[Gluster-users] [Gluster-devel] How to enable ACL support in Glusterfs volume

ABHISHEK PALIWAL abhishpaliwal at gmail.com
Wed Apr 27 11:26:47 UTC 2016


Hi Niels,

Thanks for reply.

I am trying to user Gluster NFS even in this case I am facing the same
issue.

Could please suggest me what I need to do and how can I setup Gluster NFS.

Regards,
Abhishek

On Wed, Apr 27, 2016 at 1:53 PM, Niels de Vos <ndevos at redhat.com> wrote:

> On Tue, Apr 26, 2016 at 08:23:15PM +0530, ABHISHEK PALIWAL wrote:
> > On Tue, Apr 26, 2016 at 8:06 PM, Niels de Vos <ndevos at redhat.com> wrote:
> >
> > > On Tue, Apr 26, 2016 at 07:46:03PM +0530, ABHISHEK PALIWAL wrote:
> > > > On Tue, Apr 26, 2016 at 7:06 PM, Niels de Vos <ndevos at redhat.com>
> wrote:
> > > >
> > > > > On Tue, Apr 26, 2016 at 06:45:59PM +0530, ABHISHEK PALIWAL wrote:
> > > > > > On Tue, Apr 26, 2016 at 6:37 PM, Niels de Vos <ndevos at redhat.com
> >
> > > wrote:
> > > > > >
> > > > > > > On Tue, Apr 26, 2016 at 12:11:06PM +0530, ABHISHEK PALIWAL
> wrote:
> > > > > > > >  Hi,
> > > > > > > >
> > > > > > > > I want to enable ACL support on gluster volume using the
> kernel
> > > NFS
> > > > > ACL
> > > > > > > > support so I have followed below steps after creation of
> gluster
> > > > > volume:
> > > > > > > >
> > > > > > > > 1. mount -t glusterfs -o acl 10.32.0.48:/c_glusterfs /tmp/a2
> > > > > > > >
> > > > > > > > 2.       update the /etc/exports file
> > > > > > > > /tmp/a2
> > > 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=14)
> > > > > > > >
> > > > > > > > 3.       exportfs –ra
> > > > > > > >
> > > > > > > > 4.       gluster volume set c_glusterfs nfs.acl off
> > > > > > > >
> > > > > > > > 5.       gluster volume set c_glusterfs nfs.disable on
> > > > > > > >
> > > > > > > > we have disabled above two options because we are using
> Kernel
> > > NFS
> > > > > ACL
> > > > > > > > support and that is already enabled.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > on other board mounting it using
> > > > > > > >
> > > > > > > > mount -t nfs -o acl,vers=3 10.32.0.48:/tmp/a2 /tmp/e/
> > > > > > > >
> > > > > > > > setfacl -m u:application:rw /tmp/e/usr
> > > > > > > > setfacl: /tmp/e/usr: Operation not supported
> > > > > > >
> > > > > > > Have you tried to set/getfacl on the Gluster FUSE mountpoint
> > > (/tmp/a2)
> > > > > > > too? Depending on the filesystem that you use on the bricks,
> you
> > > may
> > > > > > > need to mount with "-o acl" there as well. Try to set/get an
> ACL
> > > on all
> > > > > > > of these different levels to see where is starts to fail.
> > > > > > >
> > > > > > Yes, you can check I have already given -o acl on /tmp/a2 as
> well as
> > > > > below
> > > > >
> > > > > Sorry, that is not what I meant. The bricks that provide the
> > > c_glusterfs
> > > > > volume need to support and have ACLs enabled as well. If you use
> XFS,
> > > it
> > > > > should be enabled by default. But some other filesystems do not do
> > > that.
> > > > >
> > > > > You have three different mountpoints:
> > > > >
> > > > >  - /tmp/e: nfs
> > > > >  - /tmp/a2: Gluster FUSE
> > > > >  - whatever you use as bricks for c_glusterfs: XFS or something
> else?
> > > > >
> > > >
> > > > I have following volume info
> > > >
> > > > Volume Name: c_glusterfs
> > > > Type: Replicate
> > > > Volume ID: 5be1524c-21ae-47d5-970a-d4920fca39cf
> > > > Status: Started
> > > > Number of Bricks: 1 x 2 = 2
> > > > Transport-type: tcp
> > > > Bricks:
> > > > Brick1: 10.32.0.48:/opt/lvmdir/c2/brick
> > > > Brick2: 10.32.1.144:/opt/lvmdir/c2/brick
> > > > Options Reconfigured:
> > > > nfs.acl: off
> > > > nfs.disable: on
> > > > network.ping-timeout: 4
> > > > performance.readdir-ahead: on
> > > >
> > > > now according to you /opt/lvmdir/c2/brick should support ACL option
> or
> > > > /opt/lvmdir/c2 ? if /opt/lvmdir/
> > > > c2 then we are mounting it as below
> > > >
> > > >  mount -o acl /dev/cpplvm_vg/vol2  /opt/lvmdir//c2
> > >
> > > If /opt/lvmdir/c2 is the mountpoint, then make sure that a test-file
> > > like /opt/lvmdir/c2/test-acl can have ACLs. It may require mounting
> > > /opt/lvmdir/c2 with the "-o acl" option, but that depends on the
> > > filesystem.
> > >
> > > Also try to create a test-file on /tmp/a2 and check of ACLs work on the
> > > Gluster FUSE mountpoint.
> > >
> > > If these two filesystems support ACLs, I do not see a problem why the
> > > kernel NFS server can not use them.
> > >
> > > > I have one more question : we are using logical volume here for
> glusterfs
> > > > so it should not create any issue in ACL support?
> > >
> > > No, that should not matter.
> > >
> >
> > it is working fine locally means at 10.32.0.48 but when I am exporting it
> > using /etc/exportfs file
> > like
> > */tmp/a2 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=10) *
> > and then run *exportfs -ra* command to export it on other board.
> >
> > and trying to mount it on other board
> >
> > like
> >
> > *mount -t nfs -o acl 10.32.0.48:/tmp/a2 /mnt/glust*
> >
> > and then run setfacl
> >
> > *setfacl -m u:application:r /mnt/glust/usr*
> > *setfacl: /mnt/glust/usr: Operation not supported *//Reporting this error
>
> If the ACL works on /opt/lvmdir/c2 and /tmp/a2 at least on the Gluster
> and FUSE side all seems to be fine. You would need to check with the
> kernel NFS server people to figure out why the mounted Gluster volume
> can not use ACLs through knfsd.
>
> Note that we really recommend to use Gluster/NFS or NFS-Ganesha with
> Gluster. We do not test exporting FUSE mounted Gluster volume through
> knfsd at all, and I am not aware that anyone uses this combination in
> their production environment.
>
> Cheers,
> Niels
>
>
> >
> > >
> > > Cheers,
> > > Niels
> > >
> > > >
> > > >
> > > > Regards,
> > > >
> > > > Abhishek
> > > >
> > > >
> > > > >
> > > > > HTH,
> > > > > Niels
> > > > >
> > > > > >
> > > > > > > 1. mount -t glusterfs -o acl 10.32.0.48:/c_glusterfs /tmp/a2
> > > > > > >
> > > > > > > 2.       update the /etc/exports file
> > > > > > > /tmp/a2
> > > 10.32.*(rw,acl,sync,no_subtree_check,no_root_squash,fsid=14)
> > > > > > >
> > > > > >
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Niels
> > > > > > >
> > > > > > > >
> > > > > > > > and application is the system user like below
> > > > > > > >
> > > > > > > > application:x:102:0::/home/application:/bin/sh
> > > > > > > >
> > > > > > > > I don't why I am getting this failure when I enabled all the
> acl
> > > > > support
> > > > > > > in
> > > > > > > > each steps.
> > > > > > > >
> > > > > > > > Please let me know how can I enable this.
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Abhishek
> > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Gluster-devel mailing list
> > > > > > > > Gluster-devel at gluster.org
> > > > > > > > http://www.gluster.org/mailman/listinfo/gluster-devel
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Regards
> > > > > > Abhishek Paliwal
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > >
> > > >
> > > >
> > > > Regards
> > > > Abhishek Paliwal
> > >
> >
> >
> >
> > --
> >
> >
> >
> >
> > Regards
> > Abhishek Paliwal
>



-- 




Regards
Abhishek Paliwal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160427/16b4b04f/attachment.html>


More information about the Gluster-users mailing list