Bug 826021 - Geo-rep ip based access control is broken.
Geo-rep ip based access control is broken.
Status: CLOSED NOTABUG
Product: GlusterFS
Classification: Community
Component: geo-replication (Show other bugs)
mainline
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Divya
: Triaged
: 849303 (view as bug list)
Depends On:
Blocks: 849303 850514
  Show dependency treegraph
 
Reported: 2012-05-29 07:48 EDT by Vijaykumar Koppad
Modified: 2015-04-09 07:08 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 849303 (view as bug list)
Environment:
Last Closed: 2015-04-09 07:08:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Slave gsyncd.conf file (1.26 KB, application/octet-stream)
2012-05-29 07:52 EDT, Vijaykumar Koppad
no flags Details

  None (edit)
Description Vijaykumar Koppad 2012-05-29 07:48:32 EDT
Description of problem:
If the slave is set up to restrict other machines from spawning the slave agent, it won't work the way it should. 

Version-Release number of selected component (if applicable):3.3.0qa43 


How reproducible:Always 


Steps to Reproduce:
1.On the slave machine, set up the restriction of file salve(i.e any directory as the slave) from any other machines except itself like this.

 - gluster volume geo-rep '/*' config allow-network  ::1, 127.0.0.1

2.Now start a geo-rep session from any machine as master and the /path/to/directory  as slave. 

  gluster volume geo-rep  <master> <slave-host>:/path/to/directory start 

3.This setup shouldn't succeed.
  
Actual results: The setup should go to faulty.


Expected results: It works fine.


Additional info:
Comment 1 Vijaykumar Koppad 2012-05-29 07:52:43 EDT
Created attachment 587390 [details]
Slave gsyncd.conf file
Comment 2 Csaba Henk 2013-01-28 11:26:37 EST
The problem is with the documentation (


https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/ch11s02s05s02.html

-- which, that said, also originates from me), not the feature.

The proper stanza for the desired effect would be:

gluster volume geo-rep 'file://*' config allow-network  ::1,127.0.0.1

-- that is, URL shortening is not possible when specifying a set of URLs
by means of a glob pattern. (Also note: the argument for allow-network
is specified to be a comma-separated list of subnets (or as special case,
IP addresses), which does not give you allowance to inject whitespace. It should be a single word.)
Comment 3 Venky Shankar 2013-02-26 04:22:23 EST
Divya,

This would need a documentation change as mentioned by Csaba above.
Comment 4 Csaba Henk 2013-05-09 18:30:34 EDT
*** Bug 849303 has been marked as a duplicate of this bug. ***
Comment 6 Aravinda VK 2015-04-09 07:08:36 EDT
Based on Comment 2, Closing this bug. Please reopen if issue found again.

Note You need to log in before you can comment on or make changes to this bug.