Description of problem: when a list of ip_address is specified as value for volume set auth.allow, auth.reject, nfs.rpc-auth-allow, nfs.rpc-auth-reject, the policy only applies for the first ip_address in the list. The rest of the ip_address is allowed or rejected depending on the option we have set. Version-Release number of selected component (if applicable): 3.3.0qa33 How reproducible: often Test cases:- ------------ [04/05/12 - 20:34:37 root@APP-SERVER1 ~]# gluster volume info Volume Name: dstore Type: Distributed-Replicate Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35 Status: Started Number of Bricks: 3 x 3 = 9 Transport-type: tcp Bricks: Brick1: 192.168.2.35:/export1/dstore1 Brick2: 192.168.2.36:/export1/dstore1 Brick3: 192.168.2.37:/export1/dstore1 Brick4: 192.168.2.35:/export2/dstore1 Brick5: 192.168.2.36:/export2/dstore1 Brick6: 192.168.2.37:/export2/dstore1 Brick7: 192.168.2.35:/export1/dstore2 Brick8: 192.168.2.36:/export1/dstore2 Brick9: 192.168.2.37:/export1/dstore2 Note ------ root@APP-CLIENT1 :- 192.168.2.34 root@Shwetha-Laptop :- 192.168.2.1 ################################################################################ Test Case1:- ------------- [04/05/12 - 20:34:40 root@APP-SERVER1 ~]# gluster volume set dstore auth.allow 192.168.2.34,192.168.2.1 Set volume successful [04/05/12 - 20:37:42 root@APP-SERVER1 ~]# gluster volume info Volume Name: dstore Type: Distributed-Replicate Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35 Status: Started Number of Bricks: 3 x 3 = 9 Transport-type: tcp Bricks: Brick1: 192.168.2.35:/export1/dstore1 Brick2: 192.168.2.36:/export1/dstore1 Brick3: 192.168.2.37:/export1/dstore1 Brick4: 192.168.2.35:/export2/dstore1 Brick5: 192.168.2.36:/export2/dstore1 Brick6: 192.168.2.37:/export2/dstore1 Brick7: 192.168.2.35:/export1/dstore2 Brick8: 192.168.2.36:/export1/dstore2 Brick9: 192.168.2.37:/export1/dstore2 Options Reconfigured: auth.allow: 192.168.2.34,192.168.2.1 [04/05/12 - 20:37:57 root@APP-CLIENT1 /]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1 Brick Log:- ---------- [2012-04-05 20:38:04.773227] I [server-handshake.c:571:server_setvolume] 0-dstore-server: accepted client from 192.168.2.34:1012 (version: 3.3.0qa33) [04/05/12 - 15:19:21 root@Shwetha-Laptop ~]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1 Mount failed. Please check the log file for more details. Brick Log:- ---------- [2012-04-05 20:39:45.645589] E [authenticate.c:228:gf_authenticate] 0-auth: no authentication module is interested in accepting remote-client (null) [2012-04-05 20:39:45.645750] E [server-handshake.c:582:server_setvolume] 0-dstore-server: Cannot authenticate client from 192.168.2.1:962 3.3.0qa33 ################################################################################ Test Case2:- -------------- [04/05/12 - 20:41:42 root@APP-SERVER1 ~]# gluster volume set dstore auth.reject 192.168.2.34,192.168.2.1 Set volume successful [04/05/12 - 20:41:52 root@APP-SERVER1 ~]# gluster volume info Volume Name: dstore Type: Distributed-Replicate Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35 Status: Started Number of Bricks: 3 x 3 = 9 Transport-type: tcp Bricks: Brick1: 192.168.2.35:/export1/dstore1 Brick2: 192.168.2.36:/export1/dstore1 Brick3: 192.168.2.37:/export1/dstore1 Brick4: 192.168.2.35:/export2/dstore1 Brick5: 192.168.2.36:/export2/dstore1 Brick6: 192.168.2.37:/export2/dstore1 Brick7: 