[Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Nico van Royen
nico at van-royen.nl
Mon Nov 26 20:09:37 UTC 2018
Hi Kaleb,
It indeed concerns the RHGS 3.4 version (not the opensource version).
When mounting an NFS share from a random client, and the client does not specify vers=4.0 (or vers=4,minorversion=0 for RH6) it will still make a NFSv4.1 connection.
This is why we want to restrict it server-side to prevent issues (we even have a RH case about this since Nov 2017, still open since it will also be discussed with a RH solution architect soon, I was hoping someone from the community would have a solution ready to restrict the NFS version server-side).
Regards,
Nico van Roijen (ING)
----- Oorspronkelijk bericht -----
Van: "Kaleb S. KEITHLEY" <kkeithle at redhat.com>
Aan: "gluster-users" <gluster-users at gluster.org>
Verzonden: Zaterdag 24 november 2018 00:20:14
Onderwerp: Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
On 11/23/18 1:42 PM, Nico van Royen wrote:
> Hi All,
>
> In a bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1546713) I
> was reading it showed that it should be possible to restrict the NFSv4
> usage to only use 4.0 (since 4.1/4.2 is not supported).
Who is telling you that 4.1 and 4.2 aren't supported?
Because NFS-Ganesha does, in fact, support NFSv4.1, NFSv4.2, and pNFS.
(Maybe you're thinking of the nfs-ganesha server in Red Hat's RHGS (Red
Hat Gluster Storage) or RHCS (Red Hat Ceph Storage), where 4.1 and 4.2
are not supported.)
> To try that, I modified an existing share so it reads :
>
> EXPORT{
> Export_Id = 2;
> Path = "/DATA";
> FSAL {
> name = GLUSTER;
> hostname="localhost";
> volume="DATA";
> }
> Access_type = RW;
> Disable_ACL = true;
> Squash="No_root_squash";
> Pseudo="/DATA";
> Protocols = "4" ;
> Transports = "UDP","TCP";
> SecType = "sys";
> NFSv4 {
> minor_versions = 0;
> }
> }
>
> And restarted the nfs-ganesha service. Seemed to start fine and
> mounted the share from a client and specifying the mount option "-o
> vers=4.1" and indeed it mounted it with NFSv4.1 (I was expecting/hoping
> it would refuse to mount).
>
> What is (or should be) the way to only allow NFSv4.0 exports (if
> possible at all) ?
>
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep ganesha
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> nfs-ganesha-2.5.5-10.el7rhgs.x86_64
> nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64
>
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
>
> Thanks in advance,
> Nico van Roijen
>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
>
_______________________________________________
Gluster-users mailing list
Gluster-users at gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
More information about the Gluster-users
mailing list