Hi all,I'm just installing my first ever glusterfs volume, and am running into trouble, which I think may be related to using ssl. I don't have a network I can trust, so using secure authentication and encryption is a show-stopper for me.I am using gluster 3.6.3 on Debian stable, and the command I'm using to mount is:# mount -t glusterfs localhost:/austen /homeand the error message I am seeing is the following:# tail -23 /var/log/glusterfs/home.log+------------------------------------------------------------------------------+[2015-06-16 00:12:12.691413] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot[2015-06-16 00:12:12.691978] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-0: changing port to 49152 (from 0)[2015-06-16 00:12:12.694267] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth[2015-06-16 00:12:12.695846] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-1: changing port to 49152 (from 0)[2015-06-16 00:12:12.703270] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot[2015-06-16 00:12:12.703544] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-0: Using Program GlusterFS 3.3, Num (1298437), Version (330)[2015-06-16 00:12:12.703912] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-0: failed to set the volume (Permission denied)
Are you setting auth.ssl-allow to enable specific users (identified by CN) to access the volume? The following page shows how.
Also, note that the CN can't contain spaces. I know that's inconvenient, but space was already used as a delimiter and changing that would have affected backward compatibility.
[2015-06-16 00:12:12.703940] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-0: failed to get 'process-uuid' from reply dict[2015-06-16 00:12:12.703956] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-0: SETVOLUME on remote-host failed: Authentication failed[2015-06-16 00:12:12.703970] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-0: sending AUTH_FAILED event[2015-06-16 00:12:12.703992] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.[2015-06-16 00:12:12.704010] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.[2015-06-16 00:12:12.709146] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth[2015-06-16 00:12:12.710243] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-1: Using Program GlusterFS 3.3, Num (1298437), Version (330)[2015-06-16 00:12:12.711294] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-1: failed to set the volume (Permission denied)[2015-06-16 00:12:12.711321] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-1: failed to get 'process-uuid' from reply dict[2015-06-16 00:12:12.711330] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-1: SETVOLUME on remote-host failed: Authentication failed[2015-06-16 00:12:12.711339] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-1: sending AUTH_FAILED event[2015-06-16 00:12:12.711349] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.[2015-06-16 00:12:12.711358] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.[2015-06-16 00:12:12.711374] E [mount-common.c:228:fuse_mnt_umount] 0-glusterfs-fuse: fuse: failed to unmount /home: Invalid argument[2015-06-16 00:12:12.711586] W [glusterfsd.c:1194:cleanup_and_exit] (--> 0-: received signum (15), shutting downSadly, I have very little idea as to how to debug this. I fear it may be a problem with my ssl keys (I created a CA key and used it to sign the keys for the two servers, but may have done this wrong.Any suggestions are welcome. I understand I haven't given all the information you likely need to help, but I don't even know what information would really be relevant, as I do not understand what this AUTH_FAILED event means.David
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-users