<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 20, 2017 at 7:36 PM, Niels de Vos <span dir="ltr"><<a href="mailto:ndevos@redhat.com" target="_blank">ndevos@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Thu, Jul 20, 2017 at 07:11:29PM +0530, Amar Tumballi wrote:<br>
> Hi,<br>
><br>
> I was working on subdir mount for fuse clients [1], and was able to handle<br>
> pieces just fine in filesystem part of gluster. [2]<br>
><br>
> What is pending is, how will we handle the authentication options for this<br>
> at each subdir level?<br>
><br>
> I propose to keep the current option and extending it to handle new feature<br>
> with proper backward compatibility.<br>
><br>
> Currently, the option auth.allow (and auth.reject) are of the type<br>
> GF_OPTION_TYPE_INTERNET_ADDRES<wbr>S_LIST. Which expects valid internet<br>
> addresses with comma separation.<br>
><br>
> For example the current option looks likes this:<br>
><br>
> 'option auth.addr.brick-name.allow *' OR 'option<br>
> auth.addr.brick-name.allow "192.168.*.* ,10.10.*.*"'.<br>
><br>
> In future, it may look like:<br>
><br>
> `option auth.addr.brick-name.allow "10.0.1.13;192.168.1.*<br>
> =/subdir1;192.168.10.* ,192.168.11.104 =/subdir2"`<br>
><br>
> so each entries will be separated by ';'. And in each entry, first part ("<br>
> =") is address list and second part is directory. If directory is empty,<br>
> its assumed as '/'. (Handles the backward compatibility). And if there is<br>
> no entry for a $subdir here, that $subdir won't be mountable.<br>
<br>
</span>IIRC Gluster/NFS allows you to set permissions for subdir mounting with<br>
a format like this:<br>
<br>
/subdir/next/dir(IP,IP-range,.<wbr>..) /subdir2(IP)<br>
<br></blockquote><div>This is good, but would currently break the compatibility with existing auth.allow of gluster.<br><br></div><div>Backward compatibility was the main reason for me to consider the above approach.<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It would be best to use the existing format if we can to prevent<br>
confusion among our users.<br>
<br></blockquote><div>Currently existing gluster's option is not same as NFS in my opinion. How do you want to handle it?<br><br></div><div>-Amar<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks,<br>
Niels<br>
<span><br>
<br>
><br>
> (The above format is handled properly already at [2] in addr.c, the pending<br>
> thing is to handle the option properly in options.c's validate).<br>
><br>
> [1] - <a href="https://github.com/gluster/glusterfs/issues/175" rel="noreferrer" target="_blank">https://github.com/gluster/glu<wbr>sterfs/issues/175</a><br>
> [2] - <a href="https://review.gluster.org/17141" rel="noreferrer" target="_blank">https://review.gluster.org/171<wbr>41</a><br>
><br>
> If everyone agrees to this, I guess we can pull it off before absolute<br>
> feature freeze date for 3.12 branch.<br>
><br>
> Let me know the feedback. (I am updating the same content in github, so<br>
> feel free to comment there too).<br>
><br>
> NOTE: I thought of using ':' (colon) as field separator between addr_list<br>
> and subdir entry, but with IPv6 ':' is valid character in string. Hence<br>
> using ' ='.<br>
> --<br>
> Amar Tumballi (amarts)<br>
<br>
</span>> ______________________________<wbr>_________________<br>
> Gluster-devel mailing list<br>
> <a href="mailto:Gluster-devel@gluster.org" target="_blank">Gluster-devel@gluster.org</a><br>
> <a href="http://lists.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">http://lists.gluster.org/mailm<wbr>an/listinfo/gluster-devel</a><br>
<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="m_-1745303868776756377gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Amar Tumballi (amarts)<br></div></div></div></div></div>
</div></div>