Support both ssl/non-ssl volumes on the same client node #4499
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
glusterfsd supports the '--secure-mgmt' cli option to specify management transport type (ssl or non ssl), when we start a fuse daemon, this option tells the daemon how to initialize the mamangement socket and establish the connection to the remote glusterd. However, this option is missing in the mount.glusterfs script, as a result, we can only rely on the presence of the /var/lib/glusterd/secure-access file to decide the tranport type. This is cumbersome, it literally makes it impossible to mount two volumes on the same client node: one from a regular glusterfs cluster, one from a "secure" cluster where glusterd runs on ssl transport. We do have this use case due to data classification requirements. Adding this option into mount.glusterfs would resolve the issue: on the client side we properly set the secure-access file, and the cert files. To mount a regular volume, add the '-o secure-mgmt=false' option, to mount a secure volume, either leave this option not set, or set it to 'true'.
|
Can one of the admins verify this patch? |
1 similar comment
|
Can one of the admins verify this patch? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
glusterfsd supports the '--secure-mgmt' cli option to specify management transport type (ssl or non ssl), when we start a fuse daemon, this option tells the daemon how to initialize the mamangement socket and establish the connection to the remote glusterd.
However, this option is missing in the mount.glusterfs script, as a result, we can only rely on the presence of the
/var/lib/glusterd/secure-access file to decide the tranport type. This is cumbersome, it literally makes it impossible to mount two volumes on the same client node: one from a regular glusterfs cluster, one from a "secure" cluster where glusterd runs on ssl transport.
We do have this use case due to data classification requirements. Adding this option into mount.glusterfs would resolve the issue: on the client side we properly set the secure-access file, and the cert files. To mount a regular volume, add the '-o secure-mgmt=false' option, to mount a secure volume, either leave this option not set, or set it to 'true'.