Hi, HU Thank for your help. I tried to use your example(1 server ,1 Client) to test authentication function, it's work. But I tried to test it in replication mode (multi-node),FUSE mounting work, but NFS didn't. Any node can mount volume via NFS. >< ------------------------------------------------ And Following is my config. 26: volume gluster-new-volume-server 27: type protocol/server 28: option transport-type tcp 29: option auth.addr./mnt/gluster1.allow 10.18.14.240,10.18.14.248,10.18.14.241,10.18.14.242,10.18.14.243 30: subvolumes /mnt/gluster1 31: end-volume After starting volume, log showed below: +------------------------------------------------------------------------------+ [2011-01-11 01:07:54.188695] E [authenticate.c:235:gf_authenticate] auth: no authentication module is interested in accepting remote-client (null) [2011-01-11 01:07:54.188716] E [server-handshake.c:545:server_setvolume] gluster-new-volume-server: Cannot authenticate client from 127.0.0.1:1017 [2011-01-11 01:07:55.264728] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.241:995 [2011-01-11 01:07:55.267990] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.242:1012 [2011-01-11 01:07:55.272025] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.243:996 Do you know is it necessary to set 127.0.0.1 to allow list? And it can't use host real ip (10.18.14.240) ? But even if I used 127.0.0.1 to replace 10.18.14.240, NFS authentication control still not work. >< -----Original message----- From:HU Zhong <hz02ruc at gmail.com> To:wei.cheng at m2k.com.tw Cc:gluster-users <gluster-users at gluster.org> Date:Mon, 10 Jan 2011 11:36:00 +0800 Subject:Re: Dose Gluster 3.1 support authorisation control and how to do Hi, Cheng I think you did the configuration in the wrong place. Instead of /etc/glusterd/nfs/nfs-server.vol, you need to modify files under /etc/glusterd/vols/. As a simple example, consider a one-server-one-client system, both server and client are one machine(localhost, ip:192.168.4.112), and export directory /home/huz/share for sharing, the client wants to mount it on /home/huz/mnt. if i modify default configuration /etc/glusterd/vols/testvol/testvol.192.168.4.112.home-huz-share.vol from ...... 26 volume testvol-server 27 type protocol/server 28 option transport-type tcp 29 option auth.addr./home/huz/share.allow * 30 subvolumes /home/huz/share 31 end-volume to ...... 26 volume testvol-server 27 type protocol/server 28 option transport-type tcp 29 option auth.addr./home/huz/share.reject * 30 subvolumes /home/huz/share 31 end-volume the mount command will fail: $sudo mount -o mountproto=tcp -t nfs localhost:/testvol /home/huz/mnt mount.nfs: mounting localhost:/testvol failed, reason given by server: No such file or directory and the log shows that the authentication error. 11-01-10 11:09:58.203600] E [client-handshake.c:786:client_setvolume_cbk] testvol-client-0: SETVOLUME on remote-host failed: Authentication failed change "reject" to "allow", the mount operation will be ok. you can configure you own ip rule. As for how to use ip auth and usrname/password auth, you can check the attachment. It's a documentation file under the directory "doc" of glusterfs src project. On Sun, 2011-01-09 at 22:31 +0800, ???? wrote: > Hi, HU: > Thanks for your help. > > I have the following environment: > Gluster 3.1.1 > Volume Name: gluster-volume > Type: Distributed-Replicate > Status: Started > Number of Bricks: 2 x 2 = 4 > Transport-type: tcp > Bricks: > Brick1: gluster1:/mnt/gluster1 > Brick2: gluster2:/mnt/gluster2 > Brick3: gluster3:/mnt/gluster3 > Brick4: gluster4:/mnt/gluster4 > > > I want to use authenticate module by your suggestion. > The way I used below: > 1. Stop Volume > 2. Edit /etc/glusterd/nfs/nfs-server.vol on Brick1(Gluster1) > 3. Modify and Add From > volume nfs-server > type nfs/server > option nfs.dynamic-volumes on > option rpc-auth.addr.gluster-volume.allow * > option nfs3.gluster-volume.volume-id 907941d9-6950-425b- > b3d5-4e43dd420d9e > subvolumes gluster-volume > end-volume > > to > > volume nfs-server > type nfs/server > option nfs.dynamic-volumes on > option rpc-auth.addr.gluster-volume.allow 10.18.14.1 > option auth.addr.gluster-volume.allow 10.18.14.1 > option nfs3.gluster-volume.volume-id > 907941d9-6950-425b-b3d5-4e43dd420d9e > subvolumes gluster-volume > end-volume > > 4.Start Volume > > --> But I still be able to mount volume from 10.18.14.2 by NFS. > > Anything I missed or be wrong? > > And I find > > A. After I started volume , nfs-server.vol was initialed to option > rpc-auth.addr.gluster-volume.allow * . > B. 4 nodes all have /etc/glusterd/nfs/nfs-server.vol , Should I Edit > every .vol file on 4 nodes? > > > > > > > -----Original message----- > From:HU Zhong <hz02ruc at gmail.com> > To:wei.cheng at m2k.com.tw > Cc:gluster-users <gluster-users at gluster.org> > Date:Fri, 07 Jan 2011 21:17:14 +0800 > Subject:Re: Dose Gluster 3.1 support authorisation > control and how to do > > Hi, Cheng > > There are 2 types of authenticate module that you can config: > 1. IP address > 2. login user/password > > please check this site: > http://www.gluster.com/community/documentation/index.php/Translators/protocol/server > > > On Fri, 2011-01-07 at 17:07 +0800, ???? wrote: > > _______________________________________________ > > Gluster-users mailing list > > Gluster-users at gluster.org > > http://gluster.org/cgi-bin/mailman/listinfo/gluster-users > >
