Re: Can I do SSL with Gluster v3.4.2 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 16, 2017 at 3:48 AM, dev <devuan.2@xxxxxxxxx> wrote:
> I'm trying to setup SSL transport with glusterfs following the guide
> here: http://blog.gluster.org/author/zbyszek/
>
> I've copied the resulting ca, pem and key files to my server
> (to /etc/ssl) as well as a copy on my gluster client. The link
> above does not explain the proper mount options for mounting the
> volume on the client however.
>
> I've tried searching for the correct options to add to the mount
> command, however nothing has turned up yet. I have found some
> options to place in a volume file such as:
>
>    option transport.socket.ssl-enabled on
>    option transport tcp
>    option direct-io-mode disable
>    option transport.socket.ssl-own-cert    /etc/ssl/glusterfs.pem
>    option transport.socket.ssl-private-key /etc/ssl/glusterfs.key
>    option transport.socket.ssl-ca-list     /etc/ssl/glusterfs.ca
>
> but mounting with:
>
>    glusterfs -f /etc/gluster-pm-vol /mnt/ib-data/hydra
>
> Only gives an error in the logfile such as:
>    ...
>    [socket.c:3594:socket_init] 0-pm1-dump: could not load our cert
>    ...
>
> I've started to investigate ACL on server, but attempting to
> set auth.ssl-allow results in an error as well.
>
>   # gluster volume info
>   Volume Name: pm1-dump
>   ...
>   client.ssl: on
>   ...
>
> # gluster volume set pm1-dump auth.ssl-allow foo
> volume set: failed: option : auth.ssl-allow does not exist
> Did you mean auth.allow?
>
> # gluster --version
> glusterfs 3.4.2 built on Jan 14 2014 18:05:37
>
>
> Is this version too old (ubuntu 14.04) to use SSL on or am I missing
> something?

This version is just too old. You can get up to date packages for
ubuntu from the gluster community ppa https://launchpad.net/~gluster .
I suggest you use glusterfs-3.8, which is the latest version to have
packages for trusty.

>
> Thanks in advance
> _______________________________________________
> Gluster-users mailing list
> Gluster-users@xxxxxxxxxxx
> http://lists.gluster.org/mailman/listinfo/gluster-users
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-users



[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux