Bug 1417844 - [RFE] Have a separate client side root-squash option for GNFS
Summary: [RFE] Have a separate client side root-squash option for GNFS
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: gluster-nfs
Version: rhgs-3.2
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
: ---
Assignee: Niels de Vos
QA Contact: surabhi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-31 09:33 UTC by Manisha Saini
Modified: 2017-05-12 10:01 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-12 10:01:15 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Manisha Saini 2017-01-31 09:33:57 UTC
Description of problem:

Currently we have only server side root-squash option to squash the permission of gluster server.
Seperate Client side root-squash option is not there for GNFS.

To perform root squashing on client side,If we have server side root squash enable then some operations like add bricks to existing volume will lead to stale file handle on client side along with permission denied errors for new files  

Version-Release number of selected component (if applicable):
glusterfs-3.8.4-13.el7rhgs.x86_64

How reproducible:


Steps to Reproduce:
1.Create a 6*2 replicate volume.Enable MD-Cache and GNFS on It
2.Mount the same volume to 2 clients via nfs
3.Now create 2 Directories--> rootDir1 and userDir1
4.Assign permission 777 to both the directories
5.Change owner of userDir from root user to mani1 user
6.Now enable server side root-squash on volume
7.Run crefi tool from both the client which creates deep directories along with 100kb of file in each directory

Client1->UserDir (Run Crefi)
Client2->rootDir (Run Crefi)

8.When IO's are in process,Add bricks to existing volume.

Brick adding operation will pass.But on client side IO's will halt with stale file handle error on client and server.Lot of permission denied errors along with slipt brain errors are being observed on server side.

To avoid this situation,A seperate client side root squashing option should be there.

===================

[2017-01-31 08:29:59.546913] W [MSGID: 109005] [dht-selfheal.c:1172:dht_selfheal_dir_mkdir_cbk] 0-volume3-dht: Directory selfheal failed: path = /userDir, gfid = a7e9ceb4-1645-496a-b4a9-1c576e932a37 [Permission denied]
[2017-01-31 08:29:59.551799] W [MSGID: 112199] [nfs3-helpers.c:3515:nfs3_log_newfh_res] 0-nfs-nfsv3: /userDir => (XID: 977cd4cf, LOOKUP: NFS: 70(Invalid file handle), POSIX: 116(Stale file handle)), FH: exportid 00000000-0000-0000-0000-000000000000, gfid 00000000-0000-0000-0000-000000000000, mountid 00000000-0000-0000-0000-000000000000


[2017-01-31 08:29:59.586291] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-7: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain)
[2017-01-31 08:29:59.586539] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-9: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain)
[2017-01-31 08:29:59.586700] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-11: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain)

===============


Actual results:


Expected results:


Additional info:

Comment 2 Jiffin 2017-05-12 09:18:05 UTC
In upstream there is a already feature(backport from facebook) which already covers this issue in a different way "https://bugzilla.redhat.com/show_bug.cgi?id=1143880" . This change was present from glusterfs 3.7 onwards

Comment 3 Niels de Vos 2017-05-12 10:01:15 UTC
I do not think there is a root_squash option for the advanced exports configuration. It should not be too difficult to add though. This is not supported in RHGS at the moment.

https://github.com/gluster/glusterfs-specs/blob/master/done/GlusterFS%203.7/Exports%20and%20Netgroups%20Authentication.md
http://gluster.readthedocs.io/en/latest/Administrator%20Guide/Export%20And%20Netgroup%20Authentication/

However, we are deprecating Gluster/NFS and are moving towards NFS-Ganesha. It is already possible to configure NFS-Ganesha with root_squash for selected clients. See "Providing Permissions for Specific Clients" on https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html-single/Administration_Guide/index.html#sect-NFS_Ganesha


Note You need to log in before you can comment on or make changes to this bug.