----- Original Message ----- > From: "Benjamin Cleyet-marrel" <benjamin.cleyet-marrel at openwide.fr> > To: gluster-users at gluster.org > Sent: Mercredi 2 F?vrier 2011 14:56:51 > Subject: Gluster 3.1.2 and rpc-auth patch > Hi, > > Fist of all thanks for all the work you put into gluster this product > is fantastic. > > In our setup, we have to have some kind of nfs authentication. > Not beeing able to set the rpc-auth option using the cli was a big > draw-back for us. > > Setting the option auth.allow only set the gluster auth.addr.allow > option in the bricks themselves but did not do any good regarding nfs > access. > > Setting the option option rpc-auth.addr.MyVolume.allow * > directly into the config file /etc/glusterd/nfs/nfs-server.vol > did not worked as each modification (ie gluster start volume MyVolume) > would overwrite changes > > After browsing the web/mailing list and trying to find a workaround to > implement nfs auth we decided to patch the source code to add an extra > option to the gluster "volume set" framwork. Which was a rather easy > task considering the quality of the source code. > > A few lines in glusterd-volgen.c did the trick > It worked for us, so here is the patch which allow users to issue: > gluster volume set MyVolume rpc-auth.allow "10.*,192.*" > default is still "*" > > > > Cheers > > > -- > Benjamin Cleyet-Marrel > Directeur de l'ing?nierie > Open Wide Outsourcing > http://outsourcing.openwide.fr Hum The patch did not make it the first time so here it is inline. Cheers --- glusterd-volgen.c.orig 2011-02-02 10:56:22.932266001 +0100 +++ glusterd-volgen.c 2011-02-02 14:53:49.815904002 +0100 @@ -138,6 +138,7 @@ {"nfs.enable-ino32", "nfs/server", "nfs.enable-ino32",}, {"nfs.mem-factor", "nfs/server", "nfs.mem-factor",}, + {"rpc-auth.allow", "nfs/server", }, {NULL, } }; @@ -1245,6 +1246,7 @@ xlator_t *nfsxl = NULL; char *skey = NULL; char *enable_ino32 = NULL; + char *rpc_auth = NULL; char *mem_factor = NULL; char volume_id[64] = {0,}; int ret = 0; @@ -1281,17 +1283,27 @@ if (voliter->status != GLUSTERD_STATUS_STARTED) continue; - ret = gf_asprintf (&skey, "rpc-auth.addr.%s.allow", - voliter->volname); - if (ret == -1) { - gf_log ("", GF_LOG_ERROR, "Out of memory"); - goto out; - } - ret = xlator_set_option (nfsxl, skey, "*"); - GF_FREE (skey); + ret = glusterd_volinfo_get (voliter, + "rpc-auth.allow", + &rpc_auth); if (ret) goto out; + + ret = gf_asprintf (&skey, "rpc-auth.addr.%s.allow", voliter->volname); + if (ret == -1) { + gf_log ("", GF_LOG_ERROR, "Out of memory"); + goto out; + } + if (rpc_auth) { + ret = xlator_set_option (nfsxl, skey, rpc_auth); + } else { + ret = xlator_set_option (nfsxl, skey, "*"); + } + GF_FREE (skey); + if (ret) + goto out; + ret = gf_asprintf (&skey, "nfs3.%s.volume-id", voliter->volname); if (ret == -1) {
