[Gluster-devel] What would be ideal option for 'auth.allow' to support subdir mount?
atumball at redhat.com
Thu Jul 20 13:41:29 UTC 2017
I was working on subdir mount for fuse clients , and was able to handle
pieces just fine in filesystem part of gluster. 
What is pending is, how will we handle the authentication options for this
at each subdir level?
I propose to keep the current option and extending it to handle new feature
with proper backward compatibility.
Currently, the option auth.allow (and auth.reject) are of the type
GF_OPTION_TYPE_INTERNET_ADDRESS_LIST. Which expects valid internet
addresses with comma separation.
For example the current option looks likes this:
'option auth.addr.brick-name.allow *' OR 'option
auth.addr.brick-name.allow "192.168.*.* ,10.10.*.*"'.
In future, it may look like:
`option auth.addr.brick-name.allow "10.0.1.13;192.168.1.*
=/subdir1;192.168.10.* ,192.168.11.104 =/subdir2"`
so each entries will be separated by ';'. And in each entry, first part ("
=") is address list and second part is directory. If directory is empty,
its assumed as '/'. (Handles the backward compatibility). And if there is
no entry for a $subdir here, that $subdir won't be mountable.
(The above format is handled properly already at  in addr.c, the pending
thing is to handle the option properly in options.c's validate).
 - https://github.com/gluster/glusterfs/issues/175
 - https://review.gluster.org/17141
If everyone agrees to this, I guess we can pull it off before absolute
feature freeze date for 3.12 branch.
Let me know the feedback. (I am updating the same content in github, so
feel free to comment there too).
NOTE: I thought of using ':' (colon) as field separator between addr_list
and subdir entry, but with IPv6 ':' is valid character in string. Hence
using ' ='.
Amar Tumballi (amarts)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gluster-devel