Red Hat Bugzilla – Bug 826021
Geo-rep ip based access control is broken.
Last modified: 2015-04-09 07:08:36 EDT
Description of problem:
If the slave is set up to restrict other machines from spawning the slave agent, it won't work the way it should.
Version-Release number of selected component (if applicable):3.3.0qa43
Steps to Reproduce:
1.On the slave machine, set up the restriction of file salve(i.e any directory as the slave) from any other machines except itself like this.
- gluster volume geo-rep '/*' config allow-network ::1, 127.0.0.1
2.Now start a geo-rep session from any machine as master and the /path/to/directory as slave.
gluster volume geo-rep <master> <slave-host>:/path/to/directory start
3.This setup shouldn't succeed.
Actual results: The setup should go to faulty.
Expected results: It works fine.
Created attachment 587390 [details]
Slave gsyncd.conf file
The problem is with the documentation (
-- which, that said, also originates from me), not the feature.
The proper stanza for the desired effect would be:
gluster volume geo-rep 'file://*' config allow-network ::1,127.0.0.1
-- that is, URL shortening is not possible when specifying a set of URLs
by means of a glob pattern. (Also note: the argument for allow-network
is specified to be a comma-separated list of subnets (or as special case,
IP addresses), which does not give you allowance to inject whitespace. It should be a single word.)
This would need a documentation change as mentioned by Csaba above.
*** Bug 849303 has been marked as a duplicate of this bug. ***
Based on Comment 2, Closing this bug. Please reopen if issue found again.