| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Georep create(force) command is run multiple times
it appends master nodes public keys to Slave nodes without
checking the existence of the key.
With this patch, create push-pem force adds pub key only if
not available in authorized_keys.
BUG: 1197433
Change-Id: Iad57f6c45698e258ad1a547fa7a2e376a315f0cd
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Reviewed-on: http://review.gluster.org/9776
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Saravanakumar Arumugam <sarumuga@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In /etc/ssh/sshd_config, AuthorizedKeysFile can be customized
using %u and %h variables, %u will be replaced by user name
and %h will be replaced by home dir name. Default location is
.ssh/authorized_keys
For example,
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile %h/.my_secret_dir/authorized_keys
AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
PS: Support only added for %h and %u in sshd_config
BUG: 1181117
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Change-Id: Ic6ba20f9d202762dfdb6d0c73ea42e7f7c64e177
Reviewed-on: http://review.gluster.org/9436
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Change-Id: Iacc67e4ba9ac45e0858f3befe84ffb8fccf7e1c3
BUG: 1075417
Signed-off-by: arao <arao@redhat.com>
Reviewed-on: http://review.gluster.org/9502
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Humble Devassy Chirammal <humble.devassy@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current Behaviour:
1. Geo-replication gsec_create creates common_secret.pem.pub file
containing public keys of the all the nodes of master cluster
in the location /var/lib/glusterd/
2. Geo-replication create push-pem copies the common_secret.pem.pub
to the same location on all the slave nodes with same name.
Problem:
Wrong public keys might get copied on to slave nodes in multiple
geo-replication sessions simultaneosly.
E.g.
A geo-rep session is established between Node1(vol1:Master) to
Node2 (vol2:Slave). And one more geo-rep session where
Node2 (vol3) becomes master to Node3 (vol4) as below.
Session1: Node1 (vol1) ---> Node2 (vol2)
Session2: Node2 (vol3) ---> Node3 (vol4)
If steps followed to create both geo-replication session is as
follows, wrong public keys are copied on to Node3 from Node2.
1. gsec_create is done on Node1 (vol1) -Session1
2. gsec_create is done on Node2 (vol3) -Session2
3. create push-pem is done Node1 - Session1.
-This overwrites common_secret.pem.pub in Node2
created by gsec_create in second step.
4. create push-pem on Node2 (vol3) copies overwrited
common_secret.pem.pub keys to Node3. -Session2
Consequence:
Session2 fails to start with Permission denied because of wrong
public keys
Solution:
On geo-rep create push-pem, don't copy common_secret.pem.pub
file with same name on to all slave nodes. Prefix master and
slave volume names to the filename.
NOTE: This brings change in manual steps to be followed to setup
non-root geo-replication (mountbroker). To copy ssh public
keys, extra two arguments needs to be followed.
set_geo_rep_pem_keys.sh <mountbroker_user> <master vol name> \
<slave vol name>
Path to set_geo_rep_pem_keys.sh:
Source Installation:
/usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh
Rpm Installatino:
/usr/libexec/glusterfs/set_geo_rep_pem_keys.sh
Change-Id: If38cd4e6f58d674d5fe2d93da15803c73b660c33
BUG: 1183229
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/9460
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux mktemp accepts to run without a template, NetBSD mandates it. Since
the template option has the same syntax, add it everywhere. While there,
also do this in scripts outside of regression testing.
BUG: 764655
Change-Id: I3ec140afbc9009257c81a56d77afcc21fef74cc4
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8432
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
Tested-by: Harshavardhana <harsha@harshavardhana.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Break-way from '/var/lib/glusterd' hard-coded previously,
instead rely on 'configure' value from 'localstatedir'
- Provide 's/lib/db' as default working directory for gluster
management daemon for BSD and Darwin based installations
- loff_t is really off_t on Darwin
- fix-off the warnings generated by clang on FreeBSD/Darwin
- Now 'tests/*' use GLUSTERD_WORKDIR a common variable for all
platforms.
- Define proper environment for running tests, define correct PATH
and LD_LIBRARY_PATH when running tests, so that the desired version
of glusterfs is used, regardless where it is installed.
(Thanks to manu@netbsd.org for this additional work)
Change-Id: I2339a0d9275de5939ccad3e52b535598064a35e7
BUG: 1111774
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8246
Tested-by: Gluster Build System <jenkins@build.gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On many linux distributions with iptables enabled, ICMP traffic
is usually dropped even when port 22 is open for SSH service
So practically `ping` is an unreliable command
~~~
root@rhs1:/var/log/glusterfs # gluster volume geo-replication geo-test \
17.16.10.1::geo-test-slave create push-pem force
172.16.10.1 not reachable.
geo-replication command failed
~~~
~~~
root@rhs1:/var/log/glusterfs # ping 172.16.10.1
PING rhs2.sjc.redhat.com (172.16.10.1) 56(84) bytes of data.
