[Gluster-users] Dose Gluster 3.1 support authorisation control and how to do

HU Zhong hz02ruc at gmail.com
Tue Jan 11 02:11:26 UTC 2011 

Hi

It seems that the node 10.18.14.240 runs both server and client. 
If not, write the server list and the client list here.
As you can see in the log, the node other than above are all accepted by
the server, so you can add both 10.18.14.240 and 127.0.0.1 to the
ip-allowed list to see whether it works or not.


On Tue, 2011-01-11 at 01:25 +0800, W.C Lee wrote: 
> Hi, HU
> 
> Thank for your help.
> I tried to use your example(1 server ,1 Client) to test authentication function, it's work.
> 
> But I tried to test it in replication mode (multi-node),FUSE mounting work, but NFS didn't.
> Any node can mount volume via NFS. ><
> ------------------------------------------------
> And 
> Following is my config.
> 
>  26: volume gluster-new-volume-server
>  27:     type protocol/server
>  28:     option transport-type tcp
>  29:     option auth.addr./mnt/gluster1.allow 10.18.14.240,10.18.14.248,10.18.14.241,10.18.14.242,10.18.14.243
>  30:     subvolumes /mnt/gluster1
>  31: end-volume
> 
> 
> After starting volume, log showed below:
> 
> +------------------------------------------------------------------------------+
> [2011-01-11 01:07:54.188695] E [authenticate.c:235:gf_authenticate] auth: no authentication module is interested in accepting remote-client (null)
> [2011-01-11 01:07:54.188716] E [server-handshake.c:545:server_setvolume] gluster-new-volume-server: Cannot authenticate client from 127.0.0.1:1017
> [2011-01-11 01:07:55.264728] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.241:995
> [2011-01-11 01:07:55.267990] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.242:1012
> [2011-01-11 01:07:55.272025] I [server-handshake.c:535:server_setvolume] gluster-new-volume-server: accepted client from 10.18.14.243:996
> 
> 
> Do you know is it necessary to set 127.0.0.1 to allow list?
> And it can't use host real ip (10.18.14.240) ?
> 
> But even if I used 127.0.0.1 to replace 10.18.14.240, NFS authentication control still not work. ><
> 
> 
> 
> -----Original message-----
> From:HU Zhong <hz02ruc at gmail.com>
> To:wei.cheng at m2k.com.tw
> Cc:gluster-users <gluster-users at gluster.org>
> Date:Mon, 10 Jan 2011 11:36:00 +0800
> Subject:Re: [Gluster-users] Dose Gluster 3.1 support authorisation control and how to do
> 
> 
> Hi, Cheng
> 
> I think you did the configuration in the wrong place. Instead of
> /etc/glusterd/nfs/nfs-server.vol, you need to modify files
> under /etc/glusterd/vols/.
> 
> As a simple example, consider a one-server-one-client system, both
> server and client are one machine(localhost, ip:192.168.4.112), and
> export directory /home/huz/share for sharing, the client wants to mount
> it on /home/huz/mnt.
> 
> if i modify default
> configuration /etc/glusterd/vols/testvol/testvol.192.168.4.112.home-huz-share.vol
> 
> from
> ......
> 26 volume testvol-server
> 27     type protocol/server
> 28     option transport-type tcp
> 29     option auth.addr./home/huz/share.allow *
> 30     subvolumes /home/huz/share
> 31 end-volume
> 
> to
> ......
> 26 volume testvol-server
> 27     type protocol/server
> 28     option transport-type tcp
> 29     option auth.addr./home/huz/share.reject *
> 30     subvolumes /home/huz/share
> 31 end-volume
> 
> the mount command will fail:
> $sudo mount -o mountproto=tcp -t nfs localhost:/testvol /home/huz/mnt
> mount.nfs: mounting localhost:/testvol failed, reason given by server:
>   No such file or directory
> 
> and the log shows that the authentication error.
> 11-01-10 11:09:58.203600] E
> [client-handshake.c:786:client_setvolume_cbk] testvol-client-0:
> SETVOLUME on remote-host failed: Authentication failed
> 
> change "reject" to "allow", the mount operation will be ok.
> 
> you can configure you own ip rule. As for how to use ip auth and
> usrname/password auth, you can check the attachment. It's a
> documentation file under the directory "doc" of glusterfs src project.
> 
> On Sun, 2011-01-09 at 22:31 +0800, 第二信箱 wrote:
> > Hi, HU:
> > Thanks for your help.
> > 
> > I have the following environment:
> > Gluster 3.1.1
> > Volume Name: gluster-volume
> > Type: Distributed-Replicate
> > Status: Started
> > Number of Bricks: 2 x 2 = 4
> > Transport-type: tcp
> > Bricks:
> > Brick1: gluster1:/mnt/gluster1
> > Brick2: gluster2:/mnt/gluster2
> > Brick3: gluster3:/mnt/gluster3
> > Brick4: gluster4:/mnt/gluster4
> > 
> > 
> > I want to use authenticate module by your suggestion.
> > The way I used below:
> > 1. Stop Volume
> > 2. Edit /etc/glusterd/nfs/nfs-server.vol on Brick1(Gluster1)
> > 3. Modify and Add  From
> >        volume nfs-server
> >         type nfs/server
> >         option nfs.dynamic-volumes on
> >         option rpc-auth.addr.gluster-volume.allow *
> >         option nfs3.gluster-volume.volume-id 907941d9-6950-425b-
> > b3d5-4e43dd420d9e
> >     subvolumes gluster-volume
> > end-volume
> > 
> > to 
> > 
> > volume nfs-server
> >     type nfs/server
> >     option nfs.dynamic-volumes on
> >     option rpc-auth.addr.gluster-volume.allow  10.18.14.1
> >     option auth.addr.gluster-volume.allow 10.18.14.1
> >     option nfs3.gluster-volume.volume-id
> > 907941d9-6950-425b-b3d5-4e43dd420d9e
> >     subvolumes gluster-volume
> > end-volume
> > 
> > 4.Start Volume
> > 
> > --> But I still be able to mount volume from 10.18.14.2 by NFS.
> > 
> > Anything I missed or be wrong?
> > 
> > And I find 
> > 
> > A. After I started volume , nfs-server.vol was initialed to option
> > rpc-auth.addr.gluster-volume.allow * .
> > B. 4 nodes all have /etc/glusterd/nfs/nfs-server.vol , Should I Edit
> > every .vol file on 4 nodes?
> > 
> > 
> > 
> > 
> >     
> > 
> > -----Original message-----
> > From:HU Zhong <hz02ruc at gmail.com>
> > To:wei.cheng at m2k.com.tw
> > Cc:gluster-users <gluster-users at gluster.org>
> > Date:Fri, 07 Jan 2011 21:17:14 +0800
> > Subject:Re: [Gluster-users] Dose Gluster 3.1 support authorisation
> > control and how to do
> > 
> > Hi, Cheng
> > 
> > There are 2 types of authenticate module that you can config:
> > 1. IP address
> > 2. login user/password
> > 
> > please check this site:
> > http://www.gluster.com/community/documentation/index.php/Translators/protocol/server
> > 
> > 
> > On Fri, 2011-01-07 at 17:07 +0800, 第二信箱 wrote: 
> > > _______________________________________________
> > > Gluster-users mailing list
> > > Gluster-users at gluster.org
> > > http://gluster.org/cgi-bin/mailman/listinfo/gluster-users
> > 
> > 
> 
>

More information about the Gluster-users mailing list