API tools faq
paste
Advertisement
ffilz

apr 05 #ganesha

ffilz
Apr 5th, 2016
368
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.27 KB | None | 0 0
raw download clone embed print report
  1. Apr 05 06:12:34 * Now talking on #ganesha
  2. Apr 05 06:12:34 * Topic for #ganesha is: V2.2-dev-24.1 is pushed to next
  3. Apr 05 06:12:34 * Topic for #ganesha set by ffilzwin1!~Frank@c-76-115-190-27.hsd1.or.comcast.net at Fri Jan 23 16:23:53 2015
  4. Apr 05 06:22:00 * ffilzwin3 has quit (*.net *.split)
  5. Apr 05 06:22:00 * Shoggoth has quit (*.net *.split)
  6. Apr 05 06:23:43 * Shoggoth (Shoggoth@gateway/shell/bnc4free/x-qxmexxczokuwtaud) has joined #ganesha
  7. Apr 05 06:28:34 * skoduri has quit (Ping timeout: 246 seconds)
  8. Apr 05 06:42:41 * skoduri (skoduri@nat/redhat/x-dgtnvudbwtyfviei) has joined #ganesha
  9. Apr 05 06:54:28 * skoduri has quit (Ping timeout: 260 seconds)
  10. Apr 05 07:17:54 * steved (steved@nat/redhat/x-yhznufalpaoetfnl) has joined #ganesha
  11. Apr 05 07:27:03 * malahal (~malahal@cpe-66-68-188-22.austin.res.rr.com) has joined #ganesha
  12. Apr 05 07:43:06 * skoduri (~skoduri@103.227.97.191) has joined #ganesha
  13. Apr 05 07:47:27 * mattbenjamin (~mbenjamin@76-206-42-50.lightspeed.livnmi.sbcglobal.net) has joined #ganesha
  14. Apr 05 07:47:49 * [diablo] has quit (Quit: Leaving)
  15. Apr 05 08:04:26 <ffilzwin2> morning
  16. Apr 05 08:29:11 <ffilzwin2> concall https://bluejeans.com/373354489/6397
  17. Apr 05 08:32:30 <ffilzwin2> malahal, concall?
  18. Apr 05 08:33:11 <malahal> searching for the code..
  19. Apr 05 08:34:14 <ffilzwin2> 800 451 8679 Conference ID: 5695731261
  20. Apr 05 08:34:32 <malahal> ffilzwin2, got it thx
  21. Apr 05 08:45:38 * jlockwood has quit (Ping timeout: 252 seconds)
  22. Apr 05 08:48:09 * jlockwood (~Adium@12.52.110.14) has joined #ganesha
  23. Apr 05 08:55:33 * jlockwood has quit (Ping timeout: 252 seconds)
  24. Apr 05 08:56:47 <bwerthmann> Do any FSALs support using the full NFSv4 "name@domain"?
  25. Apr 05 08:58:11 * jlockwood (~Adium@12.52.110.14) has joined #ganesha
  26. Apr 05 08:59:43 <bwerthmann> we are considering allocating a unique "NFS domain per workload context to have it's own NFS domain
  27. Apr 05 08:59:58 <bwerthmann> sigh.
  28. Apr 05 09:00:26 <dang_work> bwerthmann: Not sure, sorry.
  29. Apr 05 09:00:32 <bwerthmann> we are considering allocating a unique "NFS domain" per workload context to get around the overlapping uid/gid problem
  30. Apr 05 09:01:23 <bwerthmann> looking at the code, it seems that ZFS suppoerts it.
  31. Apr 05 09:03:57 <dang_work> For filesystem FSALs, it depends on extended attribute support that's not in the Linux kernel yet, so it would need a filesystem-specific API. ZFS has such an API.
  32. Apr 05 09:05:27 * jlockwood has quit (Ping timeout: 252 seconds)
  33. Apr 05 09:08:08 <bwerthmann> Do you happen to know that state of this on Gluster?
  34. Apr 05 09:09:55 <dang_work> I don't, I'm on the ceph team, but kkeithley might know.
  35. Apr 05 09:10:10 * jlockwood (~Adium@12.52.110.14) has joined #ganesha
  36. Apr 05 09:13:57 <martinetd> dang_work: you're right btw, totally forgot to push a few 9P fixes from cthon (like the crash you noticed in 9p_cleanup_fids when closing connection), I wanted to test these with rdma back home and totally let these slip..
  37. Apr 05 09:14:21 <dang_work> martinetd: I think I found the issue, probably my fault. Let me test quickly.
  38. Apr 05 09:14:54 <martinetd> cool. I'll take a few minutes to test my patches first then
  39. Apr 05 09:15:03 <dang_work> Sure
  40. Apr 05 09:24:21 * jlockwood has quit (Read error: Connection reset by peer)
  41. Apr 05 09:26:21 <dang_work> martinetd: That wasn't it (although it's probably still a corner-case bug). I'll have to dig deeper.