From rhs2.sjc.redhat.com (172.16.10.1) icmp_seq=1 Destination Host Prohibited
...
...
~~~
~~~
root@rhs2:/var/log/glusterfs # service iptables status | grep 22
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
root@rhs2:/var/log/glusterfs # service iptables status | grep icmp-host-prohibited
25 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
~~~
Change-Id: I33206ca071aa5d755c0762f7c486da222ec3c7db
BUG: 1105337
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/7997
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Also removing multiple mounts in gverify.sh
Change-Id: I1567a9f711222c5f571a12f7c4ab49cef32d60c9
BUG: 1101948
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/7911
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Required for unprivileged geo-replication sessions to
execute glusterd commands (which are however restricted).
Change-Id: Ib83b81defa061717f4465ffa665450d0f5d3d20d
BUG: 1077452
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/7833
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also adding -P option to the usage of df for portability in gverify.sh
Change-Id: I0be19d26ea63769a934c6ccbfc04ef80768ebc9a
BUG: 1099041
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/7812
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$HOME might not be set in the env variables, as is the case
when these scripts are executed using the runner framework.
Hence using getent passwd instead of $HOME
Change-Id: I99f6bcd788d727be534b3040600d66c8dbb7ee92
BUG: 1099041
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/7803
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to operate for non-root privileged slave volume
Mounting the slave-volume on local node, to perform disk checks
in order to allow gverify.sh to operate for non-root privileged
slave volume
Allowing the hook script S56glusterd-geo-rep-create-post.sh
to operate for non-root privileged slave volume
Modified peer_add_secret_pub.in to accept username as argument
and add the pem keys to the users's_home_dir/.ssh/authorized_keys
Wrote set_geo_rep_pem_keys.sh which accepts username as argument
and copies the pem keys from the user's home directory to
$GLUSTERD_WORKING_DIR/geo-replication/ and then copies the keys
to other nodes in the cluster and add them to the respective
authorized keys. The script takes as argument the user name and
assumes that the user will be present in all the nodes in the
cluster. It is not needed for root.
To summarize:
For a privileged slave user, execute the following on master node as super user:
gluster system:: execute gsec_create
gluster volume geo-replication <master_vol> [root@]<slave_ip>::<slave_vol> create push_pem
For a non-privileged slave user execute the following on master node as super user:
gluster system:: execute gsec_create
gluster volume geo-replication <master_vol> <slave_user>@<slave_ip>::<slave_vol> create push_pem
then on the slave node execute the following as super user:
/usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh <slave_user>
BUG: 1077452
Change-Id: I88020968aa5b13a2c2ab86b1d6661b60071f6f5e
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/7744
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables geo-replication to be run as an unprivileged
user. As of now, this is just the partial support, but is very
close to achieve full functionality.
Current limitation
* Geo-replication executed Gluster CLI commands on the slave
via SSH. On a non-root setup, Gluster CLI would run as an
unprivileged user, failing to execute the command. As a
workaround (for testing), setuid(2) Gluster CLI executable
or use the glusterd option to accept commands by unprivileged
CLI process. The nature of cli commands are "system::"
commands (for key management) and remote volume info fetching.
Remote volume info fetching has been modified to use --remote-host
gluster cli option rather than ssh and remote cli execution.
Change-Id: Ica89e2ba9b7f48fd6e1c876c477d7822dc693617
BUG: 1077452
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/7658
Tested-by: Gluster Build System <jenkins@build.gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 7fba3a8 enables memory accounting by default. Since
geo-replication binary (gsyncd) does not declare a memory
accounting function, call like GF_{CALLOC,MALLOC} result
int asserts.
This patch initializes default memory accounting.
Change-Id: I9ad1de8bca6745a9899a006a863a7cfeef73d52f
BUG: 1094708
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/7683
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change-Id: I851a50e0ebb7554b821fb591375bb6ebd6240ade
BUG: 1036539
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/6939
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"commit ef4bb42382a5c9c3ca0907136669a659c2a20311" was incomplete since
reduction in sizes doesn't really have any affect on the problem when
disks sizes are similar.
Actual fix is to verify disk_size and then verify available_size
Change-Id: Idb57f606df229c0bdaeda8852c74e84d29109ffc
BUG: 1020154
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/6844
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in df command output, default block-size is 1K, but BUFFER_SIZE is
in bytes, so verify will succeed even if slave size is less than
master size.
