[Gluster-users] poor performance with encryption and SSL enabled

Tue Feb 24 17:01:21 UTC 2015

Hi gluster folks,

I'm looking for some configuration or debugging advice for a
distributed-replicated volume that uses SSL and at rest encryption.

SSL certs are self-signed and generated on all servers. Combined into a
glusterfs.ca in /etc/ssl. By itself the SSL is working well.

I've also turned on the disk encryption feature. Master key was generated
with 'openssl rand -hex 32' as per the docs and copied to all gluster
servers.

Status of volume: data
Gluster process Port Online Pid
------------------------------------------------------------------------------
Brick ip-10-9-0-62.ec2.internal:/export/brick 49152 Y 13393
Brick ip-10-9-0-101.ec2.internal:/export/brick 49152 Y 8412
Brick ip-10-9-0-103.ec2.internal:/export/brick 49152 Y 10125
Brick ip-10-9-0-102.ec2.internal:/export/brick 49152 Y 8266
Brick ip-10-9-0-100.ec2.internal:/export/brick 49152 Y 8263
Brick ip-10-9-0-105.ec2.internal:/export/brick 49152 Y 8277
Brick ip-10-9-0-104.ec2.internal:/export/brick 49152 Y 8261
Brick ip-10-9-0-106.ec2.internal:/export/brick 49152 Y 8272

Task Status of Volume data
------------------------------------------------------------------------------
There are no active volume tasks

Volume Name: data
Type: Distributed-Stripe
Volume ID: afad6283-5bee-42c1-b9e5-c3ed64e04aae
Status: Started
Number of Bricks: 4 x 2 = 8
Transport-type: tcp
Bricks:
Brick1: ip-10-9-0-62.ec2.internal:/export/brick
Brick2: ip-10-9-0-101.ec2.internal:/export/brick
Brick3: ip-10-9-0-103.ec2.internal:/export/brick
Brick4: ip-10-9-0-102.ec2.internal:/export/brick
Brick5: ip-10-9-0-100.ec2.internal:/export/brick
Brick6: ip-10-9-0-105.ec2.internal:/export/brick
Brick7: ip-10-9-0-104.ec2.internal:/export/brick
Brick8: ip-10-9-0-106.ec2.internal:/export/brick
Options Reconfigured:
server.allow-insecure: on
nfs.ports-insecure: on
auth.allow: *
client.ssl: on
server.ssl: on
auth.ssl-allow: *
features.encryption: on
encryption.master-key: /root/keystore/master.key
performance.quick-read: off
performance.write-behind: off
performance.open-behind: off
nfs.disable: on

If I run dd or any i/o operations I see a flurry of these messages in the
logs.

[2015-02-24 16:58:51.144099] W [stripe.c:5288:stripe_internal_getxattr_cbk]
(--> /usr/lib64/libglusterfs.so.0(_gf_log_callingfn+0x1e0)[0x3fd0620550]
(-->
/usr/lib64/glusterfs/3.6.2/xlator/cluster/stripe.so(stripe_internal_getxattr_cbk+0x36a)[0x7f6a152a12ba]
(-->
/usr/lib64/glusterfs/3.6.2/xlator/protocol/client.so(client3_3_fgetxattr_cbk+0x174)[0x7f6a154db284]
(--> /usr/lib64/libgfrpc.so.0(rpc_clnt_handle_reply+0xa5)[0x3fd0e0ea75]
(--> /usr/lib64/libgfrpc.so.0(rpc_clnt_notify+0x142)[0x3fd0e0ff02] )))))
0-data-stripe-3: invalid argument: frame->local

Thanks in advance for any tips/suggestions!

-Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150224/765df563/attachment.html>