Bug 764568 (GLUSTER-2836)

Summary: auth.allow should work for 127.0.0.1
Product: [Community] GlusterFS Reporter: Sachidananda Urs <sac>
Component: protocolAssignee: shishir gowda <sgowda>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: mainlineCC: gluster-bugs, nsathyan, shehjart, vijay
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Shehjar Tikoo 2011-04-26 03:22:58 UTC
Re-assigning it to default. No bandwidth right now to look into this.

Comment 1 Shehjar Tikoo 2011-04-26 03:27:32 UTC
BTW, the component is not NFS.

Comment 2 Amar Tumballi 2011-04-26 03:34:12 UTC
Ideally server-protocol should always allow 'NFS' server process to connect and work, and for NFS process client connection should be controlled by NFS layer, and not server-protocol layer.

Comment 3 Sachidananda Urs 2011-04-26 06:17:40 UTC
When filtering the ip addresses with auth.allow, NFS requires the server ip addresses to be added specifically. This is a limitation, if we have hunderds of servers. Ideally 127.0.0.1 on one of the server should work.

Here is the scenario:

[root@centos5 export]# gluster volume set test auth.allow '192.168.1.77,127.0.0.1'
Set volume successful
[root@centos5 export]# showmount -e localhost
Export list for localhost:
[root@centos5 export]# gluster volume set test auth.allow '*'
Set volume successful
[root@centos5 export]# showmount -e localhost
Export list for localhost:
/test *
[root@centos5 export]# gluster volume set test auth.allow '192.168.1.77,127.0.0.1,192.168.1.95'
Set volume successful
[root@centos5 export]# showmount -e localhost
Export list for localhost:
/test *
[root@centos5 export]# 


[root@centos5 export]# gluster volume info

Volume Name: test
Type: Distribute
Status: Started
Number of Bricks: 2
Transport-type: tcp
Bricks:
Brick1: 192.168.1.95:/data/export
Brick2: 192.168.1.96:/data/export
Options Reconfigured:
diagnostics.brick-log-level: NONE
auth.allow: 192.168.1.77,127.0.0.1,192.168.1.95
[root@centos5 export]#

Comment 4 Amar Tumballi 2011-09-27 05:49:47 UTC
Planing to keep 3.4.x branch as "internal enhancements" release without any features. So moving these bugs to 3.4.0 target milestone.

Comment 5 Amar Tumballi 2011-10-13 07:43:55 UTC
Idea is to allow IP authentication in 'glusterfs' server-protocol to always allow for 127.0.0.1

Comment 6 shishir gowda 2011-10-14 03:04:35 UTC
Some hosts resolve to 127.0.1.1.

This option is supported and works fine:

Volume Name: new
Type: Distribute
Status: Started
Number of Bricks: 1
Transport-type: tcp
Bricks:
Brick1: sng:/export/dir2
Options Reconfigured:
auth.allow: 192.168.1.44,127.0.1.1

root@shishirng-laptop:~# showmount -e localhost
Export list for localhost:
/new *