Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi Kaleb,
It indeed concerns the RHGS 3.4 version (not the opensource version).
When mounting an NFS share from a random client, and the client does not
specify vers=4.0 (or vers=4,minorversion=0 for RH6) it will still make a
NFSv4.1 connection.
This is why we want to restrict it server-side to prevent issues (we even have
a RH case about this since Nov 2017, still open since it will also be discussed
with a RH solution architect soon, I was hoping someone from the community
would have a solution ready to restrict the NFS version server-side).
Regards,
Nico van Roijen (ING)
- Oorspronkelijk bericht -
Van: "Kaleb S. KEITHLEY"
Aan: "gluster-users"
Verzonden: Zaterdag 24 november 2018 00:20:14
Onderwerp: Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
On 11/23/18 1:42 PM, Nico van Royen wrote:
> Hi All,
>
> In a bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1546713) I
> was reading it showed that it should be possible to restrict the NFSv4
> usage to only use 4.0 (since 4.1/4.2 is not supported).
Who is telling you that 4.1 and 4.2 aren't supported?
Because NFS-Ganesha does, in fact, support NFSv4.1, NFSv4.2, and pNFS.
(Maybe you're thinking of the nfs-ganesha server in Red Hat's RHGS (Red
Hat Gluster Storage) or RHCS (Red Hat Ceph Storage), where 4.1 and 4.2
are not supported.)
> To try that, I modified an existing share so it reads :
>
> EXPORT{
> Export_Id = 2;
> Path = "/DATA";
> FSAL {
> name = GLUSTER;
> hostname="localhost";
> volume="DATA";
> }
> Access_type = RW;
> Disable_ACL = true;
> Squash="No_root_squash";
> Pseudo="/DATA";
> Protocols = "4" ;
> Transports = "UDP","TCP";
> SecType = "sys";
> NFSv4 {
> minor_versions = 0;
> }
> }
>
> And restarted the nfs-ganesha service. Seemed to start fine and
> mounted the share from a client and specifying the mount option "-o
> vers=4.1" and indeed it mounted it with NFSv4.1 (I was expecting/hoping
> it would refuse to mount).
>
> What is (or should be) the way to only allow NFSv4.0 exports (if
> possible at all) ?
>
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep ganesha
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> nfs-ganesha-2.5.5-10.el7rhgs.x86_64
> nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64
>
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
>
> Thanks in advance,
> Nico van Roijen
>
> ___
> Gluster-users mailing list
> Gluster-users@gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
>
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
On 11/26/18 3:12 PM, Nico van Royen wrote:
> Hi Jiffin ,
>
> Will try that first thing tomorrow!
> If that indeed works on the RHGS version a long overdue story on our backlog
> solved >
> Regards,
> Nico van Roijen
>
> - Oorspronkelijk bericht -
> Van: "Jiffin Thottan"
> Aan: "Nico van Royen"
> Cc: "gluster-users"
> Verzonden: Maandag 26 november 2018 05:50:34
> Onderwerp: Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
>
> Hi Nico,
>
> The option is ganesha-server specific option(not per export). U need to
> mention it in ganesha.conf in the following block
> NFSv4 {
> minor_versions = 1;
> }
>
> Not inside the block of volume configuration file
Minor_Versions is in nfs-ganesha-2.5.5, which is the version of
NFS-Ganesha that's in RHGS-3.4.
>
>
>
> - Original Message -
> From: "Nico van Royen"
> To: "gluster-users"
> Sent: Saturday, November 24, 2018 12:12:19 AM
> Subject: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
>
> Hi All,
>
> In a bugzilla ( https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ) I was
> reading it showed that it should be possible to restrict the NFSv4 usage to
> only use 4.0 (since 4.1/4.2 is not supported).
> To try that, I modified an existing share so it reads :
>
> EXPORT{
> Export_Id = 2;
> Path = "/DATA";
> FSAL {
> name = GLUSTER;
> hostname="localhost";
> volume="DATA";
> }
> Access_type = RW;
> Disable_ACL = true;
> Squash="No_root_squash";
> Pseudo="/DATA";
> Protocols = "4" ;
> Transports = "UDP","TCP";
> SecType = "sys";
> NFSv4 {
> minor_versions = 0;
> }
> }
>
> And restarted the nfs- ganesha service. Seemed to start fine and mounted the
> share from a client and specifying the mount option "-o vers=4.1" and indeed
> it mounted it with NFSv4.1 (I was expecting/hoping it would refuse to mount).
>
> What is (or should be) the way to only allow NFSv4.0 exports (if possible at
> all) ?
>
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep ganesha
> glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
> nfs- ganesha -2.5.5-10.el7rhgs.x86_64
> nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64
>
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
>
> Thanks in advance,
> Nico van Roijen
>
> ___
> Gluster-users mailing list
> Gluster-users@gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
> ___
> Gluster-users mailing list
> Gluster-users@gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
>
--
Kaleb
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi Jiffin ,
Will try that first thing tomorrow!
If that indeed works on the RHGS version a long overdue story on our backlog
solved :)
Regards,
Nico van Roijen
- Oorspronkelijk bericht -
Van: "Jiffin Thottan"
Aan: "Nico van Royen"
Cc: "gluster-users"
Verzonden: Maandag 26 november 2018 05:50:34
Onderwerp: Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi Nico,
The option is ganesha-server specific option(not per export). U need to mention
it in ganesha.conf in the following block
NFSv4 {
minor_versions = 1;
}
Not inside the block of block of volume configuration file
- Original Message -
From: "Nico van Royen"
To: "gluster-users"
Sent: Saturday, November 24, 2018 12:12:19 AM
Subject: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi All,
In a bugzilla ( https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ) I was
reading it showed that it should be possible to restrict the NFSv4 usage to
only use 4.0 (since 4.1/4.2 is not supported).
To try that, I modified an existing share so it reads :
EXPORT{
Export_Id = 2;
Path = "/DATA";
FSAL {
name = GLUSTER;
hostname="localhost";
volume="DATA";
}
Access_type = RW;
Disable_ACL = true;
Squash="No_root_squash";
Pseudo="/DATA";
Protocols = "4" ;
Transports = "UDP","TCP";
SecType = "sys";
NFSv4 {
minor_versions = 0;
}
}
And restarted the nfs- ganesha service. Seemed to start fine and mounted the
share from a client and specifying the mount option "-o vers=4.1" and indeed it
mounted it with NFSv4.1 (I was expecting/hoping it would refuse to mount).
What is (or should be) the way to only allow NFSv4.0 exports (if possible at
all) ?
Running GlusterFS 3.12 / RHGS 3.4 with packages :
bash-4.2# rpm -qa | grep ganesha
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
nfs- ganesha -2.5.5-10.el7rhgs.x86_64
nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64
bash-4.2# rpm -qa | grep ^glusterfs
glusterfs-libs-3.12.2-18.el7rhgs.x86_64
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
glusterfs-cli-3.12.2-18.el7rhgs.x86_64
glusterfs-api-3.12.2-18.el7rhgs.x86_64
glusterfs-server-3.12.2-18.el7rhgs.x86_64
glusterfs-3.12.2-18.el7rhgs.x86_64
Thanks in advance,
Nico van Roijen
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi Nico,
The option is ganesha-server specific option(not per export). U need to mention
it in ganesha.conf in the following block
NFSv4 {
minor_versions = 1;
}
Not inside the block of block of volume configuration file
- Original Message -
From: "Nico van Royen"
To: "gluster-users"
Sent: Saturday, November 24, 2018 12:12:19 AM
Subject: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi All,
In a bugzilla ( https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ) I was
reading it showed that it should be possible to restrict the NFSv4 usage to
only use 4.0 (since 4.1/4.2 is not supported).
To try that, I modified an existing share so it reads :
EXPORT{
Export_Id = 2;
Path = "/DATA";
FSAL {
name = GLUSTER;
hostname="localhost";
volume="DATA";
}
Access_type = RW;
Disable_ACL = true;
Squash="No_root_squash";
Pseudo="/DATA";
Protocols = "4" ;
Transports = "UDP","TCP";
SecType = "sys";
NFSv4 {
minor_versions = 0;
}
}
And restarted the nfs- ganesha service. Seemed to start fine and mounted the
share from a client and specifying the mount option "-o vers=4.1" and indeed it
mounted it with NFSv4.1 (I was expecting/hoping it would refuse to mount).
What is (or should be) the way to only allow NFSv4.0 exports (if possible at
all) ?
Running GlusterFS 3.12 / RHGS 3.4 with packages :
bash-4.2# rpm -qa | grep ganesha
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
nfs- ganesha -2.5.5-10.el7rhgs.x86_64
nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64
bash-4.2# rpm -qa | grep ^glusterfs
glusterfs-libs-3.12.2-18.el7rhgs.x86_64
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
glusterfs-cli-3.12.2-18.el7rhgs.x86_64
glusterfs-api-3.12.2-18.el7rhgs.x86_64
glusterfs-server-3.12.2-18.el7rhgs.x86_64
glusterfs-3.12.2-18.el7rhgs.x86_64
Thanks in advance,
Nico van Roijen
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
Re: [Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
On 11/23/18 1:42 PM, Nico van Royen wrote:
> Hi All,
>
> In a bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1546713) I
> was reading it showed that it should be possible to restrict the NFSv4
> usage to only use 4.0 (since 4.1/4.2 is not supported).