  42. Apr 05 09:26:40 <martinetd> ok I'll re-checkout your branch and try then
  43. Apr 05 09:27:08 * jlockwood (~Adium@12.52.110.14) has joined #ganesha
  44. Apr 05 09:30:40 <martinetd> ffilz: not sure when you're doing your merge, but just pushed two trivial-ish 9p patches, one of which will help Dan with debugging if you'd like to get it this week
  45. Apr 05 09:36:19 <ffilzwin2> martinetd, ok, will pick those up this week
  46. Apr 05 09:36:39 <ffilzwin2> bwerthmann, so you want Ganesha to support multiple domains of id mapping?
  47. Apr 05 09:36:54 <ffilzwin2> like fred@domain1 and fred@domain2 are separate ids?
  48. Apr 05 09:42:04 <martinetd> dang: looks like a problem with readdir; ganesha seems to send zillions of identical entries
  49. Apr 05 09:42:21 <martinetd> (and the client will then try to stat them all and it looks like a loop)
  50. Apr 05 09:44:30 <martinetd> hmm the client always sends offset=0 back too
  51. Apr 05 09:49:39 <martinetd> dang_work: oh, something changed with how you handle the 'tracker' param of fsal_readdir perhaps?
  52. Apr 05 09:51:24 <martinetd> nm it's opaque for the callback, shouldn't have changed
  53. Apr 05 09:55:05 * mattbenjamin1 (~mbenjamin@aa2.linuxbox.com) has joined #ganesha
  54. Apr 05 10:03:52 <martinetd> dang_work: ok, found the problem; it's cb_params->cookie that looks like it's always 0 with the new version, so the next call to readdir starts over from 0 instead of continuing from last cookie
  55. Apr 05 10:04:48 <martinetd> is that enough for you? I need to get home (workplace closing up soon) and get some food, but will be able to investigate more later if you need help
  56. Apr 05 10:16:52 <dang_work> martinetd: Thanks.
  57. Apr 05 10:22:33 * skoduri has quit (Ping timeout: 248 seconds)
  58. Apr 05 10:39:07 <bwerthmann> ffilzwin2: yes. I think we can use that to solve our muti-tenancy issue
  59. Apr 05 10:40:32 <bwerthmann> each "domain" will be a tenant.
  60. Apr 05 10:40:32 <ffilzwin2> bwerthmann, at the moment, Ganesha doesn't support multiple domains
  61. Apr 05 10:41:31 <bwerthmann> as each "domain" has a "root" account for example, but they not the same secutirty id.
  62. Apr 05 10:52:53 <ffilzwin2> bwerthmann, do you need all the ids to be different for each domain, or just different roots for different domains?
  63. Apr 05 10:53:24 <ffilzwin2> Back when i first started working on Ganesha, there was some conversation about multi-tenancy, but we never pushed anything...
  64. Apr 05 10:55:52 <bwerthmann> all is ideal. Users are free to create whatever accounts they want inside of their User Namespace
  65. Apr 05 10:56:28 <bwerthmann> there's a convention of sorts provided by our base image, but that's not a hard requirment.
  66. Apr 05 10:58:28 <bwerthmann> ffilzwin2: are there any drafts for multi-tenancy floating around?
  67. Apr 05 10:58:42 <ffilzwin2> bwerthmann, no, we never got that far...
  68. Apr 05 10:58:51 <ffilzwin2> or at least none that i know of...
  69. Apr 05 10:59:30 <bwerthmann> I'm not aware of any IETF work around this topic either
  70. Apr 05 11:00:03 <ffilzwin2> at Connectathon, there were presentations on multi-domain idmapping
  71. Apr 05 11:00:09 <ffilzwin2> let me see if I can pull up some links
  72. Apr 05 11:00:33 <bwerthmann> the closest thing I could find was this draft: https://tools.ietf.org/html/draft-adamson-nfsv4-multi-domain-federated-fs-reqs-05#section-5
  73. Apr 05 11:01:40 <bwerthmann> I think the use case is different. That draft is more in line with something like FedFS.
  74. Apr 05 11:02:24 <ffilzwin2> http://nfsv4bat.org/Documents/ConnectAThon/2010/NFSv4-multi-domain-access.pdf
  75. Apr 05 11:04:22 <bwerthmann> that IETF draft is linked in the slide deck. :)
  76. Apr 05 11:07:46 * steved has quit (Quit: Leaving)
  77. Apr 05 11:12:17 <dang_work> Oh, ffilzwin2: Can you take the first patch ("Split nfs4_op_putfh")? It's unrelated to MDCACHE.
  78. Apr 05 11:12:28 <ffilzwin2> sure
  79. Apr 05 11:12:45 <dang_work> I've been carrying that for a while now locally...
  80. Apr 05 11:12:59 <dang_work> New version just going up, rebased on last week.
  81. Apr 05 11:16:20 * jiffin (~Thunderbi@223.227.136.102) has joined #ganesha
  82. Apr 05 11:28:38 * jiffin has quit (Remote host closed the connection)
  83. Apr 05 11:28:58 * jiffin (~Thunderbi@223.227.136.102) has joined #ganesha
  84. Apr 05 11:34:07 * jiffin has quit (Remote host closed the connection)
  85. Apr 05 11:36:10 * jiffin (~Thunderbi@223.227.136.102) has joined #ganesha
  86. Apr 05 12:07:25 * jiffin1 (~Thunderbi@223.227.249.155) has joined #ganesha
  87. Apr 05 12:08:35 * jiffin has quit (Ping timeout: 252 seconds)
  88. Apr 05 12:08:49 * jiffin1 is now known as jiffin
  89. Apr 05 12:13:29 * jiffin has quit (Ping timeout: 248 seconds)
  90. Apr 05 12:14:00 * jiffin1 (~Thunderbi@223.227.250.147) has joined #ganesha
  91. Apr 05 12:16:25 * jiffin1 is now known as jiffin
  92. Apr 05 12:20:40 * jiffin has quit (Ping timeout: 246 seconds)
  93. Apr 05 12:26:47 <dang_work> ffilzwin2: The latest crash is because support_ex() is returning false for mdcache.
  94. Apr 05 12:27:06 <dang_work> What did we decide about that: move it to the obj ops? Or pass an object into it?
  95. Apr 05 12:53:23 <ffilzwin2> dang_work, hmm guessv we should pass an object or an export?
  96. Apr 05 12:53:44 <dang_work> I'm in the process of making it an obj_op. I think that's cleanest...
  97. Apr 05 12:53:48 <mattbenjamin1> guessv is the vector guess interface?
  98. Apr 05 12:53:59 <dang_work> Export might be better, but this is simpler...
  99. Apr 05 12:54:14 <ffilzwin2> what do we do with other support checks like lock support?
  100. Apr 05 12:55:34 <dang_work> Looks like export_ops
  101. Apr 05 12:55:38 <ffilzwin2> back in a few juggliong kids4
  102. Apr 05 13:01:45 <dang_work> Gotta head home anyway. More tomorrow.
  103. Apr 05 13:16:38 * kkeithley_ has quit (Quit: Leaving.)
  104. Apr 05 13:24:56 <malahal> ffilzwin2, AD already does multi-domains, right?
  105. Apr 05 13:27:47 * bwerthmann has quit (Ping timeout: 276 seconds)
  106. Apr 05 13:35:13 <ffilzwin2> malahal, oh, I dunno, never used it
  107. Apr 05 13:35:47 <ffilzwin2> but I'm pretty sure Ganesha's idmapper is all set up with single domain, maybe I'm wrong though...
  108. Apr 05 13:38:49 <mattbenjamin1> malahal: I don't know, but I'd be interested to know and have something documented
  109. Apr 05 13:49:18 * bwerthmann (~ben@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  110. Apr 05 13:52:32 * bwerthmann has quit (Client Quit)
  111. Apr 05 14:05:12 * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  112. Apr 05 14:05:45 * bwerthmann has quit (Client Quit)
  113. Apr 05 14:06:02 * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  114. Apr 05 14:28:00 <malahal> ffilzwin2, mattbenjamin1: A customer wanted multi-domain for something, but it never materialized though. Looking at the code, we seem to supply the default domain from idmap config file while doing uid to name translation.
  115. Apr 05 14:29:37 <ffilzwin2> malahal, makes sense, I was pretty sure I saw places in code where we supply the domain, so there could only be one
  116. Apr 05 14:29:46 <malahal> yep
  117. Apr 05 14:30:00 <ffilzwin2> one issue of multi-tennancy, how do you handle multiple "root" users...
  118. Apr 05 14:30:41 <ffilzwin2> we can't translate them all into uid/gid 0, but there is code that depends on uid==0 to act with root priviledges
  119. Apr 05 14:31:16 <malahal> ffilzwin2, we talked about this in windows context and the customer wanted to use different IDs for for different domains. Not sure how winbind uses doamins and uids with AD server.
  120. Apr 05 14:31:18 <ffilzwin2> if each tennant has their own name space (exports) and such, then uid could be shared (so within tennant 1
  121. Apr 05 14:32:04 <ffilzwin2> within tennant 1's namespace, uid 500 translates to fred@tennant.one.com and within tennant 2's namespace, 500 translates to jane@tennant.two.com
  122. Apr 05 14:32:44 * bwerthmann has quit (Quit: leaving)
  123. Apr 05 14:33:02 * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  124. Apr 05 14:33:36 <malahal> ffilzwin2, does it mean each export can have only one domain?
  125. Apr 05 14:34:54 <ffilzwin2> yea, for that idea to work, each export could only have a single domain
  126. Apr 05 14:35:28 <ffilzwin2> and it would also depend on the two tennants not being allowed to see each other's exports
  127. Apr 05 14:35:30 <malahal> ffilzwin2, ideally tenant is kind of related to client, so if we can fix that domain based on "client", that may be better.
  128. Apr 05 14:36:06 <bwerthmann> is there a public log of this channel? I want to see the backlog for this conversation but have been messing with irssi...
  129. Apr 05 14:36:11 <ffilzwin2> yea, each client would have to belong to one tennant
  130. Apr 05 14:36:39 <ffilzwin2> bwerthmann, unfortunately not...
  131. Apr 05 14:36:55 <bwerthmann> ok. thanks.
  132. Apr 05 14:37:09 <ffilzwin2> bwerthmann, what is last message you saw before you dropped out? And first you saw after you came back in?
  133. Apr 05 14:37:26 <ffilzwin2> I think you just missed a few...
  134. Apr 05 14:38:06 <bwerthmann> Not wure what the last one is I did not have logging setup. first in this session is '17:33 < malahal' (eastern time)
  135. Apr 05 14:38:07 <ffilzwin2> here, I think this will cover every thing while you bounced in and out
  136. Apr 05 14:38:18 <ffilzwin2> <malahal> ffilzwin2, AD already does multi-domains, right?
  137. Apr 05 14:38:18 <ffilzwin2> * bwerthmann has quit (Ping timeout: 276 seconds)
  138. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> malahal, oh, I dunno, never used it
  139. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> but I'm pretty sure Ganesha's idmapper is all set up with single domain, maybe I'm wrong though...
  140. Apr 05 14:38:18 <ffilzwin2> <mattbenjamin1> malahal: I don't know, but I'd be interested to know and have something documented
  141. Apr 05 14:38:18 <ffilzwin2> * bwerthmann (~ben@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  142. Apr 05 14:38:18 <ffilzwin2> * bwerthmann has quit (Client Quit)
  143. Apr 05 14:38:18 <ffilzwin2> * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  144. Apr 05 14:38:18 <ffilzwin2> * bwerthmann has quit (Client Quit)
  145. Apr 05 14:38:18 <ffilzwin2> * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  146. Apr 05 14:38:18 <ffilzwin2> <malahal> ffilzwin2, mattbenjamin1: A customer wanted multi-domain for something, but it never materialized though. Looking at the code, we seem to supply the default domain from idmap config file while doing uid to name translation.
  147. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> malahal, makes sense, I was pretty sure I saw places in code where we supply the domain, so there could only be one
  148. Apr 05 14:38:18 <ffilzwin2> <malahal> yep
  149. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> one issue of multi-tennancy, how do you handle multiple "root" users...
  150. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> we can't translate them all into uid/gid 0, but there is code that depends on uid==0 to act with root priviledges
  151. Apr 05 14:38:18 <ffilzwin2> <malahal> ffilzwin2, we talked about this in windows context and the customer wanted to use different IDs for for different domains. Not sure how winbind uses doamins and uids with AD server.
  152. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> if each tennant has their own name space (exports) and such, then uid could be shared (so within tennant 1
  153. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> within tennant 1's namespace, uid 500 translates to fred@tennant.one.com and within tennant 2's namespace, 500 translates to jane@tennant.two.com
  154. Apr 05 14:38:18 <ffilzwin2> * bwerthmann has quit (Quit: leaving)
  155. Apr 05 14:38:18 <ffilzwin2> * bwerthmann (~bwerthman@c-68-37-246-64.hsd1.mi.comcast.net) has joined #ganesha
  156. Apr 05 14:38:18 <ffilzwin2> <malahal> ffilzwin2, does it mean each export can have only one domain?
  157. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> yea, for that idea to work, each export could only have a single domain
  158. Apr 05 14:38:18 <ffilzwin2> <ffilzwin2> and it would also depend on t
  159. Apr 05 14:38:47 <ffilzwin2> <ffilzwin2> and it would also depend on the two tennants not being allowed to see each other's exports
  160. Apr 05 14:38:47 <ffilzwin2> <malahal> ffilzwin2, ideally tenant is kind of related to client, so if we can fix that domain based on "client", that may be better.
  161. Apr 05 14:39:14 <mattbenjamin1> ffilzwin: when I last used winbind (not recently, I admin) you had to join a domain
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!