glusterfs.git, branch v3.5.3 doc: add release notes for GlusterFS 3.5.3 2014-11-12T13:42:08+00:00 Niels de Vos ndevos@redhat.com 2014-10-31T10:40:31+00:00 be560c6f41ab50f023606f0f8a3de189ee94f583 Change-Id: Ic5a8be45f0397e492f56142856cf9bf9d35f91b5 BUG: 1125231 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8903 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
Change-Id: Ic5a8be45f0397e492f56142856cf9bf9d35f91b5
BUG: 1125231
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8903
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
logrotate: gluster logrotate config should not be global 2014-10-30T09:19:14+00:00 Lalatendu Mohanty lmohanty@redhat.com 2014-10-29T19:41:02+00:00 a970fc0cd7ec4ddb806273b0d7279c52587452a4 Issue : Previously glusterfs logrotate config file pollutes global config. So moved the directives inside the curly braces, so they don't pollute the global config state. Change-Id: I8836893dfcdf457d9c5d766612d687bfce64e2ae BUG: 1126801 "Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>" "Reviewed-on: http://review.gluster.org/8994" "Reviewed-by: Niels de Vos <ndevos@redhat.com>" "Tested-by: Gluster Build System <jenkins@build.gluster.com>" (cherry picked from commit a5d73daabf6df95bc73b186d92f3e2d1239a6f8a) Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com> Reviewed-on: http://review.gluster.org/9001 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
Issue : Previously glusterfs logrotate config file pollutes
global config. So moved the directives inside the curly braces,
 so they don't pollute the global config state.

Change-Id: I8836893dfcdf457d9c5d766612d687bfce64e2ae
BUG: 1126801
"Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>"
"Reviewed-on: http://review.gluster.org/8994"
"Reviewed-by: Niels de Vos <ndevos@redhat.com>"
"Tested-by: Gluster Build System <jenkins@build.gluster.com>"
(cherry picked from commit a5d73daabf6df95bc73b186d92f3e2d1239a6f8a)
Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>
Reviewed-on: http://review.gluster.org/9001
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Posix: Brick failure detection fix for ext4 filesystem 2014-10-28T16:33:48+00:00 Lalatendu Mohanty lmohanty@redhat.com 2014-10-28T11:57:25+00:00 d8c40d37a5850bf1021288c91d75a66c494c9c98 Issue: stat() on XFS has a check for the filesystem status but ext4 does not. Fix: Replacing stat() call with open, write and read to a new file under the "brick/.glusterfs" directory. This change will work for xfs, ext4 and other fileystems. Change-Id: Id03c4bc07df4ee22916a293442bd74819b051839 BUG: 1130204 "Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>" "Reviewed-on: http://review.gluster.org/8213" "Reviewed-by: Niels de Vos <ndevos@redhat.com>" "Tested-by: Gluster Build System <jenkins@build.gluster.com>" (cherry picked from commit a7ef6eea4d43afdba9d0453c095e71e6bf22cdb7) Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com> Reviewed-on: http://review.gluster.org/8989 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
Issue: stat() on XFS has a check for the filesystem status but
ext4 does not.

Fix: Replacing stat() call with open, write and read  to a new file under the
"brick/.glusterfs" directory. This change will work for xfs, ext4 and other
fileystems.

Change-Id: Id03c4bc07df4ee22916a293442bd74819b051839
BUG: 1130204
"Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>"
"Reviewed-on: http://review.gluster.org/8213"
"Reviewed-by: Niels de Vos <ndevos@redhat.com>"
"Tested-by: Gluster Build System <jenkins@build.gluster.com>"
(cherry picked from commit a7ef6eea4d43afdba9d0453c095e71e6bf22cdb7)
Signed-off-by: Lalatendu Mohanty <lmohanty@redhat.com>
Reviewed-on: http://review.gluster.org/8989
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
socket: disallow CBC cipher modes 2014-10-28T15:49:41+00:00 Niels de Vos ndevos@redhat.com 2014-10-27T12:57:44+00:00 027d38cf6ba838cd015886207d3c265ef6446757 This is related to CVE-2014-3566 a.k.a. POODLE. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 POODLE is specific to CBC cipher modes in SSLv3. Because there is no way to prevent SSLv3 fallback on a system with an unpatched version of OpenSSL, users of such systems can only be protected by disallowing CBC modes. The default cipher-mode specification in our code has been changed accordingly. Users can still set their own cipher modes if they wish. To support them, the ssl-authz.t test script provides an example of how to combine the CBC exclusion with other criteria in a script. Cherry picked from commit 378a0a19d95e552220d71b13be685f4772c576cd: > Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5 > BUG: 1155328 > Signed-off-by: Jeff Darcy <jdarcy@redhat.com> > Reviewed-on: http://review.gluster.org/8962 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> ssl-auth.t has been modified to not set the auth.ssl-allow option. This option is not available in the 3.5 branch. Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5 BUG: 1157661 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8979 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.  Users can still set their own cipher modes if they
wish.  To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.

