Bug 826021

Summary: Geo-rep ip based access control is broken.
Product: [Community] GlusterFS Reporter: Vijaykumar Koppad <vkoppad>
Component: geo-replicationAssignee: Divya <divya>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: mainlineCC: avishwan, bugs, david.macdonald, gluster-bugs, vinaraya, vshankar
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 849303 (view as bug list) Environment:
Last Closed: 2015-04-09 11:08:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 849303, 850514    
Attachments:
Description Flags
Slave gsyncd.conf file none

Description Vijaykumar Koppad 2012-05-29 11:48:32 UTC 
Description of problem:
If the slave is set up to restrict other machines from spawning the slave agent, it won't work the way it should. 

Version-Release number of selected component (if applicable):3.3.0qa43 


How reproducible:Always 


Steps to Reproduce:
1.On the slave machine, set up the restriction of file salve(i.e any directory as the slave) from any other machines except itself like this.

 - gluster volume geo-rep '/*' config allow-network  ::1, 127.0.0.1

2.Now start a geo-rep session from any machine as master and the /path/to/directory  as slave. 

  gluster volume geo-rep  <master> <slave-host>:/path/to/directory start 

3.This setup shouldn't succeed.
  
Actual results: The setup should go to faulty.


Expected results: It works fine.


Additional info:
Comment 1 Vijaykumar Koppad 2012-05-29 11:52:43 UTC 
Created attachment 587390 [details]
Slave gsyncd.conf file
Comment 2 Csaba Henk 2013-01-28 16:26:37 UTC 
The problem is with the documentation (


https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/ch11s02s05s02.html

-- which, that said, also originates from me), not the feature.

The proper stanza for the desired effect would be:

gluster volume geo-rep 'file://*' config allow-network  ::1,127.0.0.1

-- that is, URL shortening is not possible when specifying a set of URLs
by means of a glob pattern. (Also note: the argument for allow-network
is specified to be a comma-separated list of subnets (or as special case,
IP addresses), which does not give you allowance to inject whitespace. It should be a single word.)
Comment 3 Venky Shankar 2013-02-26 09:22:23 UTC 
Divya,

This would need a documentation change as mentioned by Csaba above.
Comment 4 Csaba Henk 2013-05-09 22:30:34 UTC 
*** Bug 849303 has been marked as a duplicate of this bug. ***
Comment 6 Aravinda VK 2015-04-09 11:08:36 UTC 
Based on Comment 2, Closing this bug. Please reopen if issue found again.