It is recommended to setup connection based authentication in your BeeGFS installation. This article is an expansion of the BeeGFS documentation with Bright-specific steps.
If you don’t setup this, you may encounter the following error, in which case, follow the steps below in order to fix it:
$ beegfs-ctl Unrecoverable error: No connAuthFile configured. Using BeeGFS without connection authentication is considered insecure and is not recommended. If you really want or need to run BeeGFS without connection authentication, please set connDisableAuthentication to true.
Create a file which contains a shared secret:
$ dd if=/dev/random of=/etc/beegfs/connauthfile bs=128 count=1
Ensure the file is only readable by the root user:
$ chown root:root /etc/beegfs/connauthfile $ chmod 400 /etc/beegfs/connauthfile
Copy this file to the software image (
SOFTWARE_IMAGE) of the nodes belonging to your BeeGFS cluster:
cp /etc/beegfs/connauthfile /cm/images/SOFTWARE_IMAGE/etc/beegfs/connauthfile
Run image update to distribute the file to the relevant nodes. Note that you need to know which categories (here called
CATEGORY) are being used by your BeeGFS installation.
$ cmsh [headnode]% device [headnode->device]% imageupdate -c CATEGORY -w
Now set the authentication file path in the roles of BeeGFS’ configuration overlays:
$ cmsh [headnode]% configurationoverlay [headnode->configurationoverlay]% use beegfs-client [headnode->configurationoverlay[beegfs-client]]% roles [headnode->configurationoverlay[beegfs-client]->roles]% use beegfs::client [headnode->configurationoverlay[beegfs-client]->roles[BeeGFS::Client]]% set authentificationfile /etc/beegfs/connauthfile [headnode->configurationoverlay*[beegfs-client*]->roles*[BeeGFS::Client*]]% commit
Do the steps above for each of BeeGFS’ configuration overlays. The same can also be achieved using the command line:
$ for type in client metadata storage; do cmsh -c "configurationoverlay; use beegfs-$type; roles; use beegfs::$type; set authentificationfile /etc/beegfs/connauthfile; commit"; done
Now all your BeeGFS’ connections are being secured with the generated authentication file and running
beegfs-ctl should now output its normal usage text.