Added -B1 to df command(that is --block-size=1) to get all values in
bytes.
BUG: 1056518
Change-Id: I2384d2a6f2505d967e0538b95fbf111c15b26f30
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Reviewed-on: http://review.gluster.org/6746
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-> "threaded" hybrid crawl.
-> Enabling metatadata synchronization.
-> Handling EINVAL/ESTALE gracefully while syncing metadata.
-> Improvments to changelog crawl code.
-> Initial crawl changelog generation format.
-> No gsyncd restart when checkpoint updated.
-> Fix symlink handling in hybrid crawl.
-> Slave's xtime key is 'stime'.
-> tar+ssh as data synchronization.
-> Instead of 'raise', just log in warning level for xtime missing cases.
-> Fix for JSON object load failure
-> Get new config value after config value reset.
-> Skip already processed changelogs.
-> Saving status of each individual worker thread.
-> GFID fetch on slave for purges.
-> Add tar ssh keys and config options.
-> Fix nlink count when using backend.
-> Include "data" operation for hardlink.
-> Use changelog time prefix as slave's time.
-> Process changelogs in parallel.
Change-Id: I09fcbb2e2e418149a6d8435abd2ac6b2f015bb06
BUG: 1036539
Signed-off-by: Ajeet Jha <ajha@redhat.com>
Reviewed-on: http://review.gluster.org/6404
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The buffer size is increased to 100MB, considering the space required by slave
filesystem bookkeeping.
Change-Id: Ib296f0e03b4d7a2de6d5ff0ae9ab09a5261e3e7c
BUG: 1020154
Signed-off-by: Ajeet Jha <ajha@redhat.com>
Reviewed-on: http://review.gluster.org/6102
Reviewed-by: Avra Sengupta <asengupt@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change-Id: I8c2d398114ad4534bcc052f9a5be8bbb2e7e2582
BUG: 999531
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/5677
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
create force will fail with proper message, if the ip is not
reachable, or is unable to fetch slave details.
Change-Id: I44a3ba777b37702ffd0e48e9cb46c51e293327d4
BUG: 988314
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/5516
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
volume
Change-Id: I41c9fb44613386189d9f3c090729f4ded8e4dea8
BUG: 990997
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-on: http://review.gluster.org/5453
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands:
gluster system:: execute gsec_create
gluster volume geo-rep <master> <slave-url> create [push-pem] [force]
gluster volume geo-rep <master> <slave-url> start [force]
gluster volume geo-rep <master> <slave-url> stop [force]
gluster volume geo-rep <master> <slave-url> delete
gluster volume geo-rep <master> <slave-url> config
gluster volume geo-rep <master> <slave-url> status
The geo-replication is distributed. The session will be created, and
gsyncd will be spawned on all relevant nodes, instead of only one
node.
geo-rep: Collecting status detail related data
Added persistent store for saving information about
TotalFilesSynced, TotalSyncTime, TotalBytesSynced
Changes in the status information in socket:
Existing(Ex):
FilesSynced=2;BytesSynced=2507;Uptime=00:26:01;
New(Ex):
FilesSynced=2;BytesSynced=2507;Uptime=00:26:01;SyncTime=0.69978;
TotalSyncTime=2.890044;TotalFilesSynced=6;TotalBytesSynced=143640;
Persistent details stored in
/var/lib/glusterd/geo-replication/${mastervol}/${eSlave}-detail.status
Change-Id: I1db7fc13ffca2e415c05200b0109b1254067f111
BUG: 847839
Original Author: Avra Sengupta <asengupt@redhat.com>
Original Author: Venky Shankar <vshankar@redhat.com>
Original Author: Aravinda VK <avishwan@redhat.com>
Original Author: Amar Tumballi <amarts@redhat.com>
Original Author: Csaba Henk <csaba@redhat.com>
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/5132
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Tested-by: Vijay Bellur <vbellur@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* also consume changelog for change detection.
* Status fixes
* Use new libgfchangelog done API
* process (and sync) one changelog at a time
Change-Id: I24891615bb762e0741b1819ddfdef8802326cb16
BUG: 847839
Original Author: Csaba Henk <csaba@redhat.com>
Original Author: Aravinda VK <avishwan@redhat.com>
Original Author: Venky Shankar <vshankar@redhat.com>
Original Author: Amar Tumballi <amarts@redhat.com>
Original Author: Avra Sengupta <asengupt@redhat.com>
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/5131
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Tested-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
Change-Id: Ibd0faefecc15b6713eda28bc96794ae58aff45aa
BUG: 847839
Original Author: Amar Tumballi <amarts@redhat.com>
Signed-off-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-on: http://review.gluster.org/5133
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
