the Object protocol."
Is exactly why we don't want to be installing components that we aren't actively using ... Simon From: <[email protected]<mailto:[email protected]>> on behalf of Mathias Dietz <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, 16 December 2015 at 12:43 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?) I see your point, but our recommendation is to always install gpfs.protocols-support-4.2.0-0.noarch on protocol nodes, even if a single protocol is used only. This is consistent with how the Spectrum Scale installer is setting up systems. Mit freundlichen Grüßen / Kind regards Mathias Dietz Spectrum Scale Development System Health Team - Scrum Master IBM Certified Software Engineer ---------------------------------------------------------------------------------------------------------- IBM Deutschland Hechtsheimer Str. 2 55131 Mainz Phone: +49-6131-84-2027 Mobile: +49-15152801035 E-Mail: [email protected]<mailto:[email protected]> ---------------------------------------------------------------------------------------------------------- IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 From: "Simon Thompson (Research Computing - IT Services)" <[email protected]<mailto:[email protected]>> To: gpfsug main discussion list <[email protected]<mailto:[email protected]>> Date: 12/16/2015 01:16 PM Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?) Sent by: [email protected]<mailto:[email protected]> ________________________________ OK, Iooked at that. This means pulling in all the object and NFS stuff as well onto my server as well. I only run SMB, so I don;'t want lots of other stuff installing as well .. --> Running transaction check ---> Package gpfs.protocols-support.noarch 0:4.2.0-0 will be installed --> Processing Dependency: spectrum-scale-object >= 4.2.0 for package: gpfs.protocols-support-4.2.0-0.noarch --> Processing Dependency: nfs-ganesha >= 2.2 for package: gpfs.protocols-support-4.2.0-0.noarch --> Running transaction check ---> Package gpfs.protocols-support.noarch 0:4.2.0-0 will be installed --> Processing Dependency: spectrum-scale-object >= 4.2.0 for package: gpfs.protocols-support-4.2.0-0.noarch ---> Package nfs-ganesha.x86_64 0:2.3.0-1.el7 will be installed --> Processing Dependency: libntirpc.so.1.3(NTIRPC_1.3.1)(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64 --> Processing Dependency: libntirpc.so.1.3()(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64 --> Processing Dependency: libjemalloc.so.1()(64bit) for package: nfs-ganesha-2.3.0-1.el7.x86_64 From: <[email protected]<mailto:[email protected]>> on behalf of Mathias Dietz <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, 16 December 2015 at 12:02 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [gpfsug-discuss] 4.2 & protocols (missing dependency?) Hi, you are right that python-ldap is a required dependency for 4.2 protocol nodes. Please make sure to have the gpfs.protocols-support-4.2.0-0.noarch RPM installed on protocol nodes because this package will enforce the dependencies. >> rpm -qi gpfs.protocols-support-4.2.0-0.noarch Name : gpfs.protocols-support Version : 4.2.0 Release : 0 Architecture: noarch Install Date: Wed 16 Dec 2015 07:56:42 PM CET Group : System Environment/Base Size : 0 License : (C) COPYRIGHT International Business Machines Corp. 2015 Signature : (none) Source RPM : gpfs.protocols-support-4.2.0-0.src.rpm Build Date : Sat 14 Nov 2015 12:20:07 AM CET Build Host : bldlnx84.pok.stglabs.ibm.com Relocations : (not relocatable) Summary : gpfs protocol dependencies Description : This package includes the dependency list for all the protocols to enforce that all relevant Spectrum Scale protocol packages are installed. If this package is not installed "mmchnode" will fail with an appropriate message. [root@p8-10-rhel-71be-01 ~]# rpm -qi gpfs.protocols-support-4.2.0-0.noarch --requires Name : gpfs.protocols-support Version : 4.2.0 Release : 0 Architecture: noarch Install Date: Wed 16 Dec 2015 07:56:42 PM CET Group : System Environment/Base Size : 0 License : (C) COPYRIGHT International Business Machines Corp. 2015 Signature : (none) Source RPM : gpfs.protocols-support-4.2.0-0.src.rpm Build Date : Sat 14 Nov 2015 12:20:07 AM CET Build Host : bldlnx84.pok.stglabs.ibm.com Relocations : (not relocatable) Summary : gpfs protocol dependencies Description : This package includes the dependency list for all the protocols to enforce that all relevant Spectrum Scale protocol packages are installed. If this package is not installed "mmchnode" will fail with an appropriate message. gpfs.base >= 4.2.0 nfs-ganesha >= 2.2 gpfs.smb >= 4.2.0_gpfs spectrum-scale-object >= 4.2.0 python-ldap rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1 Mit freundlichen Grüßen / Kind regards Mathias Dietz Spectrum Scale Development System Health Team - Scrum Master IBM Certified Software Engineer ---------------------------------------------------------------------------------------------------------- IBM Deutschland Hechtsheimer Str. 2 55131 Mainz Phone: +49-6131-84-2027 Mobile: +49-15152801035 E-Mail: [email protected]<mailto:[email protected]> ---------------------------------------------------------------------------------------------------------- IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz, Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 From: "Simon Thompson (Research Computing - IT Services)" <[email protected]<mailto:[email protected]>> To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: 12/15/2015 11:50 PM Subject: [gpfsug-discuss] 4.2 & protocols (missing dependency?) Sent by: [email protected]<mailto:[email protected]> ________________________________ Hi, I;ve just upgraded some of my protocol nodes to 4.2, I noticed on startup that in the logs I get: Traceback (most recent call last): File "/usr/lpp/mmfs/bin/mmcesmon.py", line 178, in <module> import mmcesmon.CommandHandler File "/usr/lpp/mmfs/lib/mmcesmon/CommandHandler.py", line 29, in <module> from FILEService import FILEService File "/usr/lpp/mmfs/lib/mmcesmon/FILEService.py", line 19, in <module> from ExtAuthMonitor import ActiveDirectoryServiceMonitor File "/usr/lpp/mmfs/lib/mmcesmon/ExtAuthMonitor.py", line 15, in <module> import ldap ImportError: No module named ldap Tue 15 Dec 22:39:12 GMT 2015: mmcesmonitor: Monitor has started pid=18963 Traceback (most recent call last): File "/usr/lpp/mmfs/bin/mmcesmon.py", line 178, in <module> import mmcesmon.CommandHandler File "/usr/lpp/mmfs/lib/mmcesmon/CommandHandler.py", line 29, in <module> from FILEService import FILEService File "/usr/lpp/mmfs/lib/mmcesmon/FILEService.py", line 19, in <module> from ExtAuthMonitor import ActiveDirectoryServiceMonitor File "/usr/lpp/mmfs/lib/mmcesmon/ExtAuthMonitor.py", line 15, in <module> import ldap ImportError: No module named ldap Error: Cannot connect to server(localhost), port(/var/mmfs/ces/mmcesmonitor.socket): No such file or directory It looks like one EL7, you also need python-ldap installed (perhaps the installer does this, but it should really be a dependency of the RPM if its required?). Anyway, if you see issues, add the python-ldap RPM and it should fix it. Simon _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
