[Gluster-users] trouble mounting ssl-enabled volume
David Roundy
roundyd at physics.oregonstate.edu
Tue Jun 16 14:27:07 UTC 2015
Thanks, that was exactly the issue. I had assumed that the default for
auth.ssl-allow was *, which was what I wanted. Setting that and stopping
and starting my volume fixed things. Thanks!
David
On Mon, Jun 15, 2015, 6:19 PM Jeff Darcy <jdarcy at redhat.com> wrote:
> Hi all,
>
> I'm just installing my first ever glusterfs volume, and am running into
> trouble, which I think may be related to using ssl. I don't have a network
> I can trust, so using secure authentication and encryption is a
> show-stopper for me.
>
> I am using gluster 3.6.3 on Debian stable, and the command I'm using to
> mount is:
>
> # mount -t glusterfs localhost:/austen /home
>
> and the error message I am seeing is the following:
>
> # tail -23 /var/log/glusterfs/home.log
>
> +------------------------------------------------------------------------------+
> [2015-06-16 00:12:12.691413] I [socket.c:379:ssl_setup_connection]
> 0-austen-client-0: peer CN = elliot
> [2015-06-16 00:12:12.691978] I [rpc-clnt.c:1761:rpc_clnt_reconfig]
> 0-austen-client-0: changing port to 49152 (from 0)
> [2015-06-16 00:12:12.694267] I [socket.c:379:ssl_setup_connection]
> 0-austen-client-1: peer CN = wentworth
> [2015-06-16 00:12:12.695846] I [rpc-clnt.c:1761:rpc_clnt_reconfig]
> 0-austen-client-1: changing port to 49152 (from 0)
> [2015-06-16 00:12:12.703270] I [socket.c:379:ssl_setup_connection]
> 0-austen-client-0: peer CN = elliot
> [2015-06-16 00:12:12.703544] I
> [client-handshake.c:1413:select_server_supported_programs]
> 0-austen-client-0: Using Program GlusterFS 3.3, Num (1298437), Version (330)
> [2015-06-16 00:12:12.703912] W
> [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-0: failed to
> set the volume (Permission denied)
>
>
> Are you setting auth.ssl-allow to enable specific users (identified by CN)
> to access the volume? The following page shows how.
>
> http://www.gluster.org/community/documentation/index.php/SSL
>
> Also, note that the CN can't contain spaces. I know that's inconvenient,
> but space was already used as a delimiter and changing that would have
> affected backward compatibility.
>
> [2015-06-16 00:12:12.703940] W
> [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-0: failed to
> get 'process-uuid' from reply dict
> [2015-06-16 00:12:12.703956] E
> [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-0: SETVOLUME
> on remote-host failed: Authentication failed
> [2015-06-16 00:12:12.703970] I
> [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-0: sending
> AUTH_FAILED event
> [2015-06-16 00:12:12.703992] E [fuse-bridge.c:5145:notify] 0-fuse: Server
> authenication failed. Shutting down.
> [2015-06-16 00:12:12.704010] I [fuse-bridge.c:5599:fini] 0-fuse:
> Unmounting '/home'.
> [2015-06-16 00:12:12.709146] I [socket.c:379:ssl_setup_connection]
> 0-austen-client-1: peer CN = wentworth
> [2015-06-16 00:12:12.710243] I
> [client-handshake.c:1413:select_server_supported_programs]
> 0-austen-client-1: Using Program GlusterFS 3.3, Num (1298437), Version (330)
> [2015-06-16 00:12:12.711294] W
> [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-1: failed to
> set the volume (Permission denied)
> [2015-06-16 00:12:12.711321] W
> [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-1: failed to
> get 'process-uuid' from reply dict
> [2015-06-16 00:12:12.711330] E
> [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-1: SETVOLUME
> on remote-host failed: Authentication failed
> [2015-06-16 00:12:12.711339] I
> [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-1: sending
> AUTH_FAILED event
> [2015-06-16 00:12:12.711349] E [fuse-bridge.c:5145:notify] 0-fuse: Server
> authenication failed. Shutting down.
> [2015-06-16 00:12:12.711358] I [fuse-bridge.c:5599:fini] 0-fuse:
> Unmounting '/home'.
> [2015-06-16 00:12:12.711374] E [mount-common.c:228:fuse_mnt_umount]
> 0-glusterfs-fuse: fuse: failed to unmount /home: Invalid argument
> [2015-06-16 00:12:12.711586] W [glusterfsd.c:1194:cleanup_and_exit] (-->
> 0-: received signum (15), shutting down
>
> Sadly, I have very little idea as to how to debug this. I fear it may be
> a problem with my ssl keys (I created a CA key and used it to sign the keys
> for the two servers, but may have done this wrong.
>
> Any suggestions are welcome. I understand I haven't given all the
> information you likely need to help, but I don't even know what information
> would really be relevant, as I do not understand what this AUTH_FAILED
> event means.
>
> David
>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20150616/415830ec/attachment.html>
More information about the Gluster-users
mailing list