Hi guys.
I'm trying TLS on my gluster, well, I'd like to think that I
have it done, but...
If I set volume to 'client.ssl on' then stuff brakes -
autofs cannot mount, libvirtd cannot get to the volume via
lbgfapi.
Volume is as:
-> $ gluster volume info VMs | sort
auth.ssl-allow: one.direct,two.direct
Brick1: 10.1.1.201:/devs/00.GLUSTERs/VMs
Brick2: 10.1.1.101:/devs/00.GLUSTERs/VMs
Bricks:
client.ssl: on
cluster.self-heal-daemon: enable
nfs.disable: on
Number of Bricks: 1 x 2 = 2
Options Reconfigured:
performance.client-io-threads: off
server.ssl: on
Snapshot Count: 0
Status: Started
storage.fips-mode-rchecksum: on
storage.owner-gid: 107
storage.owner-uid: 107
transport.address-family: inet
Transport-type: tcp
Type: Replicate
Volume ID: 14b867bf-b523-4168-937c-cca59e202fb4
Volume Name: VMs
Since, what I'm told that is, Libvirt does not yet implement
TLS to/off GlusterFS I presumed - okey, that would be
'client.ssl' I can do ignore, disable and Libvirt would work.
Mine is a simple setup, only two servers which are 'clients'
at the same time, for autofs & libvirtd operate on themselves.
Should 'client.ssl off' not allow libvirt to connect via
libgfapi?
What does 'client.ssl' do? What's it for?
And lastly - how to without the doubts confirm that volume
in fact does use TLS?
many thanks, L.
________
Community Meeting Calendar:
Schedule -
Every 2nd and 4th Tuesday at 14:30 IST / 09:00 UTC
Bridge: https://meet.google.com/cpu-eiue-hvk
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-users