...
 
Commits (4)
  • Phoebe Buckheister's avatar
    ctl: improve error message for meta buddy group add failures · a9b44fdc
    Phoebe Buckheister authored
    meta buddy groups that contain the root inode must be created such that
    owner of the non-mirrored root inode becomes the primary of the newly
    created group. adding a group that does not satisfy this condition
    should give the user some info about why the process failed, not just
    *that* it failed and an error message no user can be expected to
    understand.
    
    see #941
    a9b44fdc
  • Phoebe Buckheister's avatar
    client: set posix acl to uncached on read · 573d194b
    Phoebe Buckheister authored
    returning the acl without calling forget_cached_acl will cause the
    currently cached acl (default: empty) to be user on all further acl
    accesses for the inode, until the inode is flushed. flushed happen only
    under memory pressure and during unmount, thus the current behaviour is
    far from what users expect.
    573d194b
  • Bernd Lietzow's avatar
    Merge branch '976-acl-v6' into 'v6' · a69b992e
    Bernd Lietzow authored
    Resolve "ACL problems 6.18 and 7.0 on Ubuntu"
    
    See merge request beegfs/projects0!837
    a69b992e
  • Bernd Lietzow's avatar
    Merge branch 'addmirrorgroup-errors-v6' into 'v6' · 1829c873
    Bernd Lietzow authored
    ctl: improve error message for meta buddy group add failures
    
    See merge request beegfs/projects0!836
    1829c873
...@@ -465,7 +465,11 @@ struct posix_acl* FhgfsOps_get_acl(struct inode* inode, int type) ...@@ -465,7 +465,11 @@ struct posix_acl* FhgfsOps_get_acl(struct inode* inode, int type)
FhgfsInode* fhgfsInode = BEEGFS_INODE(inode); FhgfsInode* fhgfsInode = BEEGFS_INODE(inode);
const EntryInfo* entryInfo = FhgfsInode_getEntryInfo(fhgfsInode); const EntryInfo* entryInfo = FhgfsInode_getEntryInfo(fhgfsInode);
int refreshRes = maybeRefreshInode(inode, true, false, false); int refreshRes;
forget_cached_acl(inode, type);
refreshRes = maybeRefreshInode(inode, true, false, false);
if (refreshRes) if (refreshRes)
return ERR_PTR(refreshRes); return ERR_PTR(refreshRes);
......
...@@ -229,7 +229,14 @@ int ModeAddMirrorBuddyGroup::execute() ...@@ -229,7 +229,14 @@ int ModeAddMirrorBuddyGroup::execute()
else else
{ {
auto addRes = addGroup(cfgPrimaryTargetID, cfgSecondaryTargetID, cfgGroupID); auto addRes = addGroup(cfgPrimaryTargetID, cfgSecondaryTargetID, cfgGroupID);
if (addRes != FhgfsOpsErr_SUCCESS) if (addRes == FhgfsOpsErr_NOTOWNER && nodeType == NODETYPE_Meta)
{
std::cerr << "Could not add buddy group: new group would own the root inode, but the root\n"
"inode is owned by the secondary of the new group. Only the primary of a\n"
"new group may own the root inode; try switching primary and secondary.\n";
return APPCODE_RUNTIME_ERROR;
}
else if (addRes != FhgfsOpsErr_SUCCESS)
{ {
std::cerr << "Could not add buddy group: " << FhgfsOpsErrTk::toErrString(addRes) << "\n"; std::cerr << "Could not add buddy group: " << FhgfsOpsErrTk::toErrString(addRes) << "\n";
retVal = APPCODE_RUNTIME_ERROR; retVal = APPCODE_RUNTIME_ERROR;
......
def readAsNobody(file)
shell? "sudo runuser -u nobody -- cat #{file} >/dev/null"
end
on node do
cd node.properties["client0"]["mount"] do
tempdir do
file = "test"
create_file(file)
shell "chmod", "600", file
if readAsNobody(file)
raise("Access allowed but should not")
end
shell "setfacl", "-m", "u:nobody:r", file
if not readAsNobody(file)
raise("ACLs not working: access denied")
end
end
end
end
hosts:
node:
- mgmtd
- meta:
config:
storeUseExtendedAttribs: true
storeClientXAttrs: true
storeClientACLs: true
- storage
- helperd
- client:
config:
sysXAttrsEnabled: true
sysACLsEnabled: true
on main do
root_owner = (shell "#{$binaries[:ctl]} --getentryinfo --unmounted / \
| grep -P --only-matching '(?<=\\[ID: )\\d+'")[:stdout].strip
buddy = root_owner == "1" ? "2" : "1"
res = {}
shell? "sudo #{$binaries[:ctl]} --addmirrorgroup --nodetype=meta \
--primary=#{buddy} --secondary=#{root_owner}", status: res
raise if res[:return] == 0
raise if res[:stderr].index('try switching').nil?
shell "sudo #{$binaries[:ctl]} --addmirrorgroup --nodetype=meta \
--secondary=#{buddy} --primary=#{root_owner}"
end
hosts:
main:
- mgmtd
- meta
- meta
- storage