[Gluster-users] authentication to management socket?
Patrick Hemmer
glusterfs at stormcloud9.net
Wed Nov 5 20:49:21 UTC 2014
I'm trying to issue RPC calls to glusterd from a remote host. This can
be done with `gluster --remote-host=1.2.3.4`, but the daemon refuses any
commands which perform modifications.
SSL & authentication is not well documented, but I'm wondering if either
of these can be used. According to the documentation
(https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/doc/authentication.txt),
gluster supports authentication on volumes. And from looking at
/etc/glusterfs/glusterd.vol, it looks like management is configured as a
volume. So I was wondering if there was a way to use this to configure
glusterd to listen on a tcp socket, and enable authentication on it, and
then pass the auth credentials to the gluster command when making remote
calls.
Another thought was that according to
http://blog.onefellow.com/post/76702687553/enable-glusterfs-ssl-mode,
gluster supports client side SSL certificates. Also according to
http://blog.gluster.org/2014/10/glusterfs-3-6-0-is-alive/ SSL was just
added for the management interface. However I can't find any
documentation on it.
The only other solution I had thought of was to have socat listen on a
TCP port, perform the SSL certificate verification, and proxy the
connection to the glusterd unix domain socket. Then on the client, do
the same thing in reverse, have sockat listen on a unix domain socket,
add the SSL cert, and forward to the remote host over TCP. This would be
cumbersome though as I'd have to come up with some sort of wrapper to
launch socat, launch the gluster cli, then kill socat. I'm also unsure
of how to specify the path to the unix domain socket for the gluster
client. Documentation on this is non-existent. The only place the
`--remote-host=...` option is documented seems to be the
'troubleshooting' section on the web site.
-Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20141105/7f2960e6/attachment.html>
More information about the Gluster-users
mailing list