[Gluster-users] [Gluster-devel] How to enable ACL support in Glusterfs volume

Niels de Vos ndevos at redhat.com
Wed Apr 27 08:23:26 UTC 2016


On Tue, Apr 26, 2016 at 08:23:15PM +0530, ABHISHEK PALIWAL wrote:
> On Tue, Apr 26, 2016 at 8:06 PM, Niels de Vos <ndevos at redhat.com> wrote:
> 
> > On Tue, Apr 26, 2016 at 07:46:03PM +0530, ABHISHEK PALIWAL wrote:
> > > On Tue, Apr 26, 2016 at 7:06 PM, Niels de Vos <ndevos at redhat.com> wrote:
> > >
> > > > On Tue, Apr 26, 2016 at 06:45:59PM +0530, ABHISHEK PALIWAL wrote:
> > > > > On Tue, Apr 26, 2016 at 6:37 PM, Niels de Vos <ndevos at redhat.com>
> > wrote:
> > > > >
> > > > > > On Tue, Apr 26, 2016 at 12:11:06PM +0530, ABHISHEK PALIWAL wrote:
> > > > > > >  Hi,
> > > > > > >
> > > > > > > I want to enable ACL support on gluster volume using the kernel
> > NFS
> > > > ACL
> > > > > > > support so I have followed below steps after creation of gluster
> > > > volume:
> > > > > > >
> > > > > > > 1. mount -t glusterfs -o acl 10.32.0.48:/c_glusterfs /tmp/a2
> > > > > > >
> > > > > > > 2.       update the /etc/exports file
> > > > > > > /tmp/a2
> > 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=14)
> > > > > > >
> > > > > > > 3.       exportfs –ra
> > > > > > >
> > > > > > > 4.       gluster volume set c_glusterfs nfs.acl off
> > > > > > >
> > > > > > > 5.       gluster volume set c_glusterfs nfs.disable on
> > > > > > >
> > > > > > > we have disabled above two options because we are using Kernel
> > NFS
> > > > ACL
> > > > > > > support and that is already enabled.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > on other board mounting it using
> > > > > > >
> > > > > > > mount -t nfs -o acl,vers=3 10.32.0.48:/tmp/a2 /tmp/e/
> > > > > > >
> > > > > > > setfacl -m u:application:rw /tmp/e/usr
> > > > > > > setfacl: /tmp/e/usr: Operation not supported
> > > > > >
> > > > > > Have you tried to set/getfacl on the Gluster FUSE mountpoint
> > (/tmp/a2)
> > > > > > too? Depending on the filesystem that you use on the bricks, you
> > may
> > > > > > need to mount with "-o acl" there as well. Try to set/get an ACL
> > on all
> > > > > > of these different levels to see where is starts to fail.
> > > > > >
> > > > > Yes, you can check I have already given -o acl on /tmp/a2 as well as
> > > > below
> > > >
> > > > Sorry, that is not what I meant. The bricks that provide the
> > c_glusterfs
> > > > volume need to support and have ACLs enabled as well. If you use XFS,
> > it
> > > > should be enabled by default. But some other filesystems do not do
> > that.
> > > >
> > > > You have three different mountpoints:
> > > >
> > > >  - /tmp/e: nfs
> > > >  - /tmp/a2: Gluster FUSE
> > > >  - whatever you use as bricks for c_glusterfs: XFS or something else?
> > > >
> > >
> > > I have following volume info
> > >
> > > Volume Name: c_glusterfs
> > > Type: Replicate
> > > Volume ID: 5be1524c-21ae-47d5-970a-d4920fca39cf
> > > Status: Started
> > > Number of Bricks: 1 x 2 = 2
> > > Transport-type: tcp
> > > Bricks:
> > > Brick1: 10.32.0.48:/opt/lvmdir/c2/brick
> > > Brick2: 10.32.1.144:/opt/lvmdir/c2/brick
> > > Options Reconfigured:
> > > nfs.acl: off
> > > nfs.disable: on
> > > network.ping-timeout: 4
> > > performance.readdir-ahead: on
> > >
> > > now according to you /opt/lvmdir/c2/brick should support ACL option or
> > > /opt/lvmdir/c2 ? if /opt/lvmdir/
> > > c2 then we are mounting it as below
> > >
> > >  mount -o acl /dev/cpplvm_vg/vol2  /opt/lvmdir//c2
> >
> > If /opt/lvmdir/c2 is the mountpoint, then make sure that a test-file
> > like /opt/lvmdir/c2/test-acl can have ACLs. It may require mounting
> > /opt/lvmdir/c2 with the "-o acl" option, but that depends on the
> > filesystem.
> >
> > Also try to create a test-file on /tmp/a2 and check of ACLs work on the
> > Gluster FUSE mountpoint.
> >
> > If these two filesystems support ACLs, I do not see a problem why the
> > kernel NFS server can not use them.
> >
> > > I have one more question : we are using logical volume here for glusterfs
> > > so it should not create any issue in ACL support?
> >
> > No, that should not matter.
> >
> 
> it is working fine locally means at 10.32.0.48 but when I am exporting it
> using /etc/exportfs file
> like
> */tmp/a2 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=10) *
> and then run *exportfs -ra* command to export it on other board.
> 
> and trying to mount it on other board
> 
> like
> 
> *mount -t nfs -o acl 10.32.0.48:/tmp/a2 /mnt/glust*
> 
> and then run setfacl
> 
> *setfacl -m u:application:r /mnt/glust/usr*
> *setfacl: /mnt/glust/usr: Operation not supported *//Reporting this error

If the ACL works on /opt/lvmdir/c2 and /tmp/a2 at least on the Gluster
and FUSE side all seems to be fine. You would need to check with the
kernel NFS server people to figure out why the mounted Gluster volume
can not use ACLs through knfsd.

Note that we really recommend to use Gluster/NFS or NFS-Ganesha with
Gluster. We do not test exporting FUSE mounted Gluster volume through
knfsd at all, and I am not aware that anyone uses this combination in
their production environment.

Cheers,
Niels


> 
> >
> > Cheers,
> > Niels
> >
> > >
> > >
> > > Regards,
> > >
> > > Abhishek
> > >
> > >
> > > >
> > > > HTH,
> > > > Niels
> > > >
> > > > >
> > > > > > 1. mount -t glusterfs -o acl 10.32.0.48:/c_glusterfs /tmp/a2
> > > > > >
> > > > > > 2.       update the /etc/exports file
> > > > > > /tmp/a2
> > 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=14)
> > > > > >
> > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > Niels
> > > > > >
> > > > > > >
> > > > > > > and application is the system user like below
> > > > > > >
> > > > > > > application:x:102:0::/home/application:/bin/sh
> > > > > > >
> > > > > > > I don't why I am getting this failure when I enabled all the acl
> > > > support
> > > > > > in
> > > > > > > each steps.
> > > > > > >
> > > > > > > Please let me know how can I enable this.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Abhishek
> > > > > >
> > > > > > > _______________________________________________
> > > > > > > Gluster-devel mailing list
> > > > > > > Gluster-devel at gluster.org
> > > > > > > http://www.gluster.org/mailman/listinfo/gluster-devel
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Regards
> > > > > Abhishek Paliwal
> > > >
> > >
> > >
> > >
> > > --
> > >
> > >
> > >
> > >
> > > Regards
> > > Abhishek Paliwal
> >
> 
> 
> 
> -- 
> 
> 
> 
> 
> Regards
> Abhishek Paliwal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160427/59b380d9/attachment.sig>


More information about the Gluster-users mailing list