|
I'm trying to issue RPC calls to glusterd from a remote host. This
can be done with `gluster --remote-host=1.2.3.4`, but the daemon
refuses any commands which perform modifications. SSL & authentication is not well documented, but I'm wondering if either of these can be used. According to the documentation (https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/doc/authentication.txt), gluster supports authentication on volumes. And from looking at /etc/glusterfs/glusterd.vol, it looks like management is configured as a volume. So I was wondering if there was a way to use this to configure glusterd to listen on a tcp socket, and enable authentication on it, and then pass the auth credentials to the gluster command when making remote calls. Another thought was that according to http://blog.onefellow.com/post/76702687553/enable-glusterfs-ssl-mode, gluster supports client side SSL certificates. Also according to http://blog.gluster.org/2014/10/glusterfs-3-6-0-is-alive/ SSL was just added for the management interface. However I can't find any documentation on it. The only other solution I had thought of was to have socat listen on a TCP port, perform the SSL certificate verification, and proxy the connection to the glusterd unix domain socket. Then on the client, do the same thing in reverse, have sockat listen on a unix domain socket, add the SSL cert, and forward to the remote host over TCP. This would be cumbersome though as I'd have to come up with some sort of wrapper to launch socat, launch the gluster cli, then kill socat. I'm also unsure of how to specify the path to the unix domain socket for the gluster client. Documentation on this is non-existent. The only place the `--remote-host=...` option is documented seems to be the 'troubleshooting' section on the web site. -Patrick |
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-users
