On Thursday 11 October 2018 08:10 AM, Raghavendra Gowdappa wrote:

On Thu, Oct 11, 2018 at 7:47 AM Kinglong Mee <kinglongmee@gmail.com> wrote:
Cc nfs-ganesha,

Md-cache has option "cache-posix-acl" that controls caching of posix ACLs
("system.posix_acl_access"/"system.posix_acl_default") and virtual glusterfs ACLs
("glusterfs.posix.acl"/"glusterfs.posix.default_acl") now.

Not sure how virtual xattrs are consumed or who generates them. +Raghavendra Talur +Thottan, Jiffin - acl maintainers.

The currently only consumers of this virtual xattr is nfs-ganesha. Nfsv4 acls were sent from client and ganesha converts to posix acl

and sent as virtual xattr to glusterfs bricks using pub_glfs_h_acl_set/get api's. AFAIR  in samba vfs module they convert windows acl to

posix acl and sent as actual getxattr/setxattr calls on "system.posixl-acl"



But, _posix_xattr_get_set does not fill virtual glusterfs ACLs when lookup requests.
So, md-cache caches bad virtual glusterfs ACLs.

After I turn on "cache-posix-acl" option to cache ACLs at md-cache, nfs client gets many EIO errors.


There are two chooses for cache virtual glusterfs ACLs in md-cache,
1. Cache it separately as posix ACLs (a new option maybe "cache-glusterfs-acl" is added);
   And make sure _posix_xattr_get_set fills them when lookup requests.

2. Does not cache it, only cache posix ACLs;
   If gfapi request it, md-cache lookup according posix ACL at cache,
   if exist, make the virtual glusterfs ACL locally and return to gfapi;
   otherwise, send the request to glusterfsd.

Virtual glusterfs ACLs are another format of posix ACLs, there are larger than posix ACLs,
and always exist no matter the really posix ACL exist or not.

So, I'd prefer #2.
Any comments are welcome.

Kinglong Mee

Gluster-devel mailing list