Bug 1181466
Summary: | [RFE][HC] – Require GlusterFS 3.7.3 for rpc-auth-allow-insecure to be used by libgfapi | ||
---|---|---|---|
Product: | [oVirt] ovirt-host-deploy | Reporter: | Federico Simoncelli <fsimonce> |
Component: | Plugins.Gluster | Assignee: | Sandro Bonazzola <sbonazzo> |
Status: | CLOSED UPSTREAM | QA Contact: | Pavel Stehlik <pstehlik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | --- | CC: | alonbl, amureini, bazulay, bugs, dougsland, ecohen, gklein, iheim, kaushal, lsurette, prasanna.kalever, ricardo.arguello, sabose, sbonazzo, sbose, vbellur, yeylon, ylavi |
Target Milestone: | ovirt-4.0.0-alpha | Keywords: | FutureFeature |
Target Release: | --- | Flags: | ylavi:
ovirt-4.0.0?
ylavi: planning_ack? ylavi: devel_ack? ylavi: testing_ack? |
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | integration | ||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-15 13:13:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1232658 | ||
Bug Blocks: | 1022961, 1177776 |
Description
Federico Simoncelli
2015-01-13 09:09:52 UTC
or patch libgfapi to enable secure mode? exposing hosts only because a component that is under our control misbehaves is the last [non available] alternative. (In reply to Alon Bar-Lev from comment #1) > or patch libgfapi to enable secure mode? exposing hosts only because a > component that is under our control misbehaves is the last [non available] > alternative. rpc-auth-allow-insecure: """ Allow client connections from unprivileged ports. By default only privileged ports are allowed. """ If you want regular users (using unprivileged ports on the client) to be able to connect to your gluster server you need to enable rpc-auth-allow-insecure. The use case for this is qemu processes (running as qemu user) being able to directly connect to the gluster server to access the images. It would be great if we could do it only per-volume but as I understood from Vijay that's not enough (you also need rpc-auth-allow-insecure). Vijay is that correct? According to Pranith and Vijay this one won't be needed starting with Gluster 3.7.1. So the requirement here is to raise the requirements for getting gluster >= 3.7.1 once it will be out in a couple of weeks. Waiting for Gluster 3.7.1 to be out. The patch has been delayed to 3.7.2 The patch has been delayed to 3.7.3 http://review.gluster.org/11039 should this be modified? AFAIK 3.7.3 has not been released yet. There were few problems discovered by http://review.gluster.org/11039 which can be addressed by http://review.gluster.org/#/c/11512/ (Waiting to get merged) This request has been proposed for two releases. This is invalid flag usage. The ovirt-future release flag has been cleared. If you wish to change the release flag, you must clear one release flag and then set the other release flag to ?. Closing Upstream, should be solved in Gluster by now. |