Re: trouble mounting ssl-enabled volume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






Hi all,

I'm just installing my first ever glusterfs volume, and am running into trouble, which I think may be related to using ssl.  I don't have a network I can trust, so using secure authentication and encryption is a show-stopper for me.

I am using gluster 3.6.3 on Debian stable, and the command I'm using to mount is:

# mount -t glusterfs localhost:/austen  /home

and the error message I am seeing is the following:

# tail -23 /var/log/glusterfs/home.log 
+------------------------------------------------------------------------------+
[2015-06-16 00:12:12.691413] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot
[2015-06-16 00:12:12.691978] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-0: changing port to 49152 (from 0)
[2015-06-16 00:12:12.694267] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth
[2015-06-16 00:12:12.695846] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-1: changing port to 49152 (from 0)
[2015-06-16 00:12:12.703270] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot
[2015-06-16 00:12:12.703544] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-0: Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2015-06-16 00:12:12.703912] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-0: failed to set the volume (Permission denied)

Are you setting auth.ssl-allow to enable specific users (identified by CN) to access the volume?  The following page shows how.

http://www.gluster.org/community/documentation/index.php/SSL

Also, note that the CN can't contain spaces.  I know that's inconvenient, but space was already used as a delimiter and changing that would have affected backward compatibility.

[2015-06-16 00:12:12.703940] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-0: failed to get 'process-uuid' from reply dict
[2015-06-16 00:12:12.703956] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-0: SETVOLUME on remote-host failed: Authentication failed
[2015-06-16 00:12:12.703970] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-0: sending AUTH_FAILED event
[2015-06-16 00:12:12.703992] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.
[2015-06-16 00:12:12.704010] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.
[2015-06-16 00:12:12.709146] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth
[2015-06-16 00:12:12.710243] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-1: Using Program GlusterFS 3.3, Num (1298437), Version (330)
[2015-06-16 00:12:12.711294] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-1: failed to set the volume (Permission denied)
[2015-06-16 00:12:12.711321] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-1: failed to get 'process-uuid' from reply dict
[2015-06-16 00:12:12.711330] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-1: SETVOLUME on remote-host failed: Authentication failed
[2015-06-16 00:12:12.711339] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-1: sending AUTH_FAILED event
[2015-06-16 00:12:12.711349] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.
[2015-06-16 00:12:12.711358] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.
[2015-06-16 00:12:12.711374] E [mount-common.c:228:fuse_mnt_umount] 0-glusterfs-fuse: fuse: failed to unmount /home: Invalid argument
[2015-06-16 00:12:12.711586] W [glusterfsd.c:1194:cleanup_and_exit] (--> 0-: received signum (15), shutting down

Sadly, I have very little idea as to how to debug this.  I fear it may be a problem with my ssl keys (I created a CA key and used it to sign the keys for the two servers, but may have done this wrong.

Any suggestions are welcome.  I understand I haven't given all the information you likely need to help, but I don't even know what information would really be relevant, as I do not understand what this AUTH_FAILED event means.

David

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users

[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux