[Gluster-devel] Problems about cache virtual glusterfs ACLs for ganesha in md-cache
Jiffin Tony Thottan
jthottan at redhat.com
Thu Oct 11 04:10:41 UTC 2018
On Thursday 11 October 2018 08:10 AM, Raghavendra Gowdappa wrote:
>
>
> On Thu, Oct 11, 2018 at 7:47 AM Kinglong Mee <kinglongmee at gmail.com
> <mailto:kinglongmee at gmail.com>> wrote:
>
> Cc nfs-ganesha,
>
> Md-cache has option "cache-posix-acl" that controls caching of
> posix ACLs
> ("system.posix_acl_access"/"system.posix_acl_default") and virtual
> glusterfs ACLs
> ("glusterfs.posix.acl"/"glusterfs.posix.default_acl") now.
>
>
> Not sure how virtual xattrs are consumed or who generates them.
> +Raghavendra Talur <mailto:rtalur at redhat.com> +Thottan, Jiffin
> <mailto:jthottan at redhat.com> - acl maintainers.
The currently only consumers of this virtual xattr is nfs-ganesha. Nfsv4
acls were sent from client and ganesha converts to posix acl
and sent as virtual xattr to glusterfs bricks using
pub_glfs_h_acl_set/get api's. AFAIR in samba vfs module they convert
windows acl to
posix acl and sent as actual getxattr/setxattr calls on "system.posixl-acl"
--
Jiffin
>
>
> But, _posix_xattr_get_set does not fill virtual glusterfs ACLs
> when lookup requests.
> So, md-cache caches bad virtual glusterfs ACLs.
>
> After I turn on "cache-posix-acl" option to cache ACLs at
> md-cache, nfs client gets many EIO errors.
>
> https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/427305
>
> There are two chooses for cache virtual glusterfs ACLs in md-cache,
> 1. Cache it separately as posix ACLs (a new option maybe
> "cache-glusterfs-acl" is added);
> And make sure _posix_xattr_get_set fills them when lookup requests.
>
> 2. Does not cache it, only cache posix ACLs;
> If gfapi request it, md-cache lookup according posix ACL at cache,
> if exist, make the virtual glusterfs ACL locally and return to
> gfapi;
> otherwise, send the request to glusterfsd.
>
> Virtual glusterfs ACLs are another format of posix ACLs, there are
> larger than posix ACLs,
> and always exist no matter the really posix ACL exist or not.
>
> So, I'd prefer #2.
> Any comments are welcome.
>
> thanks,
> Kinglong Mee
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org <mailto:Gluster-devel at gluster.org>
> https://lists.gluster.org/mailman/listinfo/gluster-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-devel/attachments/20181011/341995eb/attachment.html>
More information about the Gluster-devel
mailing list