| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NFS now has the ability to use a separate file for "netgroups" and
"exports". An administrator should have the ability to check the
validity of the files before applying the configuration.
The "glusterfsd" command now has the following additional arguments that
can be used to check the configuration:
--print-netgroups: Validate the netgroups file and print it out
--print-exports: Validate the exports file and print it out
BUG: 1143880
Change-Id: I24c40d50110d49d8290f9fd916742f7e4d0df85f
URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9365
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Tested-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Authentication cache for the new fine grained contol for the MOUNT
protocol. The extended authentication (see Change-Id Ic060aac) benefits
from caching the access/permission checks that are done when an
NFS-client mounts an export.
This auth-cache will be used by Change-Id I181e8c1.
BUG: 1143880
Change-Id: I1379116572c8a4d1bf0c7ca4f826e51a79d91444
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9363
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The /etc/exports format for NFS-exports (see Change-Id I7e6aa6b) allows
a more fine grained control over the authentication. This change adds
the functions and structures that will be used in by Change-Id I181e8c1.
BUG: 1143880
Change-Id: Ic060aac7c52d91e08519b222ba46383c94665ce7
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Linux kernel NFS server uses /etc/exports to manage permissions for
the NFS-clients. Extending the Gluster/NFS server to support a similar
scheme is needed for many deployments in enterprise environments.
BUG: 1143880
Change-Id: I7e6aa6bc6aa1cd5f52458e023387ed38de9823d7
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9361
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Netgroups are often used by enterprises to group a set of systems. The
NFS /etc/exports file support the @netgroup notation, and Gluster/NFS
will get extended to support this notation as well. For this, it is
needed that Gluster/NFS learns to parse the netgroup format.
A change to glusterfsd (Change-Id I24c40d5) will add test cases where
the parsing is used for regression testing.
BUG: 1143880
Change-Id: Ie04800d4dc26f99df922c9fcc00845f53291cf4f
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9360
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sayan Saha has previously approved changing everthing to dual license
but somehow we have missed changing these files.
I am explicitly not updating the copyright dates as nothing else that's
copyrightable has changed in these files with the license change
Change-Id: Ia965eeb7168447d69e28e939ad95ee388873b6e4
BUG: 951549
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/6128
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
NFS defects reported by Coverity run are fixed.
Change-Id: Ib66847e8e66fb4a06b312c80814f9eafb032eba2
BUG: 996390
Signed-off-by: meghana <mmadhusu@redhat.com>
Reviewed-on: http://review.gluster.org/5660
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Varun Shastry <vshastry@redhat.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: NFS allows exporting subdirectories but there is not support for
providing AUTH on per directory basis.
Fix: Modified nfs.export-dir to include AUTH parameters
e.g. nfs.export-dir "/dir1(10.1.1.2),/dir2(10.1.1.0/24|host1)
During mount operation NFS will check if the IP from where the connection is made
is configured in the AUTH parameter, else the mount operation will fail with
EACCES error.
Updated admin-guide and volume set help message.
Change-Id: I5c6d22edb168b4f46376d1cd6878cd065fc081cc
BUG: 968227
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-on: http://review.gluster.org/5124
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By doing a lookup, we get a chance to do all of the self-heal checks that
would occur if we were using native protocol, and return proper status if
the self-heal fails. Best of all, we don't need to misrepresent times.
Change-Id: I76477d1e5fce4d83e4029e02fcdd71e81e23110d
BUG: 830134
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/4058
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Change-Id: I09bcbfa41c7c31894ae35f24086bef2d90035ccc
BUG: 827457
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.com/3241
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I3f5c35d06827fb267a7dae53d949c61567a945d0
BUG: 799287
Signed-off-by: Krishna Srinivas <ksriniva@redhat.com>
Reviewed-on: http://review.gluster.com/3337
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This change introduces four NLMv4 procedures:
NM_LOCK, SHARE, UNSHARE and FREE_ALL.
These are used by PC clients (windows/dos) to control access
to files.
1. NM_LOCK: this lock is not monitored by statd.
2. SHARE: A share reservation is a lock on the whole file
that is taken whenever a file is opened on windows clients.
This has ACCESS (N, R, W, RW) and DENY MODE (N, R, W, RW).
ACCESS: mode of access requested by the client;
DENY MODE: what the requesting client wants to
deny other clients.
3. UNSHARE: remove a share reservation obtained by SHARE.
Called while closing a file.
4. FREE_ALL: remove all share reservations and locks,
both monitored and unmonitored, of the calling client.
* lock and nm_lock use a common function with only
a flag conveying whether or not to monitor a lock.
