[Gluster-devel] Issue using quota with SSL support
Deepak Shetty
dpkshetty at gmail.com
Tue Sep 23 06:09:01 UTC 2014
On Mon, Sep 22, 2014 at 7:27 PM, Jeff Darcy <jdarcy at redhat.com> wrote:
> > It looks like this doesn't work as quota tries to create a temp mount
> which
> > fails hence the above error. quota acts as a local client for glusterd
> > (IIUC) and since we have the gluster volume enabled for SSL it fails the
> > mount hence limit-usage fails.
>
> hen SSL is enabled, *all* mounts must use it. That includes internal
> ones, such as NFS/Samba, quota, or any form of snapshots. We could add
> "dual mode" support, allowing both SSL and non-SSL connections to the
> same bricks, but in many cases that would defeat the purpose of having
> strong authentication in the first place.
>
> This is a bug, plain and simple. The quota volfile-generation and/or
> connection code needs to be fixed to honor the SSL options (including
> those that control SSL on the management path as well as the I/O path).
>
Hi Jeff,
Thanks for your response.
For quota code to use SSL, it will need client side certificates as well.
As i mentioned in my original mail.. I was not able to get the gluster
mount w/ SSL to work on the brick node and posted the error log (it says
"error
during SSL connect").
Can you throw some light on that ? My guess is that there is an issue with
the server and client trying to refer to the same set of .key|.pem files but
wanted to validate the same with you.
>
> Longer term, maybe we need a more bullet-proof abstraction. Instead of
> making calls to connect to entity X using method Y, we should just make
> a connection to X and the RPC code will internally select the
> appropriate method. The same abstraction will also be necessary when we
> implement proper multi-network support, so that the RPC code can choose
> the right address/route from among several for the same resource.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140923/6cb78d49/attachment.html>
More information about the Gluster-devel
mailing list