Re: cephfs read-only setting doesn't work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[ Re-adding the list. ]

On Wed, Sep 2, 2015 at 4:29 PM, Erming Pei <erming@xxxxxxxxxxx> wrote:
> Hi Gregory,
>
>    Thanks very much for the confirmation and explanation.
>
>>And I presume you have an MDS cap in there as well?
>   Is there a difference between set this cap and without setting?

Well, I don't think you can access the MDS without a read cap, but
maybe it's really just null...

>
>>I think you'll find that the data you've overwritten isn't really written
>> to the OSDs — you wrote it in the local page cache, but the OSDs will reject
>> the writes with EPERM.
>    I see. Is there a way for me to verify that, i.e., see there is not a
> change to the data is OSDs? I found I can overwrite a file and then I can
> see the file is changed. It may be in the local cache. But how can I test
> and retrieve one in the OSD pool?

Mounting it on another client and seeing if changes are reflected
there would do it. Or unmounting the filesystem, mounting again, and
seeing if the file has really changed.
-Greg

>
> Thanks!
>
> Erming
>
>
>
> On 9/2/15, 2:44 AM, Gregory Farnum wrote:
>>
>> On Tue, Sep 1, 2015 at 9:20 PM, Erming Pei <erming@xxxxxxxxxxx> wrote:
>>>
>>> Hi,
>>>
>>>    I tried to set up a read-only permission for a client but it looks
>>> always
>>> writable.
>>>
>>>    I did the following:
>>>
>>> ==Server end==
>>>
>>> [client.cephfs_data_ro]
>>>          key = AQxxxxxxxxxx==
>>>          caps mon = "allow r"
>>>          caps osd = "allow r pool=cephfs_data, allow r
>>> pool=cephfs_metadata"
>>
>> The clients don't directly access the metadata pool at all so you
>> don't need to grant that. :) And I presume you have an MDS cap in
>> there as well?
>>
>>>
>>> ==Client end==
>>> mount -v -t ceph hostname.domainname:6789:/ /cephfs -o
>>> name=cephfs_data_ro,secret=AQxxxxxxxxxx==
>>>
>>> But I still can touch, delete, overwrite.
>>>
>>> I read that touch/delete could be only meta data operations, but why I
>>> still
>>> can overwrite?
>>>
>>> Is there anyway I could test/check the data pool (instead of meta data)
>>> to
>>> see if any effect on it?
>>
>> What you're seeing here is an unfortunate artifact of the page cache
>> and the way these user capabilities work in Ceph. As you surmise,
>> touch/delete are metadata operations through the MDS and in current
>> code you can't block the client off from that (although we have work
>> in progress to improve things). I think you'll find that the data
>> you've overwritten isn't really written to the OSDs — you wrote it in
>> the local page cache, but the OSDs will reject the writes with EPERM.
>> I don't remember the kernel's exact behavior here though — we updated
>> the userspace client to preemptively check access permissions on new
>> pools but I don't think the kernel ever got that. Zheng?
>> -Greg
>
>
>
> --
> ---------------------------------------------
>  Erming Pei, Ph.D
>  Senior System Analyst; Grid/Cloud Specialist
>
>  Research Computing Group
>  Information Services & Technology
>  University of Alberta, Canada
>
>  Tel: +1 7804929914        Fax: +1 7804921729
> ---------------------------------------------
>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux