[Gluster-devel] Gluster CLI for setting options for glusterd.vol

Kanagaraj M kanagaraj.ktr at gmail.com
Thu Jun 27 07:04:12 UTC 2013 

On Thu, Jun 27, 2013 at 11:20 AM, Deepak C Shetty <
deepakcs at linux.vnet.ibm.com> wrote:

> On 06/24/2013 06:21 PM, Vijay Bellur wrote:
>
>> On 06/20/2013 07:28 PM, M. Mohan Kumar wrote:
>>
>>> Vijay Bellur <vbellur at redhat.com> writes:
>>>
>>>  On 06/19/2013 09:51 PM, M. Mohan Kumar wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> When qemu is invoked by a non-root user with -drive
>>>>> file=gluster://server/volname/**imagename option, unprivileged port is
>>>>> used for gluster rpc and by default glusterd and gluster brick process
>>>>> deny the request if the request is from a unprivileged port. The option
>>>>> "rpc-auth-allow-insecure" needs to be enabled in glusterd.vol so that
>>>>> non privileged ports can be used to access Gluster volumes.
>>>>>
>>>>> In a typical environment VDSM might want to enable
>>>>> rpc-auth-allow-insecure
>>>>> option and the administrator has to edit the glusterd.vol manually and
>>>>> restart glusterd process.
>>>>>
>>>>> CLI options available to enable volume specific options to work with
>>>>> unprivileged ports by using gluster volume set <volname> <option>
>>>>> <value>. For example per volume server.allow-insecure option can be
>>>>> enabled so that unprivileged users can mount a GlusterFS volume.
>>>>>
>>>>> But as of now there is no CLI option available to set glusterd.vol
>>>>> options. How about adding a gluster CLI set option to configure
>>>>> glusterd.vol options? Can following CLI command line 'gluster volume
>>>>> set
>>>>> all <glusterd.option> <value>" be used for setting glusterd options?
>>>>> IIUC "all" is a reserved volume name and we can use this reserved name
>>>>> for setting glusterd option.
>>>>>
>>>>
>>>> 'volume set all' is mostly used for options that are applicable to all
>>>> volumes. Since glusterd options are beyond the scope of a volume, tying
>>>> them to the peer entity might be a good idea. We can introduce 'peer set
>>>> all <key> <value>' which sets a particular option on all peers.
>>>>
>>>>
>>> You mean by 'gluster peer set all rpc-auth-allow-insecure on' will
>>> enable insecured port access to all glusterds in the peer environment?
>>>
>>
>>
>> Yes.
>>
>
> This still doesn't help the VDSM usecase, when VDSM host ( aka hypervisor
> host ) is not part of gluster peer.
> One of the goal here was to provide a cli way to modify glusterd options
> so that VDSM can exploit it, when Gluster volume is used as a storage
> domain, and VDSM needs rpc-auth-allow-insecure to be ON as VMs accessing
> Gluster volume natively via libgfapi will be running as non-root.
>
> On the same lines.. how does oVirt Engine 'Volumes' GUI manage Gluster
> volumes.... when the oVirt host is not part of the Gluster peer ? Just
> wondering....
>
>
Why oVirt Engine host needs to be a gluster peer to be able to communicate
with gluster(through vdsm)? As super-vdsm is running as root in the gluster
node and it should be able to communicate with underlying gluster cli and
can respond to oVirt engine.

If not, are you talking about the scenario where gluster node doesn't have
vdsm installed also the storage cluster is not managed through oVirt.

Thanks,
Kanagaraj



> thanx,
> deepak
>
>
>>
>>>
>>>>> IIUC glusterd.info file can be used to store about these parameters
>>>>> similar to how volume specific options are stored in
>>>>> vols/<volname>/info
>>>>> file?
>>>>>
>>>>>
>>>> We can persist this in glusterd.vol referred by the respective glusterd
>>>> instance.
>>>>
>>>
>>> So glusterd.vol is not [re]generated during glusterd init?
>>>
>>
>>
>> No, glusterd.vol does not get altered during init.
>>
>> -Vijay
>>
>>>
>>>> -Vijay
>>>>
>>>
>>>
>>>
>>>
>>
>> ______________________________**_________________
>> Gluster-devel mailing list
>> Gluster-devel at nongnu.org
>> https://lists.nongnu.org/**mailman/listinfo/gluster-devel<https://lists.nongnu.org/mailman/listinfo/gluster-devel>
>>
>>
>>
>>
>
> ______________________________**_________________
> Gluster-devel mailing list
> Gluster-devel at nongnu.org
> https://lists.nongnu.org/**mailman/listinfo/gluster-devel<https://lists.nongnu.org/mailman/listinfo/gluster-devel>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20130627/c8363a3d/attachment-0001.html>

More information about the Gluster-devel mailing list