[Bugs] [Bug 1193929] GlusterFS can be improved

bugzilla at redhat.com bugzilla at redhat.com
Wed Jul 11 04:09:04 UTC 2018 

https://bugzilla.redhat.com/show_bug.cgi?id=1193929

Worker Ant <bugzilla-bot at gluster.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|POST                        |MODIFIED



--- Comment #71 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: https://review.gluster.org/20472 committed in master by "Amar Tumballi"
<amarts at redhat.com> with a commit message- server: Set ssl-allow option in
options table and rename ID

This change explicitly adds 'ssl-allow' options to the server xlator's
options table so that glusterd2 can see it as a settable option. This
change also marks 'auth.allow' and 'auth.reject' options as a settable.

Glusterd2 doesn't maintain a separate volume options table. Glusterd2
dynamically loads shared objects of xlators to read their option table
and other information. Glusterd2 reads 'xlator_api_t' if available. If
that's not available, it falls back to reading just the options table
directly.

In glusterd2, volume set operations are performed by users on keys of
the format <xlator>.<option-name>. Glusterd2 uses xlator name set in
'xlator_api_t.identifier'. If that's not present it will use the shared
object's file name as xlator name. Hence, it is important for
'xlator_api_t.identifier' to be set properly, and in this case, the
proper value is "server". This name shall be used by users as prefix
while setting volume options implemented in server xlator. The name will
also be used in volfile.

A user in glusterd2 can authorize a client over TLS as follows:

$ glustercli volume set <volname> server.ssl-allow <client1-CN>[,<clientN-CN>]

gd2 References:
https://github.com/gluster/glusterd2/issues/971
https://github.com/gluster/glusterd2/issues/214
https://github.com/gluster/glusterd2/pull/967

Updates: bz#1193929
Change-Id: I59ef58acb8d51917e6365a83be03e79ae7c5ad17
Signed-off-by: Prashanth Pai <ppai at redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list