1546738 – auth.allow and auth.reject is successfully set for the same node

Bug 1546738 - auth.allow and auth.reject is successfully set for the same node

Summary: auth.allow and auth.reject is successfully set for the same node

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	protocol
Sub Component:
Version:	rhgs-3.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Sheetal Pamecha
QA Contact:	Rahul Hinduja
Docs Contact:
URL:
Whiteboard:
Depends On:	1546991
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-19 13:37 UTC by Rochelle
Modified:	2018-12-03 13:36 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-12-03 13:36:08 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rochelle 2018-02-19 13:37:00 UTC

Description of problem:
=======================

 "auth-allow" allows access only to clients running on node whose IP address/hostname are on this list and "auth.reject" does not allow access for that particular node whose IP address/hostname are on the list

Currently, a node can be set as both auth.allow and auth.reject for a particular volume which is contrictory to the main function of the volume options.

[root@dhcp41-161 ~]# gluster volume set testvol auth.allow dhcp41-161.lab.eng.blr.redhat.com
volume set: success
[root@dhcp41-161 ~]# gluster volume set testvol auth.reject dhcp41-161.lab.eng.blr.redhat.com
volume set: success
[root@dhcp41-161 ~]# gluster v info
 
Volume Name: testvol
Type: Distributed-Replicate
Volume ID: c8b1dabd-fa2e-4bcc-a382-8d91aef4ff90
Status: Started
Snapshot Count: 0
Number of Bricks: 2 x 3 = 6
Transport-type: tcp
Bricks:
Brick1: 10.70.41.161:/rhs/brick1/b11
Brick2: 10.70.41.159:/rhs/brick1/b12
Brick3: 10.70.41.156:/rhs/brick1/b13
Brick4: 10.70.41.161:/rhs/brick2/b14
Brick5: 10.70.41.159:/rhs/brick2/b15
Brick6: 10.70.41.156:/rhs/brick2/b16
Options Reconfigured:
auth.reject: dhcp41-161.lab.eng.blr.redhat.com
auth.allow: dhcp41-161.lab.eng.blr.redhat.com
nfs.disable: on
cluster.enable-shared-storage: enable
[root@dhcp41-161 ~]# 


Version-Release number of selected component (if applicable):
============================================================
[root@dhcp41-161 ~]# rpm -qa | grep gluster
vdsm-gluster-4.17.33-1.2.el7rhgs.noarch
glusterfs-libs-3.12.2-4.el7rhgs.x86_64
glusterfs-api-3.12.2-4.el7rhgs.x86_64
glusterfs-rdma-3.12.2-4.el7rhgs.x86_64
libvirt-daemon-driver-storage-gluster-3.9.0-12.el7.x86_64
python2-gluster-3.12.2-4.el7rhgs.x86_64
gluster-nagios-common-0.2.4-1.el7rhgs.noarch
glusterfs-3.12.2-4.el7rhgs.x86_64
glusterfs-fuse-3.12.2-4.el7rhgs.x86_64
glusterfs-cli-3.12.2-4.el7rhgs.x86_64
glusterfs-geo-replication-3.12.2-4.el7rhgs.x86_64
gluster-nagios-addons-0.2.10-2.el7rhgs.x86_64
glusterfs-client-xlators-3.12.2-4.el7rhgs.x86_64
glusterfs-server-3.12.2-4.el7rhgs.x86_64


How reproducible:
=================
Always

Steps to Reproduce:
===================
1.Create a x3 volume 
2. Use the same fqdn and volname for both volume options on the same node:
 gluster volume set auth.allow <volname> <fqdn>
 gluster volume set auth.reject <volname> <fqdn>

Actual results:
==============

Both auth.allow and auth.reject are successfully set

Expected results:
================

Either one can be set, but not both.

Comment 9 Amar Tumballi 2018-11-19 05:16:21 UTC

We need to 'define' the flow of the auth.deny Vs auth.allow (https://bugzilla.redhat.com/show_bug.cgi?id=1546991) and close these two bugs.

Comment 10 Sheetal Pamecha 2018-12-03 13:36:08 UTC

Raised an issue to include the flow of auth.allow post auth.reject - https://bugzilla.redhat.com/show_bug.cgi?id=1655579

Note You need to log in before you can comment on or make changes to this bug.