glusterfs.git, branch v3.3.0qa10 glusterd: Implemented cmd to trigger self-heal on a replicate volume. 2011-09-22T16:43:25+00:00 Krishnan Parthasarathi kp@gluster.com 2011-09-16T05:10:32+00:00 4765dd1a1c51c67ab86687fbd871c89156680c34 This cmd is used in the context of proactive self-heal for replicated volumes. User invokes the following cmd when (s)he suspects that self-heal needs to be done on a particular volume, gluster volume heal <VOLNAME>. Change-Id: I3954353b53488c28b70406e261808239b44997f3 BUG: 3602 Reviewed-on: http://review.gluster.com/454 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
This cmd is used in the context of proactive self-heal for replicated
volumes. User invokes the following cmd when (s)he suspects that self-heal
needs to be done on a particular volume,
        gluster volume heal <VOLNAME>.

Change-Id: I3954353b53488c28b70406e261808239b44997f3
BUG: 3602
Reviewed-on: http://review.gluster.com/454
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
posix-getxattr: Honor xattr name if specified 2011-09-22T12:26:22+00:00 shishir gowda shishirng@gluster.com 2011-09-22T07:23:55+00:00 53b5da6dfab2e6b11ab2e40119e92ff7d4527b2c Currently, getxattr works like listxattr, and does not honor a call with a name (key) being specified. The fix handles such scenarios when a name is passed. If the name param is NULL, then it behaves like a listxattr. Changing key size to 4096, as 1024 might not be sufficient length for keys. Change-Id: I317b2e6372e97048e3166d91145c19c9e92e647e BUG: 3599 Reviewed-on: http://review.gluster.com/486 Reviewed-by: Amar Tumballi <amar@gluster.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
Currently, getxattr works like listxattr, and does not honor a call
with a name (key) being specified. The fix handles such scenarios when
a name is passed. If the name param is NULL, then it behaves like a listxattr.

Changing key size to 4096, as 1024 might not be sufficient length for keys.

Change-Id: I317b2e6372e97048e3166d91145c19c9e92e647e
BUG: 3599
Reviewed-on: http://review.gluster.com/486
Reviewed-by: Amar Tumballi <amar@gluster.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
geo-rep: disallow some special characters in url syntax 2011-09-22T12:25:14+00:00 Csaba Henk csaba@gluster.com 2011-09-22T08:26:02+00:00 eede6ce87fc19878873e8320c172d1acb2deaa33 - space is disallowed to make rsync target unambigous for gsyncd wrapper - *, ?, [ is disallowed so that we can tell away globs from urls Nothing too bad would happen without these restrictions, but this way gluster errs out early instead of producing some mystical error further down on the way. Change-Id: Idd4e68f7d91598a7a8e30ccbc6d395da570cdf2e BUG: 3610 Reviewed-on: http://review.gluster.com/490 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
- space is disallowed to make rsync target unambigous for gsyncd wrapper
- *, ?, [ is disallowed so that we can tell away globs from urls

Nothing too bad would happen without these restrictions, but this way
gluster errs out early instead of producing some mystical error
further down on the way.

Change-Id: Idd4e68f7d91598a7a8e30ccbc6d395da570cdf2e
BUG: 3610
Reviewed-on: http://review.gluster.com/490
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
geo-rep: add support to glob patterns with "geo-rep config" 2011-09-22T12:24:57+00:00 Csaba Henk csaba@gluster.com 2011-09-22T08:12:24+00:00 21eabe9bae81b3cc732fcf773fb5c1995f19d0d7 Change-Id: I0d54cea72e4363eab85ade774cc918081d8036e9 BUG: 3610 Reviewed-on: http://review.gluster.com/489 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
Change-Id: I0d54cea72e4363eab85ade774cc918081d8036e9
BUG: 3610
Reviewed-on: http://review.gluster.com/489
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
geo-rep: implement IP address based access control 2011-09-22T12:24:41+00:00 Csaba Henk csaba@gluster.com 2011-09-20T14:20:18+00:00 b27b9d36de798bb18eaa95524f3900f9e17ce3e5 - gsyncd gets allow-network tunable which is expected to hold a comma-separated list of IP network addresses - for IP addess matching, bring in ipaddr module from Google (http://code.google.com/p/ipaddr-py/, rev. trunk@225) This will let users control master's access to slave's volumes until we implement unprivileged geo-rep (delayed due to some technical issues). It's also needed for the completeness of our hardening efforts, as plain file slaves won't be able to work with an unprivileged gsyncd. Change-Id: I58431cba6592f8672e93ea89a5eef478905b00b9 BUG: 2825 Reviewed-on: http://review.gluster.com/488 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
- gsyncd gets allow-network tunable which is expected to
  hold a comma-separated list of IP network addresses
- for IP addess matching, bring in ipaddr module from Google
  (http://code.google.com/p/ipaddr-py/, rev. trunk@225)

This will let users control master's access to slave's volumes
until we implement unprivileged geo-rep (delayed due to some
technical issues). It's also needed for the completeness of
our hardening efforts, as plain file slaves won't be able
to work with an unprivileged gsyncd.

Change-Id: I58431cba6592f8672e93ea89a5eef478905b00b9
BUG: 2825
Reviewed-on: http://review.gluster.com/488
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
geo-rep: gsyncd: make sure path operations do not act outside the volume 2011-09-22T12:24:23+00:00 Csaba Henk csaba@gluster.com 2011-09-19T13:47:46+00:00 d7c9d2bfbd20727f90b0118c982ff9612aacacf2 Change-Id: I2da62b34aa833b9a28728fa1db23951f28b7e538 BUG: 2825 Reviewed-on: http://review.gluster.com/462 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
Change-Id: I2da62b34aa833b9a28728fa1db23951f28b7e538
BUG: 2825
Reviewed-on: http://review.gluster.com/462
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
gsyncd: control rsync target 2011-09-22T12:23:54+00:00 Csaba Henk csaba@gluster.com 2011-09-13T11:12:38+00:00 7e04913aa6f4ddb45e95099ef648564bf90da0b3 - require/perform rsync invocation with unprotected args (so that target is revealed to gateway program) - make use of some procfs wizardry to find gsyncd sibling and match rsync target against its working directory Change-Id: Iae1e39b0e61f22563c0f2a2e0605567e0d1902df BUG: 2825 Reviewed-on: http://review.gluster.com/461 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
- require/perform rsync invocation with unprotected args
  (so that target is revealed to gateway program)
- make use of some procfs wizardry to find gsyncd sibling
  and match rsync target against its working directory

Change-Id: Iae1e39b0e61f22563c0f2a2e0605567e0d1902df
BUG: 2825
Reviewed-on: http://review.gluster.com/461
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
gsyncd: implement restricted mode and utility dispatch 2011-09-22T12:23:32+00:00 Csaba Henk csaba@gluster.com 2011-09-11T17:45:57+00:00 2ab00369e7ef99d287dad5301d2f334dcfd67a70 With this change, the suggested way of setting up a geo-sync slave is to use an ssh key with gsyncd as a forced command (see sshd(8)), or set gsyncd as shell. This prevents the master in executing arbitrary commands on slave (a major security hole). Detailed list the changes: - All gsyncd invocations that are not done by glusterd are considered unsafe and then we operate in so-called "restricted mode" (see below) - if we are invoked on purpose (ie. it's not the case that sshd forced us to run as frontend of a remote-invoked command), we execute gsyncd.py - if invoked by sshd as frontend command, we check the remote command line and call the required utility if it's among the allowed ones (rsyncd and gsyncd) - with rsync, we check if invocation is server mode and some other sanity measures - with gsyncd, in restricted mode we enforce the usage of the glusterd provided config file, and in python, we enforce operation in server mode and some other sanity checks Impact on using geo-rep the old way: remote file slave now also requires a running glusterd (to pick up config from). Missing: we not implemented check of the rsync target path. The issue of master being able to modify arbitrary locations is planned to be mitigated by using geo-rep with an unprivileged user. Change-Id: I9b5825bfe282a9ca777429aadd554d78708f1638 BUG: 2825 Reviewed-on: http://review.gluster.com/460 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
With this change, the suggested way of setting up a geo-sync
slave is to use an ssh key with gsyncd as a forced command
(see sshd(8)), or set gsyncd as shell. This prevents the master
in executing arbitrary commands on slave (a major security hole).

