[gpfsug-discuss] CES Ganesha netgroup caching?
Dietrich, Stefan
stefan.dietrich at desy.de
Thu Mar 7 12:05:13 GMT 2019
Hi Malhal,
thanks for the quick answer!
Regards,
Stefan
----- Original Message -----
> From: "Malahal R Naineni" <mnaineni at in.ibm.com>
> To: gpfsug-discuss at spectrumscale.org
> Cc: gpfsug-discuss at spectrumscale.org
> Sent: Thursday, February 28, 2019 1:33:50 PM
> Subject: Re: [gpfsug-discuss] CES Ganesha netgroup caching?
> Ganesha maintains negative and positive cache. Maybe, we should remove negative
> cache. A cache entry (either negative or positive) auto expires after 30
> minutes. "ganesha_mgr purge netgroup" removes the entire netgroup cache.
> So, if you add a host to the netgroup, it should be able to access exports
> immediately provided the host never tried to access in the past. If it did,
> then it would have been part of negative cache entry and you may need to wait
> for 30 minutes. If you remove a host from a netgroups, it may take about 30
> minutes to revoke the access.
> Added, "ganesha_mgr purge netgroup" to purge the cache to make the cache
> consistent with the actual configuration. It needs to be run on each node.
> Regards, Malahal.
>
>
> ----- Original message -----
> From: "Dietrich, Stefan" <stefan.dietrich at desy.de>
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> To: gpfsug-discuss at spectrumscale.org
> Cc:
> Subject: [gpfsug-discuss] CES Ganesha netgroup caching?
> Date: Thu, Feb 28, 2019 1:36 PM
> Hi,
>
> I am currently playing around with LDAP netgroups for NFS exports via CES.
> However, I could not figure out how long Ganesha is caching the netgroup
> entries?
>
> There is definitely some caching, as adding a host to the netgroup does not
> immediately grant access to the share.
> A "getent netgroup <netgroup>" on the CES node returns the correct result, so
> this is not some other caching effect.
>
> Resetting the cache via "ganesha_mgr purge netgroup" works, but is probably not
> officially supported.
>
> The CES nodes are running with GPFS 5.0.2.3 and
> gpfs.nfs-ganesha-2.5.3-ibm030.01.el7.
> CES authentication is set to user-defined, the nodes just use SSSD with a
> rfc2307bis LDAP server.
>
> Regards,
> Stefan
>
> --
> ------------------------------------------------------------------------
> Stefan Dietrich Deutsches Elektronen-Synchrotron (IT-Systems)
> Ein Forschungszentrum der Helmholtz-Gemeinschaft
> Notkestr. 85
> phone: +49-40-8998-4696 22607 Hamburg
> e-mail: stefan.dietrich at desy.de Germany
> ------------------------------------------------------------------------
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> [ http://gpfsug.org/mailman/listinfo/gpfsug-discuss |
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss ]
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
More information about the gpfsug-discuss
mailing list