|
 |
d1681e |
From 73b0dc833716484cba04b46fe0d645975dba44db Mon Sep 17 00:00:00 2001
|
|
|
d1681e |
From: Mohammed Rafi KC <rkavunga@redhat.com>
|
|
|
d1681e |
Date: Mon, 26 Mar 2018 20:27:34 +0530
|
|
|
d1681e |
Subject: [PATCH 240/260] shared storage: Prevent mounting shared storage from
|
|
|
d1681e |
non-trusted client
|
|
|
d1681e |
|
|
|
d1681e |
gluster shared storage is a volume used for internal storage for
|
|
|
d1681e |
various features including ganesha, geo-rep, snapshot.
|
|
|
d1681e |
|
|
|
d1681e |
So this volume should not be exposed to the client, as it is
|
|
|
d1681e |
a special volume for internal use.
|
|
|
d1681e |
|
|
|
d1681e |
This fix wont't generate non trusted volfile for shared storage volume.
|
|
|
d1681e |
|
|
|
d1681e |
backport of https://review.gluster.org/#/c/19920/
|
|
|
d1681e |
|
|
|
d1681e |
>Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c
|
|
|
d1681e |
>updates: bz#1570432
|
|
|
d1681e |
>Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
|
|
|
d1681e |
|
|
|
d1681e |
Change-Id: Ic540b983bcc53a783fda7ca7a283a9ab48d9eeb7
|
|
|
d1681e |
BUG: 1568969
|
|
|
d1681e |
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
|
|
|
d1681e |
Reviewed-on: https://code.engineering.redhat.com/gerrit/136708
|
|
|
d1681e |
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
|
d1681e |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
d1681e |
---
|
|
|
d1681e |
xlators/mgmt/glusterd/src/glusterd-volgen.c | 21 +++++++++++++++++++++
|
|
|
d1681e |
1 file changed, 21 insertions(+)
|
|
|
d1681e |
|
|
|
d1681e |
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
d1681e |
index 0e287b6..1c43f24 100644
|
|
|
d1681e |
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
d1681e |
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
d1681e |
@@ -5828,6 +5828,7 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
|
|
|
d1681e |
int i = 0;
|
|
|
d1681e |
int ret = -1;
|
|
|
d1681e |
char filepath[PATH_MAX] = {0,};
|
|
|
d1681e |
+ char *volname = NULL;
|
|
|
d1681e |
char *types[] = {NULL, NULL, NULL};
|
|
|
d1681e |
dict_t *dict = NULL;
|
|
|
d1681e |
xlator_t *this = NULL;
|
|
|
d1681e |
@@ -5835,6 +5836,26 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
|
|
|
d1681e |
|
|
|
d1681e |
this = THIS;
|
|
|
d1681e |
|
|
|
d1681e |
+ volname = volinfo->is_snap_volume ?
|
|
|
d1681e |
+ volinfo->parent_volname : volinfo->volname;
|
|
|
d1681e |
+
|
|
|
d1681e |
+
|
|
|
d1681e |
+ if (volname && !strcmp (volname, GLUSTER_SHARED_STORAGE) &&
|
|
|
d1681e |
+ client_type != GF_CLIENT_TRUSTED) {
|
|
|
d1681e |
+ /*
|
|
|
d1681e |
+ * shared storage volume cannot be mounted from non trusted
|
|
|
d1681e |
+ * nodes. So we are not creating volfiles for non-trusted
|
|
|
d1681e |
+ * clients for shared volumes as well as snapshot of shared
|
|
|
d1681e |
+ * volumes.
|
|
|
d1681e |
+ */
|
|
|
d1681e |
+
|
|
|
d1681e |
+ ret = 0;
|
|
|
d1681e |
+ gf_msg_debug ("glusterd", 0, "Skipping the non-trusted volfile"
|
|
|
d1681e |
+ "creation for shared storage volume. Volume %s",
|
|
|
d1681e |
+ volname);
|
|
|
d1681e |
+ goto out;
|
|
|
d1681e |
+ }
|
|
|
d1681e |
+
|
|
|
d1681e |
enumerate_transport_reqs (volinfo->transport_type, types);
|
|
|
d1681e |
dict = dict_new ();
|
|
|
d1681e |
if (!dict)
|
|
|
d1681e |
--
|
|
|
d1681e |
1.8.3.1
|
|
|
d1681e |
|