Re: Non-root user geo-replication in 3.6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Paul,

Yes, it is possible to setup Geo-rep non root user in Slave. As of now we have many manual steps like editing volfile etc. We are trying to simplify the manual editing steps(patch: http://review.gluster.org/#/c/9398/). I will also update these steps in GlusterFS documentation.

The steps are as follows.

In all Slave nodes,
-------------------
1. Create a new group. For example, georepgrp.
2. Create a unprivileged account. For example, georepuser1. Add georepuser1 as a member of georepgrp group. 3. As a root, create a new directory with permissions 0711. Ensure that the location where this directory is created is writeable only by root but georepuser1 is able to access it. For example, create a mountbroker-root directory at /var/mountbroker-root. 4. Add the following options to the glusterd.vol file(If GlusterFS is installed as source install then vol file is available in /usr/loca/etc/glusterfs/glusterd.vol, if it is rpm install then /etc/glusterfs/glusterd.vol)

    option mountbroker-root /var/mountbroker-root
    option mountbroker-geo-replication.georepuser1 slavevol
    option geo-replication-log-group georepgrp
    option rpc-auth-allow-insecure on

Where slavevol is the name of Slave volume

Example glusterd.vol file,

    volume management
        type mgmt/glusterd
        option working-directory /var/lib/glusterd
        option transport-type socket,rdma
        option transport.socket.keepalive-time 10
        option transport.socket.keepalive-interval 2
        option transport.socket.read-fail-log off
        option rpc-auth-allow-insecure on

        option mountbroker-root /var/mountbroker-root
        option mountbroker-geo-replication.georepuser1 slavevol
        option geo-replication-log-group georepgrp
    end-volume

If you need to enable multiple Gluster volumes for that user then add multiple volume names for that user as below

        option mountbroker-geo-replication.georepuser1 slavevol,slavevol2

To add multiple users,

        option mountbroker-geo-replication.georepuser1 slavevol
        option mountbroker-geo-replication.georepuser2 slavevol2,slavevol3

5. Restart glusterd service on all the Slave nodes.


In one Master Node
------------------
1. Setup a passwdless SSH from one of the master node to the user on one of the slave node. For example, to georepuser1.
2. Follow the Georep setup steps similar to normal geo-rep setup.
       gluster system:: execute gsec_create
gluster volume geo-replication MASTERVOL georepuser1@SLAVENODE::slavevol create push-pem

In any one Slave node,
----------------------
Run this script as root, georepuser1 as parameter.(In source install, /usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh)
        /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georepuser1

Back in master node
-------------------
Start the geo-replication,

gluster volume geo-replication MASTERVOL georepuser1@SLAVENODE::slavevol start



Let us know if you face any issues.

--
regards
Aravinda
http://aravindavk.in


On 01/05/2015 07:05 PM, Paul Mc Auley wrote:
Hi,

Looking at https://bugzilla.redhat.com/show_bug.cgi?id=1077452 it
seems to imply that it should be possible to set up and run
geo-replication without requiring SSH as the root user to be enabled,
but I've been able to get this working in my test setup using the
3.6.1 RPMs.

I've tried the element of setting GLUSTERD_WORKDIR to /var/lib/glusterd
and running /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh

What is the current situation with this?

Thanks,
Paul
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users



[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux