|
On Thursday 11 October 2018 08:10 AM,
Raghavendra Gowdappa wrote:
Cc
nfs-ganesha,
Md-cache has option "cache-posix-acl" that controls caching
of posix ACLs
("system.posix_acl_access"/"system.posix_acl_default") and
virtual glusterfs ACLs
("glusterfs.posix.acl"/"glusterfs.posix.default_acl") now.
The currently only consumers of this virtual xattr is nfs-ganesha.
Nfsv4 acls were sent from client and ganesha converts to posix acl
and sent as virtual xattr to glusterfs bricks using
pub_glfs_h_acl_set/get api's. AFAIR in samba vfs module they
convert windows acl to
posix acl and sent as actual getxattr/setxattr calls on
"system.posixl-acl"
--
Jiffin
But, _posix_xattr_get_set does not fill virtual glusterfs
ACLs when lookup requests.
So, md-cache caches bad virtual glusterfs ACLs.
After I turn on "cache-posix-acl" option to cache ACLs at
md-cache, nfs client gets many EIO errors.
https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/427305
There are two chooses for cache virtual glusterfs ACLs in
md-cache,
1. Cache it separately as posix ACLs (a new option maybe
"cache-glusterfs-acl" is added);
And make sure _posix_xattr_get_set fills them when lookup
requests.
2. Does not cache it, only cache posix ACLs;
If gfapi request it, md-cache lookup according posix ACL
at cache,
if exist, make the virtual glusterfs ACL locally and
return to gfapi;
otherwise, send the request to glusterfsd.
Virtual glusterfs ACLs are another format of posix ACLs,
there are larger than posix ACLs,
and always exist no matter the really posix ACL exist or
not.
So, I'd prefer #2.
Any comments are welcome.
thanks,
Kinglong Mee
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-devel
|
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-devel
