[Gluster-users] Glusterfs SSL authentication issue

[Yong Zhang]

Use command: gluster vol set devops-influxdb auth.ssl-allow '10.10.0.100,10.10.0.101,prdglusterfsclient1'

notes: 10.10.0.100 and 10.10.0.101 are common names in certificate for glusterfs servers (hostname is prdsh01glus01 and prdsh01glus02), prdglusterfsclient1 is the common name for clients(hostname is prdsh01reg).

SSL verification succeeded for both servers and clients, and server authentication passed, but client authentication failed, connecting username is in the list of allowed user names, I don't know what’s wrong here... please help, thanks.

[2017-03-02 12:20:36.371080] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = 10.10.0.100 [2017-03-02 12:20:36.371146] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.100:49138)

[2017-03-02 12:20:36.372561] I [login.c:34:gf_auth] 0-auth/login: connecting user name: 10.10.0.100 [2017-03-02 12:20:36.372592] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:20:36.372607] I [MSGID: 115029] [server-handshake.c:693:server_setvolume] 0-devops-influxdb-server: accepted client from prdsh01glus01-30001-2017/03/02-12:20:36:328437-devops-influxdb-client-0-0-0 (version: 3.9.1)

[2017-03-02 12:20:37.530939] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = 10.10.0.101

[2017-03-02 12:20:37.530987] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.101:49134)

[2017-03-02 12:20:37.532131] I [login.c:34:gf_auth] 0-auth/login: connecting user name: 10.10.0.101 [2017-03-02 12:20:37.532160] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:20:37.532173] I [MSGID: 115029] [server-handshake.c:693:server_setvolume] 0-devops-influxdb-server: accepted client from prdsh01glus02-31390-2017/03/02-12:20:37:488625-devops-influxdb-client-0-0-0 (version: 3.9.1)

[2017-03-02 12:21:15.462333] I [socket.c:343:ssl_setup_connection] 0-tcp.devops-influxdb-server: peer CN = prdglusterfsclient1

[2017-03-02 12:21:15.462439] I [socket.c:346:ssl_setup_connection] 0-tcp.devops-influxdb-server: SSL verification succeeded (client: 10.10.0.16:49145)

[2017-03-02 12:21:15.463197] I [login.c:34:gf_auth] 0-auth/login: connecting user name: prdglusterfsclient1

[2017-03-02 12:21:15.463262] I [login.c:76:gf_auth] 0-auth/login: allowed user names: 10.10.0.100,10.10.0.101,prdglusterfsclient1

[2017-03-02 12:21:15.463392] E [MSGID: 115001] [server-handshake.c:720:server_setvolume] 0-devops-influxdb-server: Cannot authenticate client from prdsh01reg-9148-2017/03/02-12:21:15:446641-devops-influxdb-client-0-0-0 3.9.1 [Permission denied]



Volume info:

Volume Name: devops-influxdb

Type: Replicate

Volume ID: 91b3cec8-4886-4612-86c2-e30776ee1e5d

Status: Started

Snapshot Count: 0

Number of Bricks: 1 x 2 = 2

Transport-type: tcp

Bricks:

Brick1: 10.10.0.100:/glusterfsvolumes/devops/devops-influxdb/brick1

Brick2: 10.10.0.101:/glusterfsvolumes/devops/devops-influxdb/brick1

Options Reconfigured:

auth.allow: 10.10.0.*

nfs.disable: on

performance.readdir-ahead: on

transport.address-family: inet

server.ssl: on

client.ssl: on

auth.ssl-allow: 10.10.0.100,10.10.0.101,prdglusterfsclient1


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170302/aa751805/attachment.html>