[NFS-Ganesha-Devel] Re: [Gluster-devel] Problems about cache virtual glusterfs ACLs for ganesha in md-cache

> On Thu, Oct 11, 2018 at 7:47 AM Kinglong Mee <kinglongmee(a)gmail.com <mailto:kinglongmee@gmail.com>> wrote: > > Cc nfs-ganesha, > > Md-cache has option "cache-posix-acl" that controls caching of posix ACLs > ("system.posix_acl_access"/"system.posix_acl_default") and virtual glusterfs ACLs > ("glusterfs.posix.acl"/"glusterfs.posix.default_acl") now. > > > Not sure how virtual xattrs are consumed or who generates them. +Raghavendra Talur <mailto:rtalur@redhat.com> +Thottan, Jiffin <mailto:jthottan@redhat.com> - acl maintainers. The currently only consumers of this virtual xattr is nfs-ganesha. Nfsv4 acls were sent from client and ganesha converts to posix acl and sent as virtual xattr to glusterfs bricks using pub_glfs_h_acl_set/get api's. AFAIR  in samba vfs module they convert windows acl to posix acl and sent as actual getxattr/setxattr calls on "system.posixl-acl" -- Jiffin > > > But, _posix_xattr_get_set does not fill virtual glusterfs ACLs when lookup requests. > So, md-cache caches bad virtual glusterfs ACLs. > > After I turn on "cache-posix-acl" option to cache ACLs at md-cache, nfs client gets many EIO errors. > > https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/427305

> There are two chooses for cache virtual glusterfs ACLs in md-cache, > 1. Cache it separately as posix ACLs (a new option maybe "cache-glusterfs-acl" is added); >    And make sure _posix_xattr_get_set fills them when lookup requests. > > 2. Does not cache it, only cache posix ACLs; >    If gfapi request it, md-cache lookup according posix ACL at cache, >    if exist, make the virtual glusterfs ACL locally and return to gfapi; >    otherwise, send the request to glusterfsd. > > Virtual glusterfs ACLs are another format of posix ACLs, there are larger than posix ACLs, > and always exist no matter the really posix ACL exist or not. > > So, I'd prefer #2.