Description of problem: For the files and directories created before setting Disable_ACL=false, nfs4_getfacl doesnot show the attributes. It reflects the attributes for newly created files and directories after enabling ACL Version-Release number of selected component (if applicable): glusterfs-ganesha-3.8.4-24.el7rhgs.x86_64 nfs-ganesha-2.4.4-6.el7rhgs.x86_64 How reproducible: Consistently Steps to Reproduce: 1.Create a 4 node ganesha cluster 2.Create 6*2 Distributed-Replicate volume.Enable ganesha on it. 3.Mount the volume to client via v4 and noac option enable #mount -t nfs -o vers=4,noac 10.70.44.137:/ganesha /mnt/fs_sanity 4.Create 3 directories and 3 files.Check attributes with nfs4_getfacl.No attributes will be reflected as the ACL is not yet enable 5.Set Disable_ACL = false in ganesha.conf file.And perform refresh-config.Wait for 3-4 mins to get reflected on client side. 6.Again check attributes with nfs4_getfacl command. Actual results: Even after enabling ACL,No attributes are reflected for already created files.For new files created after enabling ACL,it will show attributes. Expected results: It should reflect attributes for the already existing file. Additional info: After performing umount/mount,attributes of the already created files are shown. Before enabling ACL, [root@dhcp37-192 mani]# mkdir dir1 [root@dhcp37-192 mani]# mkdir dir2 [root@dhcp37-192 mani]# mkdir dir3 [root@dhcp37-192 mani]# touch f1 [root@dhcp37-192 mani]# touch f2 [root@dhcp37-192 mani]# touch f3 [root@dhcp37-192 mani]# nfs4_getfacl dir1 [root@dhcp37-192 mani]# nfs4_getfacl dir2 [root@dhcp37-192 mani]# nfs4_getfacl dir3 [root@dhcp37-192 mani]# nfs4_getfacl f1 [root@dhcp37-192 mani]# nfs4_getfacl f2 [root@dhcp37-192 mani]# nfs4_getfacl f3 After Enabling ACL [root@dhcp37-192 mani]# nfs4_getfacl dir1 [root@dhcp37-192 mani]# nfs4_getfacl dir2 [root@dhcp37-192 mani]# nfs4_getfacl dir3 [root@dhcp37-192 mani]# nfs4_getfacl f3 [root@dhcp37-192 mani]# nfs4_getfacl f2 [root@dhcp37-192 mani]# nfs4_getfacl f1 [root@dhcp37-192 mani]# [root@dhcp37-192 mani]# touch f4 [root@dhcp37-192 mani]# nfs4_getfacl f4 A::OWNER@:rwatTcCy A::GROUP@:rtcy A::EVERYONE@:rtcy This issue is not observed with 3.2 gluster bits.
Need some clarification wrt how nfs-client behaves. Post enabling ACL on the server side, when a user requests for ACL using "nfs4_getfacl" command for the existing files, there are no GETATTR requests for ACL attribute sent by the client. Unless the share is re-mounted, ACLs are not requested by the client for the already existing entries. Request Steve/Ben to comment on if its expected behaviour of the nfsv4 client and if/how it can be addressed. Attached pkt traces for your reference - When ACLs are disabled on the server - [skoduri@localhost ~]$ sudo mount -t nfs -o vers=4,noac 10.70.46.111:/testvol1 /mnt [skoduri@localhost ~]$ nfs4_getfacl /mnt/a1 After enabling ACLs on the server, [skoduri@localhost ~]$ nfs4_getfacl /mnt/a1 [skoduri@localhost ~]$
Created attachment 1278863 [details] nfs4_getfacl_when_acl_disabled
Created attachment 1278864 [details] nfs4_getfacl_after_enabling_acl_on_the_server
Have raised bug1460487 to add a note in the admin guide.