[gluster-packaging] Adding a "gluster" group for write access to statedump-dir

[Niels de Vos]

Hello,

With the upcoming 3.11 release there will be the possibility to generate
statedumps of applications that use libgfapi.so. This can be triggered
from the Gluster CLI on a storage server, and the event is received by
the libgfapi.so library on the client. When a statedump is done, a file
will be generated in the statedump-directory (/var/run/gluster by
default). Because applications (like QEMU) can run as non-root users,
the creation of the statedump could fail due to permissions errors.

For the RPM packages we have introduced a "gluster" group that has write
permissions in the default statedump directory. Applications that use
libgfapi.so and want to be debuggable with statedumps are encouraged to
add the user for their daemons (like the "qemu" user) to the "gluster"
group. This is a call to application providers and packagers for
distributions to consider applying this approach too.

Future versions of libgfapi.so (targetted at glusterfs-3.12) will offer
the option to configure a different statedump directory on a per
application basis. We'll coordinate with some of the consumers of
libgfapi.so and provide patches that select a more appropriate statedump
directory for the applications.

Please reply on any of the mailinglists if you have questions or
concerns.

Thanks,
Niels


Some of the related links:
- https://github.com/gluster/glusterfs/blob/master/doc/debugging/statedump.md
- http://lists.ovirt.org/pipermail/devel/2017-May/030299.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1445569
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.gluster.org/pipermail/packaging/attachments/20170504/4be285de/attachment.sig>