Who is telling you that 4.1 and 4.2 aren't supported?
Because NFS-Ganesha does, in fact, support NFSv4.1, NFSv4.2, and pNFS.
(Maybe you're thinking of the nfs-ganesha server in Red Hat's RHGS (Red
Hat Gluster Storage) or RHCS (Red Hat Ceph Storage), where 4.1 and 4.2
are not supported.)
> To try that, I modified an existing share so it reads :
>
> EXPORT{
> Export_Id = 2;
> Path = "/DATA";
> FSAL {
> name = GLUSTER;
> hostname="localhost";
> volume="DATA";
> }
> Access_type = RW;
> Disable_ACL = true;
> Squash="No_root_squash";
> Pseudo="/DATA";
> Protocols = "4" ;
> Transports = "UDP","TCP";
> SecType = "sys";
> NFSv4 {
> minor_versions = 0;
> }
> }
>
> And restarted the nfs-ganesha service. Seemed to start fine and
> mounted the share from a client and specifying the mount option "-o
> vers=4.1" and indeed it mounted it with NFSv4.1 (I was expecting/hoping
> it would refuse to mount).
>
> What is (or should be) the way to only allow NFSv4.0 exports (if
> possible at all) ?
>
> Running GlusterFS 3.12 / RHGS 3.4 with packages :
> bash-4.2# rpm -qa | grep ganesha
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> nfs-ganesha-2.5.5-10.el7rhgs.x86_64
> nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64
>
> bash-4.2# rpm -qa | grep ^glusterfs
> glusterfs-libs-3.12.2-18.el7rhgs.x86_64
> glusterfs-ganesha-3.12.2-18.el7rhgs.x86_64
> glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
> glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
> glusterfs-cli-3.12.2-18.el7rhgs.x86_64
> glusterfs-api-3.12.2-18.el7rhgs.x86_64
> glusterfs-server-3.12.2-18.el7rhgs.x86_64
> glusterfs-3.12.2-18.el7rhgs.x86_64
>
> Thanks in advance,
> Nico van Roijen
>
> ___
> Gluster-users mailing list
> Gluster-users@gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-users
>
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
[Gluster-users] Restricting NFS-Ganesha to use NFSv4.0 only
Hi All,
In a bugzilla ( [ https://bugzilla.redhat.com/show_bug.cgi?id=1546713 |
https://bugzilla.redhat.com/show_bug.cgi?id=1546713 ] ) I was reading it showed
that it should be possible to restrict the NFSv4 usage to only use 4.0 (since
4.1/4.2 is not supported).
To try that, I modified an existing share so it reads :
EXPORT{
Export_Id = 2;
Path = "/DATA";
FSAL {
name = GLUSTER;
hostname="localhost";
volume="DATA";
}
Access_type = RW;
Disable_ACL = true;
Squash="No_root_squash";
Pseudo="/DATA";
Protocols = "4" ;
Transports = "UDP","TCP";
SecType = "sys";
NFSv4 {
minor_versions = 0;
}
}
And restarted the nfs- ganesha service. Seemed to start fine and mounted the
share from a client and specifying the mount option "-o vers=4.1" and indeed it
mounted it with NFSv4.1 (I was expecting/hoping it would refuse to mount).
What is (or should be) the way to only allow NFSv4.0 exports (if possible at
all) ?
Running GlusterFS 3.12 / RHGS 3.4 with packages :
bash-4.2# rpm -qa | grep ganesha
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
nfs- ganesha -2.5.5-10.el7rhgs.x86_64
nfs- ganesha -gluster-2.5.5-10.el7rhgs.x86_64
bash-4.2# rpm -qa | grep ^glusterfs
glusterfs-libs-3.12.2-18.el7rhgs.x86_64
glusterfs- ganesha -3.12.2-18.el7rhgs.x86_64
glusterfs-client-xlators-3.12.2-18.el7rhgs.x86_64
glusterfs-fuse-3.12.2-18.el7rhgs.x86_64
glusterfs-cli-3.12.2-18.el7rhgs.x86_64
glusterfs-api-3.12.2-18.el7rhgs.x86_64
glusterfs-server-3.12.2-18.el7rhgs.x86_64
glusterfs-3.12.2-18.el7rhgs.x86_64
Thanks in advance,
Nico van Roijen
___
Gluster-users mailing list
Gluster-users@gluster.org
https://lists.gluster.org/mailman/listinfo/gluster-users
