On 01/19/2015 06:22 PM, Deepak Shetty wrote:
Hi All, I had opened this feature request sometime back http://www.gluster.org/community/documentation/index.php/Features/turn-off-glusterfs-proto-access I wanted to know what would be the right way to implement this ? The goal here is to have a volume set option to turn off glusterfs/fuse protocol access just like how we have it today for NFS ( volume set nfs.export-volumes off) 1) Does GETSPEC allow passing the protocol being requested at mount, so that glusterd can return success/failure and mount.gluster can error accoridngly ? 2) Another way is to introduce another handshake after GETSPEC is successfull, where client can request permission to mount using the said protocol and glusterd returns success/failure based on the volume set option being set or unset ? Thoughts ?
I think unconditionally disabling glusterfs protocol for trusted clients (clients local to the storage pool) also would not be ideal. An administrator might still want to access volumes through a trusted glusterfs client for maintenance, repair activities. Geo-replication, quota etc. do rely on the ability to access volumes from the trusted storage pool through the native glusterfs protocol for proper functioning.
Given this, we could implement this feature by serving volfiles to only trusted clients in glusterd and fail requests from everywhere else if an option to disable glusterfs protocol has been set. This way all services accessing volumes locally from the trusted storage pool will continue to function without any problems.
HTH, Vijay _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel
