[ofa-general] Re: opensm console wishlist: enable/disable ports

Hal Rosenstock halr at voltaire.com
Thu Mar 29 05:08:15 PDT 2007


On Thu, 2007-03-29 at 05:01, Michael S. Tsirkin wrote:
> > > > There's no way to shut down an IB switch port with opensm or any OFED
> > > > diags?  Yuck...
> > > > 
> > > > Scott 
> > > 
> > > Maybe something can be done with the opensm console.
> > 
> > A command could be added for this in the console but there is a separate
> > diag command which handles this.
> 
> Taking this topic off the bugzilla thread for now.
> 
> This really must be part of SM I think.
> 
> I think this operation needs to perform set to port attributes, so
> doing this from a separate utility would only work with
> the most permissive policy which lets everyone get the mkey -
> which seems to be what OpenSM is currently using by default,
> but not necessarily the best thing for network security.
> 
> Right?

I think it depends on who needs to perform these operations. In a
protected subnet, is it every user or the network administrator doing
this ? I can imahine a more sophisticated MKey strategy where that might
not be sufficient but we are a ways from that world IMO.

Also, if I recall correctly, you objected to the OpenSM console being
enabled in the build by default on the basis of security concerns with
remote access. Currently there are no "write" commands in the console;
only "read" ones. Adding "write" commands will require this issue to be
fixed first. There are ideas to fix this but it's not happening in the
short term.

I'm not adverse to heading in this direction but there is more here than
meets the "eye".

-- Hal




More information about the general mailing list