Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-1441

mdt.nosquash_nids is not honored when the client is on the MDS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • None
    • Lustre 2.1.0
    • 3
    • 10265

    Description

      When using root squash, if we add the MDS NID in the mdt.nosquash_nids list and mount the filesystem on the MDS, the nosquash_nids list is not honored, and the client gets ENOPERM when accessing root-only files.

      To reproduce:

      [root@gl1 ~]# shine status
FILESYSTEM COMPONENTS STATUS (gl)
+-----+--+----------+--------+
|type |# |  nodes   | status |
+-----+--+----------+--------+
|MGT  |1 |gl1       |online  |
|MDT  |1 |gl1       |online  |
|OST  |4 |gl[2-3]   |online  |
|CLI  |3 |gl[1,4-5] |mounted |
+-----+--+----------+--------+
[root@gl1 ~]# clush -w gl[1-5] lctl list_nids | sort
gl1: 10.2.0.102@tcp
gl2: 10.2.0.103@tcp
gl3: 10.2.0.104@tcp
gl4: 10.2.0.105@tcp
gl5: 10.2.0.106@tcp
[root@gl1 ~]# lctl get_param mdt.gl*.*squash*
mdt.gl-MDT0000.nosquash_nids=10.2.0.[102,105]@tcp
mdt.gl-MDT0000.root_squash=65534:65534}}

      gl1 (MDS) and gl4 (client) are in the nosquash_nids list, and gl5 (client) is not.
      We can check that everything is in order on gl4 and gl5: gl4 can access root-only content, and gl5 can not.

      [root@gl1 ~]# ssh gl4 ls -al /gl/root
total 8
drwx------ 2 root root 4096 May 25 09:40 .
drwxr-xr-x 4 root root 4096 May 25 09:40 ..
[root@gl1 ~]# ssh gl4 ls -al /gl/
total 16
drwxr-xr-x   4 root root 4096 May 25 09:40 .
dr-xr-xr-x. 25 root root 4096 May 24 14:08 ..
drwxr-xr-x   2 root root 4096 May 25 09:37 .lustre
drwx------   2 root root 4096 May 25 09:40 root
[root@gl1 ~]# ssh gl5 ls -al /gl/
total 16
drwxr-xr-x   4 root root 4096 May 25 09:40 .
dr-xr-xr-x. 28 root root 4096 May 24 14:08 ..
drwxr-xr-x   2 root root 4096 May 25 09:37 .lustre
drwx------   2 root root 4096 May 25 09:40 root
[root@gl1 ~]# ssh gl5 ls -al /gl/root
ls: cannot open directory /gl/root: Permission denied

      gl1 (MDS) is also in the nosquash_nids list, so it should get access. But it doesn't:

      [root@gl1 ~]# ls -al /gl/
total 16
drwxr-xr-x   4 root root 4096 May 25 09:40 .
dr-xr-xr-x. 25 root root 4096 May 25 09:39 ..
drwxr-xr-x   2 root root 4096 May 25 09:37 .lustre
drwx------   2 root root 4096 May 25 09:40 root
[root@gl1 ~]# ls -al /gl/root/
ls: cannot open directory /gl/root/: Permission denied

      We can verify that the nosquash_nids syntax is correct by adding gl5 to the list of authorized NIDs:

      [root@gl1 ~]# lctl conf_param gl.mdt.nosquash_nids="10.2.0.[102,105,106]@tcp"
[root@gl1 ~]# ssh gl5 ls -al /gl/
total 16
drwxr-xr-x   4 root root 4096 May 25 09:40 .
dr-xr-xr-x. 28 root root 4096 May 24 14:08 ..
drwxr-xr-x   2 root root 4096 May 25 09:37 .lustre
drwx------   2 root root 4096 May 25 09:40 root
[root@gl1 ~]# ssh gl5 ls -al /gl/root/
total 8
drwx------ 2 root root 4096 May 25 09:40 .
drwxr-xr-x 4 root root 4096 May 25 09:40 ..

      Works.

      So it seems there's a corner case when nosquash_nids contains the MDS's NID.

      Attachments

        Activity

          People

            cliffw Cliff White (Inactive)
            kilian Kilian Cavalotti
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: