Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-130877 / 25.04 / Remove acltype normalization for datasets #14377

Merged
merged 1 commit into from
Aug 30, 2024
Merged

NAS-130877 / 25.04 / Remove acltype normalization for datasets #14377

merged 1 commit into from
Aug 30, 2024

Conversation

anodos325
Copy link
Contributor

When we were doing initial development of TrueNAS SCALE (pre-angelfish) a bug was encountered when importing pools from FreeBSD in which the acltype could be set to OFF. Eventually this bug was fixed on the ZFS side, but it was still early days of testing NFSv4 acltype on SCALE and so we didn't want early-adopter migrators to have broken shares. Thus we normalized creation of new datasets to be POSIX acltype if user had selected to inherit from top-level dataset.

After a few releases and user bug reports we realized we needed to have specific ZFS dataset properties set depending on acltype. For example that the aclmode should be DISCARD (discard internal ZFS acl) because changing acltype does not remove the internal ZFS ACL and it could still be evaluated in zfs_zaccess calls. This eventually necessitated raising ValidationErrors on dataset creation for invalid parameter combinations. Unfortunately, the normalization behavior introduced in angelfish testing was overlooked at this point, which could cause a situation in which pools from FreeBSD where acltype now imports as nfsv4acl on top-level datasets would get flagged as needing normalization. This led to an invalid combination of acltype POSIX and aclmode PASSTHROUGH being set on new datasets when they were created to inherit from the top-level dataset.

Rather than fixing the normalization, at this point we're pretty confident about NFSv4 ACL type behavior in SCALE and can just remove the normalization logic entirely.

@bugclerk bugclerk changed the title Remove acltype normalization for datasets NAS-130877 / 25.04 / Remove acltype normalization for datasets Aug 30, 2024
@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-130877

@anodos325 anodos325 requested review from yocalebo and a team August 30, 2024 12:30
yocalebo
yocalebo approved these changes Aug 30, 2024
View reviewed changes
Copy link
Contributor

@yocalebo yocalebo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this break any tests and/or is this easily testable?

@anodos325 anodos325 force-pushed the remove-hack-toplevel-acl-inherit branch from af59fe1 to eee5b35 Compare August 30, 2024 17:15
@anodos325
Remove acltype normalization for datasets
da357b8 
When we were doing initial development of TrueNAS SCALE (pre-angelfish)
a bug was encountered when importing pools from FreeBSD in which the
acltype could be set to OFF. Eventually this bug was fixed on the ZFS
side, but it was still early days of testing NFSv4 acltype on SCALE
and so we didn't want early-adopter migrators to have broken shares.
Thus we normalized creation of new datasets to be POSIX acltype if user
had selected to inherit from top-level dataset.

After a few releases and user bug reports we realized we needed to have
specific ZFS dataset properties set depending on acltype. For example
that the aclmode should be DISCARD (discard internal ZFS acl) because
changing acltype does not remove the internal ZFS ACL and it could
still be evaluated in zfs_zaccess calls. This eventually necessitated
raising ValidationErrors on dataset creation for invalid parameter
combinations. Unfortunately, the normalization behavior introduced in
angelfish testing was overlooked at this point, which could cause a
situation in which pools from FreeBSD where acltype now imports as
nfsv4acl on top-level datasets would get flagged as needing
normalization. This led to an invalid combination of acltype
POSIX and aclmode PASSTHROUGH being set on new datasets when they
were created to inherit from the top-level dataset.

Rather than fixing the normalization, at this point we're pretty
confident about NFSv4 ACL type behavior in SCALE and can just
remove the normalization logic entirely.
@anodos325 anodos325 force-pushed the remove-hack-toplevel-acl-inherit branch from eee5b35 to da357b8 Compare August 30, 2024 17:29
@anodos325 anodos325 merged commit 5dcffa7 into master Aug 30, 2024
2 of 3 checks passed
@anodos325 anodos325 deleted the remove-hack-toplevel-acl-inherit branch August 30, 2024 17:33
@bugclerk bugclerk mentioned this pull request Aug 30, 2024
Merged
@bugclerk
Copy link
Contributor

Unable to perform the following backports: backport-24.04.2.1.
Available versions: 13.0, 13.3, 23.10.3, 24.04-BETA.1, 24.04-RC.1, 24.04.0, 24.04.1, 24.04.1.1, 24.04.2, 24.04.3, 24.10-BETA.1, 24.10-RC.1, 25.04.

@bugclerk
Copy link
Contributor

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

@truenas truenas locked as resolved and limited conversation to collaborators Aug 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yocalebo yocalebo yocalebo approved these changes

Assignees
No one assigned
Labels
backport-24.04.2.4 backport-24.10.1 jira-high no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anodos325 @bugclerk @yocalebo