On Wed, Jan 28, 2015 at 06:46:58PM -0500, Csaba Henk wrote:
> Hi Niels,
>
> - Original Message -
> > From: "Niels de Vos"
> > To: "Csaba Henk"
> > Cc: gluster-devel@gluster.org
> > Sent: Wednesday, January 28, 2015 9:19:34 AM
Hi Niels,
- Original Message -
> From: "Niels de Vos"
> To: "Csaba Henk"
> Cc: gluster-devel@gluster.org
> Sent: Wednesday, January 28, 2015 9:19:34 AM
> Subject: Re: [Gluster-devel] Ability to turn off 'glusterfs' protocol
>
> Th
Hearing all the prev discussions, thinking more about this requirement
there are a few different scenarios here and this is my take on them:
1) Scenario 1: ganesha server running inside glusterfs TSP (trusted storage
pool) - we just need to use the option to turn off glusterfs protocol
2) Scenari
On Tue, Jan 27, 2015 at 08:29:49PM +, Csaba Henk wrote:
> On Tue, 27 Jan 2015 11:39:52, Niels de Vos wrote:
> > On Tue, Jan 27, 2015 at 02:10:17AM +0100, Csaba Henk wrote:
> > > Does it mean that the implementation of feature would essentially boil
> > > down
> > > to an auth ruleset calculate
On Tue, 27 Jan 2015 11:39:52, Niels de Vos wrote:
> On Tue, Jan 27, 2015 at 02:10:17AM +0100, Csaba Henk wrote:
> > Does it mean that the implementation of feature would essentially boil
> > down
> > to an auth ruleset calculated by glusterfs?
>
> I guess that depends on the goal of the feature.
Hi Niels,
On Mon, Jan 26, 2015 at 10:07 AM, Niels de Vos wrote:
> On Sun, Jan 25, 2015 at 10:08:20PM +0530, Ramana Raja wrote:
>> 1) How would the above suggestion impact gfapi access?
>
> gfapi uses the GlusterFS protocol. When access through the protocol is
> denied, only clients from within th
On Tue, Jan 27, 2015 at 02:10:17AM +0100, Csaba Henk wrote:
> Hi Niels,
>
> On Mon, Jan 26, 2015 at 10:07 AM, Niels de Vos wrote:
> > On Sun, Jan 25, 2015 at 10:08:20PM +0530, Ramana Raja wrote:
> >> 1) How would the above suggestion impact gfapi access?
> >
> > gfapi uses the GlusterFS protocol.
On Sun, Jan 25, 2015 at 10:08:20PM +0530, Ramana Raja wrote:
> On Wed, Jan 21, 2015 at 8:42 AM, Vijay Bellur wrote:
>
> > Given this, we could implement this feature by serving volfiles to only
> > trusted clients in glusterd and fail requests from everywhere else if an
> > option to disable glus
On Wed, Jan 21, 2015 at 8:42 AM, Vijay Bellur wrote:
> Given this, we could implement this feature by serving volfiles to only
> trusted clients in glusterd and fail requests from everywhere else if an
> option to disable glusterfs protocol has been set. This way all services
> accessing volumes
You are right. Failing just a GETSPEC would still allow client to connect
to the volume directly when by using a volfile. We can prevent this by also
setting 'auth.reject *' on the volume. The username/password based
authentication has higher priority than auth.reject or auth.allow, so all
the trus
On Thu, Jan 22, 2015 at 08:40:30PM +0530, Deepak Shetty wrote:
> I didn't understand how the brick process point is relevant here ? Can you
> elaborate pls ?
> If we are failing the GETSPEC itself there shouldn't be any question of
> client connecting to the brick process, no ?
>
> I don't have mu
I didn't understand how the brick process point is relevant here ? Can you
elaborate pls ?
If we are failing the GETSPEC itself there shouldn't be any question of
client connecting to the brick process, no ?
I don't have much insights into the code but I am just thinking logically
and saying the a
On Wed, Jan 21, 2015 at 11:19:14AM +0530, Deepak Shetty wrote:
> Good point and I agree to the below.
> So all we need here is a way to differentiate trusted Vs non-trusted
> clients and fail GETSPEC if it comes from non-trusted client provided the
> disable glusterfs protocol option has been set ?
Good point and I agree to the below.
So all we need here is a way to differentiate trusted Vs non-trusted
clients and fail GETSPEC if it comes from non-trusted client provided the
disable glusterfs protocol option has been set ?
On Wed, Jan 21, 2015 at 8:42 AM, Vijay Bellur wrote:
> On 01/19/201
On 01/19/2015 06:22 PM, Deepak Shetty wrote:
Hi All,
I had opened this feature request sometime back
http://www.gluster.org/community/documentation/index.php/Features/turn-off-glusterfs-proto-access
I wanted to know what would be the right way to implement this ?
The goal here is to have a v
Hi All,
I had opened this feature request sometime back
http://www.gluster.org/community/documentation/index.php/Features/turn-off-glusterfs-proto-access
I wanted to know what would be the right way to implement this ?
The goal here is to have a volume set option to turn off glusterfs/fuse
prot
16 matches
Mail list logo
