Bug 1546738

Summary: auth.allow and auth.reject is successfully set for the same node
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Rochelle <rallan>
Component: protocolAssignee: Sheetal Pamecha <spamecha>
Status: CLOSED NOTABUG QA Contact: Rahul Hinduja <rhinduja>
Severity: low Docs Contact:
Priority: low    
Version: rhgs-3.4CC: amukherj, atumball, rhinduja, rhs-bugs, rkavunga, sankarshan, spamecha, srakonde, storage-qa-internal
Target Milestone: ---Keywords: EasyFix, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-03 13:36:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1546991    
Bug Blocks:    

Description Rochelle 2018-02-19 13:37:00 UTC 
Description of problem:
=======================

 "auth-allow" allows access only to clients running on node whose IP address/hostname are on this list and "auth.reject" does not allow access for that particular node whose IP address/hostname are on the list

Currently, a node can be set as both auth.allow and auth.reject for a particular volume which is contrictory to the main function of the volume options.

[root@dhcp41-161 ~]# gluster volume set testvol auth.allow dhcp41-161.lab.eng.blr.redhat.com
volume set: success
[root@dhcp41-161 ~]# gluster volume set testvol auth.reject dhcp41-161.lab.eng.blr.redhat.com
volume set: success
[root@dhcp41-161 ~]# gluster v info
 
Volume Name: testvol
Type: Distributed-Replicate
Volume ID: c8b1dabd-fa2e-4bcc-a382-8d91aef4ff90
Status: Started
Snapshot Count: 0
Number of Bricks: 2 x 3 = 6
Transport-type: tcp
Bricks:
Brick1: 10.70.41.161:/rhs/brick1/b11
Brick2: 10.70.41.159:/rhs/brick1/b12
Brick3: 10.70.41.156:/rhs/brick1/b13
Brick4: 10.70.41.161:/rhs/brick2/b14
Brick5: 10.70.41.159:/rhs/brick2/b15
Brick6: 10.70.41.156:/rhs/brick2/b16
Options Reconfigured:
auth.reject: dhcp41-161.lab.eng.blr.redhat.com
auth.allow: dhcp41-161.lab.eng.blr.redhat.com
nfs.disable: on
cluster.enable-shared-storage: enable
[root@dhcp41-161 ~]# 


Version-Release number of selected component (if applicable):
============================================================
[root@dhcp41-161 ~]# rpm -qa | grep gluster
vdsm-gluster-4.17.33-1.2.el7rhgs.noarch
glusterfs-libs-3.12.2-4.el7rhgs.x86_64
glusterfs-api-3.12.2-4.el7rhgs.x86_64
glusterfs-rdma-3.12.2-4.el7rhgs.x86_64
libvirt-daemon-driver-storage-gluster-3.9.0-12.el7.x86_64
python2-gluster-3.12.2-4.el7rhgs.x86_64
gluster-nagios-common-0.2.4-1.el7rhgs.noarch
glusterfs-3.12.2-4.el7rhgs.x86_64
glusterfs-fuse-3.12.2-4.el7rhgs.x86_64
glusterfs-cli-3.12.2-4.el7rhgs.x86_64
glusterfs-geo-replication-3.12.2-4.el7rhgs.x86_64
gluster-nagios-addons-0.2.10-2.el7rhgs.x86_64
glusterfs-client-xlators-3.12.2-4.el7rhgs.x86_64
glusterfs-server-3.12.2-4.el7rhgs.x86_64


How reproducible:
=================
Always

Steps to Reproduce:
===================
1.Create a x3 volume 
2. Use the same fqdn and volname for both volume options on the same node:
 gluster volume set auth.allow <volname> <fqdn>
 gluster volume set auth.reject <volname> <fqdn>

Actual results:
==============

Both auth.allow and auth.reject are successfully set

Expected results:
================

Either one can be set, but not both.
Comment 9 Amar Tumballi 2018-11-19 05:16:21 UTC 
We need to 'define' the flow of the auth.deny Vs auth.allow (https://bugzilla.redhat.com/show_bug.cgi?id=1546991) and close these two bugs.
Comment 10 Sheetal Pamecha 2018-12-03 13:36:08 UTC 
Raised an issue to include the flow of auth.allow post auth.reject - https://bugzilla.redhat.com/show_bug.cgi?id=1655579