summaryrefslogtreecommitdiffstats
path: root/xlators/protocol/auth
diff options
context:
space:
mode:
authorJeff Darcy <jdarcy@redhat.com>2016-12-08 16:24:15 -0500
committerVijay Bellur <vbellur@redhat.com>2017-01-30 19:13:58 -0500
commit1a95fc3036db51b82b6a80952f0908bc2019d24a (patch)
treeb983ac196a8165d5cb5e860a5ef97d3e9a41b5c9 /xlators/protocol/auth
parent7f7d7a939e46b330a084d974451eee4757ba61b4 (diff)
core: run many bricks within one glusterfsd process
This patch adds support for multiple brick translator stacks running in a single brick server process. This reduces our per-brick memory usage by approximately 3x, and our appetite for TCP ports even more. It also creates potential to avoid process/thread thrashing, and to improve QoS by scheduling more carefully across the bricks, but realizing that potential will require further work. Multiplexing is controlled by the "cluster.brick-multiplex" global option. By default it's off, and bricks are started in separate processes as before. If multiplexing is enabled, then *compatible* bricks (mostly those with the same transport options) will be started in the same process. Change-Id: I45059454e51d6f4cbb29a4953359c09a408695cb BUG: 1385758 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: https://review.gluster.org/14763 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/protocol/auth')
-rw-r--r--xlators/protocol/auth/addr/src/addr.c69
1 files changed, 1 insertions, 68 deletions
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c
index 6965da01b7a..1b4557134f9 100644
--- a/xlators/protocol/auth/addr/src/addr.c
+++ b/xlators/protocol/auth/addr/src/addr.c
@@ -30,21 +30,14 @@ gf_auth (dict_t *input_params, dict_t *config_params)
int ret = 0;
char *name = NULL;
char *searchstr = NULL;
- peer_info_t *peer_info = NULL;
- data_t *peer_info_data = NULL;
data_t *allow_addr = NULL;
data_t *reject_addr = NULL;
char *addr_str = NULL;
char *tmp = NULL;
char *addr_cpy = NULL;
- char *service = NULL;
- uint16_t peer_port = 0;
- char is_inet_sdp = 0;
char negate = 0;
char match = 0;
char peer_addr[UNIX_PATH_MAX];
- char *type = NULL;
- gf_boolean_t allow_insecure = _gf_false;
name = data_to_str (dict_get (input_params, "remote-subvolume"));
if (!name) {
@@ -73,7 +66,7 @@ gf_auth (dict_t *input_params, dict_t *config_params)
GF_FREE (searchstr);
if (!allow_addr) {
- /* TODO: backword compatibility */
+ /* TODO: backward compatibility */
ret = gf_asprintf (&searchstr, "auth.ip.%s.allow", name);
if (-1 == ret) {
gf_log ("auth/addr", GF_LOG_ERROR,
@@ -92,66 +85,6 @@ gf_auth (dict_t *input_params, dict_t *config_params)
goto out;
}
- peer_info_data = dict_get (input_params, "peer-info");
- if (!peer_info_data) {
- gf_log ("auth/addr", GF_LOG_ERROR,
- "peer-info not present");
- goto out;
- }
-
- peer_info = data_to_ptr (peer_info_data);
-
- switch (((struct sockaddr *) &peer_info->sockaddr)->sa_family)
- {
- case AF_INET_SDP:
- is_inet_sdp = 1;
- ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET;
-
- case AF_INET:
- case AF_INET6:
- {
- strcpy (peer_addr, peer_info->identifier);
- service = strrchr (peer_addr, ':');
- *service = '\0';
- service ++;
-
- if (is_inet_sdp) {
- ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP;
- }
-
- ret = dict_get_str (config_params, "rpc-auth-allow-insecure",
- &type);
- if (ret == 0) {
- ret = gf_string2boolean (type, &allow_insecure);
- if (ret < 0) {
- gf_log ("auth/addr", GF_LOG_WARNING,
- "rpc-auth-allow-insecure option %s "
- "is not a valid bool option", type);
- goto out;
- }
- }
-
- peer_port = atoi (service);
- if (peer_port >= PRIVILEGED_PORT_CEILING && !allow_insecure) {
- gf_log ("auth/addr", GF_LOG_ERROR,
- "client is bound to port %d which is not privileged",
- peer_port);
- goto out;
- }
- break;
-
- case AF_UNIX:
- strcpy (peer_addr, peer_info->identifier);
- break;
-
- default:
- gf_log ("authenticate/addr", GF_LOG_ERROR,
- "unknown address family %d",
- ((struct sockaddr *) &peer_info->sockaddr)->sa_family);
- goto out;
- }
- }
-
if (reject_addr) {
addr_cpy = gf_strdup (reject_addr->data);
if (!addr_cpy)