[Gluster-users] Non-root user geo-replication in 3.6?
Aravinda
avishwan at redhat.com
Fri Jan 9 12:46:41 UTC 2015
Hi Paul,
Yes, it is possible to setup Geo-rep non root user in Slave. As of now
we have many manual steps like editing volfile etc. We are trying to
simplify the manual editing steps(patch:
http://review.gluster.org/#/c/9398/). I will also update these steps in
GlusterFS documentation.
The steps are as follows.
In all Slave nodes,
-------------------
1. Create a new group. For example, georepgrp.
2. Create a unprivileged account. For example, georepuser1. Add
georepuser1 as a member of georepgrp group.
3. As a root, create a new directory with permissions 0711. Ensure that
the location where this directory is created is writeable only by root
but georepuser1 is able to access it. For example, create a
mountbroker-root directory at /var/mountbroker-root.
4. Add the following options to the glusterd.vol file(If GlusterFS is
installed as source install then vol file is available in
/usr/loca/etc/glusterfs/glusterd.vol, if it is rpm install then
/etc/glusterfs/glusterd.vol)
option mountbroker-root /var/mountbroker-root
option mountbroker-geo-replication.georepuser1 slavevol
option geo-replication-log-group georepgrp
option rpc-auth-allow-insecure on
Where slavevol is the name of Slave volume
Example glusterd.vol file,
volume management
type mgmt/glusterd
option working-directory /var/lib/glusterd
option transport-type socket,rdma
option transport.socket.keepalive-time 10
option transport.socket.keepalive-interval 2
option transport.socket.read-fail-log off
option rpc-auth-allow-insecure on
option mountbroker-root /var/mountbroker-root
option mountbroker-geo-replication.georepuser1 slavevol
option geo-replication-log-group georepgrp
end-volume
If you need to enable multiple Gluster volumes for that user then add
multiple volume names for that user as below
option mountbroker-geo-replication.georepuser1 slavevol,slavevol2
To add multiple users,
option mountbroker-geo-replication.georepuser1 slavevol
option mountbroker-geo-replication.georepuser2 slavevol2,slavevol3
5. Restart glusterd service on all the Slave nodes.
In one Master Node
------------------
1. Setup a passwdless SSH from one of the master node to the user on one
of the slave node. For example, to georepuser1.
2. Follow the Georep setup steps similar to normal geo-rep setup.
gluster system:: execute gsec_create
gluster volume geo-replication MASTERVOL
georepuser1 at SLAVENODE::slavevol create push-pem
In any one Slave node,
----------------------
Run this script as root, georepuser1 as parameter.(In source
install, /usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh)
/usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georepuser1
Back in master node
-------------------
Start the geo-replication,
gluster volume geo-replication MASTERVOL
georepuser1 at SLAVENODE::slavevol start
Let us know if you face any issues.
--
regards
Aravinda
http://aravindavk.in
On 01/05/2015 07:05 PM, Paul Mc Auley wrote:
> Hi,
>
> Looking at https://bugzilla.redhat.com/show_bug.cgi?id=1077452 it
> seems to imply that it should be possible to set up and run
> geo-replication without requiring SSH as the root user to be enabled,
> but I've been able to get this working in my test setup using the
> 3.6.1 RPMs.
>
> I've tried the element of setting GLUSTERD_WORKDIR to /var/lib/glusterd
> and running /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh
>
> What is the current situation with this?
>
> Thanks,
> Paul
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-users
More information about the Gluster-users
mailing list