[Gluster-users] auth.allow doesn't seem to work
Niels de Vos
ndevos at redhat.com
Fri Sep 23 16:37:00 UTC 2016
On Fri, Sep 23, 2016 at 04:33:45PM +0200, Kevin Lemonnier wrote:
> > It looks like for NFS you have to change nfs.rpc-auth-allow, not
> > auth.allow (which is for access by API). Docs for nfs.rpc-auth-allow
> > states that "By default, all clients are disallowed", but in fact
> > the option has "all" as default value.
>
> Yeah but I tried both NFS and Fuse, both worked (fuse couldn't
> succeded at the end because it wasn't on the same network as the other
> nodes, but that's something else). Looks like auth.allow just doesn't
> do anything. I wonder if it's because it saw the reverse instead of
> the IP.
>
> In any case as I was saying I ended up blocking everything with
> iptables, that works for this cluster but doesn't for others, so
> that's not a good fix for me. I wish I could just tell gluster to bind
> on a specific IP.
I think you can set "bind-address 10.10.10.1" in
/etc/glusterd/glusterd.vol (on all storage servers, and restart the
gluster processes). This value should be passed to all services that
GlusterD starts. It is not something that is used often, so you should
test the result in a testing/staging environment first.
Alternatively you could pass this option to the glusterd command (a
variable in /etc/sysconfig/glusterd for RPM based distributions):
--xlator-option management.transport.socket.bind-address=10.10.10.1
If some services do not accept the 1st approach, you can file bugs about
it at https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS . It
helps to point to the bugs in this email thread so that other users can
find the report and progress too.
In case this is working well, you can assist others to find the option
by documenting it.
http://gluster.readthedocs.io/ - website
https://github.com/gluster/glusterdocs - markdown sources
Then we could also add the option (commented out) in the default
configuration file. A bug report will be needed for that too.
Thanks,
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160923/ed15df9f/attachment.sig>
More information about the Gluster-users
mailing list