Benjamin Cleyet-marrel
2011-Feb-02 13:56 UTC
[Gluster-users] Gluster 3.1.2 and rpc-auth patch
Hi, Fist of all thanks for all the work you put into gluster this product is fantastic. In our setup, we have to have some kind of nfs authentication. Not beeing able to set the rpc-auth option using the cli was a big draw-back for us. Setting the option auth.allow only set the gluster auth.addr.allow option in the bricks themselves but did not do any good regarding nfs access. Setting the option option rpc-auth.addr.MyVolume.allow * directly into the config file /etc/glusterd/nfs/nfs-server.vol did not worked as each modification (ie gluster start volume MyVolume) would overwrite changes After browsing the web/mailing list and trying to find a workaround to implement nfs auth we decided to patch the source code to add an extra option to the gluster "volume set" framwork. Which was a rather easy task considering the quality of the source code. A few lines in glusterd-volgen.c did the trick It worked for us, so here is the patch which allow users to issue: gluster volume set MyVolume rpc-auth.allow "10.*,192.*" default is still "*" Cheers -- Benjamin Cleyet-Marrel Directeur de l'ing?nierie Open Wide Outsourcing http://outsourcing.openwide.fr
Benjamin Cleyet-marrel
2011-Feb-02 14:01 UTC
[Gluster-users] Gluster 3.1.2 and rpc-auth patch
----- Original Message -----> From: "Benjamin Cleyet-marrel" <benjamin.cleyet-marrel at openwide.fr> > To: gluster-users at gluster.org > Sent: Mercredi 2 F?vrier 2011 14:56:51 > Subject: Gluster 3.1.2 and rpc-auth patch > Hi, > > Fist of all thanks for all the work you put into gluster this product > is fantastic. > > In our setup, we have to have some kind of nfs authentication. > Not beeing able to set the rpc-auth option using the cli was a big > draw-back for us. > > Setting the option auth.allow only set the gluster auth.addr.allow > option in the bricks themselves but did not do any good regarding nfs > access. > > Setting the option option rpc-auth.addr.MyVolume.allow * > directly into the config file /etc/glusterd/nfs/nfs-server.vol > did not worked as each modification (ie gluster start volume MyVolume) > would overwrite changes > > After browsing the web/mailing list and trying to find a workaround to > implement nfs auth we decided to patch the source code to add an extra > option to the gluster "volume set" framwork. Which was a rather easy > task considering the quality of the source code. > > A few lines in glusterd-volgen.c did the trick > It worked for us, so here is the patch which allow users to issue: > gluster volume set MyVolume rpc-auth.allow "10.*,192.*" > default is still "*" > > > > Cheers > > > -- > Benjamin Cleyet-Marrel > Directeur de l'ing?nierie > Open Wide Outsourcing > http://outsourcing.openwide.frHum The patch did not make it the first time so here it is inline. Cheers --- glusterd-volgen.c.orig 2011-02-02 10:56:22.932266001 +0100 +++ glusterd-volgen.c 2011-02-02 14:53:49.815904002 +0100 @@ -138,6 +138,7 @@ {"nfs.enable-ino32", "nfs/server", "nfs.enable-ino32",}, {"nfs.mem-factor", "nfs/server", "nfs.mem-factor",}, + {"rpc-auth.allow", "nfs/server", }, {NULL, } }; @@ -1245,6 +1246,7 @@ xlator_t *nfsxl = NULL; char *skey = NULL; char *enable_ino32 = NULL; + char *rpc_auth = NULL; char *mem_factor = NULL; char volume_id[64] = {0,}; int ret = 0; @@ -1281,17 +1283,27 @@ if (voliter->status != GLUSTERD_STATUS_STARTED) continue; - ret = gf_asprintf (&skey, "rpc-auth.addr.%s.allow", - voliter->volname); - if (ret == -1) { - gf_log ("", GF_LOG_ERROR, "Out of memory"); - goto out; - } - ret = xlator_set_option (nfsxl, skey, "*"); - GF_FREE (skey); + ret = glusterd_volinfo_get (voliter, + "rpc-auth.allow", + &rpc_auth); if (ret) goto out; + + ret = gf_asprintf (&skey, "rpc-auth.addr.%s.allow", voliter->volname); + if (ret == -1) { + gf_log ("", GF_LOG_ERROR, "Out of memory"); + goto out; + } + if (rpc_auth) { + ret = xlator_set_option (nfsxl, skey, rpc_auth); + } else { + ret = xlator_set_option (nfsxl, skey, "*"); + } + GF_FREE (skey); + if (ret) + goto out; + ret = gf_asprintf (&skey, "nfs3.%s.volume-id", voliter->volname); if (ret == -1) {