[Bugs] [Bug 1601356] New: Problem with SSL/TLS encryption on Gluster 4.0 & 4.1

bugzilla at redhat.com bugzilla at redhat.com
Mon Jul 16 07:39:54 UTC 2018 

https://bugzilla.redhat.com/show_bug.cgi?id=1601356

            Bug ID: 1601356
           Summary: Problem with SSL/TLS encryption on Gluster 4.0 & 4.1
           Product: GlusterFS
           Version: 4.1
         Component: glusterd
          Severity: medium
          Assignee: bugs at gluster.org
          Reporter: andreihavriliuc at gmail.com
                CC: bugs at gluster.org



Created attachment 1459060
  --> https://bugzilla.redhat.com/attachment.cgi?id=1459060&action=edit
Installation procedure for Gluster 4.X

Hello,

This is my first time reporting a bug on bugzilla, so let me know if I post
something wrong.

Description of problem:

I am doing some tests with GlusterFS 4.0 and 4.1 and I can't seem to solve some 
SSL/TLS issues. I am trying to set up a 2 node replicated gluster volume 
with SSL/TLS. For this setup, I use 3 KVM VMs (2 storage nodes + 1 
client node). For the networking part, I use a dedicated private LAN for 
the KVM VMs. Each VM is able to ping the other, so there's no problem 
with the connectivity.




Version-Release number of selected component (if applicable):

These are the installed packages on gluster-client:

[root at gluster-client ~]# rpm -qa | grep "gluster\|fuse"
glusterfs-4.1.1-1.el7.x86_64
centos-release-gluster41-1.0-1.el7.centos.x86_64
glusterfs-libs-4.1.1-1.el7.x86_64
glusterfs-client-xlators-4.1.1-1.el7.x86_64
glusterfs-fuse-4.1.1-1.el7.x86_64




And these are the installed packages on gluster1 and gluster2 storage nodes:


[root at gluster1 ~]# rpm -qa | grep "gluster\|fuse"
glusterfs-api-4.1.1-1.el7.x86_64
centos-release-gluster41-1.0-1.el7.centos.x86_64
glusterfs-libs-4.1.1-1.el7.x86_64
glusterfs-4.1.1-1.el7.x86_64
glusterfs-cli-4.1.1-1.el7.x86_64
glusterfs-fuse-4.1.1-1.el7.x86_64
glusterfs-server-4.1.1-1.el7.x86_64
glusterfs-client-xlators-4.1.1-1.el7.x86_64


=====================================================

These are the informations regarding the gluster volume:

[root at gluster1 ~]# gluster volume info vol01

Volume Name: vol01
Type: Replicate
Volume ID: ab7426a5-23ab-40ff-91af-a5b977152553
Status: Started
Snapshot Count: 0
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: gluster1:/data/glusterfs/gluster1/vol01/brick1
Brick2: gluster2:/data/glusterfs/gluster2/vol01/brick1
Options Reconfigured:
ssl.cipher-list: ALL
network.ping-timeout: 5
server.ssl: on
client.ssl: on
auth.ssl-allow: *
transport.address-family: inet
nfs.disable: on
performance.client-io-threads: off


=====================================================

Here is the peers information:

[root at gluster1 ~]# gluster peer status
Number of Peers: 1

Hostname: gluster2
Uuid: f506bf62-6551-46b0-8a5b-457ae1fde839
State: Peer in Cluster (Connected)



=====================================================

Here is the volume status:

[root at gluster1 ~]# gluster volume status vol01
Status of volume: vol01
Gluster process                             TCP Port  RDMA Port  Online  Pid
------------------------------------------------------------------------------
Brick gluster1:/data/glusterfs/gluster1/vol
01/brick1                                   49152     0          Y       11196
Brick gluster2:/data/glusterfs/gluster2/vol
01/brick1                                   49152     0          Y       11013
Self-heal Daemon on localhost               N/A       N/A        Y       11315
Self-heal Daemon on gluster2                N/A       N/A        Y       11086

Task Status of Volume vol01
------------------------------------------------------------------------------
There are no active volume tasks



=====================================================




How reproducible:


Steps to Reproduce:
1. Install GlusterFS 4.0 or 4.1
2. Make a 2-node replicated gluster volume 
with SSL/TLS
3. After doing all the necessary settings, try to copy a file to the Fuse mount
on the client node.

I've also put a .txt file with my procedure of installing the Gluster nodes and
client. Let me know if you see anything wrong with it.

Actual results:

I receive this error: "Transport endpoint is not connected" after I issue the
copy command.

Expected results:

I expected the file to be copied without a problem, like in version 3.12.

Additional info:

There is a Gluster mailing list thread about this. I will post it here just so
that the two are linked:

https://lists.gluster.org/pipermail/gluster-users/2018-July/034353.html


The 
mount works fine until I try to copy an archive, multiple smaller files 
or a bigger file on it (meaning it shows correctly in df -Th and I can 
create several files with "touch file1 file2..."). Basically, after any 
data transfer, I get these errors.


I followed the indications from the redhat page:

https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.1/html/administration_guide/chap-network_encryption

UPDATE 1:
I tried doing the exact same steps in Gluster 3.12 and had no problem. 
The steps worked and SSL/TLS was enabled. There was no transport error 
or anything and I also checked if SSL/TLS was enabled. Afterwards, I 
also tried with the new release 4.1 and the problem persists (same error 
with "Transport endpoint is not connected").
Let me know if you need any other info. Any help is much appreciated.

Regards,
Andrei H.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list