Gluster users - Nov 2018 - Restricting NFS-Ganesha to use NFSv4.0 only

Hi All, 

In a bugzilla ( [ https://bugzilla.redhat.com/show_bug.cgi?id=1546713 |
https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ] ) I was reading it showed
that it should be possible to restrict the NFSv4 usage to only use 4.0 (since
4.1/4.2 is not supported).
To try that, I modified an existing share so it reads : 

EXPORT{ 
Export_Id = 2; 
Path = "/DATA"; 
FSAL { 
name = GLUSTER; 
hostname="localhost"; 
volume="DATA"; 
} 
Access_type = RW; 
Disable_ACL = true; 
Squash="No_root_squash"; 
Pseudo="/DATA"; 
Protocols = "4" ; 
Transports = "UDP","TCP"; 
SecType = "sys"; 
NFSv4 { 
minor_versions = 0; 
} 
} 

And restarted the nfs- ganesha service. Seemed to start fine and mounted the
share from a client and specifying the mount option "-o vers=4.1" and
indeed it mounted it with NFSv4.1 (I was expecting/hoping it would refuse to
mount).

What is (or should be) the way to only allow NFSv4.0 exports (if possible at
all) ?

Running GlusterFS 3.12 / RHGS 3.4 with packages : 
bash-4.2# rpm -qa | grep ganesha 
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64 
nfs- ganesha -2.5.5-10.el7rhgs.x86_64 
nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64 

bash-4.2# rpm -qa | grep ^glusterfs 
glusterfs-libs-3.12.2-18.el7rhgs.x86_64 
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64 
glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64 
glusterfs-fuse-3.12.2-18.el7rhgs.x86_64 
glusterfs-cli-3.12.2-18.el7rhgs.x86_64 
glusterfs-api-3.12.2-18.el7rhgs.x86_64 
glusterfs-server-3.12.2-18.el7rhgs.x86_64 
glusterfs-3.12.2-18.el7rhgs.x86_64 

Thanks in advance, 
Nico van Roijen 
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20181123/0e915350/attachment.html>

On 11/23/18 1:42 PM, Nico van Royen wrote:
> Hi All,
> 
> In a bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1546713) I
> was reading it showed that it should be possible to restrict the NFSv4
> usage to only use 4.0 (since 4.1/4.2 is not supported).
Who is telling you that 4.1 and 4.2 aren't supported?

Because NFS-Ganesha does, in fact, support NFSv4.1, NFSv4.2, and pNFS.

(Maybe you're thinking of the nfs-ganesha server in Red Hat's RHGS (Red
Hat Gluster Storage) or RHCS (Red Hat Ceph Storage), where 4.1 and 4.2
are not supported.)

> To try that, I modified an existing share so it reads :
> 
> EXPORT{
> ? ? ??Export_Id = 2;
> ? ? ??Path = "/DATA";
> ? ? ??FSAL {
> ? ? ? ? ? ?name = GLUSTER;
> ? ? ? ? ? ?hostname="localhost";
> ? ? ? ? ? ?volume="DATA";
> ? ? ? ? ? ?}
> ? ? ??Access_type = RW;
> ? ? ??Disable_ACL = true;
> ? ? ??Squash="No_root_squash";
> ? ? ??Pseudo="/DATA";
> ? ? ??Protocols = "4" ;
> ? ? ??Transports = "UDP","TCP";
> ? ? ??SecType = "sys";
> ? ? ??NFSv4 {
> ? ? ? ? ? ??minor_versions = 0;
> ? ? ??}
> ? ? ?}
> 
> And restarted the nfs-ganesha?service.? ?Seemed to start fine and
> mounted the share from a client and specifying the mount option "-o
> vers=4.1" and indeed it mounted it with NFSv4.1? (I was
expecting/hoping
> it would refuse to mount).
> 
> What is (or should be) the way to only allow NFSv4.0 exports (if
> possible at all) ?
> 
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep?ganesha
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> nfs-ganesha-2.5.5-10.el7rhgs.x86_64
> nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64
> 
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
> 
> Thanks in advance,
> Nico van Roijen
> 
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
>

Hi Nico,

The option is ganesha-server specific option(not per export). U need to mention
it in ganesha.conf in the following block
NFSv4 {
                minor_versions = 1; 
}

Not inside the block of block of volume configuration file



----- Original Message -----
From: "Nico van Royen" <nico at van-royen.nl>
To: "gluster-users" <gluster-users at gluster.org>
Sent: Saturday, November 24, 2018 12:12:19 AM
Subject: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only

Hi All, 

In a bugzilla ( https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ) I was
reading it showed that it should be possible to restrict the NFSv4 usage to only
use 4.0 (since 4.1/4.2 is not supported).
To try that, I modified an existing share so it reads : 

EXPORT{ 
Export_Id = 2; 
Path = "/DATA"; 
FSAL { 
name = GLUSTER; 
hostname="localhost"; 
volume="DATA"; 
} 
Access_type = RW; 
Disable_ACL = true; 
Squash="No_root_squash"; 
Pseudo="/DATA"; 
Protocols = "4" ; 
Transports = "UDP","TCP"; 
SecType = "sys"; 
NFSv4 { 
minor_versions = 0; 
} 
} 

And restarted the nfs- ganesha service. Seemed to start fine and mounted the
share from a client and specifying the mount option "-o vers=4.1" and
indeed it mounted it with NFSv4.1 (I was expecting/hoping it would refuse to
mount).

What is (or should be) the way to only allow NFSv4.0 exports (if possible at
all) ?

Running GlusterFS 3.12 / RHGS 3.4 with packages : 
bash-4.2# rpm -qa | grep ganesha 
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64 
nfs- ganesha -2.5.5-10.el7rhgs.x86_64 
nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64 

bash-4.2# rpm -qa | grep ^glusterfs 
glusterfs-libs-3.12.2-18.el7rhgs.x86_64 
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64 
glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64 
glusterfs-fuse-3.12.2-18.el7rhgs.x86_64 
glusterfs-cli-3.12.2-18.el7rhgs.x86_64 
glusterfs-api-3.12.2-18.el7rhgs.x86_64 
glusterfs-server-3.12.2-18.el7rhgs.x86_64 
glusterfs-3.12.2-18.el7rhgs.x86_64 

Thanks in advance, 
Nico van Roijen 

_______________________________________________
Gluster-users mailing list
Gluster-users at gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users