[Gluster-users] Gluster communication via TLS client problem
Strahil Nikolov
hunter86_bg at yahoo.com
Sun Jan 28 22:03:01 UTC 2024
You didn't specify correctly the IP in the SANS but I'm not sure if that's the root cause.
In the SANs section Specify all hosts + their IPs: IP.1=1.2.3.4IP.2=2.3.4.5DNS.1=c01.glusterDNS.2=c02.gluster
What is the output from the client:openssl s_client -showcerts -connect c02.gluster:24007
There is a very good article on the topic:https://www.redhat.com/en/blog/hardening-gluster-installations-tls
Can you check it for a missed step ?Can you share the volume settings ?
Best Regards,Strahil Nikolov
On Sun, Jan 28, 2024 at 11:38, Stefan Kania<stefan at kania-online.de> wrote: Hi Strahil,
ok, that's what I did now to create the certificate:
---------------------
openssl req -x509 -sha256 -key glusterfs.key -out "glusterfs.pem" -days
365 -subj "/C=de/ST=SH/L=St.
Michel/O=stka/OU=gluster-nodes/CN=c01.gluster" -addext "subjectAltName =
DNS:192.168.56.41"
--------------------
still the same. The communication between the gluster-nodes is working
with TLS, but the client can't mount the volume anymore. I now try to
mount the volume with log-level=trace
mount -t glusterfs -o log-level=trace c02.gluster:/gv1 /mnt
and got the following:
---------------
[2024-01-28 09:22:38.348905 +0000] I [MSGID: 100030]
[glusterfsd.c:2767:main] 0-/usr/sbin/glusterfs: Started running version
[{arg=/usr/sbin/glusterfs}, {version=10.5},
{cmdlinestr=/usr/sbin/glusterfs --log-level=TRACE --process-name fuse
--volfile-server=c02.gluster --volfile-id=/gv1 /mnt}]
[2024-01-28 09:22:38.349095 +0000] T [MSGID: 0]
[xlator.c:388:xlator_dynload] 0-xlator: attempt to load file
/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so
[2024-01-28 09:22:38.349650 +0000] T [MSGID: 0]
[xlator.c:301:xlator_dynload_apis] 0-xlator: fuse: method missing
(reconfigure)
[2024-01-28 09:22:38.349728 +0000] T [MSGID: 0]
[xlator.c:319:xlator_dynload_apis] 0-xlator: fuse: method missing
(dump_metrics)
[2024-01-28 09:22:38.349854 +0000] T [MSGID: 0]
[xlator.c:325:xlator_dynload_apis] 0-xlator: fuse: method missing
(pass_through_fops), falling back to default
[2024-01-28 09:22:38.349979 +0000] D [MSGID: 0]
[glusterfsd.c:421:set_fuse_mount_options] 0-glusterfsd: fopen-keep-cache
mode 2
[2024-01-28 09:22:38.350111 +0000] D [MSGID: 0]
[glusterfsd.c:465:set_fuse_mount_options] 0-glusterfsd: fuse direct io
type 2
[2024-01-28 09:22:38.350222 +0000] D [MSGID: 0]
[glusterfsd.c:478:set_fuse_mount_options] 0-glusterfsd: fuse
no-root-squash mode 0
[2024-01-28 09:22:38.350347 +0000] D [MSGID: 0]
[glusterfsd.c:519:set_fuse_mount_options] 0-glusterfsd:
kernel-writeback-cache mode 2
[2024-01-28 09:22:38.350458 +0000] D [MSGID: 0]
[glusterfsd.c:537:set_fuse_mount_options] 0-glusterfsd:
fuse-flush-handle-interrupt mode 2
[2024-01-28 09:22:38.350674 +0000] T [MSGID: 0]
[options.c:1239:xlator_option_init_double] 0-fuse: option
attribute-timeout using default value 1.0
[2024-01-28 09:22:38.350792 +0000] T [MSGID: 0]
[options.c:513:xlator_option_validate_double] 0-fuse: no range check
required for 'option attribute-timeout 1.0'
[2024-01-28 09:22:38.350925 +0000] T [MSGID: 0]
[options.c:1230:xlator_option_init_uint32] 0-fuse: option
reader-thread-count using default value 1
[2024-01-28 09:22:38.351133 +0000] D [dict.c:2503:dict_get_str]
(-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so(+0x1ee10)
[0x7ff51324ce10]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(xlator_option_init_bool+0x60)
[0x7ff513e88bf0]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(dict_get_str+0xdf)
[0x7ff513e358df] ) 0-dict: key auto-invalidation, string type asked, has
unsigned integer type [Das Argument ist ungültig]
[2024-01-28 09:22:38.351262 +0000] D [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option
auto-invalidation using set value 0
[2024-01-28 09:22:38.351514 +0000] T [MSGID: 0]
[options.c:1239:xlator_option_init_double] 0-fuse: option entry-timeout
using default value 1.0
[2024-01-28 09:22:38.351661 +0000] T [MSGID: 0]
[options.c:513:xlator_option_validate_double] 0-fuse: no range check
required for 'option entry-timeout 1.0'
[2024-01-28 09:22:38.351894 +0000] D [dict.c:2503:dict_get_str]
(-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so(+0x1ee6e)
[0x7ff51324ce6e]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(xlator_option_init_double+0x60)
[0x7ff513e89080]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(dict_get_str+0xdf)
[0x7ff513e358df] ) 0-dict: key negative-timeout, string type asked, has
float type [Das Argument ist ungültig]
[2024-01-28 09:22:38.351970 +0000] D [MSGID: 0]
[options.c:1239:xlator_option_init_double] 0-fuse: option
negative-timeout using set value 0.000000
[2024-01-28 09:22:38.352092 +0000] T [MSGID: 0]
[options.c:513:xlator_option_validate_double] 0-fuse: no range check
required for 'option negative-timeout 0.000000'
[2024-01-28 09:22:38.352283 +0000] T [MSGID: 0]
[options.c:1231:xlator_option_init_int32] 0-fuse: option client-pid not set
[2024-01-28 09:22:38.352402 +0000] T [MSGID: 0]
[options.c:1230:xlator_option_init_uint32] 0-fuse: option uid-map-root
not set
[2024-01-28 09:22:38.352527 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option
strict-volfile-check using default value false
[2024-01-28 09:22:38.352649 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option acl using
default value false
[2024-01-28 09:22:38.352826 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option selinux using
default value false
[2024-01-28 09:22:38.352947 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option capability using
default value false
[2024-01-28 09:22:38.353065 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option read-only not set
[2024-01-28 09:22:38.353169 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option enable-ino32
using default value false
[2024-01-28 09:22:38.353311 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option use-readdirp
using default value yes
[2024-01-28 09:22:38.353518 +0000] D [dict.c:2503:dict_get_str]
(-->/lib/x86_64-linux-gnu/libglusterfs.so.0(xlator_init+0xc5)
[0x7ff513e38c45]
-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so(+0x1f0fd)
[0x7ff51324d0fd]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(dict_get_str+0xdf)
[0x7ff513e358df] ) 0-dict: key sync-to-mount, string type asked, has
pointer type [Das Argument ist ungültig]
[2024-01-28 09:22:38.353644 +0000] T [MSGID: 0]
[options.c:1240:xlator_option_init_time] 0-fuse: option gid-timeout
using default value 300
[2024-01-28 09:22:38.353766 +0000] T [MSGID: 0]
[options.c:80:xlator_option_validate_int] 0-fuse: no range check
required for 'option gid-timeout 300'
[2024-01-28 09:22:38.353887 +0000] T [MSGID: 0]
[options.c:1227:xlator_option_init_str] 0-fuse: option fuse-mountopts
not set
[2024-01-28 09:22:38.354028 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option resolve-gids
using default value false
[2024-01-28 09:22:38.354140 +0000] T [MSGID: 0]
[options.c:1231:xlator_option_init_int32] 0-fuse: option background-qlen
using default value 64
[2024-01-28 09:22:38.354311 +0000] T [MSGID: 0]
[options.c:1231:xlator_option_init_int32] 0-fuse: option
congestion-threshold using default value 48
[2024-01-28 09:22:38.354452 +0000] D [dict.c:2503:dict_get_str]
(-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so(+0x1f2a1)
[0x7ff51324d2a1]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(xlator_option_init_bool+0x60)
[0x7ff513e88bf0]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(dict_get_str+0xdf)
[0x7ff513e358df] ) 0-dict: key no-root-squash, string type asked, has
pointer type [Das Argument ist ungültig]
[2024-01-28 09:22:38.354519 +0000] D [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option no-root-squash
using set value disable
[2024-01-28 09:22:38.354671 +0000] T [MSGID: 0]
[options.c:1230:xlator_option_init_uint32] 0-fuse: option lru-limit
using default value 65536
[2024-01-28 09:22:38.354769 +0000] T [MSGID: 0]
[options.c:80:xlator_option_validate_int] 0-fuse: no range check
required for 'option lru-limit 65536'
[2024-01-28 09:22:38.354974 +0000] D [dict.c:2503:dict_get_str]
(-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/xlator/mount/fuse.so(+0x1f312)
[0x7ff51324d312]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(xlator_option_init_uint32+0x60)
[0x7ff513e89900]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(dict_get_str+0xdf)
[0x7ff513e358df] ) 0-dict: key invalidate-limit, string type asked, has
integer type [Das Argument ist ungültig]
[2024-01-28 09:22:38.355042 +0000] D [MSGID: 0]
[options.c:1230:xlator_option_init_uint32] 0-fuse: option
invalidate-limit using set value 0
[2024-01-28 09:22:38.355255 +0000] T [MSGID: 0]
[options.c:80:xlator_option_validate_int] 0-fuse: no range check
required for 'option invalidate-limit 0'
[2024-01-28 09:22:38.355366 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option event-history
using default value false
[2024-01-28 09:22:38.355480 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option thin-client
using default value false
[2024-01-28 09:22:38.355581 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option
kernel-writeback-cache using default value false
[2024-01-28 09:22:38.355679 +0000] T [MSGID: 0]
[options.c:1231:xlator_option_init_int32] 0-fuse: option
attr-times-granularity using default value 0
[2024-01-28 09:22:38.355873 +0000] T [MSGID: 0]
[options.c:1236:xlator_option_init_bool] 0-fuse: option
flush-handle-interrupt using default value false
[2024-01-28 09:22:38.356004 +0000] T [MSGID: 0]
[options.c:1230:xlator_option_init_uint32] 0-fuse: option
fuse-dev-eperm-ratelimit-ns using default value 10000000
[2024-01-28 09:22:38.358563 +0000] I [glusterfsd.c:2447:daemonize]
0-glusterfs: Pid of current running process is 792
[2024-01-28 09:22:38.358647 +0000] D
[logging.c:1705:__gf_log_inject_timer_event] 0-logging-infra: Starting
timer now. Timeout = 120, current buf size = 5
[2024-01-28 09:22:38.362664 +0000] D [MSGID: 0] [gf-io.c:513:gf_io_run]
0-io: Trying I/O engine 'io_uring'
[2024-01-28 09:22:38.363447 +0000] D [MSGID: 0]
[gf-io-uring.c:191:gf_io_uring_dump_params] 0-io: I/O URing: SQEs=32768,
CQEs=65536, CPU=0, Idle=0
[2024-01-28 09:22:38.363523 +0000] D [MSGID: 0]
[gf-io-uring.c:196:gf_io_uring_dump_params] 0-io: I/O URing: Flags:
CLAMP(10)
[2024-01-28 09:22:38.363663 +0000] D [MSGID: 0]
[gf-io-uring.c:199:gf_io_uring_dump_params] 0-io: I/O URing: Features:
SINGLE_MMAP(1) NODROP(2) SUBMIT_STABLE(4) RW_CUR_POS(8)
CUR_PERSONALITY(10) FAST_POLL(20) POLL_32BITS(40) SQPOLL_NONFIXED(80)
EXT_ARG(100) NATIVE_WORKERS(200) ?(1c00)
[2024-01-28 09:22:38.363800 +0000] D [MSGID: 0]
[gf-io-uring.c:251:gf_io_uring_dump_ops] 0-io: I/O URing: Max opcode = 48
[2024-01-28 09:22:38.363932 +0000] D [MSGID: 0]
[gf-io-uring.c:270:gf_io_uring_dump_ops] 0-io: I/O URing: Ops: NOP(0)
READV(1) WRITEV(2) FSYNC(3) READ_FIXED(4) WRITE_FIXED(5) POLL_ADD(6)
POLL_REMOVE(7) SYNC_FILE_RANGE(8) SENDMSG(9) RECVMSG(10) TIMEOUT(11)
TIMEOUT_REMOVE(12) ACCEPT(13) ASYNC_CANCEL(14) LINK_TIMEOUT(15)
CONNECT(16) FALLOCATE(17) OPENAT(18) CLOSE(19) FILES_UPDATE(20)
STATX(21) READ(22) WRITE(23) FADVISE(24) MADVISE(25) SEND(26) RECV(27)
OPENAT2(28) EPOLL_CTL(29) SPLICE(30) PROVIDE_BUFFERS(31)
REMOVE_BUFFERS(32) TEE(33) SHUTDOWN(34) RENAMEAT(35) UNLINKAT(36) ?(37)
?(38) ?(39) ?(40) ?(41) ?(42) ?(43) ?(44) ?(45) ?(46) ?(47) ?(48)
[2024-01-28 09:22:38.364281 +0000] D [MSGID: 0] [gf-io.c:517:gf_io_run]
0-io: I/O engine 'io_uring' is ready
[2024-01-28 09:22:38.365254 +0000] D
[rpc-clnt.c:1018:rpc_clnt_connection_init] 0-glusterfs: defaulting
frame-timeout to 30mins
[2024-01-28 09:22:38.365410 +0000] D
[rpc-clnt.c:1030:rpc_clnt_connection_init] 0-glusterfs: disable ping-timeout
[2024-01-28 09:22:38.365501 +0000] D
[rpc-transport.c:278:rpc_transport_load] 0-rpc-transport: attempt to
load file /usr/lib/x86_64-linux-gnu/glusterfs/10.5/rpc-transport/socket.so
[2024-01-28 09:22:38.366186 +0000] D [MSGID: 101233]
[options.c:973:xl_opt_validate] 0-glusterfs: option is deprecated,
continuing with correction [{key=address-family},
{preferred=transport.address-family}]
[2024-01-28 09:22:38.366264 +0000] T [MSGID: 0]
[options.c:80:xlator_option_validate_int] 0-glusterfs: no range check
required for 'option remote-port 24007'
[2024-01-28 09:22:38.367351 +0000] D [socket.c:4561:socket_init]
0-glusterfs: Configured transport.tcp-user-timeout=42
[2024-01-28 09:22:38.367566 +0000] D [socket.c:4581:socket_init]
0-glusterfs: Reconfigured transport.keepalivecnt=9
[2024-01-28 09:22:38.367629 +0000] D
[rpc-clnt.c:1591:rpcclnt_cbk_program_register] 0-glusterfs: New program
registered: GlusterFS Callback, Num: 52743234, Ver: 1
[2024-01-28 09:22:38.367748 +0000] T [rpc-clnt.c:396:rpc_clnt_reconnect]
0-glusterfs: attempting reconnect
[2024-01-28 09:22:38.367865 +0000] T [socket.c:3377:socket_connect]
0-glusterfs: connecting 0x7ff50c007768, sock=-1
[2024-01-28 09:22:38.368068 +0000] D [dict.c:1290:data_to_uint16]
(-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/rpc-transport/socket.so(+0x98dd)
[0x7ff5123438dd]
-->/usr/lib/x86_64-linux-gnu/glusterfs/10.5/rpc-transport/socket.so(socket_client_get_remote_sockaddr+0x2c8)
[0x7ff512343448]
-->/lib/x86_64-linux-gnu/libglusterfs.so.0(data_to_uint16+0x146)
[0x7ff513e32676] ) 0-dict: key null, unsigned integer type asked, has
integer type [Das Argument ist ungültig] # --> the argument is invalide
[2024-01-28 09:22:38.368170 +0000] T [MSGID: 0]
[common-utils.c:504:gf_resolve_ip6] 0-resolver: DNS cache not present,
freshly probing hostname: c02.gluster
[2024-01-28 09:22:38.368577 +0000] D [MSGID: 0]
[common-utils.c:542:gf_resolve_ip6] 0-resolver: returning
ip-192.168.57.42 (port-24007) for hostname: c02.gluster and port: 24007
[2024-01-28 09:22:38.368641 +0000] D [socket.c:3294:socket_fix_ssl_opts]
0-glusterfs: disabling SSL for portmapper connection
[2024-01-28 09:22:38.368739 +0000] T [socket.c:1021:__socket_nodelay]
0-glusterfs: NODELAY enabled for socket 11
[2024-01-28 09:22:38.368846 +0000] T [socket.c:1107:__socket_keepalive]
0-glusterfs: Keep-alive enabled for socket: 11, (idle: 20, interval: 2,
max-probes: 9, timeout: 42)
[2024-01-28 09:22:38.368954 +0000] T [socket.c:3495:socket_connect]
0-glusterfs: >>> connect() with non-blocking IO for ALL
[2024-01-28 09:22:38.369071 +0000] T [socket.c:206:socket_dump_info]
0-glusterfs: $$$ client: connecting to (af:2,sock:11) 192.168.57.42
non-SSL (errno:0:Erfolg)
[2024-01-28 09:22:38.369501 +0000] I [MSGID: 101190]
[event-epoll.c:667:event_dispatch_epoll_worker] 0-epoll: Started thread
with index [{index=1}]
[2024-01-28 09:22:38.369565 +0000] T
[socket.c:2897:socket_event_handler] 0-glusterfs: client (sock:11) in:0,
out:4, err:0
[2024-01-28 09:22:38.369682 +0000] T
[socket.c:2903:socket_event_handler] 0-glusterfs: client (sock:11)
socket is not connected, completing connection
[2024-01-28 09:22:38.369872 +0000] T
[rpc-clnt.c:1443:rpc_clnt_record_build_header] 0-rpc-clnt: Request
fraglen 140, payload: 76, rpc hdr: 64
[2024-01-28 09:22:38.369990 +0000] T [rpc-clnt.c:1729:rpc_clnt_submit]
0-rpc-clnt: submitted request (unique: 0, XID: 0x2, Program: GlusterFS
Handshake, ProgVers: 2, Proc: 2) to rpc-transport (glusterfs)
[2024-01-28 09:22:38.370068 +0000] D
[rpc-clnt-ping.c:296:rpc_clnt_start_ping] 0-glusterfs: ping timeout is
0, returning
[2024-01-28 09:22:38.370207 +0000] T
[socket.c:2803:socket_handle_client_connection_attempt] 0-glusterfs:
socket_connect_finish() returned 0
[2024-01-28 09:22:38.370301 +0000] T
[socket.c:2910:socket_event_handler] 0-glusterfs: (sock:11)
socket_complete_connection() returned 1
[2024-01-28 09:22:38.370471 +0000] T
[socket.c:2916:socket_event_handler] 0-glusterfs: (sock:11) returning to
wait on socket
[2024-01-28 09:22:38.370529 +0000] T
[socket.c:2897:socket_event_handler] 0-glusterfs: client (sock:11) in:0,
out:4, err:0
[2024-01-28 09:22:38.370668 +0000] T
[socket.c:2923:socket_event_handler] 0-glusterfs: Client socket (11) is
already connected
[2024-01-28 09:22:38.370733 +0000] T
[socket.c:2932:socket_event_handler] 0-glusterfs: (sock:11)
socket_event_poll_out returned 0
[2024-01-28 09:22:38.370837 +0000] I [MSGID: 101190]
[event-epoll.c:667:event_dispatch_epoll_worker] 0-epoll: Started thread
with index [{index=0}]
[2024-01-28 09:22:38.374114 +0000] T
[socket.c:2897:socket_event_handler] 0-glusterfs: client (sock:11) in:1,
out:0, err:24
[2024-01-28 09:22:38.374179 +0000] T [socket.c:206:socket_dump_info]
0-glusterfs: $$$ client: disconnecting from (af:2,sock:11) 192.168.57.42
non-SSL (errno:104:Die Verbindung wurde vom Kommunikationspartner
zurückgesetzt) # --> connection reseted by peer
[2024-01-28 09:22:38.374326 +0000] D
[socket.c:2966:socket_event_handler] 0-transport: EPOLLERR -
disconnecting (sock:11) (non-SSL)
[2024-01-28 09:22:38.374447 +0000] I
[glusterfsd-mgmt.c:2681:mgmt_rpc_notify] 0-glusterfsd-mgmt: disconnected
from remote-host: c02.gluster
[2024-01-28 09:22:38.374529 +0000] I
[glusterfsd-mgmt.c:2720:mgmt_rpc_notify] 0-glusterfsd-mgmt: Exhausted
all volfile servers
[2024-01-28 09:22:38.375599 +0000] D
[logging.c:1675:gf_log_flush_extra_msgs] 0-logging-infra: Log buffer
size reduced. About to flush 5 extra log messages
[2024-01-28 09:22:38.375716 +0000] D
[logging.c:1681:gf_log_flush_extra_msgs] 0-logging-infra: Just flushed 5
extra log messages
[2024-01-28 09:22:38.375878 +0000] W
[glusterfsd.c:1458:cleanup_and_exit]
(-->/lib/x86_64-linux-gnu/libgfrpc.so.0(+0xfa35) [0x7ff513de8a35]
-->/usr/sbin/glusterfs(+0x14769) [0x564f61e2c769]
-->/usr/sbin/glusterfs(cleanup_and_exit+0x57) [0x564f61e23447] ) 0-:
received signum (1), shutting down
[2024-01-28 09:22:38.375999 +0000] D
[mgmt-pmap.c:90:rpc_clnt_mgmt_pmap_signout] 0-fsd-mgmt: portmapper
signout arguments not given
[2024-01-28 09:22:38.376093 +0000] I [fuse-bridge.c:7065:fini] 0-fuse:
Unmounting '/mnt'.
[2024-01-28 09:22:38.378550 +0000] I [fuse-bridge.c:7069:fini] 0-fuse:
Closing fuse connection to '/mnt'.
[2024-01-28 09:22:38.378765 +0000] W
[glusterfsd.c:1458:cleanup_and_exit]
(-->/lib/x86_64-linux-gnu/libc.so.6(+0x89044) [0x7ff513c6d044]
-->/usr/sbin/glusterfs(glusterfs_sigwaiter+0xc5) [0x564f61e2ae05]
-->/usr/sbin/glusterfs(cleanup_and_exit+0x57) [0x564f61e23447] ) 0-:
received signum (15), shutting down
---------------
So the client can resolve the hostname aand it fits to the neme of the
gluster-host and it's fqdn.
Still the same on the gluster-host:
----------------
==> /var/log/glusterfs/glusterd.log <==
[2024-01-28 09:32:47.673142 +0000] I
[socket.c:4288:ssl_setup_connection_params] 0-socket.management: SSL
support for MGMT is ENABLED IO path is ENABLED certificate depth is 1
for peer 192.168.57.51:49151
[2024-01-28 09:32:47.677804 +0000] E [socket.c:224:ssl_dump_error_stack]
0-socket.management: error:0A00010B:SSL routines::wrong version number
----------------
:-( still not working. What I don't anderstand: why is it working
between the gluster-host but not between the gluster-client and any of
the gluster-hosts? Atre they manage the TLS connection a different way?
Stefan
Am 28.01.24 um 08:44 schrieb Strahil Nikolov:
> Usually with Certificates it's always a pain.I would ask you to regenerate the certificates but by adding the FQDN of the system and the IP used by the clients to reach the brick in 'SANS' section of the cert. Also, set the validity to 365 days for the test.
> Best Regards,Strahil Nikolov
>
>
> On Fri, Jan 26, 2024 at 21:37, Stefan Kania<stefan at kania-online.de> wrote: Hi Aravinda
>
> Am 26.01.24 um 17:01 schrieb Aravinda:
>> Does the combined glusterfs.ca includes client nodes pem? Also this file
>> need to be placed in Client node as well.
>
> Yes, I put all the Gluster-node Certificates AND the client certificate
> into the glusterfs.ca file. And I put the file to all gluster-nodes and
> clients. I did it twice (delete all certificate and restart all over)the
> result was always the same.
>
> Stefan
>
>
>
>
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20240128/2db8df6f/attachment.html>
More information about the Gluster-users
mailing list