<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On Thursday 11 October 2018 08:10 AM,
Raghavendra Gowdappa wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFkORY-c5TfiCV4qJdkQSjTGDvHueyoc6t-HGmXOv_US_1M39Q@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr"><br>
<br>
<div class="gmail_quote">
<div dir="ltr">On Thu, Oct 11, 2018 at 7:47 AM Kinglong Mee
<<a href="mailto:kinglongmee@gmail.com"
moz-do-not-send="true">kinglongmee@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Cc
nfs-ganesha,<br>
<br>
Md-cache has option "cache-posix-acl" that controls caching
of posix ACLs<br>
("system.posix_acl_access"/"system.posix_acl_default") and
virtual glusterfs ACLs<br>
("glusterfs.posix.acl"/"glusterfs.posix.default_acl") now.<br>
</blockquote>
<div><br>
</div>
<div>Not sure how virtual xattrs are consumed or who generates
them. <a class="gmail_plusreply" id="plusReplyChip-0"
href="mailto:rtalur@redhat.com" tabindex="-1"
moz-do-not-send="true">+Raghavendra Talur</a> <a
class="gmail_plusreply" id="plusReplyChip-1"
href="mailto:jthottan@redhat.com" tabindex="-1"
moz-do-not-send="true">+Thottan, Jiffin</a> - acl
maintainers.<br>
</div>
</div>
</div>
</blockquote>
<br>
The currently only consumers of this virtual xattr is nfs-ganesha.
Nfsv4 acls were sent from client and ganesha converts to posix acl<br>
<br>
and sent as virtual xattr to glusterfs bricks using
pub_glfs_h_acl_set/get api's. AFAIR in samba vfs module they
convert windows acl to<br>
<br>
posix acl and sent as actual getxattr/setxattr calls on
"system.posixl-acl"<br>
<br>
--<br>
<br>
Jiffin<br>
<br>
<blockquote type="cite"
cite="mid:CAFkORY-c5TfiCV4qJdkQSjTGDvHueyoc6t-HGmXOv_US_1M39Q@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
But, _posix_xattr_get_set does not fill virtual glusterfs
ACLs when lookup requests.<br>
So, md-cache caches bad virtual glusterfs ACLs.<br>
<br>
After I turn on "cache-posix-acl" option to cache ACLs at
md-cache, nfs client gets many EIO errors.<br>
<br>
<a
href="https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/427305"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/427305</a><br>
<br>
There are two chooses for cache virtual glusterfs ACLs in
md-cache,<br>
1. Cache it separately as posix ACLs (a new option maybe
"cache-glusterfs-acl" is added);<br>
And make sure _posix_xattr_get_set fills them when lookup
requests.<br>
<br>
2. Does not cache it, only cache posix ACLs;<br>
If gfapi request it, md-cache lookup according posix ACL
at cache,<br>
if exist, make the virtual glusterfs ACL locally and
return to gfapi;<br>
otherwise, send the request to glusterfsd.<br>
<br>
Virtual glusterfs ACLs are another format of posix ACLs,
there are larger than posix ACLs, <br>
and always exist no matter the really posix ACL exist or
not.<br>
<br>
So, I'd prefer #2.<br>
Any comments are welcome.<br>
<br>
thanks,<br>
Kinglong Mee<br>
<br>
_______________________________________________<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org" target="_blank"
moz-do-not-send="true">Gluster-devel@gluster.org</a><br>
<a
href="https://lists.gluster.org/mailman/listinfo/gluster-devel"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.gluster.org/mailman/listinfo/gluster-devel</a><br>
</blockquote>
</div>
</div>
</blockquote>
<br>
</body>
</html>