Detailed list the changes:
- All gsyncd invocations that are not done by glusterd are
  considered unsafe and then we operate in so-called "restricted mode"
  (see below)
- if we are invoked on purpose (ie. it's not the case that sshd forced
  us to run as frontend of a remote-invoked command), we execute gsyncd.py
- if invoked by sshd as frontend command, we check the remote command
  line and call the required utility if it's among the allowed ones
  (rsyncd and gsyncd)
- with rsync, we check if invocation is server mode and some other
  sanity measures
- with gsyncd, in restricted mode we enforce the usage of the glusterd
  provided config file, and in python, we enforce operation in
  server mode and some other sanity checks

Impact on using geo-rep the old way: remote file slave now also
requires a running glusterd (to pick up config from).

Missing: we not implemented check of the rsync target path.
The issue of master being able to modify arbitrary locations
is planned to be mitigated by using geo-rep with an unprivileged
user.

Change-Id: I9b5825bfe282a9ca777429aadd554d78708f1638
BUG: 2825
Reviewed-on: http://review.gluster.com/460
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
geo-rep: rewrite gsyncd wrapper in C 2011-09-22T12:22:59+00:00 Csaba Henk csaba@gluster.com 2011-09-02T17:03:33+00:00 1098aaa51d2e3dca9e6c48ee1e9cb43bc87936f4 This rewrite does not change functionality; it's purpose is to prepare followup modifications which will let all slave side helper programs being dispatched to through gsyncd. The string processing that's required for that task would be too much cumbersome in shell. Change-Id: Ia7858aba5efeb5dcff16a918ea1c02253f0e49ab BUG: 2825 Reviewed-on: http://review.gluster.com/459 Reviewed-by: Amar Tumballi <amar@gluster.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
This rewrite does not change functionality;
it's purpose is to prepare followup modifications which will let
all slave side helper programs being dispatched to through
gsyncd. The string processing that's required for that task would
be too much cumbersome in shell.

Change-Id: Ia7858aba5efeb5dcff16a918ea1c02253f0e49ab
BUG: 2825
Reviewed-on: http://review.gluster.com/459
Reviewed-by: Amar Tumballi <amar@gluster.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Peer probe: Handle probe of friend with multiple hostname 2011-09-22T11:52:47+00:00 shishir shishirng@gluster.com 2011-09-19T12:53:04+00:00 3672c989f369c5b57aff8d0d01fc221804ada6eb Currently, when a peer is probed with a different hostname already belonging to a cluster, a duplicate entry is created with uuid to set to 0. This leaves the peerinfo in a inconsistent state, and when a detach of this peer is issued, the correct entry gets removed. The fix is to identify a peer with a hostname not matching to the probed hostname and remove the incorrect entry. Change-Id: I2f6c02f505f4426871623a4a8b45a12996095098 BUG: 3200 Reviewed-on: http://review.gluster.com/456 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
Currently, when a peer is probed with a different hostname already belonging
to a cluster, a duplicate entry is created with uuid to set to 0.
This leaves the peerinfo in a inconsistent state, and when a detach of
this peer is issued, the correct entry gets removed.

The fix is to identify a peer with a hostname not matching to the probed
hostname and remove the incorrect entry.

Change-Id: I2f6c02f505f4426871623a4a8b45a12996095098
BUG: 3200
Reviewed-on: http://review.gluster.com/456
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>