* NOTES:
1. SHARE reservations are not STACK_WIND'd to subsequent xlators.
These are maintained in-memory in the nfs xlator.
2. Consequently, for SHARE reservations to work effectively,
all PC clients *must* mount from the same gNfs server.
Not doing so will result in different servers maintaining
separate SHARE reservations which will not be enforced
for obvious reasons.
Change-Id: Id4f22670a94ed58691a6a7f4c80aa8c11421a277
BUG: 800287
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/3212
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Krishna Srinivas <krishna@gluster.com>
|
|
|
|
|
|
|
|
|
| |
Change-Id: Ic31b8bb10a28408da2a623f4ecc0c60af01c64af
BUG: 795421
Signed-off-by: Krishna Srinivas <ksriniva@redhat.com>
Reviewed-on: http://review.gluster.com/2711
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
|
|
|
|
|
|
|
|
| |
Change-Id: I2d10f2be44f518f496427f257988f1858e888084
BUG: 3348
Reviewed-on: http://review.gluster.com/200
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
|
|
|
|
|
|
|
| |
Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f
BUG: 3348
Reviewed-on: http://review.gluster.com/182
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Vijay Bellur <vijay@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 971 (dynamic volume management)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=971
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the record these are the patches committed as:
1. "nfs, nfs3: Base volume access on CHILD-UP-DOWN event"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=f47b0c55de9941823fbefe4b3a7e37179d6d4329
2. "nfs: Fix multiple subvolume CHILD-UP support"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=336e2df7b74be7ad4c9ed403ca10b9f7f7ef9a58
3. "nfs,nfs3: Disable subvolume on ENOTCONN"
http://git.gluster.com/?p=glusterfs.git;a=commit;h=8c6e27cdaf895e3031c3256efb9472a6c0bf61f3
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1724 (kernel untar fails during add-brick)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1724
|
|
|
|
|
|
|
|
| |
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1388 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1388
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overall, the aim of this patch is to change the result of an nfs
op depending on whether the underlying volume is up or down
as notified by CHILD_UP and CHILD_DOWN events.
This patch contains three intertwined changes:
o Only when the lookup on the root of a volume is successful does gnfs now
export the subvolume. Till now the result of the lookup was not used to
determine whether we should export that volume. Not accounting for root lookup
failure resulted in ESTALEs on first access because some children of distribute
were down at the time of the root lookup.
o Only when lookups on all the subvolumes have succeeded are
these exports enabled through NFS.
o When a child of say distribute goes down, on CHILD_DOWN event nfs will
ignore all incoming requests from the client because ignoring these
will prevent ESTALEs for those requests and in the hope that ignoring the
requests will make the client retransmit. There are risks in this approach
absent the DRC but we're willing to live with that for now.
When a child goes down, the mount exports list will continue to show it
but mount requests will be denied.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1643 (Initial requests after mount ESTALE if DHT subvolumes connect after nfs startup)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1643
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The order of locking while performing async fd opens was resulting in
a deadlock when a particular pattern of operations was generated by
compilebench. This patch improves handling of those situations while
locking the fd-cache, inode and inode queue.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1047 (Compilebench hangs nfs server)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1047
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfsx has followed traditional approach of exporting whole volumes
as NFS exports. The Platform requires and some users have approached us for
introducing exports of only specific directories instead of full Gluster
volumes. This commit introduces this support through two nfsx options:
Option 1:
=========
option nfs3.<volume-name>.export-dir <subdir1-in-vol>,<subdir2-in-vol>,..<subdirN-in-vol>
export-dir will allow the export of a particular dir as a single export
by itself. For eg.:
volume posix
type storage/posix
option directory /export/
end-volume
volume posix-ac
type features/access-control
subvolumes posix
end-volume
volume nfs
type nfs/server
subvolumes posix-ac
option rpc-auth.addr.allow *
option nfs3.posix-ac.export-dir /homes/shehjart
end-volume
A comma separate list of sub-directories will set up those dirs as separated exports.
At the nfs client, the mount command will be:
$ mount <nfsserver>:/posix-ac/homes/shehjart /mnt
Option 2:
=========
option nfs3.<volume-name>.export-volumes <on|off>
There can be situations where users only want the directory level
exports and require that volume exports be completely disabled. The
above option allows us to do this. By default, volume exports are
enabled. From the earlier example, replacing <volume-name> with
posix-ac, will disable mounting of the posix-ac volume as a whole.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 989 (Support directory exports in nfsx)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=989
|
|
Memory accounting Changes. Thanks to Vinayak Hegde and Csaba Henk for their
contributions.
Signed-off-by: Vijay Bellur <vijay@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 329 (Replacing memory allocation functions with mem-type functions)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=329
|