Commit 9b6e1a59 authored by Kirk Webb's avatar Kirk Webb

Backend support for simultaneous read-only dataset access.

Any number of users/experiments can mount a given dataset (given that
they have permission) in read-only mode.  Attempts to mount RW will
fail if the dataset is currently in use.  Attempts to mount RO while
the dataset is in use RW are also prohibited.

Under the hood, iSCSI lease exports (targets) are now managed per-lease
instead of per-experiment.  The set of authorized initiators (based
on network) is manipulated as consumers come and go.  When the last
consumer goes, the export is torn down. Likewise, if there are no
current consumers, a new consumer will cause an iSCSI export to be
created for the lease.

Also included in this commit is a small tweak to implicit lease permissions.
parent bedcb609
...@@ -1426,15 +1426,17 @@ sub AccessCheck($$$) { ...@@ -1426,15 +1426,17 @@ sub AccessCheck($$$) {
if ($gid eq ""); if ($gid eq "");
my $group = Group->Lookup($pid, $gid); my $group = Group->Lookup($pid, $gid);
# Project managers can do anything to a lease that is attributed # Members of the owning project have some implicit permissions, depending
# to their project. # on their project trust.
if (TBMinTrust($group->Trust($user), PROJMEMBERTRUST_GROUPROOT())) { my $gtrust = $group->Trust($user);
if (TBMinTrust($gtrust, PROJMEMBERTRUST_GROUPROOT())) {
return 1; return 1;
} }
# XXX: Need to decide what the right thing to do is here.
# If the user is a member of the owning project, then they can at #elsif (TBMinTrust($gtrust, PROJMEMBERTRUST_LOCALROOT())) {
# least grab the lease's info. # $user_access = LEASE_ACCESS_READ();
if (TBMinTrust($group->Trust($user), PROJMEMBERTRUST_USER())) { #}
elsif (TBMinTrust($gtrust, PROJMEMBERTRUST_USER())) {
$user_access = LEASE_ACCESS_READINFO(); $user_access = LEASE_ACCESS_READINFO();
} }
......
...@@ -4545,7 +4545,7 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname, ...@@ -4545,7 +4545,7 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname,
char iqn[BS_IQN_MAXSIZE]; char iqn[BS_IQN_MAXSIZE];
char *mynodeid; char *mynodeid;
char *class, *protocol, *placement, *mountpoint, *lease; char *class, *protocol, *placement, *mountpoint, *lease;
int nrows, nattrs, ro; int nrows, nattrs, ro, slen;
/* Remember the nodeid we care about up front. */ /* Remember the nodeid we care about up front. */
mynodeid = reqp->isvnode ? reqp->vnodeid : reqp->nodeid; mynodeid = reqp->isvnode ? reqp->vnodeid : reqp->nodeid;
...@@ -4590,10 +4590,20 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname, ...@@ -4590,10 +4590,20 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname,
/* iSCSI blockstore */ /* iSCSI blockstore */
if ((strcmp(class, BS_CLASS_SAN) == 0) && if ((strcmp(class, BS_CLASS_SAN) == 0) &&
(strcmp(protocol, BS_PROTO_ISCSI) == 0)) { (strcmp(protocol, BS_PROTO_ISCSI) == 0)) {
/* Construct IQN string. */ /*
if (snprintf(iqn, sizeof(iqn), "%s:%s:%s:%s", * Construct IQN string. Leases have a static IQN,
BS_IQN_PREFIX, reqp->pid, * whereas ephemeral blockstores have IQNs based on
reqp->eid, vname) >= sizeof(iqn)) { * experiment-specific data.
*/
if (strlen(lease) && atoi(lease) != 0) {
slen = snprintf(iqn, sizeof(iqn), "%s:lease-%s",
BS_IQN_PREFIX, lease);
} else {
slen = snprintf(iqn, sizeof(iqn), "%s:%s:%s:%s",
BS_IQN_PREFIX, reqp->pid,
reqp->eid, vname);
}
if (slen >= sizeof(iqn)) {
error("STORAGECONFIG: %s: Not enough room in " error("STORAGECONFIG: %s: Not enough room in "
"IQN string buffer", mynodeid); "IQN string buffer", mynodeid);
mysql_free_result(res); mysql_free_result(res);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment