glusterfs.git/xlators/mgmt/glusterd/src, branch v3.12.13 glusterd: _is_prefix should handle 0-length paths 2018-08-17T05:34:22+00:00 Kaushal M kaushal@redhat.com 2018-07-10T15:26:08+00:00 4fc27a7e3022088dbadedb5c2a83b94ae52e1766 If one of the paths given to _is_prefix is 0-length, then it is not a prefix of the other. Hence, _is_prefix should return false. Change-Id: I54aa577a64a58940ec91872d0d74dc19cff9106d BUG: 1599788 Signed-off-by: Kaushal M <kaushal@redhat.com> 
If one of the paths given to _is_prefix is 0-length, then it is not a
prefix of the other. Hence, _is_prefix should return false.

Change-Id: I54aa577a64a58940ec91872d0d74dc19cff9106d
BUG: 1599788
Signed-off-by: Kaushal M <kaushal@redhat.com>
glusterd: gluster v status is showing wrong status for glustershd 2018-07-04T04:04:00+00:00 Sanju Rakonde srakonde@redhat.com 2018-06-02T11:06:22+00:00 31228f924b6d6645a8bd2869a8180abe74617375 When we restart the bricks, connect and disconnect events happen for glustershd. glusterd use two threads to handle disconnect and connects events from glustershd. When we restart the bricks we'll get both disconnect and connect events. So both the threads will compete for the big lock. We want disconnect event to finish before connect event. But If connect thread gets the big lock first, it sets svc->online to true, and then disconnect thread will et svc->online to false. So, glustershd will be disconnected from glusterd and wrong status is shown. After killing shd, glusterd sleeps for 1 second. To avoid the problem, If glusterd releses the lock before sleep and acquires it after sleep, disconnect thread will get a chance to handle the glusterd_svc_common_rpc_notify before other thread completes connect event. >Change-Id: Ie82e823fdfc936feb7c0ae10599297b050ee9986 >Signed-off-by: Sanju Rakonde <srakonde@redhat.com> Change-Id: Ie82e823fdfc936feb7c0ae10599297b050ee9986 fixes: bz#1582443 Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
When we restart the bricks, connect and disconnect events happen
for glustershd. glusterd use two threads to handle disconnect and
connects events from glustershd. When we restart the bricks we'll
get both disconnect and connect events. So both the threads will
compete for the big lock.

We want disconnect event to finish before connect event. But If
connect thread gets the big lock first, it sets svc->online to
true, and then disconnect thread will et svc->online to false.
So, glustershd will be disconnected from glusterd and wrong status
is shown.

After killing shd, glusterd sleeps for 1 second. To avoid the problem,
If glusterd releses the lock before sleep and acquires it after sleep,
disconnect thread will get a chance to handle the
glusterd_svc_common_rpc_notify before other thread completes connect
event.

>Change-Id: Ie82e823fdfc936feb7c0ae10599297b050ee9986
>Signed-off-by: Sanju Rakonde <srakonde@redhat.com>

Change-Id: Ie82e823fdfc936feb7c0ae10599297b050ee9986
fixes: bz#1582443
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
glusterfs: access trusted peer group via remote-host command 2018-06-25T13:58:21+00:00 Mohit Agrawal moagrawa@redhat.com 2018-06-20T10:43:00+00:00 892e9c1d32aa2b2897e714e6adfa00b332c04a9f Problem: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool Solution: Change the list of rpc program in glusterd.c at the time of initialization while SSL is enabled > Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 > cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed BUG: 1593526 fixes: bz#1593526 Change-Id: I705253e032239e92ecad1c6a9b7e423a022132b5 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: In SSL environment the user is able to access volume
         via remote-host command without adding node in a trusted pool

Solution: Change the list of rpc program in glusterd.c at the
          time of initialization while SSL is enabled

> Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
> cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed

BUG: 1593526
fixes: bz#1593526
Change-Id: I705253e032239e92ecad1c6a9b7e423a022132b5
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
glusterd/geo-rep: Fix glusterd crash 2018-06-11T10:18:26+00:00 Kotresh HR khiremat@redhat.com 2018-05-07T10:35:25+00:00 b17d397efa53a7144c25838ba6bacf04703f09af Using strdump instead of gf_strdup crashes during free if mempool is being used. gf_free checks the magic number in the header which will not be taken care if strdup is used. Backport of: > Patch: https://review.gluster.org/19993/ > Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e > Signed-off-by: Kotresh HR <khiremat@redhat.com> (cherry picked from commit 57632e3c1a33187d1d23f101f83cd8759142acac) fixes: bz#1577868 Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e Signed-off-by: Kotresh HR <khiremat@redhat.com> 
Using strdump instead of gf_strdup crashes
during free if mempool is being used.
gf_free checks the magic number in the
header which will not be taken care if
strdup is used.

