ABHISHEK PALIWAL
2017-Mar-24 14:10 UTC
[Gluster-users] Gluster Limitation with ACL on Kernel NFS
Hi Team, I am using gluster with kernel nfs and found one limitation with Gluster volume don't know whether it is Bug or expected. Below is the scenario: I am mounting gluster volume as well as NFS volume with '-o acl' options I have tested gluster volume with ACLs and found that if we set the ACLs either before or after export on gluster mount point it will get reflect on exported NFS volume only if we mount it after ACL are applied on gluster volume. Also, if NFS volume is already mounted then only first rule will get reflect on NFS exported volume. Could anyone tell me the possibility what is the problem here. -- Regards Abhishek Paliwal -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170324/774b9f7d/attachment.html>
Niels de Vos
2017-Mar-25 12:32 UTC
[Gluster-users] [Gluster-devel] Gluster Limitation with ACL on Kernel NFS
On Fri, Mar 24, 2017 at 07:40:14PM +0530, ABHISHEK PALIWAL wrote:> Hi Team, > > I am using gluster with kernel nfs and found one limitation with Gluster > volume don't know whether it is Bug or expected.There are some known issues with exporting FUSE mounted filesystems over NFS with kernel nfsd. This is not something we recommend or test. I suggest you look into using NFS-Ganesha for your needs, or maybe Gluster/NFS (but that is being deprecated).> Below is the scenario: > > I am mounting gluster volume as well as NFS volume with '-o acl' options > > I have tested gluster volume with ACLs and found that if we set the ACLs > either before or after export on gluster mount point it will get reflect on > exported NFS volume only if we mount it after ACL are applied on gluster > volume. > > Also, if NFS volume is already mounted then only first rule will get > reflect on NFS exported volume.I am not sure if this is one of the issues that can occur with FUSE exported filesystems, it is not listed on https://github.com/libfuse/libfuse/blob/master/doc/README.NFS> Could anyone tell me the possibility what is the problem here.It sounds like the ACL is not passed over FUSE to the gluster backend, but only read. In order to check, the easiest is probably to capture a tcpdump between the NFS-client and NFS-server, and compare that with the GlusterFS traffic between the NFS-server and Gluster storage servers. Of course we'll welcome improvements in the kernel nfsd exported FUSE filesystem area, but it definitely is not something anyone working on Gluster is looking at. NFS-Ganesha and Gluster/NFS are the tested solutions to export GlusterFS over NFS, and we're actively fixing problems that get reported with that approach. Could you explain your need to use kernel nfsd to export GlusterFS? We'd be interested to know what features NFS-Ganesha is lacking for you. Thanks, Niels -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170325/3ccb3019/attachment.sig>