192.168.2.35:/export1/dstore2 Brick8: 192.168.2.36:/export1/dstore2 Brick9: 192.168.2.37:/export1/dstore2 Options Reconfigured: auth.reject: 192.168.2.34,192.168.2.1 [04/05/12 - 20:42:18 root@APP-CLIENT1 /]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1 Mount failed. Please check the log file for more details. Brick Log:- ----------- [2012-04-05 20:42:23.556693] E [server-handshake.c:582:server_setvolume] 0-dstore-server: Cannot authenticate client from 192.168.2.34:1012 3.3.0qa33 [04/05/12 - 15:22:42 root@Shwetha-Laptop ~]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1 Brick Log:- ----------- [2012-04-05 20:42:59.835136] I [server-handshake.c:571:server_setvolume] 0-dstore-server: accepted client from 192.168.2.1:951 (version: 3.3.0qa33) ############################################################################### Test Case 3:- ------------ [04/05/12 - 20:43:53 root@APP-SERVER1 ~]# gluster volume set dstore nfs.rpc-auth-reject 192.168.2.34,192.168.2.1 Set volume successful [04/05/12 - 20:44:09 root@APP-SERVER1 ~]# gluster volume info Volume Name: dstore Type: Distributed-Replicate Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35 Status: Started Number of Bricks: 3 x 3 = 9 Transport-type: tcp Bricks: Brick1: 192.168.2.35:/export1/dstore1 Brick2: 192.168.2.36:/export1/dstore1 Brick3: 192.168.2.37:/export1/dstore1 Brick4: 192.168.2.35:/export2/dstore1 Brick5: 192.168.2.36:/export2/dstore1 Brick6: 192.168.2.37:/export2/dstore1 Brick7: 192.168.2.35:/export1/dstore2 Brick8: 192.168.2.36:/export1/dstore2 Brick9: 192.168.2.37:/export1/dstore2 Options Reconfigured: nfs.rpc-auth-reject: 192.168.2.34,192.168.2.1 [04/05/12 - 20:44:25 root@APP-CLIENT1 /]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1 mount.nfs: access denied by server while mounting 192.168.2.35:/dstore [04/05/12 - 15:25:30 root@Shwetha-Laptop ~]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1 ############################################################################## Case 4:- --------- [04/05/12 - 20:47:31 root@APP-SERVER1 ~]# gluster volume set dstore nfs.rpc-auth-allow 192.168.2.34,192.168.2.1 Set volume successful [04/05/12 - 20:47:40 root@APP-SERVER1 ~]# gluster volume info Volume Name: dstore Type: Distributed-Replicate Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35 Status: Started Number of Bricks: 3 x 3 = 9 Transport-type: tcp Bricks: Brick1: 192.168.2.35:/export1/dstore1 Brick2: 192.168.2.36:/export1/dstore1 Brick3: 192.168.2.37:/export1/dstore1 Brick4: 192.168.2.35:/export2/dstore1 Brick5: 192.168.2.36:/export2/dstore1 Brick6: 192.168.2.37:/export2/dstore1 Brick7: 192.168.2.35:/export1/dstore2 Brick8: 192.168.2.36:/export1/dstore2 Brick9: 192.168.2.37:/export1/dstore2 Options Reconfigured: nfs.rpc-auth-allow: 192.168.2.34,192.168.2.1 [04/05/12 - 20:48:03 root@APP-CLIENT1 /]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1 [04/05/12 - 15:29:19 root@Shwetha-Laptop ~]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1 mount.nfs: access denied by server while mounting 192.168.2.35:/dstore Additional Info:- ----------------- nfs server doesn't report any log message for accepting the client connection or rejecting the client connection.
CHANGE: http://review.gluster.com/3104 (xlator/server,xlator/nfs : Fix authentication for address lists) merged in master by Vijay Bellur (vijay)
verified on "3git built on Apr 16 2012 15:32:30". works fine now.