[Gluster-devel] gluster SSL support
Jeffrey Darcy
jdarcy at redhat.com
Fri Jan 24 13:06:22 UTC 2014
key > Thanks for reply. I will explain my environment as it is quite bit different
> then usual setup. I am using gluster 3.4.
> For now i am using gluster to sync 2 servers - both have bricks attached - so
> i can say that they both are servers and clients (let say master-master
> config) - i need this setup to ensure that when one node goes offline, files
> are still intact - i have that setup on other environments with more nodes
> and it works great (thus on them gluster works via vpn).
> To be exact: on both servers there is local “brick” and it is mounted by:
>
> mount -t glusterfs host-X:/gv0 /mnt/gv0
>
> so even when last replica goes offline, files are still there for last
> running server.
>
> Answering your question: yes certs are properly installed - i have tried
> various combinations - but now i am not sure if my config do not make
> confusion for the glusterfs.
>
> What do you think?
Assuming that your keys/certs were generated something like this...
openssl genrsa -out $SSL_KEY 1024
openssl req -new -x509 -key $SSL_KEY -subj /CN=Anyone -out $SSL_CERT
...and that the following relationships apply...
glusterfs.pem and glusterfs.key match on each host
glusterfs.pem on host-X == glusterfs.ca on host-Y
glusterfs.pem on host-Y == glusterfs.ca on host-X
...then there's no obvious reason it wouldn't work. First thing I'd consider
is whether something like SELinux is preventing access to those files (perhaps
using strace to verify). Another thing to try would be to use s_server and
s_client (part of the OpenSSL package) to ensure that *they* can work with
those files. Lastly,
More information about the Gluster-devel
mailing list