Bug 1317792

Summary: glusterd crashing on touching secure-access file
Product: [Community] GlusterFS Reporter: Thomas Urban <thomas.urban>
Component: encryption-xlatorAssignee: bugs <bugs>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.6.9CC: bugs, jdarcy, kaushal
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-23 12:32:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Urban 2016-03-15 08:49:11 UTC 
I was setting up glusterd 3.6.9 on two servers running Ubuntu Trusty
using Quick Start Guide. Everything is running fine as long as I don't
create /var/lib/glusterd/secure-access. After restarting daemon it segfaults.

Tried this:

root@storage2 ~ # start glusterfs-server
glusterfs-server start/running, process 11482
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on

Connection failed. Please check if gluster daemon is operational.
root@storage2 ~ # gluster volume info
Connection failed. Please check if gluster daemon is operational.
root@storage2 ~ # dmesg
...
[ 4417.013001] init: glusterfs-server main process (11227) killed by
SEGV signal
[ 4662.521818] init: glusterfs-server main process (11376) killed by
SEGV signal
[ 4788.023631] init: glusterfs-server main process (11482) killed by
SEGV signal

By removing empty file /var/lib/glusterd/secure-access daemons are
working fine again:

root@storage2 ~ # restart glusterfs-server
glusterfs-server start/running, process 11920
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on
Comment 1 Jeff Darcy 2016-03-15 11:32:43 UTC 
Just to be clear: you created this file on *one* server but not the other(s)?  It's still a bug that it crashes, but a cleaner kind of failure would still be expected in that case.  Mixed TLS and non-TLS communication within the management plane is not supported.
Comment 2 Thomas Urban 2016-03-15 12:10:08 UTC 
The file was created on both nodes.
Comment 3 Kaushal 2016-08-23 12:32:45 UTC 
Newer releases of GlusterFS-3.7 and GlusterFS-3.8 release have had many fixes to network encryption, which should have fixed this.

This bug is being closed as GlusterFS-3.6 is nearing its End-Of-Life and only important security bugs will be fixed. This bug has been fixed in more recent GlusterFS releases. If you still face this bug with the newer GlusterFS versions, please open a new bug.