Bug 1243722
Summary: | glusterd crashed when a client which doesn't support SSL tries to mount a SSL enabled gluster volume | |||
---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | M S Vishwanath Bhat <vbhat> | |
Component: | glusterd | Assignee: | Kaushal <kaushal> | |
Status: | CLOSED ERRATA | QA Contact: | M S Vishwanath Bhat <vbhat> | |
Severity: | high | Docs Contact: | ||
Priority: | urgent | |||
Version: | rhgs-3.1 | CC: | amukherj, asriram, divya, kaushal, mlawrenc, mzywusko, nlevinki, rcyriac, rgowdapp, sasundar, vagarwal, vbellur | |
Target Milestone: | --- | Keywords: | ZStream | |
Target Release: | RHGS 3.1.1 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | GlusterD | |||
Fixed In Version: | glusterfs-3.7.1-12 | Doc Type: | Bug Fix | |
Doc Text: |
Previously, the glusterd was not fully initializing its transports when using management encryption. As a consequence, an unencrypted incoming connection would cause glusterd to crash.As a fix, the transports are now fully initialized and additional checks have been added to handle unencrypted incoming connections.Now, glusterd no longer crashes on incoming unencrypted connections when using management encryption.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1243774 (view as bug list) | Environment: | ||
Last Closed: | 2015-10-05 07:20:37 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1243774 | |||
Bug Blocks: | 1216951, 1244415, 1251815, 1314702 |
Description
M S Vishwanath Bhat
2015-07-16 07:21:05 UTC
Upstream fix posted at http://review.gluster.org/11692 Downstream fix posted at https://code.engineering.redhat.com/gerrit/53141 Doc text is edited. Please sign off to be included in Known Issues. The doc-text looks fine. I just tried mounting the volume from a client where ssl is not enabled and I don't see any crash. I did the following things. Create a 2*2 dist-rep volume, after setting up /etc/ssl/glusterfs.ca as per the setup doc. Encryption was enabled in both I/O path and management path (/var/lib/glusterd/secure-access) Now I tried to mount the volume from a client where ssl was not configured (secure-access and /etc/ssl/glusterfs.ca not present). The mounting failed, but no glusterd crashed. Also in glusterd log it was mentioned as SSL connection error. [2015-09-09 09:50:48.321206] W [socket.c:642:__socket_rwv] 0-nfs: readv on /var/run/gluster/c3f618f4216c677800277657ab6d7389.socket failed (Invalid argument) [2015-09-09 09:50:49.129991] E [socket.c:406:ssl_setup_connection] 0-socket.management: SSL connect error [2015-09-09 09:50:49.130136] E [socket.c:260:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2015-09-09 09:50:49.130181] E [socket.c:2442:socket_poller] 0-socket.management: server setup failed [2015-09-09 09:50:51.322009] W [socket.c:642:__socket_rwv] 0-nfs: readv on /var/run/gluster/c3f618f4216c677800277657ab6d7389.socket failed (Invalid argument) I setup ssl in client now. Created secure-access and created /etc/ssl/glusterfs.ca. Tried to mount and it was mounted. Moving the bug to verified. Please reopen if hit again. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1845.html |