Commit 9b6e1a59 authored by Kirk Webb's avatar Kirk Webb

Backend support for simultaneous read-only dataset access.

Any number of users/experiments can mount a given dataset (given that
they have permission) in read-only mode.  Attempts to mount RW will
fail if the dataset is currently in use.  Attempts to mount RO while
the dataset is in use RW are also prohibited.

Under the hood, iSCSI lease exports (targets) are now managed per-lease
instead of per-experiment.  The set of authorized initiators (based
on network) is manipulated as consumers come and go.  When the last
consumer goes, the export is torn down. Likewise, if there are no
current consumers, a new consumer will cause an iSCSI export to be
created for the lease.

Also included in this commit is a small tweak to implicit lease permissions.
parent bedcb609
......@@ -1426,15 +1426,17 @@ sub AccessCheck($$$) {
if ($gid eq "");
my $group = Group->Lookup($pid, $gid);
# Project managers can do anything to a lease that is attributed
# to their project.
if (TBMinTrust($group->Trust($user), PROJMEMBERTRUST_GROUPROOT())) {
# Members of the owning project have some implicit permissions, depending
# on their project trust.
my $gtrust = $group->Trust($user);
if (TBMinTrust($gtrust, PROJMEMBERTRUST_GROUPROOT())) {
return 1;
}
# If the user is a member of the owning project, then they can at
# least grab the lease's info.
if (TBMinTrust($group->Trust($user), PROJMEMBERTRUST_USER())) {
# XXX: Need to decide what the right thing to do is here.
#elsif (TBMinTrust($gtrust, PROJMEMBERTRUST_LOCALROOT())) {
# $user_access = LEASE_ACCESS_READ();
#}
elsif (TBMinTrust($gtrust, PROJMEMBERTRUST_USER())) {
$user_access = LEASE_ACCESS_READINFO();
}
......
......@@ -4545,7 +4545,7 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname,
char iqn[BS_IQN_MAXSIZE];
char *mynodeid;
char *class, *protocol, *placement, *mountpoint, *lease;
int nrows, nattrs, ro;
int nrows, nattrs, ro, slen;
/* Remember the nodeid we care about up front. */
mynodeid = reqp->isvnode ? reqp->vnodeid : reqp->nodeid;
......@@ -4590,10 +4590,20 @@ sendstoreconf(int sock, int tcp, tmcdreq_t *reqp, char *bscmd, char *vname,
/* iSCSI blockstore */
if ((strcmp(class, BS_CLASS_SAN) == 0) &&
(strcmp(protocol, BS_PROTO_ISCSI) == 0)) {
/* Construct IQN string. */
if (snprintf(iqn, sizeof(iqn), "%s:%s:%s:%s",
BS_IQN_PREFIX, reqp->pid,
reqp->eid, vname) >= sizeof(iqn)) {
/*
* Construct IQN string. Leases have a static IQN,
* whereas ephemeral blockstores have IQNs based on
* experiment-specific data.
*/
if (strlen(lease) && atoi(lease) != 0) {
slen = snprintf(iqn, sizeof(iqn), "%s:lease-%s",
BS_IQN_PREFIX, lease);
} else {
slen = snprintf(iqn, sizeof(iqn), "%s:%s:%s:%s",
BS_IQN_PREFIX, reqp->pid,
reqp->eid, vname);
}
if (slen >= sizeof(iqn)) {
error("STORAGECONFIG: %s: Not enough room in "
"IQN string buffer", mynodeid);
mysql_free_result(res);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment