[Gluster-devel] custom ssl file locations

Banio aau at mncarpenters.net
Mon Feb 17 22:35:01 UTC 2014 

I am trying to change the location for the three ssl files needed to 
setup gluster volume with ssl on.

I have the following files (these worked when I had them in the 
directory /etc/ssl/):

/opt/working_ssl/glusterfs.pem
/opt/working_ssl/glusterfs.key
/opt/working_ssl/glusterfs.ca

I have created the volume testvol1 and modified it's vol file adding 
these lines:

     option transport.socket.ssl-own-cert /opt/working_ssl/glusterfs.pem
     option transport.socket.ssl-private-key /opt/working_ssl/glusterfs.key
     option transport.socket.ssl-ca-list /opt/working_ssl/glusterfs.ca

file:
/var/lib/glusterd/vols/testvol1/testvol1.gluster1.int.domain.com.mnt-gluster1-testvol1.vol

contents:

volume testvol1-posix
     type storage/posix
     option volume-id d1fc37cd-6f01-4e4f-b16f-64bacf5eeece
     option directory /mnt/gluster1/testvol1
end-volume

volume testvol1-access-control
     type features/access-control
     subvolumes testvol1-posix
end-volume

volume testvol1-locks
     type features/locks
     subvolumes testvol1-access-control
end-volume

volume testvol1-io-threads
     type performance/io-threads
     subvolumes testvol1-locks
end-volume

volume testvol1-index
     type features/index
     option index-base /mnt/gluster1/testvol1/.glusterfs/indices
     subvolumes testvol1-io-threads
end-volume

volume testvol1-marker
     type features/marker
     option quota off
     option xtime off
     option timestamp-file /var/lib/glusterd/vols/testvol1/marker.tstamp
     option volume-uuid d1fc37cd-6f01-4e4f-b16f-64bacf5eeece
     subvolumes testvol1-index
end-volume

volume /mnt/gluster1/testvol1
     type debug/io-stats
     option count-fop-hits off
     option latency-measurement off
     subvolumes testvol1-marker
end-volume

volume testvol1-server
     type protocol/server
     option transport.socket.ssl-enabled on
     option transport.socket.ssl-own-cert /opt/working_ssl/glusterfs.pem
     option transport.socket.ssl-private-key /opt/working_ssl/glusterfs.key
     option transport.socket.ssl-ca-list /opt/working_ssl/glusterfs.ca
     option auth.addr./mnt/gluster1/testvol1.allow *
     option auth.login.eb8806b6-223b-4a9a-96b8-cf858bfed59c.password 
c5230967-b38c-42b0-98ef-b59ea3140cb1
     option auth.login./mnt/gluster1/testvol1.allow 
eb8806b6-223b-4a9a-96b8-cf858bfed59c
     option transport-type tcp
     subvolumes /mnt/gluster1/testvol1
end-volume



When I start glusterd and start the volume I get the following in the 
glusterd log:


[2014-02-17 19:43:54.613346] I [glusterfsd.c:1910:main] 
0-/usr/sbin/glusterfs: Started running /usr/sbin/glusterfs version 3.4.2 
(/usr/sbin/glusterfs -s localhost --volfile-id gluster/glustershd -p 
/var/lib/glusterd/glustershd/run/glustershd.pid -l 
/var/log/glusterfs/glustershd.log -S 
/var/run/afbdc80b4837387dbe9559470b7b5fcf.socket --xlator-option 
*replicate*.node-uuid=4833d3fc-5a77-429b-971f-7c04b107fcfc)
[2014-02-17 19:43:54.621872] I [socket.c:3480:socket_init] 
0-socket.glusterfsd: SSL support is NOT enabled
[2014-02-17 19:43:54.622002] I [socket.c:3495:socket_init] 
0-socket.glusterfsd: using system polling thread
[2014-02-17 19:43:54.622284] I [socket.c:3480:socket_init] 0-glusterfs: 
SSL support is NOT enabled
[2014-02-17 19:43:54.622349] I [socket.c:3495:socket_init] 0-glusterfs: 
using system polling thread
[2014-02-17 19:43:54.633901] I [graph.c:239:gf_add_cmdline_options] 
0-testvol1-replicate-0: adding option 'node-uuid' for volume 
'testvol1-replicate-0' with value '4833d3fc-5a77-429b-971f-7c04b107fcfc'
[2014-02-17 19:43:54.641454] I [socket.c:3480:socket_init] 
0-testvol1-client-1: SSL support is ENABLED
[2014-02-17 19:43:54.641627] I [socket.c:3495:socket_init] 
0-testvol1-client-1: using private polling thread
[2014-02-17 19:43:54.644895] E [socket.c:3513:socket_init] 
0-testvol1-client-1: could not load our cert
[2014-02-17 19:43:54.644973] E [rpc-transport.c:320:rpc_transport_load] 
0-rpc-transport: 'socket' initialization failed
[2014-02-17 19:43:54.645031] W [rpc-clnt.c:972:rpc_clnt_connection_init] 
0-testvol1-client-1: loading of new rpc-transport failed
[2014-02-17 19:43:54.645089] I [mem-pool.c:541:mem_pool_destroy] 
0-testvol1-client-1: size=2236 max=0 total=0
[2014-02-17 19:43:54.645632] I [mem-pool.c:541:mem_pool_destroy] 
0-testvol1-client-1: size=124 max=0 total=0
[2014-02-17 19:43:54.645714] E [client.c:2283:client_init_rpc] 
0-testvol1-client-1: failed to initialize RPC
[2014-02-17 19:43:54.645770] E [xlator.c:390:xlator_init] 
0-testvol1-client-1: Initialization of volume 'testvol1-client-1' 
failed, review your volfile again
[2014-02-17 19:43:54.645821] E [graph.c:292:glusterfs_graph_init] 
0-testvol1-client-1: initializing translator failed
[2014-02-17 19:43:54.645871] E [graph.c:479:glusterfs_graph_activate] 
0-graph: init failed
[2014-02-17 19:43:54.646266] W [glusterfsd.c:1002:cleanup_and_exit] 
(-->/usr/lib64/libgfrpc.so.0(rpc_clnt_handle_reply+0xa5) 
[0x7f513f8b96f5] (-->/usr/sbin/glusterfs(mgmt_getspec_cbk+0x328) 
[0x40b908] (-->/usr/sbin/glusterfs(glusterfs_process_volfp+0x103) 
[0x4050c3]))) 0-: received signum (0), shutting down


Any help would be much appreciated.

More information about the Gluster-devel mailing list