<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Ganesha maintains negative and positive cache. Maybe, we should remove negative cache. A cache entry (either negative or positive) auto expires after 30 minutes. "ganesha_mgr purge netgroup" removes the entire netgroup cache.</div>
<div dir="ltr" > </div>
<div dir="ltr" >So, if you add a host to the netgroup, it should be able to access exports immediately provided the host never tried to access in the past. If it did, then it would have been part of negative cache entry and you may need to wait for 30 minutes. If you remove a host from a netgroups, it may take about 30 minutes to revoke the access.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Added, "ganesha_mgr purge netgroup" to purge the cache to make the cache consistent with the actual configuration. It needs to be run on each node.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards, Malahal.</div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" data-history-expanded="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Dietrich, Stefan" <stefan.dietrich@desy.de><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug-discuss@spectrumscale.org<br>Cc:<br>Subject: [gpfsug-discuss] CES Ganesha netgroup caching?<br>Date: Thu, Feb 28, 2019 1:36 PM<br>
<div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >Hi,<br><br>I am currently playing around with LDAP netgroups for NFS exports via CES.<br>However, I could not figure out how long Ganesha is caching the netgroup entries?<br><br>There is definitely some caching, as adding a host to the netgroup does not immediately grant access to the share.<br>A "getent netgroup <netgroup>" on the CES node returns the correct result, so this is not some other caching effect.<br><br>Resetting the cache via "ganesha_mgr purge netgroup" works, but is probably not officially supported.<br><br>The CES nodes are running with GPFS 5.0.2.3 and gpfs.nfs-ganesha-2.5.3-ibm030.01.el7.<br>CES authentication is set to user-defined, the nodes just use SSSD with a rfc2307bis LDAP server.<br><br>Regards,<br>Stefan<br><br>--<br>------------------------------------------------------------------------<br>Stefan Dietrich Deutsches Elektronen-Synchrotron (IT-Systems)<br> Ein Forschungszentrum der Helmholtz-Gemeinschaft<br> Notkestr. 85<br>phone: +49-40-8998-4696 22607 Hamburg<br>e-mail: stefan.dietrich@desy.de Germany<br>------------------------------------------------------------------------<br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>