[Gluster-devel] SSL support
Jeff Darcy
jdarcy at redhat.com
Thu Dec 1 14:42:33 UTC 2011
On Thu, 1 Dec 2011 15:40:21 +0100
manu at netbsd.org (Emmanuel Dreyfus) wrote:
> In the meantime, what about setting defaults values for key, cert and
> CA (admins will smlink them to actual location), and just add some
> way of enabling ssl with the gluster command?
Adding defaults is a good idea. In fact I thought there were defaults
already, but looking at the patch I see none. Right now, SSL is
enabled iff all three file locations are specified. Instead, we should
probably add a fourth option to enable SSL, separately from whether
non-default file locations are specified. Could you please add that as
a review comment on the patch so that I'll remember it as the patch
progresses?
Adding SSL-related commands to the CLI is far more painful. That's not
to say it shouldn't be done; the only reason I'm reluctant to do it is
that it's connected to a whole lot of other management integration that
needs to happen (e.g. to make the entire management subsystem
understand the concept of a tenant) and I don't want to do it *twice*.
Would it be sufficient just to add the enable option using default
locations, but not the file-location options?
More information about the Gluster-devel
mailing list