Re: Restricting NFS-Ganesha to use NFSv4.0 only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kaleb,

It indeed concerns the RHGS 3.4 version (not the opensource version).
When mounting an NFS share from a random client, and the client does not specify vers=4.0 (or vers=4,minorversion=0 for RH6) it will still make a NFSv4.1 connection.
This is why we want to restrict it server-side to prevent issues (we even have a RH case about this since Nov 2017, still open since it will also be discussed with a RH solution architect soon, I was hoping someone from the community would have a solution ready to restrict the NFS version server-side).

Regards,
Nico van Roijen (ING)



----- Oorspronkelijk bericht -----
Van: "Kaleb S. KEITHLEY" <kkeithle@xxxxxxxxxx>
Aan: "gluster-users" <gluster-users@xxxxxxxxxxx>
Verzonden: Zaterdag 24 november 2018 00:20:14
Onderwerp: Re:  Restricting NFS-Ganesha to use NFSv4.0 only

On 11/23/18 1:42 PM, Nico van Royen wrote:
> Hi All,
> 
> In a bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1546713) I
> was reading it showed that it should be possible to restrict the NFSv4
> usage to only use 4.0 (since 4.1/4.2 is not supported).

Who is telling you that 4.1 and 4.2 aren't supported?

Because NFS-Ganesha does, in fact, support NFSv4.1, NFSv4.2, and pNFS.

(Maybe you're thinking of the nfs-ganesha server in Red Hat's RHGS (Red
Hat Gluster Storage) or RHCS (Red Hat Ceph Storage), where 4.1 and 4.2
are not supported.)


> To try that, I modified an existing share so it reads :
> 
> EXPORT{
>       Export_Id = 2;
>       Path = "/DATA";
>       FSAL {
>            name = GLUSTER;
>            hostname="localhost";
>            volume="DATA";
>            }
>       Access_type = RW;
>       Disable_ACL = true;
>       Squash="No_root_squash";
>       Pseudo="/DATA";
>       Protocols = "4" ;
>       Transports = "UDP","TCP";
>       SecType = "sys";
>       NFSv4 {
>             minor_versions = 0;
>       }
>      }
> 
> And restarted the nfs-ganesha service.   Seemed to start fine and
> mounted the share from a client and specifying the mount option "-o
> vers=4.1" and indeed it mounted it with NFSv4.1  (I was expecting/hoping
> it would refuse to mount).
> 
> What is (or should be) the way to only allow NFSv4.0 exports (if
> possible at all) ?
> 
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep ganesha
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> nfs-ganesha-2.5.5-10.el7rhgs.x86_64
> nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64
> 
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
> 
> Thanks in advance,
> Nico van Roijen
> 
> _______________________________________________
> Gluster-users mailing list
> Gluster-users@xxxxxxxxxxx
> https://lists.gluster.org/mailman/listinfo/gluster-users
> 

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-users
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-users




[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux