| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PROBLEM:
When address-based authentication is enabled on a volume,
the gNfs server, self-heal daemon (shd), and other operations
such as quota, rebalance, replace-brick and geo-replication
either stop working or the services are not started if all
the peers' ipv{4,6} addresses or hostnames are not added in
the "set auth.allow" operation, breaking the functionality
of several operations.
E.g:
volume vol in a cluster of two peers:
/mnt/brick1 in 192.168.1.4
/mnt/brick2 in 192.168.1.5
option auth.allow 192.168.1.6
(allow connection requests only from 192.168.1.6)
This will disrupt the nfs servers on 192.168.1.{4,5}.
brick server processes reject connection requests from both
nfs servers (on 4,5), because the peer addresses are not in
the auth.allow list.
Same holds true for local mounts (on peer machines),
self-heal daemon, and other operations which perform
a glusterfs mount on one of the peers.
* SOLUTION:
Login-based authentication (username/password pairs,
henceforth referred to as "keys") for gluster services and
operations.
These *per-volume* keys can be used to by-pass the addr-based
authentication, provided none of the peers' addresses are put
in the auth.reject list, to enable gluster services like gNfs,
self-heal daemon and internal operations on volumes when
auth.allow option is exercised.
* IMPLEMENTATION:
1. Glusterd generates keys for each volume and stores it in
memory as well as in respective volfiles.
A new TRUSTED-FUSE volfile is generated which is
fuse volfile + keys in protocol/client,
and is named trusted-<volname>-fuse.vol.
This is used by all local mounts. ANY local mount (on any peer)
is granted the trusted-fuse volfile instead of fuse volfile
via getspec. non-local mounts are NOT granted the trusted fuse
volfile.
2. The keys generated for the volume is written to each server
volfile telling servers to allow users with these keys.
3. NFS, self-heal daemon and replace-brick volfiles are updated
with the volume's authentication keys.
4. The keys are NOT written to fuse volfiles for obvious reasons.
5. The ownership of volfiles and logfiles is restricted to root users.
6. Merging two identical definitions of peer_info_t in auth/addr
and rpc-lib, throwing away the one in auth/addr.
7. Code cleanup in numerous places as appropriate.
* IMPORTANT NOTES:
1. One SHOULD NOT put any of the peer addresses in the auth.reject
list if one wants any of the glusterd services and features
such as gNfs, self-heal, rebalance, geo-rep and quota.
2. If one wants to use username/password based authentication
to volumes, one shall append to the server, nfs and shd volfiles,
the keys one wants to use for authentication, *while_retaining
those_generated_by_glusterd*.
See doc/authentication.txt file for details.
Change-Id: Ie0331d625ad000d63090e2d622fe1728fbfcc453
BUG: 789942
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/2733
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I96db0d94566ceabf1649f890318363f738c06553
BUG: 2458
Reviewed-on: http://review.gluster.com/403
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I520abf3c57a15be8bb7dd1e92ad0b049ef5c8970
BUG: 3341
Reviewed-on: http://review.gluster.com/394
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I2d10f2be44f518f496427f257988f1858e888084
BUG: 3348
Reviewed-on: http://review.gluster.com/200
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f
BUG: 3348
Reviewed-on: http://review.gluster.com/182
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace-brick didn't support transport types other than tcp.
Test case: replace-brick should work with tcp and rdma.
Change-Id: If33f108b70247d81791d25a1a05247f49847b4d7
BUG: 3092
Reviewed-on: http://review.gluster.com/72
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Krishnan Parthasarathi <kp@gluster.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kaushik BV <kaushikbv@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2041 (volume set help option)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2041
|
| |
|
|
|
|
|
|
|
|
|
| |
If started with upgrade-option, the current behavior is to recreate
brick volfiles, as from 3.2 marker xlator is default.
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2904 (glusterd should have upgrade/downgrade xlator options)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2904
|
| |
|
|
|
|
|
|
|
|
|
| |
Added checks for brick path length in 'staging' of add/replace
brick and create_volume subcommands.
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2847 (volume creation fails if brick path is long)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2847
|
| |
|
|
|
|
|
|
|
|
| |
Use GEOREP macro if you want to refer to the feature in code.
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2757 (refactory gsync/gsyncd/syncdaemon/whatever to geo-replication)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2757
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use macros for exported volume tunables
- introduce glusterd_volinfo_get_boolean as retrieval of boolean
optuions was a recurring pattern and became somewhat cumbersome
Also fixed illegal access to volinfo dict.
@pranith: use always the glusterd_volinfo_get* API for that purpose
so that defaults are taken to consideration.
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2757 (refactory gsync/gsyncd/syncdaemon/whatever to geo-replication)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2757
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2729 (Implement force option for volume reset)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2729
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Sync transport type of the volume
- Stop stale bricks
- start new bricks if the volume is started
- Restart/Stop nfs server based on the new information
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 2549 (Quota[glusterfs-3.2.1qa3]: enable/disable crashes the glusterd on other node)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2549
|
| |
|
|
|
|
|
|
|
|
|
| |
Bricks are not restarted when some marker options are changed and the Marker
translator is included statically in the server volfile.
Signed-off-by: Junaid <junaid@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 2529 (Starting Gsync causes ENOTCONN to glusterfs client)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2529
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Gaurav <gaurav@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 2064 (NFS options are removed upon glusterd restart)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2064
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kaushik BV <kaushikbv@gluster.com>
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 2310 (georeplication)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2310
|
| |
|
|
|
|
|
|
| |
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1886 (log-level mess)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1886
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Vijay Bellur <vijay@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 971 (dynamic volume management)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=971
|
| |
|
|
|
|
|
|
| |
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1886 (log-level mess)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1886
|
| |
|
|
|
|
|
|
|
|
| |
So now auth.addr.*.allow can be a basic option, without any specific support code!
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1750 (clean up volgen)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1750
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1750 (clean up volgen)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1750
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generating a volfile occurs in two steps:
- Build a graph (ie, glusterfs_graph_t instance) by graph manipulation
primitives
- Write out the graph to a file by the the graph printing API.
Graph builder routines can optionally make use of a "modifier dict",
which can contain overrides wrt. volume options. This can be used
for a "dry-run" graph generation.
Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1750 (clean up volgen)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1750
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed ok.
Just like commit, maybe we can move 'pause' also to the commit op of replace brick since it can be performed only when replace brick has been started. I'll send in a patch for that soon.
----- Original Message -----
From: "Vijay Bellur" <vijay@gluster.com>
To: glusterfs@dev.gluster.com
Sent: Monday, September 27, 2010 7:59:25 PM
Subject: [PATCH BUG:1235] replace brick fixes
Signed-off-by: Vijay Bellur <vijay@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1235 (Bug for all pump/migrate commits)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1235
|
| |
|
|
|
|
|
|
|
|
|
| |
* 'gluster volume set <VOLNAME> latency-measurement <yes|no>'
* 'gluster volume set <VOLNAME> dump-fd-stats <yes|no>'
Signed-off-by: Amar Tumballi <amar@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1701 (better statistics gathering in glusterd)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1701
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kaushik BV <kaushikbv@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1159 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1159
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1319 (gnfs support in gluster command line)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1319
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1475 (glusterd should delete brick related files upon remove brick)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1475
|
|
|
Signed-off-by: Pavan Vilas Sondur <pavan@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1429 (Use a C based volgen)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1429
|