Cherry picked from commit 378a0a19d95e552220d71b13be685f4772c576cd:
> Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
> BUG: 1155328
> Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
> Reviewed-on: http://review.gluster.org/8962
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>

ssl-auth.t has been modified to not set the auth.ssl-allow option. This
option is not available in the 3.5 branch.

Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1157661
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8979
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
cluster/afr: Fix excessive logging in glfsheal log file 2014-10-27T15:47:49+00:00 Krutika Dhananjay kdhananj@redhat.com 2014-10-21T22:48:59+00:00 a539b29c1c28dff78fa2314deafd2948f5f8ae1a Wrong afr_local_t instance was being used in the missing entry sh check in afr_self_heal(), which was leading to entrylk failure messages of the following kind in glfsheal logfile: [2014-10-21 12:39:04.109875] I [afr-self-heal-common.c:2146:afr_sh_post_nb_entrylk_missing_entry_sh_cbk] 0-vol-replicate-1: Non blocking entrylks failed The fix involves sending the right "local" to afr_can_start_missing_entry_gfid_self_heal(). After fixing this, there were two more codepaths giving out too many log messages of the following kinds: [2014-10-21 22:19:29.568533] E [afr-self-heal-data.c:1611:afr_sh_data_open_cbk] 0-dis-rep-replicate-1: open of 8a858b02-0fc7-4713-9f61-8ca28dea82c0 failed on child dis-rep-client-2 (Stale file handle) [2014-10-21 22:19:29.577948] E [afr-self-heal-entry.c:2353:afr_sh_post_nonblocking_entry_cbk] 0-dis-rep-replicate-1: Non Blocking entrylks failed for ff9c82c4-5c0c-4ed9-b745-604a28dc352d. which are also fixed appropriately as part of this patch. Change-Id: Idd8d8e5735ee7a4ac36f369525f96e53276e0859 BUG: 1153629 Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com> Reviewed-on: http://review.gluster.org/8965 Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
Wrong afr_local_t instance was being used in the missing entry sh
check in afr_self_heal(), which was leading to entrylk failure messages
of the following kind in glfsheal logfile:

[2014-10-21 12:39:04.109875] I
[afr-self-heal-common.c:2146:afr_sh_post_nb_entrylk_missing_entry_sh_cbk]
0-vol-replicate-1: Non blocking entrylks failed

The fix involves sending the right "local" to
afr_can_start_missing_entry_gfid_self_heal().

After fixing this, there were two more codepaths giving out too many log messages
of the following kinds:

[2014-10-21 22:19:29.568533] E [afr-self-heal-data.c:1611:afr_sh_data_open_cbk]
0-dis-rep-replicate-1: open of 8a858b02-0fc7-4713-9f61-8ca28dea82c0
failed on child dis-rep-client-2 (Stale file handle)

[2014-10-21 22:19:29.577948] E [afr-self-heal-entry.c:2353:afr_sh_post_nonblocking_entry_cbk]
0-dis-rep-replicate-1: Non Blocking entrylks failed for ff9c82c4-5c0c-4ed9-b745-604a28dc352d.

which are also fixed appropriately as part of this patch.

Change-Id: Idd8d8e5735ee7a4ac36f369525f96e53276e0859
BUG: 1153629
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/8965
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
logs: Do selective logging for errnos 2014-10-22T07:32:40+00:00 Pranith Kumar K pkarampu@redhat.com 2014-10-21T10:48:16+00:00 5fff385333db750561ffd026af09e52a8c8c16e6 Backport of http://review.gluster.org/8918 http://review.gluster.org/8955 Problem: Just after replace-brick the mount logs are filled with ENOENT/ESTALE warning logs because the file is yet to be self-healed now that the brick is new. Fix: Do conditional logging for the logs. ENOENT/ESTALE will be logged at lower log level. Only when debug logs are enabled, these logs will be written to the logfile. BUG: 1155073 Change-Id: Icf06f2fc4f2f91e199de24a88bcb0ce9b8955ebd Signed-off-by: Pranith Kumar K <pkarampu@redhat.com> Reviewed-on: http://review.gluster.org/8960 Reviewed-by: Krutika Dhananjay <kdhananj@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
        Backport of http://review.gluster.org/8918
                    http://review.gluster.org/8955

Problem:
Just after replace-brick the mount logs are filled with ENOENT/ESTALE
warning logs because the file is yet to be self-healed now that the
brick is new.

