|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Sayan Saha has previously approved changing everthing to dual license
but somehow we have missed changing these files.
I am explicitly not updating the copyright dates as nothing else that's
copyrightable has changed in these files with the license change
Change-Id: Ia965eeb7168447d69e28e939ad95ee388873b6e4
BUG: 951549
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/6128
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | By doing a lookup, we get a chance to do all of the self-heal checks that
would occur if we were using native protocol, and return proper status if
the self-heal fails.  Best of all, we don't need to misrepresent times.
Change-Id: I76477d1e5fce4d83e4029e02fcdd71e81e23110d
BUG: 830134
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/4058
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * PROBLEM:
  When address-based authentication is enabled on a volume,
  the gNfs server, self-heal daemon (shd), and other operations
  such as quota, rebalance, replace-brick and geo-replication
  either stop working or the services are not started if all
  the peers' ipv{4,6} addresses or hostnames are not added in
  the "set auth.allow" operation, breaking the functionality
  of several operations.
  E.g:
    volume vol in a cluster of two peers:
    /mnt/brick1 in 192.168.1.4
    /mnt/brick2 in 192.168.1.5
    option auth.allow 192.168.1.6
    (allow connection requests only from 192.168.1.6)
    This will disrupt the nfs servers on 192.168.1.{4,5}.
    brick server processes reject connection requests from both
    nfs servers (on 4,5), because the peer addresses are not in
    the auth.allow list.
    Same holds true for local mounts (on peer machines),
    self-heal daemon, and other operations which perform
    a glusterfs mount on one of the peers.
* SOLUTION:
  Login-based authentication (username/password pairs,
  henceforth referred to as "keys") for gluster services and
  operations.
  These *per-volume* keys can be used to by-pass the addr-based
  authentication, provided none of the peers' addresses are put
  in the auth.reject list, to enable gluster services like gNfs,
  self-heal daemon and internal operations on volumes when
  auth.allow option is exercised.
* IMPLEMENTATION:
  1. Glusterd generates keys for each volume and stores it in
     memory as well as in respective volfiles.
     A new TRUSTED-FUSE volfile is generated which is
     fuse volfile + keys in protocol/client,
     and is named trusted-<volname>-fuse.vol.
     This is used by all local mounts. ANY local mount (on any peer)
     is granted the trusted-fuse volfile instead of fuse volfile
     via getspec. non-local mounts are NOT granted the trusted fuse
     volfile.
  2. The keys generated for the volume is written to each server
     volfile telling servers to allow users with these keys.
  3. NFS, self-heal daemon and replace-brick volfiles are updated
     with the volume's authentication keys.
  4. The keys are NOT written to fuse volfiles for obvious reasons.
  5. The ownership of volfiles and logfiles is restricted to root users.
  6. Merging two identical definitions of peer_info_t in auth/addr
     and rpc-lib, throwing away the one in auth/addr.
  7. Code cleanup in numerous places as appropriate.
* IMPORTANT NOTES:
  1. One SHOULD NOT put any of the peer addresses in the auth.reject
     list if one wants any of the glusterd services and features
     such as gNfs, self-heal, rebalance, geo-rep and quota.
  2. If one wants to use username/password based authentication
     to volumes, one shall append to the server, nfs and shd volfiles,
     the keys one wants to use for authentication, *while_retaining
     those_generated_by_glusterd*.
     See doc/authentication.txt file for details.
Change-Id: Ie0331d625ad000d63090e2d622fe1728fbfcc453
BUG: 789942
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/2733
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | - Use gfid to create filehandle instead of encoding path components
- Utilize nameless lookups of GFID for deep resolution instead of
  crawling the namespace with component hints
- Use anonymous FDs for file based operations
- Do away with fdcaching code for files and dirs
Change-Id: Ic48fb23370b25d183f7e1fc1cc5dffa9d5bab3fb
BUG: 781318
Reviewed-on: http://review.gluster.com/2645
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com> | 
| | 
| 
| 
| 
| 
| 
| 
| | Change-Id: I2d10f2be44f518f496427f257988f1858e888084
BUG: 3348
Reviewed-on: http://review.gluster.com/200
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com> | 
| | 
| 
| 
| 
| 
| 
| 
| | Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f
BUG: 3348
Reviewed-on: http://review.gluster.com/182
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This is tmp fix for crash seen on solaris gnfs server is received path is
longer than PATH_MAX. On solaris default PATH_MAX is 1024, and linux default
PATH_MAX is 4096.
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 2476 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2476 | 
| | 
| 
| 
| 
| 
| 
| 
| | Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1972 (xcs get doesn't work with gNFS)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1972 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | For the record these are the patches committed as:
1. "nfs, nfs3: Base volume access on CHILD-UP-DOWN event"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=f47b0c55de9941823fbefe4b3a7e37179d6d4329
2. "nfs: Fix multiple subvolume CHILD-UP support"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=336e2df7b74be7ad4c9ed403ca10b9f7f7ef9a58
3. "nfs,nfs3: Disable subvolume on ENOTCONN"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=8c6e27cdaf895e3031c3256efb9472a6c0bf61f3
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1724 (kernel untar fails during add-brick)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1724 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | ..so that nfs does not return an error to the client, instead
the subvolume gets disabled till it comes back up again.
The client is expected to keep retransmitting requests in the mean time.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1724 (kernel untar fails during add-brick)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1724 | 
| | 
| 
| 
| 
| 
| 
| 
| | Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1388 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1388 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Overall, the aim of this patch is to change the result of an nfs
op depending on whether the underlying volume is up or down
as notified by CHILD_UP and CHILD_DOWN events.
This patch contains three intertwined changes:
o Only when the lookup on the root of a volume is successful does gnfs now
export the subvolume. Till now the result of the lookup was not used to
determine whether we should export that volume. Not accounting for root lookup
failure resulted in ESTALEs on first access because some children of distribute
were down at the time of the root lookup.
o Only when lookups on all the subvolumes have succeeded are
these exports enabled through NFS.
o When a child of say distribute goes down, on CHILD_DOWN event nfs will
ignore all incoming requests from the client because ignoring these
will prevent ESTALEs for those requests and in the hope that ignoring the
requests will make the client retransmit. There are risks in this approach
absent the DRC but we're willing to live with that for now.
When a child goes down, the mount exports list will continue to show it
but mount requests will be denied.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1643 (Initial requests after mount ESTALE if DHT subvolumes connect after nfs startup)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1643 | 
| | 
| 
| 
| 
| 
| 
| 
| | Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 971 (dynamic volume management)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=971 | 
|  | Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 399 (NFS translator with Mount v3 and NFS v3 support)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=399 |