Dose Gluster 3.1 support authorisation control and how to do

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, HU

Thank for your help.
I tried to use your example(1 server ,1 Client) to test authentication function, it's work.

But I tried to test it in replication mode (multi-node),FUSE mounting work, but NFS didn't.
Any node can mount volume via NFS. ><
------------------------------------------------
And 
Following is my config.

 26: volume gluster-new-volume-server
 27:     type protocol/server
 28:     option transport-type tcp
 29:     option auth.addr./mnt/gluster1.allow 10.18.14.240,10.18.14.248,10.18.14.241,10.18.14.242,10.18.14.243
 30:     subvolumes /mnt/gluster1
 31: end-volume


After starting volume, log showed below:

+------------------------------------------------------------------------------+
[2011-01-11 01:07:54.188695] E [authenticate.c:235:gf_authenticate] auth: no authentication module is interested in accepting remote-client (null)
[2011-01-11 01:07:54.188716] E [server-handshake.c:545:server_setvolume] gluster-new-volume-server: Cannot authenticate client from 127.0.0.1:1017
[2011-01-11 01:07:55.264728] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.241:995
[2011-01-11 01:07:55.267990] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.242:1012
[2011-01-11 01:07:55.272025] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.243:996


Do you know is it necessary to set 127.0.0.1 to allow list?
And it can't use host real ip (10.18.14.240) ?

But even if I used 127.0.0.1 to replace 10.18.14.240, NFS authentication control still not work. ><



-----Original message-----
From:HU Zhong <hz02ruc at gmail.com>
To:wei.cheng at m2k.com.tw
Cc:gluster-users <gluster-users at gluster.org>
Date:Mon, 10 Jan 2011 11:36:00 +0800
Subject:Re: Dose Gluster 3.1 support authorisation control and how to do


Hi, Cheng

I think you did the configuration in the wrong place. Instead of
/etc/glusterd/nfs/nfs-server.vol, you need to modify files
under /etc/glusterd/vols/.

As a simple example, consider a one-server-one-client system, both
server and client are one machine(localhost, ip:192.168.4.112), and
export directory /home/huz/share for sharing, the client wants to mount
it on /home/huz/mnt.

if i modify default
configuration /etc/glusterd/vols/testvol/testvol.192.168.4.112.home-huz-share.vol

from
......
26 volume testvol-server
27     type protocol/server
28     option transport-type tcp
29     option auth.addr./home/huz/share.allow *
30     subvolumes /home/huz/share
31 end-volume

to
......
26 volume testvol-server
27     type protocol/server
28     option transport-type tcp
29     option auth.addr./home/huz/share.reject *
30     subvolumes /home/huz/share
31 end-volume

the mount command will fail:
$sudo mount -o mountproto=tcp -t nfs localhost:/testvol /home/huz/mnt
mount.nfs: mounting localhost:/testvol failed, reason given by server:
  No such file or directory

and the log shows that the authentication error.
11-01-10 11:09:58.203600] E
[client-handshake.c:786:client_setvolume_cbk] testvol-client-0:
SETVOLUME on remote-host failed: Authentication failed

change "reject" to "allow", the mount operation will be ok.

you can configure you own ip rule. As for how to use ip auth and
usrname/password auth, you can check the attachment. It's a
documentation file under the directory "doc" of glusterfs src project.

On Sun, 2011-01-09 at 22:31 +0800, ???? wrote:
> Hi, HU:
> Thanks for your help.
> 
> I have the following environment:
> Gluster 3.1.1
> Volume Name: gluster-volume
> Type: Distributed-Replicate
> Status: Started
> Number of Bricks: 2 x 2 = 4
> Transport-type: tcp
> Bricks:
> Brick1: gluster1:/mnt/gluster1
> Brick2: gluster2:/mnt/gluster2
> Brick3: gluster3:/mnt/gluster3
> Brick4: gluster4:/mnt/gluster4
> 
> 
> I want to use authenticate module by your suggestion.
> The way I used below:
> 1. Stop Volume
> 2. Edit /etc/glusterd/nfs/nfs-server.vol on Brick1(Gluster1)
> 3. Modify and Add  From
>        volume nfs-server
>         type nfs/server
>         option nfs.dynamic-volumes on
>         option rpc-auth.addr.gluster-volume.allow *
>         option nfs3.gluster-volume.volume-id 907941d9-6950-425b-
> b3d5-4e43dd420d9e
>     subvolumes gluster-volume
> end-volume
> 
> to 
> 
> volume nfs-server
>     type nfs/server
>     option nfs.dynamic-volumes on
>     option rpc-auth.addr.gluster-volume.allow  10.18.14.1
>     option auth.addr.gluster-volume.allow 10.18.14.1
>     option nfs3.gluster-volume.volume-id
> 907941d9-6950-425b-b3d5-4e43dd420d9e
>     subvolumes gluster-volume
> end-volume
> 
> 4.Start Volume
> 
> --> But I still be able to mount volume from 10.18.14.2 by NFS.
> 
> Anything I missed or be wrong?
> 
> And I find 
> 
> A. After I started volume , nfs-server.vol was initialed to option
> rpc-auth.addr.gluster-volume.allow * .
> B. 4 nodes all have /etc/glusterd/nfs/nfs-server.vol , Should I Edit
> every .vol file on 4 nodes?
> 
> 
> 
> 
>     
> 
> -----Original message-----
> From:HU Zhong <hz02ruc at gmail.com>
> To:wei.cheng at m2k.com.tw
> Cc:gluster-users <gluster-users at gluster.org>
> Date:Fri, 07 Jan 2011 21:17:14 +0800
> Subject:Re: Dose Gluster 3.1 support authorisation
> control and how to do
> 
> Hi, Cheng
> 
> There are 2 types of authenticate module that you can config:
> 1. IP address
> 2. login user/password
> 
> please check this site:
> http://www.gluster.com/community/documentation/index.php/Translators/protocol/server
> 
> 
> On Fri, 2011-01-07 at 17:07 +0800, ???? wrote: 
> > _______________________________________________
> > Gluster-users mailing list
> > Gluster-users at gluster.org
> > http://gluster.org/cgi-bin/mailman/listinfo/gluster-users
> 
> 




[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux