[Gluster-devel] SSL in 3.4.0qa1
Kaleb S. KEITHLEY
kkeithle at redhat.com
Wed Oct 31 11:33:23 UTC 2012
On 10/31/2012 06:31 AM, Emmanuel Dreyfus wrote:
> Hi
>
> I would like to test SSL in 3.4.0qa1 but cannot find the documentation.
>
> From prior testing, I recall I had to do gluster volume set in order
> to configure CA, cert and key, but it does not work:
>
> # gluster volume set gfs transport.socket.ssl-ca-list /etc/openssl/ca.crt
> volume set: failed: option : transport.socket.ssl-ca-list does not exist
> Did you mean transport.keepalive?
> volume set: failed
>
> How would it be done?
>
In a quick grovel through the code I see things like
transport.socket.ssl-enabled, along with transport.socket.ssl-own-cert,
transport.socket.ssl-private-key, and transport.socket.ssl-ca-list.
A quick read suggests to me that if you already have your key, cert, and
ca files in /etc/ssl/glusterfs.{key,pem,ca} you need simply set
transport.socket.ssl-enabled = true.
Moreover, I only see transport.socket.ssl-enabled in the CLI side of
things, i.e. .../xlators/mgmt/glusterd/src/..., which suggests that the
key, cert, and ca would need to be over-ridden in the volume file.
HTH.
--
Kaleb
More information about the Gluster-devel
mailing list