On 10/31/2012 06:31 AM, Emmanuel Dreyfus wrote:
Hi I would like to test SSL in 3.4.0qa1 but cannot find the documentation. From prior testing, I recall I had to do gluster volume set in order to configure CA, cert and key, but it does not work: # gluster volume set gfs transport.socket.ssl-ca-list /etc/openssl/ca.crt volume set: failed: option : transport.socket.ssl-ca-list does not exist Did you mean transport.keepalive? volume set: failed How would it be done?
In a quick grovel through the code I see things like transport.socket.ssl-enabled, along with transport.socket.ssl-own-cert, transport.socket.ssl-private-key, and transport.socket.ssl-ca-list.
A quick read suggests to me that if you already have your key, cert, and ca files in /etc/ssl/glusterfs.{key,pem,ca} you need simply set transport.socket.ssl-enabled = true.
Moreover, I only see transport.socket.ssl-enabled in the CLI side of things, i.e. .../xlators/mgmt/glusterd/src/..., which suggests that the key, cert, and ca would need to be over-ridden in the volume file.
HTH. -- Kaleb
