glusterfs.git/xlators/mgmt/glusterd/src, branch release-3.10 glusterd/ganesha : Skip non-ganesha nodes properly for ganesha HA set up 2018-04-30T07:21:27+00:00 Jiffin Tony Thottan jthottan@redhat.com 2018-04-30T07:05:01+00:00 5cbde22e109fa49c85c5cfe571b1ebf779ad1b3d Change-Id: Iff7bc3ead43e97847219c5a5cc8b967bf0967903 BUG: 1573078 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> 
Change-Id: Iff7bc3ead43e97847219c5a5cc8b967bf0967903
BUG: 1573078
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
server/auth: add option for strict authentication 2018-04-24T12:49:02+00:00 Mohammed Rafi KC rkavunga@redhat.com 2018-04-02T06:50:47+00:00 420577300f1f8f28e5c4784f291f2c14e7311fb1 When this option is enabled, we will check for a matching username and password, if not found then the connection will be rejected. This also does a checksum validation of volfile The option is invalid when SSL/TLS is in use, at which point the SSL/TLS certificate user name is used to validate and hence authorize the right user. This expects TLS allow rules to be setup correctly rather than the default *. This option is not settable, as a result this cannot be enabled for volumes using the CLI. This is used with the shared storage volume, to restrict access to the same in non-SSL/TLS environments to the gluster peers only. Tested: ./tests/bugs/protocol/bug-1321578.t ./tests/features/ssl-authz.t - Ran tests on volumes with and without strict auth checking (as brick vol file needed to be edited to test, or rather to enable the option) - Ran tests on volumes to ensure existing mounts are disconnected when we enable strict checking Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59 fixes: bz#1570428 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> Signed-off-by: ShyamsundarR <srangana@redhat.com> 
When this option is enabled, we will check for a matching
username and password, if not found then the connection will
be rejected. This also does a checksum validation of volfile

The option is invalid when SSL/TLS is in use, at which point
the SSL/TLS certificate user name is used to validate and
hence authorize the right user. This expects TLS allow rules
to be setup correctly rather than the default *.

This option is not settable, as a result this cannot be enabled
for volumes using the CLI. This is used with the shared storage
volume, to restrict access to the same in non-SSL/TLS environments
to the gluster peers only.

Tested:
  ./tests/bugs/protocol/bug-1321578.t
  ./tests/features/ssl-authz.t
  - Ran tests on volumes with and without strict auth
    checking (as brick vol file needed to be edited to test,
    or rather to enable the option)
  - Ran tests on volumes to ensure existing mounts are
    disconnected when we enable strict checking

Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59
fixes: bz#1570428
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
Signed-off-by: ShyamsundarR <srangana@redhat.com>
shared storage: Prevent mounting shared storage from non-trusted client 2018-04-24T12:49:02+00:00 Mohammed Rafi KC rkavunga@redhat.com 2018-03-26T14:57:34+00:00 961883e065f80125e5db648e7c214677b2390736 gluster shared storage is a volume used for internal storage for various features including ganesha, geo-rep, snapshot. So this volume should not be exposed to the client, as it is a special volume for internal use. This fix wont't generate non trusted volfile for shared storage volume. Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c updates: bz#1570428 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> 
gluster shared storage is a volume used for internal storage for
various features including ganesha, geo-rep, snapshot.

So this volume should not be exposed to the client, as it is
a special volume for internal use.

This fix wont't generate non trusted volfile for shared storage volume.

Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c
updates: bz#1570428
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
glusterd : introduce timer in mgmt_v3_lock 2018-03-20T13:58:38+00:00 Gaurav Yadav gyadav@redhat.com 2017-10-05T18:14:46+00:00 9bd5c119076577b1029c7f451d19baa9a735a850 Problem: In a multinode environment, if two of the op-sm transactions are initiated on one of the receiver nodes at the same time, there might be a possibility that glusterd may end up in stale lock. Solution: During mgmt_v3_lock a registration is made to gf_timer_call_after which release the lock after certain period of time >Change-Id: I16cc2e5186a2e8a5e35eca2468b031811e093843 >BUG: 1499004 >Signed-off-by: Gaurav Yadav <gyadav@redhat.com> Change-Id: I16cc2e5186a2e8a5e35eca2468b031811e093843 BUG: 1557304 Signed-off-by: Gaurav Yadav <gyadav@redhat.com> 
Problem:
In a multinode environment, if two of the op-sm transactions
are initiated on one of the receiver nodes at the same time,
there might be a possibility that glusterd  may end up in
stale lock.

Solution:
During mgmt_v3_lock a registration is made to  gf_timer_call_after
which release the lock after certain period of time

>Change-Id: I16cc2e5186a2e8a5e35eca2468b031811e093843
>BUG: 1499004
>Signed-off-by: Gaurav Yadav <gyadav@redhat.com>

Change-Id: I16cc2e5186a2e8a5e35eca2468b031811e093843
BUG: 1557304
Signed-off-by: Gaurav Yadav <gyadav@redhat.com>
glusterd/ganesha : create/remove export file only from the node which performs ganesha.enable 2018-03-16T13:35:58+00:00 Jiffin Tony Thottan jthottan@redhat.com 2018-03-14T06:31:30+00:00 616c5bf733e64df0f9f6822180d62418688cfc1c As part of volume set ganesha.enable on the ganesha export configuration file will be created/removed using "create-export-ganesha.sh". This performed from the nodes which are part of ganesha cluster. But it is not need since the file is saved in shared storage and consumed by the nodes in the ganesha cluster. Change-Id: I2583899972b47d451a90711940293004a3af4690 BUG: 1555195 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> 
As part of volume set ganesha.enable on the ganesha export configuration file will be created/removed
using "create-export-ganesha.sh". This performed from the nodes which are part of ganesha cluster.
But it is not need since the file is saved in shared storage and consumed by the nodes in the ganesha cluster.

Change-Id: I2583899972b47d451a90711940293004a3af4690
BUG: 1555195
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
glusterd/ganesha : change voltype for ganesha.enable in volume option table 2018-02-27T10:11:11+00:00 Jiffin Tony Thottan jthottan@redhat.com 2018-02-27T10:05:30+00:00 64ad9a8d2712a49e1bbaa0047007e58eb72d4384 The voltype defined for ganesha.enable is features/ganesha. But ganesha xlator was removed from client stack long back. Now it is defined as part of glusterd. So reflecting the same on the volume option table. Change-Id: Ifedd7493020b77bd54edfdbdd9c799d93b24d0aa BUG: 1486542 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> 
The voltype defined for ganesha.enable is features/ganesha. But ganesha xlator
was removed from client stack long back. Now it is defined as part of glusterd.
So reflecting the same on the volume option table.

Change-Id: Ifedd7493020b77bd54edfdbdd9c799d93b24d0aa
BUG: 1486542
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
glusterd: fix tier-enabled flag op-version check 2018-02-21T02:51:09+00:00 Atin Mukherjee amukherj@redhat.com 2018-02-13T02:36:24+00:00 c980e344da11824cd2e6f271be7cba96ccff69e0 tier-enabled flag in volinfo structure was introduced in 3.10, however while writing this value to the glusterd store was done with a wrong op-version check which results into volume checksum failure during upgrades. >Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4 >BUG: 1544600 >Signed-off-by: Atin Mukherjee <amukherj@redhat.com> Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4 BUG: 1544461 Signed-off-by: hari gowtham <hgowtham@redhat.com> 
tier-enabled flag in volinfo structure was introduced in 3.10, however
while writing this value to the glusterd store was done with a wrong
op-version check which results into volume checksum failure during upgrades.

>Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4
>BUG: 1544600
>Signed-off-by: Atin Mukherjee <amukherj@redhat.com>

Change-Id: I4330d0c4594eee19cba42e2cdf49a63f106627d4
BUG: 1544461
Signed-off-by: hari gowtham <hgowtham@redhat.com>
glusterd: Nullify pmap entry for bricks belonging to same port 2018-01-03T15:19:03+00:00 Atin Mukherjee amukherj@redhat.com 2018-01-02T14:56:31+00:00 fcdec185173f8da44e879c6fc592c0c0a8876728 Commit 30e0b86 tried to address all the stale port issues glusterd had in case of a brick is abruptly killed. For brick multiplexing case because of a bug the portmap entry was not getting removed. This patch addresses the same. >mainline patch : https://review.gluster.org/#/c/19119/ Change-Id: Ib020b967a9b92f1abae9cab9492f0cacec59aaa1 BUG: 1530450 Signed-off-by: Atin Mukherjee <amukherj@redhat.com> 
Commit 30e0b86 tried to address all the stale port issues glusterd had
in case of a brick is abruptly killed. For brick multiplexing case
because of a bug the portmap entry was not getting removed. This patch
addresses the same.

>mainline patch : https://review.gluster.org/#/c/19119/

Change-Id: Ib020b967a9b92f1abae9cab9492f0cacec59aaa1
BUG: 1530450
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
glusterd: Free up svc->conn on volume delete 2017-12-07T05:01:34+00:00 Atin Mukherjee amukherj@redhat.com 2017-12-06T12:35:24+00:00 fc1104be2d773b373f32462c9277f440af199e69 Daemons like snapd, tierd and gfproxyd are maintained on per volume basis and on a volume delete we should destroy the rpc connection established for them. >mainline patch : https://review.gluster.org/#/c/18957 Change-Id: Id1440e39da07b990fdb9b207df18da04b1ca8014 BUG: 1523050 Signed-off-by: Atin Mukherjee <amukherj@redhat.com> 
Daemons like snapd, tierd and gfproxyd are maintained on per volume
basis and on a volume delete we should destroy the rpc connection
established for them.

>mainline patch : https://review.gluster.org/#/c/18957

Change-Id: Id1440e39da07b990fdb9b207df18da04b1ca8014
BUG: 1523050
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
glusterd: use sys_lstat instead of lstat 2017-11-01T10:44:57+00:00 Jeff Darcy jdarcy@redhat.com 2017-03-01T22:35:26+00:00 58189890dd810d8fae5953ca84948227a073e172 Showed up in 0symbol-check.t while testing something else. Might as well fix it now. > Signed-off-by: Jeff Darcy <jdarcy@redhat.com> > Reviewed-on: https://review.gluster.org/16820 > Reviewed-by: Prashanth Pai <ppai@redhat.com> (cherry picked from commit 9ed98f23564387c5b436a0c6ec6d4393f970dcb9) BUG: 1508036 Change-Id: Ic6b8214de6f486187afc4987c5ffbbca02c8997f 
Showed up in 0symbol-check.t while testing something else.  Might as
well fix it now.

> Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
> Reviewed-on: https://review.gluster.org/16820
> Reviewed-by: Prashanth Pai <ppai@redhat.com>

(cherry picked from commit 9ed98f23564387c5b436a0c6ec6d4393f970dcb9)
BUG: 1508036
Change-Id: Ic6b8214de6f486187afc4987c5ffbbca02c8997f