On Sun, Jan 25, 2015 at 10:08:20PM +0530, Ramana Raja wrote: > On Wed, Jan 21, 2015 at 8:42 AM, Vijay Bellur <[email protected]> wrote: > > > Given this, we could implement this feature by serving volfiles to only > > trusted clients in glusterd and fail requests from everywhere else if an > > option to disable glusterfs protocol has been set. This way all services > > accessing volumes locally from the trusted storage pool will continue to > > function without any problems. > > > > > I've a couple of questions, > > 1) How would the above suggestion impact gfapi access?
gfapi uses the GlusterFS protocol. When access through the protocol is denied, only clients from within the trusted storage pool can use it. gfapi is just a client, similar to the FUSE mount. > 2) Would the list of trusted clients be configured via "gluster volume set"? There are the 'auth.allow' and 'auth.reject' volume options. I think they would be used as an alternative to a "turn off glusterfs protocol" feature. HTH, Niels
pgp2gt_mhZcKx.pgp
Description: PGP signature
_______________________________________________ Gluster-devel mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-devel
