glusterd: add new NFS options for exports/netgroups and related caching

The following options for the Gluster/NFS server are added :
- nfs.exports-auth-enable
- nfs.auth-refresh-interval-sec
- nfs.auth-cache-ttl-sec

BUG: 1143880
Change-Id: I37a73966c4ed27cd0f8c77200ef68a0d12b385b8
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9364
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

2 files changed, 88 insertions, 0 deletions

diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
index 891801fd755..4d9dce47a13 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
@@ -1527,6 +1527,26 @@ struct volopt_map_entry glusterd_volopt_map[] = {
           .op_version  = 3
         },
 
+        /* Cli options for Export authentication on nfs mount */
+        { .key         = "nfs.exports-auth-enable",
+          .voltype     = "nfs/server",
+          .option      = "nfs.exports-auth-enable",
+          .type        = GLOBAL_DOC,
+          .op_version  = GD_OP_VERSION_3_7_0
+        },
+        { .key         = "nfs.auth-refresh-interval-sec",
+          .voltype     = "nfs/server",
+          .option      = "nfs.auth-refresh-interval-sec",
+          .type        = GLOBAL_DOC,
+          .op_version  = GD_OP_VERSION_3_7_0
+        },
+        { .key         = "nfs.auth-cache-ttl-sec",
+          .voltype     = "nfs/server",
+          .option      = "nfs.auth-cache-ttl-sec",
+          .type        = GLOBAL_DOC,
+          .op_version  = GD_OP_VERSION_3_7_0
+        },
+
         /* Other options which don't fit any place above */
         { .key        = "features.read-only",
           .voltype    = "features/read-only",
diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c
index 4de81769fff..27dad2221a9 100644
--- a/xlators/nfs/server/src/nfs.c
+++ b/xlators/nfs/server/src/nfs.c
@@ -875,8 +875,58 @@ nfs_init_state (xlator_t *this)
         }
 
         nfs->exports_auth = GF_NFS_DEFAULT_EXPORT_AUTH;
+        if (dict_get(this->options, "nfs.exports-auth-enable")) {
+                ret = dict_get_str (this->options, "nfs.exports-auth-enable",
+                                    &optstr);
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+                        goto free_foppool;
+                }
+
+                ret = gf_string2boolean (optstr, &boolt);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool "
+                                "string");
+                        goto free_foppool;
+                }
+
+                if (boolt == _gf_true)
+                        nfs->exports_auth = 1;
+        }
+
         nfs->auth_refresh_time_secs = GF_NFS_DEFAULT_AUTH_REFRESH_INTERVAL_SEC;
+        if (dict_get (this->options, "nfs.auth-refresh-interval-sec")) {
+                ret = dict_get_str (this->options,
+                                    "nfs.auth-refresh-interval-sec", &optstr);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+                        goto free_foppool;
+                }
+
+                ret = gf_string2uint (optstr, &nfs->auth_refresh_time_secs);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse uint "
+                                "string");
+                        goto free_foppool;
+                }
+        }
+
         nfs->auth_cache_ttl_sec = GF_NFS_DEFAULT_AUTH_CACHE_TTL_SEC;
+        if (dict_get (this->options, "nfs.auth-cache-ttl-sec")) {
+                ret = dict_get_str (this->options,
+                                    "nfs.auth-cache-ttl-sec", &optstr);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+                        goto free_foppool;
+                }
+
+                ret = gf_string2uint (optstr, &nfs->auth_cache_ttl_sec);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse uint "
+                                "string");
+                        goto free_foppool;
+                }
+        }
 
         /* TODO: Make this a configurable option in case we don't want to read
          * exports/netgroup files off disk when they change. */
@@ -1905,5 +1955,23 @@ struct volume_options options[] = {
           .description = "Sets the number of non-idempotent "
                          "requests to cache in drc"
         },
+        { .key = {"nfs.exports-auth-enable"},
+          .type = GF_OPTION_TYPE_BOOL,
+          .description = "Set the option to 'on' to enable exports/netgroup "
+                         "authentication in the NFS server and mount daemon."
+        },
+
+        { .key = {"nfs.auth-refresh-interval-sec"},
+          .type = GF_OPTION_TYPE_INT,
+          .description = "Frequency in seconds that the daemon should check for"
+                         " changes in the exports/netgroups file."
+        },
+
+       { .key = {"nfs.auth-cache-ttl-sec"},
+          .type = GF_OPTION_TYPE_INT,
+          .description = "Sets the TTL of an entry in the auth cache. Value is "
+                         "in seconds."
+        },
+
         { .key  = {NULL} },
 };