diff options
| author | Rajesh Amaravathi <rajesh@redhat.com> | 2012-02-20 12:31:10 +0530 |
|---|---|---|
| committer | Vijay Bellur <vijay@gluster.com> | 2012-02-20 00:30:54 -0800 |
| commit | 975933a25d14cbac861e809b40c6edd01acaa28d (patch) | |
| tree | 3fa06856f1fd2f094be33e7b4f20deefc72baaa3 /libglusterfs | |
| parent | 27e51951bc53f36b2286c70eb2263173b29d7a85 (diff) | |
glusterd: auth allow enhancements
* PROBLEM:
When address-based authentication is enabled on a volume,
the gNfs server, self-heal daemon (shd), and other operations
such as quota, rebalance, replace-brick and geo-replication
either stop working or the services are not started if all
the peers' ipv{4,6} addresses or hostnames are not added in
the "set auth.allow" operation, breaking the functionality
of several operations.
E.g:
volume vol in a cluster of two peers:
/mnt/brick1 in 192.168.1.4
/mnt/brick2 in 192.168.1.5
option auth.allow 192.168.1.6
(allow connection requests only from 192.168.1.6)
This will disrupt the nfs servers on 192.168.1.{4,5}.
brick server processes reject connection requests from both
nfs servers (on 4,5), because the peer addresses are not in
the auth.allow list.
Same holds true for local mounts (on peer machines),
self-heal daemon, and other operations which perform
a glusterfs mount on one of the peers.
* SOLUTION:
Login-based authentication (username/password pairs,
henceforth referred to as "keys") for gluster services and
operations.
These *per-volume* keys can be used to by-pass the addr-based
authentication, provided none of the peers' addresses are put
in the auth.reject list, to enable gluster services like gNfs,
self-heal daemon and internal operations on volumes when
auth.allow option is exercised.
* IMPLEMENTATION:
1. Glusterd generates keys for each volume and stores it in
memory as well as in respective volfiles.
A new TRUSTED-FUSE volfile is generated which is
fuse volfile + keys in protocol/client,
and is named trusted-<volname>-fuse.vol.
This is used by all local mounts. ANY local mount (on any peer)
is granted the trusted-fuse volfile instead of fuse volfile
via getspec. non-local mounts are NOT granted the trusted fuse
volfile.
2. The keys generated for the volume is written to each server
volfile telling servers to allow users with these keys.
3. NFS, self-heal daemon and replace-brick volfiles are updated
with the volume's authentication keys.
4. The keys are NOT written to fuse volfiles for obvious reasons.
5. The ownership of volfiles and logfiles is restricted to root users.
6. Merging two identical definitions of peer_info_t in auth/addr
and rpc-lib, throwing away the one in auth/addr.
7. Code cleanup in numerous places as appropriate.
* IMPORTANT NOTES:
1. One SHOULD NOT put any of the peer addresses in the auth.reject
list if one wants any of the glusterd services and features
such as gNfs, self-heal, rebalance, geo-rep and quota.
2. If one wants to use username/password based authentication
to volumes, one shall append to the server, nfs and shd volfiles,
the keys one wants to use for authentication, *while_retaining
those_generated_by_glusterd*.
See doc/authentication.txt file for details.
Change-Id: Ie0331d625ad000d63090e2d622fe1728fbfcc453
BUG: 789942
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/2733
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Diffstat (limited to 'libglusterfs')
| -rw-r--r-- | libglusterfs/src/logging.c | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/libglusterfs/src/logging.c b/libglusterfs/src/logging.c index 5485260bc10..55ef087a868 100644 --- a/libglusterfs/src/logging.c +++ b/libglusterfs/src/logging.c @@ -131,6 +131,8 @@ gf_log_globals_init (void) int gf_log_init (const char *file) { + int fd = -1; + if (!file){ fprintf (stderr, "ERROR: no filename specified\n"); return -1; @@ -149,6 +151,14 @@ gf_log_init (const char *file) return -1; } + fd = open (file, O_CREAT | O_RDONLY, S_IRUSR | S_IWUSR); + if (fd < 0) { + fprintf (stderr, "ERROR: failed to create logfile \"%s\" (%s)\n", + file, strerror (errno)); + return -1; + } + close (fd); + logfile = fopen (file, "a"); if (!logfile){ fprintf (stderr, "ERROR: failed to open logfile \"%s\" (%s)\n", @@ -475,6 +485,7 @@ _gf_log (const char *domain, const char *file, const char *function, int line, char *msg = NULL; size_t len = 0; int ret = 0; + int fd = -1; xlator_t *this = NULL; this = THIS; @@ -509,6 +520,14 @@ _gf_log (const char *domain, const char *file, const char *function, int line, if (logrotate) { logrotate = 0; + fd = open (filename, O_CREAT | O_RDONLY, S_IRUSR | S_IWUSR); + if (fd < 0) { + gf_log ("logrotate", GF_LOG_ERROR, + "%s", strerror (errno)); + return -1; + } + close (fd); + new_logfile = fopen (filename, "a"); if (!new_logfile) { gf_log ("logrotate", GF_LOG_CRITICAL, @@ -601,16 +620,21 @@ out: int gf_cmd_log_init (const char *filename) { + int fd = -1; + xlator_t *this = NULL; + + this = THIS; + if (!filename){ - gf_log ("glusterd", GF_LOG_CRITICAL, "gf_cmd_log_init: no " + gf_log (this->name, GF_LOG_CRITICAL, "gf_cmd_log_init: no " "filename specified\n"); return -1; } cmd_log_filename = gf_strdup (filename); if (!cmd_log_filename) { - gf_log ("glusterd", GF_LOG_CRITICAL, "gf_cmd_log_init: strdup" - " error\n"); + gf_log (this->name, GF_LOG_CRITICAL, + "gf_cmd_log_init: strdup error\n"); return -1; } /* close and reopen cmdlogfile for log rotate*/ @@ -618,9 +642,18 @@ gf_cmd_log_init (const char *filename) fclose (cmdlogfile); cmdlogfile = NULL; } + + fd = open (cmd_log_filename, O_CREAT | O_RDONLY, S_IRUSR | S_IWUSR); + if (fd < 0) { + gf_log (this->name, GF_LOG_CRITICAL, + "%s", strerror (errno)); + return -1; + } + close (fd); + cmdlogfile = fopen (cmd_log_filename, "a"); if (!cmdlogfile){ - gf_log ("glusterd", GF_LOG_CRITICAL, + gf_log (this->name, GF_LOG_CRITICAL, "gf_cmd_log_init: failed to open logfile \"%s\" " "(%s)\n", cmd_log_filename, strerror (errno)); return -1; |