Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

glusterfs service: a few fixes and improvements #29868

Merged
merged 5 commits into from Sep 30, 2017
Merged

glusterfs service: a few fixes and improvements #29868

merged 5 commits into from Sep 30, 2017

Conversation

nh2
Copy link
Contributor

@nh2 nh2 commented Sep 27, 2017

Motivation for this change

These commits fix issues I found in my production cluster; see their commit messages for individual motivations.

These are the changes I promised in #27340 (comment).

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

FYI @bachp who's another user of this service.

CC @joachifm

@nh2
glusterfs service: Don't make it a prerequisite of network-online.tar…
5e2815d 
…get.

This introduces dependency cycles.

A network file system to be running is not required for a network
connection to be available.

NixOS@19759cf#commitcomment-22044519
@nh2 nh2 mentioned this pull request Sep 27, 2017
Merged
8 tasks
globin
globin reviewed Sep 27, 2017
View reviewed changes
nixos/modules/services/network-filesystems/glusterfs.nix Outdated
@@ -41,6 +41,18 @@ in
default = "INFO";
};

useRpcbind = mkOption {
type = types.bool;
description = "Enable use of rpcbind. This is required for Gluster's NFS functionality. You may want to turn it off to reduce the attack surface for DDoS reflection attacks. See https://davelozier.com/glusterfs-and-rpcbind-portmap-ddos-reflection-attacks/ and https://bugzilla.redhat.com/show_bug.cgi?id=1426842 for details.";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you wrap this line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@globin Done, also for the other commit.

@nh2 nh2 force-pushed the nh2-glusterfs-improvements-for-17.09-master branch from 590cf7c to ed2d5f3 Compare September 27, 2017 17:53
bachp
bachp reviewed Sep 27, 2017
View reviewed changes
nixos/modules/services/network-filesystems/glusterfs.nix Outdated
set this to 'control-group'.
'';
default = "process";
};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be configurable? If yes give a quick description in which cases the different modes might be useful.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bachp Updated; I have now described both typical use cases.

I have also added a commit that changes the default to control-group, as you and me both think that this is the better default (from #27340 (comment)).

@nh2
glusterfs service: Add killMode and stopKillTimeout options
e233a51
@nh2
glusterfs service: Ensure log directory exists for glustereventsd.
08f7e45 
Prevents glustereventsd failing at startup in case it starts
before glusterd has started (whose `preStart` would also
create the needed directory).
@nh2
glusterfs service: Change default killMode to "control-group".
18eecae 
This is a better default for NixOS because it ensures that config
changes happen fully when NixOS users expect it.
@nh2 nh2 force-pushed the nh2-glusterfs-improvements-for-17.09-master branch from ed2d5f3 to 18eecae Compare September 27, 2017 19:12
@nh2
Copy link
Contributor Author

nh2 commented Sep 27, 2017

Copying into main conversation so it doesn't get hidden by show outdated:

I have also added a commit that changes the default to control-group, as you (@bachp) and me both think that this is the better default (from #27340 (comment)).

@nh2 nh2 mentioned this pull request Sep 27, 2017
Closed
8 tasks
@nh2
Copy link
Contributor Author

nh2 commented Sep 27, 2017

This is good to go from my side.

Once this is merged, we should switftly go on to #29062, so that we can have a good gluster 3.12 experience on NixOS 17.09.

@FRidh FRidh changed the title A few fixes and improvements for the glusterfs service glusterfs service: a few fixes and improvements Sep 28, 2017
bachp
bachp approved these changes Sep 29, 2017
View reviewed changes
Copy link
Member

@bachp bachp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@joachifm joachifm added this to the 17.09 milestone Sep 29, 2017
@joachifm joachifm merged commit 74db6fa into NixOS:master Sep 30, 2017
@nh2 nh2 mentioned this pull request Sep 30, 2017
Closed
9 tasks
@bachp bachp mentioned this pull request Oct 1, 2017
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@globin globin globin left review comments

@bachp bachp bachp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nh2 @bachp @globin @joachifm