Re: auth.allow doesn't seem to work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Sep 23, 2016 at 04:33:45PM +0200, Kevin Lemonnier wrote:
> > It looks like for NFS you have to change nfs.rpc-auth-allow, not
> > auth.allow (which is for access by API). Docs for nfs.rpc-auth-allow
> > states that "By default, all clients are disallowed", but in fact
> > the option has "all" as default value.
> 
> Yeah but I tried both NFS and Fuse, both worked (fuse couldn't
> succeded at the end because it wasn't on the same network as the other
> nodes, but that's something else).  Looks like auth.allow just doesn't
> do anything. I wonder if it's because it saw the reverse instead of
> the IP.
> 
> In any case as I was saying I ended up blocking everything with
> iptables, that works for this cluster but doesn't for others, so
> that's not a good fix for me. I wish I could just tell gluster to bind
> on a specific IP.

I think you can set "bind-address 10.10.10.1" in
/etc/glusterd/glusterd.vol (on all storage servers, and restart the
gluster processes). This value should be passed to all services that
GlusterD starts. It is not something that is used often, so you should
test the result in a testing/staging environment first.

Alternatively you could pass this option to the glusterd command (a
variable in /etc/sysconfig/glusterd for RPM based distributions):

   --xlator-option management.transport.socket.bind-address=10.10.10.1

If some services do not accept the 1st approach, you can file bugs about
it at https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS . It
helps to point to the bugs in this email thread so that other users can
find the report and progress too.

In case this is working well, you can assist others to find the option
by documenting it.
  http://gluster.readthedocs.io/ - website
  https://github.com/gluster/glusterdocs - markdown sources
Then we could also add the option (commented out) in the default
configuration file. A bug report will be needed for that too.

Thanks,
Niels

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux