<div dir="ltr">Hi,<div><br></div><div>after running volume stop/start the error disappeared and the volume can be mounted from the server.</div><div><br></div><div>Regards</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Oct 9, 2018 at 3:27 PM Davide Obbi <<a href="mailto:davide.obbi@booking.com">davide.obbi@booking.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>Hi,</div><div><br></div><div>i have enabled SSL/TLS on a cluster of 3 nodes, the server to server communication seems working since gluster volume status returns the three bricks while we are unable to mount from the client and the client can be also one of the gluster nodes iteself.</div><div>Options:</div><div><font face="monospace, monospace">/var/lib/glusterd/secure-acceess</font></div><div><font face="monospace, monospace"> option transport.socket.ssl-cert-depth 3</font></div><div><font face="monospace, monospace"><br></font></div><div><div><font face="monospace, monospace">ssl.cipher-list: HIGH:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:TLSv1.2:!3DES:!RC4:!aNULL:!ADH</font></div><div><font face="monospace, monospace">auth.ssl-allow: localhost,glusterserver-1005,glusterserver-1008,glusterserver-1009</font></div><div><font face="monospace, monospace">server.ssl: on</font></div><div><font face="monospace, monospace">client.ssl: on</font></div><div><font face="monospace, monospace">auth.allow: glusterserver-1005,glusterserver-1008,glusterserver-1009</font></div><div><font face="monospace, monospace">ssl.certificate-depth: 3</font></div></div><div><br></div><div>We noticed the following in glusterd logs, the .18 address is the client and one of the cluster nodes glusterserver-1005:</div><div><div><font face="monospace, monospace">[2018-10-09 13:12:10.786384] D [socket.c:354:ssl_setup_connection] 0-tcp.management: peer CN = glusterserver-1005 </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:10.786401] D [socket.c:357:ssl_setup_connection] 0-tcp.management: SSL verification succeeded (client: <a href="http://10.10.0.18:49149" target="_blank">10.10.0.18:49149</a>) (server: <a href="http://10.10.0.18:24007" target="_blank">10.10.0.18:24007</a>) </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:10.956960] D [socket.c:354:ssl_setup_connection] 0-tcp.management: peer CN = glusterserver-1009 </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:10.956977] D [socket.c:357:ssl_setup_connection] 0-tcp.management: SSL verification succeeded (client: <a href="http://10.10.0.27:49150" target="_blank">10.10.0.27:49150</a>) (server: <a href="http://10.10.0.18:24007" target="_blank">10.10.0.18:24007</a>) </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:11.322218] D [socket.c:354:ssl_setup_connection] 0-tcp.management: peer CN = glusterserver-1008 </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:11.322248] D [socket.c:357:ssl_setup_connection] 0-tcp.management: SSL verification succeeded (client: <a href="http://10.10.0.23:49150" target="_blank">10.10.0.23:49150</a>) (server: <a href="http://10.10.0.18:24007" target="_blank">10.10.0.18:24007</a>) </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:11.368753] D [socket.c:354:ssl_setup_connection] 0-tcp.management: peer CN = glusterserver-1005 </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:11.368770] D [socket.c:357:ssl_setup_connection] 0-tcp.management: SSL verification succeeded (client: <a href="http://10.10.0.18:49149" target="_blank">10.10.0.18:49149</a>) (server: <a href="http://10.10.0.18:24007" target="_blank">10.10.0.18:24007</a>) </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:13.535081] E [socket.c:364:ssl_setup_connection] 0-tcp.management: SSL connect error (client: <a href="http://10.10.0.18:49149" target="_blank">10.10.0.18:49149</a>) (server: <a href="http://10.10.0.18:24007" target="_blank">10.10.0.18:24007</a>) </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:13.535102] E [socket.c:203:ssl_dump_error_stack] 0-tcp.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number </font></div><div><font face="monospace, monospace">[2018-10-09 13:12:13.535129] E [socket.c:2677:socket_poller] 0-tcp.management: server setup failed</font></div></div><div><br></div><div>I believe that something has changed since version 4.1.3 cause using that version we were able to mount on the client and we did not get that SSL error. Also the cipher volume option was not set in that version. At this point i can't understand if node to node is actually using SSL or not and why the client is unable to mount</div><div><br></div><div>thanks</div><div>Davide</div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><span style="display:block;font-size:11.0pt;font-family:Century Gothic;color:#003580"><div style="color:rgb(0,53,128);font-family:Arial,Helvetica,sans-serif;font-weight:bold;font-size:15px"><div>Davide Obbi</div><div style="font-weight:normal;font-size:13px;color:rgb(0,174,239)">System Administrator<br><br></div><div style="font-weight:normal;font-size:13px;color:rgb(102,102,102)">Booking.com B.V.<br>Vijzelstraat 66-80 Amsterdam 1017HL Netherlands</div><div style="font-weight:normal;font-size:13px;color:rgb(102,102,102)"><span style="color:rgb(0,174,239)">Direct </span>+31207031558<br></div><div style="font-weight:normal;font-size:13px;color:rgb(102,102,102)"><div style="font-weight:bold;font-size:16px;color:rgb(0,53,128)"><a href="https://www.booking.com/" style="color:rgb(0,127,255);background-image:initial;background-position:initial;background-repeat:initial" target="_blank"><img src="https://bstatic.com/static/img/siglogo.jpg" alt="Booking.com" title="Booking.com"></a></div><span style="font-size:11px">The world's #1 accommodation site <br>43 languages, 198+ offices worldwide, 120,000+ global destinations, 1,550,000+ room nights booked every day <br>No booking fees, best price always guaranteed <br></span><span style="font-size:11px">Subsidiary of Booking Holdings Inc. (NASDAQ: BKNG)</span><span style="font-size:11px"><br></span></div></div></span></div>