[Gluster-devel] Gluster CLI for setting options for glusterd.vol

Deepak C Shetty deepakcs at linux.vnet.ibm.com
Thu Jun 27 05:50:19 UTC 2013


On 06/24/2013 06:21 PM, Vijay Bellur wrote:
> On 06/20/2013 07:28 PM, M. Mohan Kumar wrote:
>> Vijay Bellur <vbellur at redhat.com> writes:
>>
>>> On 06/19/2013 09:51 PM, M. Mohan Kumar wrote:
>>>> Hello,
>>>>
>>>> When qemu is invoked by a non-root user with -drive
>>>> file=gluster://server/volname/imagename option, unprivileged port is
>>>> used for gluster rpc and by default glusterd and gluster brick process
>>>> deny the request if the request is from a unprivileged port. The 
>>>> option
>>>> "rpc-auth-allow-insecure" needs to be enabled in glusterd.vol so that
>>>> non privileged ports can be used to access Gluster volumes.
>>>>
>>>> In a typical environment VDSM might want to enable 
>>>> rpc-auth-allow-insecure
>>>> option and the administrator has to edit the glusterd.vol manually and
>>>> restart glusterd process.
>>>>
>>>> CLI options available to enable volume specific options to work with
>>>> unprivileged ports by using gluster volume set <volname> <option>
>>>> <value>. For example per volume server.allow-insecure option can be
>>>> enabled so that unprivileged users can mount a GlusterFS volume.
>>>>
>>>> But as of now there is no CLI option available to set glusterd.vol
>>>> options. How about adding a gluster CLI set option to configure
>>>> glusterd.vol options? Can following CLI command line 'gluster 
>>>> volume set
>>>> all <glusterd.option> <value>" be used for setting glusterd options?
>>>> IIUC "all" is a reserved volume name and we can use this reserved name
>>>> for setting glusterd option.
>>>
>>> 'volume set all' is mostly used for options that are applicable to all
>>> volumes. Since glusterd options are beyond the scope of a volume, tying
>>> them to the peer entity might be a good idea. We can introduce 'peer 
>>> set
>>> all <key> <value>' which sets a particular option on all peers.
>>>
>>
>> You mean by 'gluster peer set all rpc-auth-allow-insecure on' will
>> enable insecured port access to all glusterds in the peer environment?
>
>
> Yes.

This still doesn't help the VDSM usecase, when VDSM host ( aka 
hypervisor host ) is not part of gluster peer.
One of the goal here was to provide a cli way to modify glusterd options 
so that VDSM can exploit it, when Gluster volume is used as a storage 
domain, and VDSM needs rpc-auth-allow-insecure to be ON as VMs accessing 
Gluster volume natively via libgfapi will be running as non-root.

On the same lines.. how does oVirt Engine 'Volumes' GUI manage Gluster 
volumes.... when the oVirt host is not part of the Gluster peer ? Just 
wondering....

thanx,
deepak

>
>>
>>>>
>>>> IIUC glusterd.info file can be used to store about these parameters
>>>> similar to how volume specific options are stored in 
>>>> vols/<volname>/info
>>>> file?
>>>>
>>>
>>> We can persist this in glusterd.vol referred by the respective glusterd
>>> instance.
>>
>> So glusterd.vol is not [re]generated during glusterd init?
>
>
> No, glusterd.vol does not get altered during init.
>
> -Vijay
>>>
>>> -Vijay
>>
>>
>>
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at nongnu.org
> https://lists.nongnu.org/mailman/listinfo/gluster-devel
>
>
>





More information about the Gluster-devel mailing list