thr3ads.net - Gluster users - [Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA? [Mar 2016]

If this information is useful, please help other people find it:
Share via:

Fabian Wenk

2016-Mar-01 17:43 UTC

[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?

Hello

I have installed Gluster 3.6.8 on Ubuntu 14.04 LTS (from PPA). I did 
create a volume with the following command:

gluster volume create myvol replica 2 
server1:/export/glusterfs/myvol/brick1 
server2:/export/glusterfs/myvol/brick2

and followed with 'gluster volume start myvol', then 'gluster volume
info' showed this:

Volume Name: myvol
Type: Replicate
Volume ID: eea55188-9f4a-4589-a0b7-d8e2d85f103f
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: server1:/export/glusterfs/myvol/brick1
Brick2: server2:/export/glusterfs/myvol/brick2

As this volume was available to be mounted from anywhere with glusterfs, 
I did also run:

gluster volume set myvol auth.allow 127.0.0.1,<IP-addresses-of-clients>


With some testing, I did realize, that I can mount the volume with NFS 
from anywhere in my local network. According to the documentation [1], 
the option nfs.rpc-auth-allow should be set to 'Reject All' as default, 
but somehow it is not.

   [1] 
https://gluster.readthedocs.org/en/latest/Administrator%20Guide/Managing%20Volumes/

As a work around I did the following additional steps:

gluster volume set myvol nfs.rpc-auth-allow 127.0.0.1

This gave a 'Permission denied' message when tried to mount with NFS 
from an other system, and then I also did run:

gluster volume set myvol nfs.disable On

which disabled NFS so far and GlusterFS is not listening on TCP port 
2049 any more.

Is something broken with the default Ubuntu PPA package? Or did I miss a 
configuration option to disable NFS on default for all (new) volumes?


bye
Fabian

Joe Julian

2016-Mar-01 18:07 UTC

head link

[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?

On 03/01/2016 09:43 AM, Fabian Wenk wrote:>
> With some testing, I did realize, that I can mount the volume with NFS 
> from anywhere in my local network. According to the documentation [1], 
> the option nfs.rpc-auth-allow should be set to 'Reject All' as 
> default, but somehow it is not.
>
>   [1] 
>
https://gluster.readthedocs.org/en/latest/Administrator%20Guide/Managing%20Volumes/
Yep, that's a documentation bug. The source says, "By default, all 
connections are allowed." - xlators/nfs/server/src/nfs.c#1848..1849

Gluster users - Mar 2016 - Is NFS available / enabled on purpose as default in the Ubuntu PPA?

[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?

[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?