Description of problem: Currently we have only server side root-squash option to squash the permission of gluster server. Seperate Client side root-squash option is not there for GNFS. To perform root squashing on client side,If we have server side root squash enable then some operations like add bricks to existing volume will lead to stale file handle on client side along with permission denied errors for new files Version-Release number of selected component (if applicable): glusterfs-3.8.4-13.el7rhgs.x86_64 How reproducible: Steps to Reproduce: 1.Create a 6*2 replicate volume.Enable MD-Cache and GNFS on It 2.Mount the same volume to 2 clients via nfs 3.Now create 2 Directories--> rootDir1 and userDir1 4.Assign permission 777 to both the directories 5.Change owner of userDir from root user to mani1 user 6.Now enable server side root-squash on volume 7.Run crefi tool from both the client which creates deep directories along with 100kb of file in each directory Client1->UserDir (Run Crefi) Client2->rootDir (Run Crefi) 8.When IO's are in process,Add bricks to existing volume. Brick adding operation will pass.But on client side IO's will halt with stale file handle error on client and server.Lot of permission denied errors along with slipt brain errors are being observed on server side. To avoid this situation,A seperate client side root squashing option should be there. =================== [2017-01-31 08:29:59.546913] W [MSGID: 109005] [dht-selfheal.c:1172:dht_selfheal_dir_mkdir_cbk] 0-volume3-dht: Directory selfheal failed: path = /userDir, gfid = a7e9ceb4-1645-496a-b4a9-1c576e932a37 [Permission denied] [2017-01-31 08:29:59.551799] W [MSGID: 112199] [nfs3-helpers.c:3515:nfs3_log_newfh_res] 0-nfs-nfsv3: /userDir => (XID: 977cd4cf, LOOKUP: NFS: 70(Invalid file handle), POSIX: 116(Stale file handle)), FH: exportid 00000000-0000-0000-0000-000000000000, gfid 00000000-0000-0000-0000-000000000000, mountid 00000000-0000-0000-0000-000000000000 [2017-01-31 08:29:59.586291] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-7: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain) [2017-01-31 08:29:59.586539] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-9: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain) [2017-01-31 08:29:59.586700] W [MSGID: 108008] [afr-read-txn.c:229:afr_read_txn] 0-volume3-replicate-11: Unreadable subvolume -1 found with event generation 2 for gfid a2758c7f-97a7-41d7-9965-69998a186f0c. (Possible split-brain) =============== Actual results: Expected results: Additional info:
In upstream there is a already feature(backport from facebook) which already covers this issue in a different way "https://bugzilla.redhat.com/show_bug.cgi?id=1143880" . This change was present from glusterfs 3.7 onwards
I do not think there is a root_squash option for the advanced exports configuration. It should not be too difficult to add though. This is not supported in RHGS at the moment. https://github.com/gluster/glusterfs-specs/blob/master/done/GlusterFS%203.7/Exports%20and%20Netgroups%20Authentication.md http://gluster.readthedocs.io/en/latest/Administrator%20Guide/Export%20And%20Netgroup%20Authentication/ However, we are deprecating Gluster/NFS and are moving towards NFS-Ganesha. It is already possible to configure NFS-Ganesha with root_squash for selected clients. See "Providing Permissions for Specific Clients" on https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html-single/Administration_Guide/index.html#sect-NFS_Ganesha