Backport of:
> Patch: https://review.gluster.org/19993/
> Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 57632e3c1a33187d1d23f101f83cd8759142acac)

fixes: bz#1577868
Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
Signed-off-by: Kotresh HR <khiremat@redhat.com>
server/auth: add option for strict authentication 2018-04-22T22:13:37+00:00 Mohammed Rafi KC rkavunga@redhat.com 2018-04-02T06:50:47+00:00 b50d7aead1c2a7893dc0f4281bf7fc8027e2dacb When this option is enabled, we will check for a matching username and password, if not found then the connection will be rejected. This also does a checksum validation of volfile The option is invalid when SSL/TLS is in use, at which point the SSL/TLS certificate user name is used to validate and hence authorize the right user. This expects TLS allow rules to be setup correctly rather than the default *. This option is not settable, as a result this cannot be enabled for volumes using the CLI. This is used with the shared storage volume, to restrict access to the same in non-SSL/TLS environments to the gluster peers only. Tested: ./tests/bugs/protocol/bug-1321578.t ./tests/features/ssl-authz.t - Ran tests on volumes with and without strict auth checking (as brick vol file needed to be edited to test, or rather to enable the option) - Ran tests on volumes to ensure existing mounts are disconnected when we enable strict checking Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59 fixes: bz#1570430 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> Signed-off-by: ShyamsundarR <srangana@redhat.com> 
When this option is enabled, we will check for a matching
username and password, if not found then the connection will
be rejected. This also does a checksum validation of volfile

The option is invalid when SSL/TLS is in use, at which point
the SSL/TLS certificate user name is used to validate and
hence authorize the right user. This expects TLS allow rules
to be setup correctly rather than the default *.

This option is not settable, as a result this cannot be enabled
for volumes using the CLI. This is used with the shared storage
volume, to restrict access to the same in non-SSL/TLS environments
to the gluster peers only.

Tested:
  ./tests/bugs/protocol/bug-1321578.t
  ./tests/features/ssl-authz.t
  - Ran tests on volumes with and without strict auth
    checking (as brick vol file needed to be edited to test,
    or rather to enable the option)
  - Ran tests on volumes to ensure existing mounts are
    disconnected when we enable strict checking

Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59
fixes: bz#1570430
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
Signed-off-by: ShyamsundarR <srangana@redhat.com>
shared storage: Prevent mounting shared storage from non-trusted client 2018-04-22T22:12:32+00:00 Mohammed Rafi KC rkavunga@redhat.com 2018-03-26T14:57:34+00:00 401e1b7136c0d534cec356b0b0d7b029ec1f0a34 gluster shared storage is a volume used for internal storage for various features including ganesha, geo-rep, snapshot. So this volume should not be exposed to the client, as it is a special volume for internal use. This fix wont't generate non trusted volfile for shared storage volume. Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c updates: bz#1570430 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> 
gluster shared storage is a volume used for internal storage for
various features including ganesha, geo-rep, snapshot.

So this volume should not be exposed to the client, as it is
a special volume for internal use.

This fix wont't generate non trusted volfile for shared storage volume.

Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c
updates: bz#1570430
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
glusterd: import volumes in separate synctask 2018-04-06T12:46:32+00:00 Atin Mukherjee amukherj@redhat.com 2018-02-08T03:39:00+00:00 0e3206c6a8ef36737e5b303580b87a87f6dc1c8e With brick multiplexing, to attach a brick to an existing brick process the prerequisite is to have the compatible brick to finish it's initialization and portmap sign in and hence the thread might have to go to a sleep and context switch the synctask to allow the brick process to communicate with glusterd. In normal code path, this works fine as glusterd_restart_bricks () is launched through a separate synctask. In case there's a mismatch of the volume when glusterd restarts, glusterd_import_friend_volume is invoked and then it tries to call glusterd_start_bricks () from the main thread which eventually may land into the similar situation. Now since this is not done through a separate synctask, the 1st brick will never be able to get its turn to finish all of its handshaking and as a consequence to it, all the bricks will fail to get attached to it. Solution : Execute import volume and glusterd restart bricks in separate synctask. Importing snaps had to be also done through synctask as there's a dependency of the parent volume need to be available for the importing snap functionality to work. >mainline patch : https://review.gluster.org/#/c/19357/ https://review.gluster.org/#/c/19536/ Change-Id: I290b244d456afcc9b913ab30be4af040d340428c BUG: 1543708 Signed-off-by: Atin Mukherjee <amukherj@redhat.com> 
With brick multiplexing, to attach a brick to an existing brick process
the prerequisite is to have the compatible brick to finish it's
initialization and portmap sign in and hence the thread might have to go
to a sleep and context switch the synctask to allow the brick process to
communicate with glusterd. In normal code path, this works fine as
glusterd_restart_bricks () is launched through a separate synctask.