Fix:
Do conditional logging for the logs. ENOENT/ESTALE will be logged at
lower log level. Only when debug logs are enabled, these logs will
be written to the logfile.

BUG: 1155073
Change-Id: Icf06f2fc4f2f91e199de24a88bcb0ce9b8955ebd
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/8960
Reviewed-by: Krutika Dhananjay <kdhananj@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
protocol/client: change log level for lookup 2014-10-21T15:41:25+00:00 Ravishankar N root@ravi3.(none) 2014-10-17T10:58:06+00:00 946eecfff75d7c9f4df3890ce57311386fe6e994 Problem: On 3.5 branch, http://review.gluster.org/8294 causes the server to return ENOENT (as opposed to ESTALE in master branch) if file does not exist. When AFR does entry self-heals (either from the mount or shd or by the `heal info` command), it does a gfid-lookup with loc.name == NULL, causing the corresponding log file to be flooded with messages like this: [2014-10-15 11:12:57.405428] W [client-rpc-fops.c:2761:client3_3_lookup_cbk] 0-testvol-client-1: remote operation failed: No such file or directory. Path: <gfid:760b4427-2fb9-4a67-9f55-e8e8d78e452f> (760b4427-2fb9-4a67-9f55-e8e8d78e452f) Fix: Change log level for ENOENT and ESTALE errors to DEBUG Change-Id: Ideb88d9cb609d077e02efe703cd28155985d7513 BUG: 1153904 Signed-off-by: Ravishankar N <root@ravi3.(none)> Reviewed-on: http://review.gluster.org/8937 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
Problem:
On 3.5 branch, http://review.gluster.org/8294 causes the server to return ENOENT
(as opposed to ESTALE in master branch) if file does not exist. When AFR does
entry self-heals (either from the mount or shd or by the `heal info` command), it
does a gfid-lookup with loc.name == NULL, causing the corresponding log file to be
flooded with messages like this:

[2014-10-15 11:12:57.405428] W [client-rpc-fops.c:2761:client3_3_lookup_cbk]
0-testvol-client-1: remote operation failed: No such file or directory. Path:
<gfid:760b4427-2fb9-4a67-9f55-e8e8d78e452f>
(760b4427-2fb9-4a67-9f55-e8e8d78e452f)

Fix:
Change log level for ENOENT and ESTALE errors to DEBUG

Change-Id: Ideb88d9cb609d077e02efe703cd28155985d7513
BUG: 1153904
Signed-off-by: Ravishankar N <root@ravi3.(none)>
Reviewed-on: http://review.gluster.org/8937
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
glusterd: pass the bind-address to starting services 2014-10-21T15:38:50+00:00 Niels de Vos ndevos@redhat.com 2014-10-21T07:20:31+00:00 4f58e62ce5787303ced4e11ba15d5ce8f07c379f When the transport.socket.bind-address option is set to a hostname or ip-address, the services started by GlusterD fail to connect to the management daemon. GlusterD always forces the services to connect to the "localhost" hostname, even if it is not listening on that address. GlusterD should take the transport.socket.bind-address option into consideration, and pass that to the glusterfs-clients with the -s or --volfile commandline parameter. Note that this is not a change that removes all hard-coded dependencies on "localhost". This change merely makes it possible to start required services when the transport.socket.bind-address option is set. Cherry picked from commit 283fa797f4bf98130b42c36972305b8cb6e5aaaf: > Change-Id: I36a0ed6c69342e6327adc258fea023929055d7f2 > BUG: 1149863 > Signed-off-by: Niels de Vos <ndevos@redhat.com> > Reviewed-on: http://review.gluster.org/8908 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Jeff Darcy <jdarcy@redhat.com> > Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> > Tested-by: Krishnan Parthasarathi <kparthas@redhat.com> Change-Id: I36a0ed6c69342e6327adc258fea023929055d7f2 BUG: 1149857 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8952 Tested-by: Gluster Build System <jenkins@build.gluster.com> 
When the transport.socket.bind-address option is set to a hostname or
ip-address, the services started by GlusterD fail to connect to the
management daemon. GlusterD always forces the services to connect to the
"localhost" hostname, even if it is not listening on that address.

