Alessandro De Salvo
2015-Jun-17 17:29 UTC
[Gluster-users] Ganesha exports access restrictions and Posix ACLs support
Thanks Soumya! I was hoping to have something more automatic :-) Is it in the pipeline? Thanks again, Alessandro> Il giorno 17/giu/2015, alle ore 18:21, Soumya Koduri <skoduri at redhat.com> ha scritto: > > Hi Alessandro, > > Response inline. > > On 06/17/2015 08:07 PM, Alessandro De Salvo wrote: >> Hi, >> I do not seem to be able to find an option to automatically add the gluster volume restrictions I can put with auth.allow into a ganesha export. >> As far as I have understood this can be done by using a default Access_type = None in the export and then adding one or more CLIENT block for the specific hosts. However, setting ganesha.enable to a gluster volume, does create an export with default Access_type = RW and no client block, and as a result the export is world Readable and Writable. Is there anything I?m missing or is the feature not yet supported? >> The same holds for the Posix ACLs, the automatically created export file has them disabled, and I did not find any option to enable them from the gluster CLI. > you are right. CLI exports the volume with only certain default export parameters. For any change in those export options, do the following > > step 1) Edit the export_file for that volume in the path "/etc/ganesha/exports/" > > step 2) use 'refresh_config' option of the ganesha-ha.sh script available at '/usr/libexec/ganesha/' (which is under development at present). Meanwhile , use dbus-commands to unexport and re-export the volumes. > > dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.RemoveExport uint16:<export_id_of_the_volume> > > dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.AddExport string:/<path-to-export-file> string:"EXPORT(Path=/<volname>)" > > Thanks, > Soumya > >> Thanks, >> >> Alessandro >> >> >> >> _______________________________________________ >> Gluster-users mailing list >> Gluster-users at gluster.org >> http://www.gluster.org/mailman/listinfo/gluster-users >>-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1770 bytes Desc: not available URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150617/0efb1a76/attachment.p7s>
Soumya Koduri
2015-Jun-17 17:43 UTC
[Gluster-users] Ganesha exports access restrictions and Posix ACLs support
On 06/17/2015 10:59 PM, Alessandro De Salvo wrote:> Thanks Soumya! > I was hoping to have something more automatic :-) Is it in the pipeline?yes. Infact we are currently working on it, will be available soon. -Soumya> Thanks again, > > Alessandro > >> Il giorno 17/giu/2015, alle ore 18:21, Soumya Koduri <skoduri at redhat.com> ha scritto: >> >> Hi Alessandro, >> >> Response inline. >> >> On 06/17/2015 08:07 PM, Alessandro De Salvo wrote: >>> Hi, >>> I do not seem to be able to find an option to automatically add the gluster volume restrictions I can put with auth.allow into a ganesha export. >>> As far as I have understood this can be done by using a default Access_type = None in the export and then adding one or more CLIENT block for the specific hosts. However, setting ganesha.enable to a gluster volume, does create an export with default Access_type = RW and no client block, and as a result the export is world Readable and Writable. Is there anything I?m missing or is the feature not yet supported? >>> The same holds for the Posix ACLs, the automatically created export file has them disabled, and I did not find any option to enable them from the gluster CLI. >> you are right. CLI exports the volume with only certain default export parameters. For any change in those export options, do the following >> >> step 1) Edit the export_file for that volume in the path "/etc/ganesha/exports/" >> >> step 2) use 'refresh_config' option of the ganesha-ha.sh script available at '/usr/libexec/ganesha/' (which is under development at present). Meanwhile , use dbus-commands to unexport and re-export the volumes. >> >> dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.RemoveExport uint16:<export_id_of_the_volume> >> >> dbus-send --print-reply --system --dest=org.ganesha.nfsd /org/ganesha/nfsd/ExportMgr org.ganesha.nfsd.exportmgr.AddExport string:/<path-to-export-file> string:"EXPORT(Path=/<volname>)" >> >> Thanks, >> Soumya >> >>> Thanks, >>> >>> Alessandro >>> >>> >>> >>> _______________________________________________ >>> Gluster-users mailing list >>> Gluster-users at gluster.org >>> http://www.gluster.org/mailman/listinfo/gluster-users >>> >