| Summary: | rpc: set bind-insecure to off by default | ||
|---|---|---|---|
| Product: | Red Hat Gluster Storage | Reporter: | Prasanna Kumar Kalever <prasanna.kalever> |
| Component: | core | Assignee: | Prasanna Kumar Kalever <prasanna.kalever> |
| Status: | CLOSED ERRATA | QA Contact: | Neha <nerawat> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhgs-3.1 | CC: | amukherj, prasanna.kalever, rcyriac, rhinduja, rhs-bugs, sankarshan, sashinde, sasundar, storage-qa-internal |
| Target Milestone: | --- | Keywords: | ZStream |
| Target Release: | RHGS 3.1.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | glusterfs-3.7.9-1 | Doc Type: | Bug Fix |
| Doc Text: |
none
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-23 05:04:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1311817 | ||
|
Description
Prasanna Kumar Kalever
2016-03-21 08:55:48 UTC
This bug is to track the fix which was already in 3.1.2 but missed out as part of rebasing to 3.1.3 from upstream 3.7.9 (In reply to Atin Mukherjee from comment #2) > This bug is to track the fix which was already in 3.1.2 but missed out as > part of rebasing to 3.1.3 from upstream 3.7.9 If I understand correctly, this solution is to revert that patch ( commit 243a5b429f225acb8e7132264fe0a0835ff013d5 ) that enabled allow-insecure and bind-insecure ? rpc: set bind-insecure to off by default commit 243a5b429f225acb8e7132264fe0a0835ff013d5 turn's 'ON' allow-insecure and bind-insecure by default. Problem: Now with newer versions we have bind-insecure 'ON' by default. So, while upgrading subset of nodes from a trusted storage pool, nodes which have older versions of glusterfs will expect connection from secure ports only (since they still have bind-insecure off) thus they reject connection from upgraded nodes which now have insecure ports. Hence we will run into connection issues between peers. Solution: This patch will turn bind-insecure 'OFF' by default to avoid problem explained above. Change-Id: Id7a19b4872399d3b019243b0857c9c7af75472f7 BUG: 1319638 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever> Don't see this issue with latest build. Tried to upgrade subset of nodes from 3.1.2 to 3.1.3 [version 3.7.9-2]. Moving it to verified. bind insecure default value is off in rhgs-3.1.2 as well and hence this doesn't qualify for a doc_text. Based on comment12, making the required changes Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1240 |