Soumya Koduri
2015-Jun-17 16:21 UTC
[Gluster-users] Ganesha exports access restrictions and Posix ACLs support
Hi Alessandro, Response inline. On 06/17/2015 08:07 PM, Alessandro De Salvo wrote:> Hi, > I do not seem to be able to find an option to automatically add the gluster volume restrictions I can put with auth.allow into a ganesha export. > As far as I have understood this can be done by using a default Access_type = None in the export and then adding one or more CLIENT block for the specific hosts. However, setting ganesha.enable to a gluster volume, does create an export with default Access_type = RW and no client block, and as a result the export is world Readable and Writable. Is there anything I?m missing or is the feature not yet supported? > The same holds for the Posix ACLs, the automatically created export file has them disabled, and I did not find any option to enable them from the gluster CLI.you are right. CLI exports the volume with only certain default export parameters. For any change in those export options, do the following step 1) Edit the export_file for that volume in the path "/etc/ganesha/exports/" step 2) use 'refresh_config' option of the ganesha-ha.sh script available at '/usr/libexec/ganesha/' (which is under development at present). Meanwhile , use dbus-commands to unexport and re-export the volumes. dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.RemoveExport uint16:<export_id_of_the_volume> dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.AddExport string:/<path-to-export-file> string:"EXPORT(Path=/<volname>)" Thanks, Soumya> Thanks, > > Alessandro > > > > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://www.gluster.org/mailman/listinfo/gluster-users >
Alessandro De Salvo
2015-Jun-17 17:29 UTC
[Gluster-users] Ganesha exports access restrictions and Posix ACLs support
Thanks Soumya! I was hoping to have something more automatic :-) Is it in the pipeline? Thanks again, Alessandro> Il giorno 17/giu/2015, alle ore 18:21, Soumya Koduri <skoduri at redhat.com> ha scritto: > > Hi Alessandro, > > Response inline. > > On 06/17/2015 08:07 PM, Alessandro De Salvo wrote: >> Hi, >> I do not seem to be able to find an option to automatically add the gluster volume restrictions I can put with auth.allow into a ganesha export. >> As far as I have understood this can be done by using a default Access_type = None in the export and then adding one or more CLIENT block for the specific hosts. However, setting ganesha.enable to a gluster volume, does create an export with default Access_type = RW and no client block, and as a result the export is world Readable and Writable. Is there anything I?m missing or is the feature not yet supported? >> The same holds for the Posix ACLs, the automatically created export file has them disabled, and I did not find any option to enable them from the gluster CLI. > you are right. CLI exports the volume with only certain default export parameters. For any change in those export options, do the following > > step 1) Edit the export_file for that volume in the path "/etc/ganesha/exports/" > > step 2) use 'refresh_config' option of the ganesha-ha.sh script available at '/usr/libexec/ganesha/' (which is under development at present). Meanwhile , use dbus-commands to unexport and re-export the volumes. > > dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.RemoveExport uint16:<export_id_of_the_volume> > > dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.AddExport string:/<path-to-export-file> string:"EXPORT(Path=/<volname>)" > > Thanks, > Soumya > >> Thanks, >> >> Alessandro >> >> >> >> _______________________________________________ >> Gluster-users mailing list >> Gluster-users at gluster.org >> http://www.gluster.org/mailman/listinfo/gluster-users >>-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1770 bytes Desc: not available URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150617/0efb1a76/attachment.p7s>