Bug 1101910

Summary:	Dist-geo-rep: If the user is created without primary group in mount-broker setup, geo-rep fails to set proper ownership of .ssh and authorized keys.
Product:	[Red Hat Storage] Red Hat Gluster Storage	Reporter:	Vijaykumar Koppad <vkoppad>
Component:	geo-replication	Assignee:	Avra Sengupta <asengupt>
Status:	CLOSED ERRATA	QA Contact:	Bhaskar Bandari <bbandari>
Severity:	high	Docs Contact:
Priority:	high
Version:	rhgs-3.0	CC:	aavati, asengupt, avishwan, bbandari, csaba, david.macdonald, nlevinki, nsathyan, ssamanta, vshankar
Target Milestone:	---
Target Release:	RHGS 3.0.0
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	glusterfs-3.6.0.25-1	Doc Type:	Known Issue
Doc Text:	While setting up mount-broker geo-replication, if the user is created without primary group, proper ownership of .ssh and authorized keys is not set. Workaround: Manually set the right permissions for .ssh and authorized keys	Story Points:	---
Clone Of:
Clones:	1101948 (view as bug list)		Environment:
Last Closed:	2014-09-22 19:39:31 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1087818, 1101948

Description Vijaykumar Koppad 2014-05-28 07:00:55 UTC

Description of problem: If the user is created without primary group in mount-broker setup, geo-rep fails to set proper ownership of .ssh and authorized keys.
which consequently fails mount-broker setup.

Version-Release number of selected component (if applicable): glusterfs-3.6.0.8-1

How reproducible: Happens everytime.

Steps to Reproduce:
1. create and start a master and slave volumes.
2. Create a new group on the slave nodes. For example, geogroup
3. Create a unprivileged account on the slave nodes without the primary group. For example, geoaccount. Make it a member of geogroup on all the slave nodes.
CMD : "useradd geoaccount -N -G geogroup"
4. Create a new directory on all the slave nodes owned by root and with permissions 0711. Ensure that the location where this directory is created is writable only by root but geoaccount is able to access it. For example, create a mountbroker-root directory at /var/mountbroker-root.
5. Add the following options to the glusterd volfile on the slave nodes, (which you can find in /etc/glusterfs/glusterd.vol) assuming the name of the slave volume as slavevol:

option mountbroker-root /var/mountbroker-root
option mountbroker-geo-replication.geoaccount slavevol
option geo-replication-log-group geogroup
option rpc-auth-allow-insecure on
6. Restart glusterd on all the slave nodes.
7. Setup a passwdless ssh from one of the master node, to user on one of the slave node. For ex: to geoaccount
8. Create geo-rep relationship between master and slave to the user from master one of the master node.
for ex: gluster volume geo-rep MASTERNODE geoaccount@SLAVENODE::slavevol create push-pem
9. In the slavenode which is used to create relationship, run /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh as a root with
user name as argument. Ex: # /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh geoaccount
Start the geo-rep with slave user
Ex: gluster volume geo-rep MASTERNODE geoaccount@SLAVENODE::slavevol start

Actual results: set_geo_rep_pem_keys.sh actually fails to setup proper ownership of authorized keys

Expected results: It shouldn't be able to set proper ownership.

Additional info:

Comment 2 Avra Sengupta 2014-06-05 07:19:26 UTC

Fix at https://code.engineering.redhat.com/gerrit/26327

Comment 5 Vijaykumar Koppad 2014-07-23 10:12:51 UTC

verified on the build glusterfs-3.6.0.25-1

Comment 9 errata-xmlrpc 2014-09-22 19:39:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1278.html