Bug 1048749
| Summary: | nfs: while using the option nfs.rpc-auth-reject, a volume mount fails but a subdirectory mount still is successful | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Saurabh <saujain> | |
| Component: | glusterd | Assignee: | Vivek Agarwal <vagarwal> | |
| Status: | CLOSED ERRATA | QA Contact: | Saurabh <saujain> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 2.1 | CC: | grajaiya, mzywusko, psriniva, sankarshan, saujain, ssamanta, vagarwal, vbellur | |
| Target Milestone: | --- | |||
| Target Release: | RHGS 3.0.0 | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | glusterfs-3.6.0.0-1.el6rhs | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, a subdirectory mount request was successful even though the host was configured with the nfs.rpc-auth-reject option. With this fix, the clients requesting the mount are validated against the nfs.rpc-auth-reject irrespective of type of mount (either the volume mount or subdirectory mount). As a result, if the host is configured with nfs.rpc-auth-reject, the mount request from the same host would fail for any type of mount requests.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1049225 (view as bug list) | Environment: | ||
| Last Closed: | 2014-09-22 19:31:13 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1049225 | |||
|
Description
Saurabh
2014-01-06 09:57:10 UTC
Looking into this. Do we have a workaround for this ? Upstream review: http://review.gluster.org/#/c/6655/ (In reply to Gowrishankar Rajaiyan from comment #4) > Do we have a workaround for this ? AFAIK, there is no work around and needs a coed fix. Saurabh, Do you know any? (In reply to santosh pradhan from comment #7) > https://code.engineering.redhat.com/gerrit/#/c/18087/ This patch is abandoned because RHS 3.0 branch is cut from upstream-master which already had the fix: http://review.gluster.org/#/c/6655/ Merged as a part of rebase from client, [root@rhsauto038 ~]# mount -t nfs -o vers=3 10.70.37.62:/dist-rep /mnt/nfs-test mount.nfs: access denied by server while mounting 10.70.37.62:/dist-rep [root@rhsauto038 ~]# mount -t nfs -o vers=3 10.70.37.62:/dist-rep/dir /mnt/nfs-test mount.nfs: access denied by server while mounting 10.70.37.62:/dist-rep/dir from host-server, [root@nfs1 ~]# gluster volume info dist-rep Volume Name: dist-rep Type: Distributed-Replicate Volume ID: 98fb382d-a5ca-4cb6-bde1-579608485527 Status: Started Snap Volume: no Number of Bricks: 6 x 2 = 12 Transport-type: tcp Bricks: Brick1: 10.70.37.62:/bricks/d1r1 Brick2: 10.70.37.215:/bricks/d1r2 Brick3: 10.70.37.44:/bricks/d2r1 Brick4: 10.70.37.201:/bricks/d2r2 Brick5: 10.70.37.62:/bricks/d3r1 Brick6: 10.70.37.215:/bricks/d3r2 Brick7: 10.70.37.44:/bricks/d4r1 Brick8: 10.70.37.201:/bricks/d4r2 Brick9: 10.70.37.62:/bricks/d5r1 Brick10: 10.70.37.215:/bricks/d5r2 Brick11: 10.70.37.44:/bricks/d6r1 Brick12: 10.70.37.201:/bricks/d6r2 Options Reconfigured: nfs.addr-namelookup: on nfs.rpc-auth-reject: rhsauto038.lab.eng.blr.redhat.com features.quota-deem-statfs: on features.quota: on performance.readdir-ahead: on snap-max-hard-limit: 256 snap-max-soft-limit: 90 auto-delete: disable hence moving the BZ to verified Hi Santosh, Please review the edited doc text for technical accuracy and sign off. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1278.html The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |