Re: [nfsv4] [FedFS] Root fileset questions
Nicolas Williams <Nicolas.Williams@sun.com> Mon, 14 December 2009 17:49 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 92E7A28C12C for <nfsv4@core3.amsl.com>; Mon, 14 Dec 2009 09:49:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.024
X-Spam-Level:
X-Spam-Status: No, score=-5.024 tagged_above=-999 required=5 tests=[AWL=-0.790, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, SARE_SPEC_REPLICA_OBFU=1.812]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNCyGwtp8Z6g for <nfsv4@core3.amsl.com>; Mon, 14 Dec 2009 09:49:00 -0800 (PST)
Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by core3.amsl.com (Postfix) with ESMTP id 80E4C28C103 for <nfsv4@ietf.org>; Mon, 14 Dec 2009 09:49:00 -0800 (PST)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id nBEHmlDw019976 for <nfsv4@ietf.org>; Mon, 14 Dec 2009 17:48:47 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id nBEHmkZa024555 for <nfsv4@ietf.org>; Mon, 14 Dec 2009 10:48:46 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nBEHXk8j004326; Mon, 14 Dec 2009 11:33:46 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nBEHXkWs004325; Mon, 14 Dec 2009 11:33:46 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 14 Dec 2009 11:33:46 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: James Lentini <jlentini@netapp.com>
Message-ID: <20091214173346.GL1516@Sun.COM>
References: <0F3F903BA6B4A54984787888AF6EA5C404671F59@CORPUSMX40A.corp.emc.com> <alpine.LFD.2.00.0912101004480.18058@jlentini-linux.nane.netapp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <alpine.LFD.2.00.0912101004480.18058@jlentini-linux.nane.netapp.com>
User-Agent: Mutt/1.5.7i
Cc: nfsv4@ietf.org, stacey_chris@emc.com
Subject: Re: [nfsv4] [FedFS] Root fileset questions
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2009 17:49:01 -0000
On Thu, Dec 10, 2009 at 11:22:57AM -0500, James Lentini wrote: > On Wed, 9 Dec 2009, stacey_chris@emc.com wrote: > > R15(b) also says that it should be possible for the a fileserver to locate > > an NSDB that stores the layout of a root fileset. > > > > I can’t remember where it is specified but the root fileset can contain only > > directories and junctions. > > This was the consensus in our discussions on the topic. As I > mentioned, a formal specification of the root fileset has not been > proposed yet. A limit on root filesets to directories and junctions does follow if the contents of a root fileset is published in the NSDB (which might publish only junctions, with all directories down from / being implied). This also implies limitations on access controls for root fileset contents. > > (1) How does the file server know which NSDB to query to find out the > > contents of the root fileset for a given namespace? Doesn’t it need a > > special ‘root junction’ that identifies the authoritative NSDB for the root > > fileset for the namespace? > Again, there isn't a definitive root fileset specification, so it > could be defined to work in many different ways. Indeed. > I'm sure that there are other options as well. It could be configured locally, or published in DNS (e.g., via a TXT RR). > > That, and file server rendering the root > > fileset to clients, leads to the question – how do replica NSDB's and/or > > file servers that want to render the root fileset get updates? The > > fedfs-rootfileset draft that Renu circulated back in Sep. '08 says that this > > was discussed but no conclusion reached (thanks for digging that out for me > > James). Seem like we need to come to a conclusion on this. For root filesets consisting of junctions published in an NSDB the servers would have to know to periodically search for new/deleted/ renamed junctions. IIRC there's a way to get update notifications from LDAP as well, but I suspect that periodic lookups will be the simplest update method. > > (4) What is the authentication model for access to the contents of the root > > file set? AUTH_NONE, AUTH_SYS? I think this is the question that came up > > recently and started me looking into all this. > > > > (5) What is the security model within the root file set? Completely open? > > Un-modifiable mode bits and ACLs that are open (read-only) to all? > > Security is another area that would need to be well defined in a root > fileset specification. We've discussed this topic in the past, but I > don't remember coming to any conclusions. If root fileset contents is to be replicated we must either: a) Not specify how to replicate it, potentially leading to non- heterogeneous root deployments; sadness would ensue, but we'd live; b) Specify a replication protocol; this could get hairy; c) Specify a simplified replication protocol (e.g., one master sending out tarballs); d) Simplify the root fileset so much that publishing its contents via LDAP, where replication is already provided by existing off-the-shelf components, is simple and realistic; (Note that for LDAP there's going to be homogeneous NSDB deployments. So, (d) is not really a solution to the homogeneity problem in (a).) All of these options have downsides. We needn't do anything for (a) -- it's the simplest solution. (b) is the best approach, but also utterly not realistic. (c) strikes me as a good possibility, but only if there's a realistic chance that we could reach consensus on an archive format that gives us everything that we need (files, directories, junctions, including ACLs). (d) strikes me as a good possibility, but with poorer security semantics than (c). Back to security: (d) pretty much implies that everything is wide open for read and lookup access in the root fileset, which answers (5). That answer also answers (4): AUTH_NONE is sufficient. To do better than that with (d) would nullify the advantages of (d). Nico --
- [nfsv4] [FedFS] Root fileset questions stacey_chris
- Re: [nfsv4] [FedFS] Root fileset questions James Lentini
- Re: [nfsv4] [FedFS] Root fileset questions stacey_chris
- Re: [nfsv4] [FedFS] Root fileset questions Nicolas Williams