Glusterfs SSL authentication issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Use command: gluster vol set devops-influxdb auth.ssl-allow '10.10.0.100,10.10.0.101,prdglusterfsclient1'

notes: 10.10.0.100 and 10.10.0.101 are common names in certificate for glusterfs servers (hostname is prdsh01glus01 and prdsh01glus02), prdglusterfsclient1 is the common name for clients(hostname is prdsh01reg).

SSL verification succeeded for both servers and clients, and server authentication passed, but client authentication failed, connecting username is in the list of allowed user names, I don't know what’s wrong here... please help, thanks.

[2017-03-02 12:20:36.371080] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = 10.10.0.100 [2017-03-02 12:20:36.371146] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.100:49138)

[2017-03-02 12:20:36.372561] I [login.c:34:gf_auth] 0-auth/login: connecting user name: 10.10.0.100 [2017-03-02 12:20:36.372592] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:20:36.372607] I [MSGID: 115029] [server-handshake.c:693:server_setvolume] 0-devops-influxdb-server: accepted client from prdsh01glus01-30001-2017/03/02-12:20:36:328437-devops-influxdb-client-0-0-0 (version: 3.9.1)

[2017-03-02 12:20:37.530939] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = 10.10.0.101

[2017-03-02 12:20:37.530987] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.101:49134)

[2017-03-02 12:20:37.532131] I [login.c:34:gf_auth] 0-auth/login: connecting user name: 10.10.0.101 [2017-03-02 12:20:37.532160] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:20:37.532173] I [MSGID: 115029] [server-handshake.c:693:server_setvolume] 0-devops-influxdb-server: accepted client from prdsh01glus02-31390-2017/03/02-12:20:37:488625-devops-influxdb-client-0-0-0 (version: 3.9.1)

[2017-03-02 12:21:15.462333] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = prdglusterfsclient1

[2017-03-02 12:21:15.462439] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.16:49145)

[2017-03-02 12:21:15.463197] I [login.c:34:gf_auth] 0-auth/login: connecting user name: prdglusterfsclient1

[2017-03-02 12:21:15.463262] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:21:15.463392] E [MSGID: 115001] [server-handshake.c:720:server_setvolume] 0-devops-influxdb-server: Cannot authenticate client from prdsh01reg-9148-2017/03/02-12:21:15:446641-devops-influxdb-client-0-0-0 3.9.1 [Permission denied]

 

Volume info:

Volume Name: devops-influxdb

Type: Replicate

Volume ID: 91b3cec8-4886-4612-86c2-e30776ee1e5d

Status: Started

Snapshot Count: 0

Number of Bricks: 1 x 2 = 2

Transport-type: tcp

Bricks:

Brick1: 10.10.0.100:/glusterfsvolumes/devops/devops-influxdb/brick1

Brick2: 10.10.0.101:/glusterfsvolumes/devops/devops-influxdb/brick1

Options Reconfigured:

auth.allow: 10.10.0.*

nfs.disable: on

performance.readdir-ahead: on

transport.address-family: inet

server.ssl: on

client.ssl: on

auth.ssl-allow: 10.10.0.100,10.10.0.101,prdglusterfsclient1

 

 

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-users
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux