1. Home
  2. How to setup authentication for BeeGFS in Bright 9.1

How to setup authentication for BeeGFS in Bright 9.1

It is recommended to setup connection based authentication in your BeeGFS installation. This article is an expansion of the BeeGFS documentation with Bright-specific steps.

If you don’t setup this, you may encounter the following error, in which case, follow the steps below in order to fix it:

$ beegfs-ctl

Unrecoverable error: No connAuthFile configured. Using BeeGFS without connection authentication is considered insecure and is not recommended. If you really want or need to run BeeGFS without connection authentication, please set connDisableAuthentication to true.

Create a file which contains a shared secret:

$ dd if=/dev/random of=/etc/beegfs/connauthfile bs=128 count=1

Ensure the file is only readable by the root user:

$ chown root:root /etc/beegfs/connauthfile 
$ chmod 400 /etc/beegfs/connauthfile

Copy this file to the software image (SOFTWARE_IMAGE) of the nodes belonging to your BeeGFS cluster:

cp /etc/beegfs/connauthfile /cm/images/SOFTWARE_IMAGE/etc/beegfs/connauthfile

Run image update to distribute the file to the relevant nodes. Note that you need to know which categories (here called CATEGORY) are being used by your BeeGFS installation.

$ cmsh
[headnode]% device
[headnode->device]% imageupdate -c CATEGORY -w

Now set the authentication file path in the roles of BeeGFS’ configuration overlays:

$ cmsh
[headnode]% configurationoverlay
[headnode->configurationoverlay]% use beegfs-client
[headnode->configurationoverlay[beegfs-client]]% roles
[headnode->configurationoverlay[beegfs-client]->roles]% use beegfs::client
[headnode->configurationoverlay[beegfs-client]->roles[BeeGFS::Client]]% set authentificationfile /etc/beegfs/connauthfile
[headnode->configurationoverlay*[beegfs-client*]->roles*[BeeGFS::Client*]]% commit

Do the steps above for each of BeeGFS’ configuration overlays. The same can also be achieved using the command line:

$ for type in client metadata storage; do 
    cmsh -c "configurationoverlay; use beegfs-$type; roles; use beegfs::$type; set authentificationfile /etc/beegfs/connauthfile; commit";
  done

Now all your BeeGFS’ connections are being secured with the generated authentication file and running beegfs-ctl should now output its normal usage text.

Updated on September 13, 2022

Leave a Comment