glusterfs_native corrupts GlusterFS backend
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
High
|
Csaba Henk |
Bug Description
The access control logic of the glusterfs_native driver claims exclusive management of the TLS auth functionality of the backing GlusterFS volumes, and deletes common names from the list of authorized common names ("ssl-allow" volume option) that are not known by it.
However, GlusterFS uses TLS auth internally too (for example, to allow access to gluster bricks for the quota management agent) and that mechanism is corrupted by glusterfs_native's access control logic. In consequence, errant behavior like the following can be observed on the GlusterFS cluster:
# gluster volume quota gv1 limit-usage / 2GB
quota command failed : Failed to find the directory /var/run/
See the detailed case report (from which above error message is quoted): http://
We need to change allow_access / deny_access methods of gluster_native to retain foreign content.
Changed in manila: | |
milestone: | none → kilo-rc1 |
importance: | Undecided → High |
status: | New → Triaged |
assignee: | nobody → Csaba Henk (chenk) |
Changed in manila: | |
status: | Fix Committed → Fix Released |
Changed in manila: | |
milestone: | kilo-rc1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/170753
Review: https:/