In case there's a mismatch of the volume when glusterd restarts,
glusterd_import_friend_volume is invoked and then it tries to call
glusterd_start_bricks () from the main thread which eventually may land
into the similar situation. Now since this is not done through a
separate synctask, the 1st brick will never be able to get its turn to
finish all of its handshaking and as a consequence to it, all the bricks
will fail to get attached to it.

Solution : Execute import volume and glusterd restart bricks in separate
synctask. Importing snaps had to be also done through synctask as
there's a dependency of the parent volume need to be available for the
importing snap functionality to work.

>mainline patch : https://review.gluster.org/#/c/19357/
                  https://review.gluster.org/#/c/19536/

Change-Id: I290b244d456afcc9b913ab30be4af040d340428c
BUG: 1543708
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
glusterd: optimize glusterd import volumes code path 2018-03-08T06:44:17+00:00 Atin Mukherjee amukherj@redhat.com 2018-01-29T04:53:52+00:00 6eea52906f375d484af092e7a9434c28480dc02b In case there's a version mismatch detected for one of the volumes glusterd was ending up with updating all the volumes which is a overkill. >mainline patch : https://review.gluster.org/#/c/19358/ Change-Id: I6df792db391ce3a1697cfa9260f7dbc3f59aa62d BUG: 1543709 Signed-off-by: Atin Mukherjee <amukherj@redhat.com> (cherry picked from commit bb34b07fd2ec5e6c3eed4fe0cdf33479dbf5127b) 
In case there's a version mismatch detected for one of the volumes
glusterd was ending up with updating all the volumes which is a
overkill.

>mainline patch : https://review.gluster.org/#/c/19358/

Change-Id: I6df792db391ce3a1697cfa9260f7dbc3f59aa62d
BUG: 1543709
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
(cherry picked from commit bb34b07fd2ec5e6c3eed4fe0cdf33479dbf5127b)
glusterd/store: handle the case of fsid being set to 0 2018-03-06T08:30:54+00:00 Amar Tumballi amarts@redhat.com 2018-02-04T04:34:29+00:00 afcb83f6eb11bc5b7a0e6c5c0b7c8f56af871840 Generally this would happen when a system gets upgraded from an version which doesn't have fsid details, to a version with fsid values. Without this change, after upgrade, people would see reduced 'df ' output, causing lot of confusions. Debugging Credits: Nithya B <nbalacha@redhat.com> Change-Id: Id718127ddfb69553b32770b25021290bd0e7c49a BUG: 1517260 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Generally this would happen when a system gets upgraded from an
version which doesn't have fsid details, to a version with fsid
values. Without this change, after upgrade, people would see reduced
'df ' output, causing lot of confusions.

Debugging Credits: Nithya B <nbalacha@redhat.com>

Change-Id: Id718127ddfb69553b32770b25021290bd0e7c49a
BUG: 1517260
Signed-off-by: Amar Tumballi <amarts@redhat.com>
glusterd: fix tier-enabled flag op-version check 2018-02-13T05:49:48+00:00 Atin Mukherjee amukherj@redhat.com 2018-02-13T02:36:24+00:00 79f57a2c1beac644d91f221e11642b27c7193b1c tier-enabled flag in volinfo structure was introduced in 3.10, however while writing this value to the glusterd store was done with a wrong op-version check which results into volume checksum failure during upgrades. >Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4 >BUG: 1544600 >Signed-off-by: Atin Mukherjee <amukherj@redhat.com> Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4 BUG: 1544637 Signed-off-by: hari gowtham <hgowtham@redhat.com> 
tier-enabled flag in volinfo structure was introduced in 3.10, however
while writing this value to the glusterd store was done with a wrong
op-version check which results into volume checksum failure during upgrades.

>Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4
>BUG: 1544600
>Signed-off-by: Atin Mukherjee <amukherj@redhat.com>

Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4
BUG: 1544637
Signed-off-by: hari gowtham <hgowtham@redhat.com>