[Bugs] [Bug 1437332] New: auth failure after upgrade to GlusterFS 3.10
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 30 06:03:54 UTC 2017
https://bugzilla.redhat.com/show_bug.cgi?id=1437332
Bug ID: 1437332
Summary: auth failure after upgrade to GlusterFS 3.10
Product: Red Hat Gluster Storage
Version: 3.3
Component: protocol
Keywords: Triaged
Severity: urgent
Assignee: prasanna.kalever at redhat.com
Reporter: amukherj at redhat.com
QA Contact: sbhaloth at redhat.com
CC: amukherj at redhat.com, bordas.csaba at gmail.com,
bugs at gluster.org, hiscal at 126.com, michalon at igbmc.fr,
news at ascora.de, rhs-bugs at redhat.com,
rkavunga at redhat.com, storage-qa-internal at redhat.com
Depends On: 1429117, 1433815
+++ This bug was initially created as a clone of Bug #1433815 +++
+++ This bug was initially created as a clone of Bug #1429117 +++
Description of problem:
We enabled the IP based auth feature with
gluster volume set store_temp auth.allow xxx.xxx.xxx...
This worked fine up to GlusterFS 3.9. After upgrading to 3.10, we noticed that
we cannot mount any volume from a remove client anymore.
Looking at the brick logs we found:
[2017-03-04 15:56:17.469490] I [MSGID: 115091]
[server-handshake.c:659:server_setvolume] 0-store_temp-server: Failed to get
client opversion
[2017-03-04 15:56:17.469520] E [MSGID: 115004]
[authenticate.c:224:gf_authenticate] 0-auth: no authentication module is
interested in accepting remote-client (null)
[2017-03-04 15:56:17.469602] E [MSGID: 115001]
[server-handshake.c:718:server_setvolume] 0-store_temp-server: Cannot
authenticate client from
backupserver-9596-2017/03/04-15:56:17:438653-store_temp-client-2-0-0 3.9.1
[Permission denied]
[2017-03-04 15:56:28.472405] I [MSGID: 115036] [server.c:559:server_rpc_notify]
0-store_temp-server: disconnecting connection from
backupserver-9596-2017/03/04-15:56:17:438653-store_temp-client-2-0-0
[2017-03-04 15:56:28.472518] I [MSGID: 101055] [client_t.c:436:gf_client_unref]
0-store_temp-server: Shutting down connection
backupserver-9596-2017/03/04-15:56:17:438653-store_temp-client-2-0-0
This problem exists even when creating completely new volumes. We already
restarted and even rebooted all GlusterFS peers and the clients as well. All
peers and all clients have been upgraded to 3.10
Version-Release number of selected component (if applicable):
3.10
How reproducible:
-Create a new volume
-enable auth.allow based on IPs
Steps to Reproduce:
1. gluster volume create store_temp disperse 3 redundancy 1 ...
2. gluster volume set store_temp auth.allow xxx.xxx.xxx.xxx
3. gluster volume start store_temp
4. gluster mount ... (on a client)
Actual results:
-error message at clients "failed to set the volume [Permission denied]"
-error message at server: "no authentication module is interested in accepting
remote-client (null)"
Expected results:
successful mount
Additional info:
Ubuntu 16.04
--- Additional comment from Jiffin on 2017-03-07 07:29:04 EST ---
Can you provide entire logs including bricks,glusterd and glusterfs client.
Also it will be easier if can take the tcdump from server and client
--- Additional comment from Jonathan Michalon on 2017-03-07 09:11:19 EST ---
I am stumbling on the same problem.
Setting log level to DEBUG (gluster volume set volname
diagnostics.brick-log-level DEBUG) I got this first interesting stuff:
allowed = "192.168.122.186", received addr = "R"
Then some time afterwards:
allowed = "192.168.122.186", received addr = "m"
So it was looking like we were reading some random memory. And indeed looking
into source code, between 3.9 and 3.10 the big switch/case filling peer_addr
disappeared in /xlators/protocol/auth/addr/src/addr.c
I think this is enough to tell that there is some problem here :)
--- Additional comment from Atin Mukherjee on 2017-03-13 02:00:47 EDT ---
auth failures need not be in glusterd, moving this to core component.
--- Additional comment from Yong on 2017-03-19 03:35:18 EDT ---
I have the same issue, I think this is critical, please help
--- Additional comment from Worker Ant on 2017-03-19 21:00:07 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#1) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-20 16:03:19 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#2) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-24 14:22:14 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#3) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-27 13:11:09 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#4) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-27 13:24:54 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#5) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-28 01:38:03 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#6) for review on master by Atin Mukherjee (amukherj at redhat.com)
--- Additional comment from Worker Ant on 2017-03-28 16:04:33 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#7) for review on master by Jeff Darcy (jeff at pl.atyp.us)
--- Additional comment from Worker Ant on 2017-03-28 17:51:31 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#8) for review on master by Jeff Darcy (jeff at pl.atyp.us)
--- Additional comment from Worker Ant on 2017-03-28 18:05:24 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#9) for review on master by Jeff Darcy (jeff at pl.atyp.us)
--- Additional comment from Worker Ant on 2017-03-28 18:24:02 EDT ---
REVIEW: https://review.gluster.org/16920 (protocol : fix auth-allow regression)
posted (#10) for review on master by Jeff Darcy (jeff at pl.atyp.us)
--- Additional comment from Worker Ant on 2017-03-30 01:57:02 EDT ---
COMMIT: https://review.gluster.org/16920 committed in master by Atin Mukherjee
(amukherj at redhat.com)
------
commit 0bd58241143e91b683a3e5c4335aabf9eed537fe
Author: Atin Mukherjee <amukherj at redhat.com>
Date: Mon Mar 20 05:15:25 2017 +0530
protocol : fix auth-allow regression
One of the brick multiplexing patches (commit 1a95fc3) had some changes
in gf_auth () & server_setvolume () functions which caused auth-allow
feature to be broken. mount doesn't succeed even if it's part of the
auth-allow list. This fix does the following:
1. Reintroduce the peer-info data back in gf_auth () so that fnmatch has
valid input and it can decide on the result.
2. config-params dict should capture key values pairs for all the bricks
in case brick multiplexing is on. In case brick multiplexing isn't
enabled, then config-params should carry attributes from protocol/server
such that all rpc auth related attributes stay in tact in the
dictionary.
Change-Id: I007c4c6d78620a896b8858a29459a77de8b52412
BUG: 1433815
Signed-off-by: Atin Mukherjee <amukherj at redhat.com>
Reviewed-on: https://review.gluster.org/16920
Tested-by: Jeff Darcy <jeff at pl.atyp.us>
Smoke: Gluster Build System <jenkins at build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins at build.gluster.org>
CentOS-regression: Gluster Build System <jenkins at build.gluster.org>
Reviewed-by: Jeff Darcy <jeff at pl.atyp.us>
Reviewed-by: MOHIT AGRAWAL <moagrawa at redhat.com>
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1429117
[Bug 1429117] auth failure after upgrade to GlusterFS 3.10
https://bugzilla.redhat.com/show_bug.cgi?id=1433815
[Bug 1433815] auth failure after upgrade to GlusterFS 3.10
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XLzNEyKfvo&a=cc_unsubscribe
More information about the Bugs
mailing list