GlusterD should take the transport.socket.bind-address option into
consideration, and pass that to the glusterfs-clients with the -s or
--volfile commandline parameter.

Note that this is not a change that removes all hard-coded dependencies
on "localhost". This change merely makes it possible to start required
services when the transport.socket.bind-address option is set.

Cherry picked from commit 283fa797f4bf98130b42c36972305b8cb6e5aaaf:
> Change-Id: I36a0ed6c69342e6327adc258fea023929055d7f2
> BUG: 1149863
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/8908
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
> Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
> Tested-by: Krishnan Parthasarathi <kparthas@redhat.com>

Change-Id: I36a0ed6c69342e6327adc258fea023929055d7f2
BUG: 1149857
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8952
Tested-by: Gluster Build System <jenkins@build.gluster.com>
glusterd: make bricks respect 'transport.socket.bind-address' 2014-10-21T15:38:18+00:00 Niels de Vos ndevos@redhat.com 2014-10-21T07:38:09+00:00 6b6ee3bce4b2fcb2cbfd06ab0a199d7aac4b7cec When GlusterD starts the brick processes, these will listen on all interfaces. When the 'transport.socket.bind-address' option is set in glusterd.vol, the brick processes should only listen on the specified hostname or IP-address. Cherry picked from commit 430b874c4f1a171c106a9e1e6507e14e79805a1d: > Change-Id: I8e7d1f294904081137c23f3446261329d0d13bba > BUG: 1149863 > Signed-off-by: Niels de Vos <ndevos@redhat.com> > Reviewed-on: http://review.gluster.org/8910 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> > Tested-by: Krishnan Parthasarathi <kparthas@redhat.com> Change-Id: I8e7d1f294904081137c23f3446261329d0d13bba BUG: 1149857 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8953 Tested-by: Gluster Build System <jenkins@build.gluster.com> 
When GlusterD starts the brick processes, these will listen on all
interfaces. When the 'transport.socket.bind-address' option is set in
glusterd.vol, the brick processes should only listen on the specified
hostname or IP-address.

Cherry picked from commit 430b874c4f1a171c106a9e1e6507e14e79805a1d:
> Change-Id: I8e7d1f294904081137c23f3446261329d0d13bba
> BUG: 1149863
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/8910
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
> Tested-by: Krishnan Parthasarathi <kparthas@redhat.com>

Change-Id: I8e7d1f294904081137c23f3446261329d0d13bba
BUG: 1149857
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8953
Tested-by: Gluster Build System <jenkins@build.gluster.com>
glusterd/quota: Heal pgfid xattr on existing data when the quota is 2014-10-20T16:13:34+00:00 vmallika vmallika@redhat.com 2014-09-29T07:32:30+00:00 b0ed286e9b53c5ad24f04686cd6ddfad940b87f3 enable Backport of: http://review.gluster.org/8878 The pgfid extended attributes are used to construct the ancestry path (from the file to the volume root) for nameless lookups on files. As NFS relies on nameless lookups heavily, quota enforcement through NFS would be inconsistent if quota were to be enabled on a volume with existing data. Solution is to heal the pgfid extended attributes as a part of lookup perfomed by quota-crawl process. In a posix lookup check for pgfid xattr and if it is missing set the xattr. Change-Id: I956128907aa1d975cd5719ed3ab2f4f9b37d4c31 BUG: 1153900 Signed-off-by: vmallika <vmallika@redhat.com> Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com> Reviewed-on: http://review.gluster.org/8938 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
enable

        Backport of: http://review.gluster.org/8878

The pgfid extended attributes are used to construct the ancestry path
(from the file to the volume root) for nameless lookups on files.
As NFS relies on nameless lookups heavily, quota enforcement through NFS
would be inconsistent if quota were to be enabled on a volume with
existing data.

Solution is to heal the pgfid extended attributes as a part of lookup
perfomed by quota-crawl process. In a posix lookup check for pgfid xattr
and if it is missing set the xattr.

Change-Id: I956128907aa1d975cd5719ed3ab2f4f9b37d4c31
BUG: 1153900
Signed-off-by: vmallika <vmallika@redhat.com>
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/8938
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>