Bug 1403459

Summary: [OpenSSL] : auth.ssl-allow has no option description.
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Ambarish <asoman>
Component: coreAssignee: Mohit Agrawal <moagrawa>
Status: CLOSED ERRATA QA Contact: SATHEESARAN <sasundar>
Severity: low Docs Contact:
Priority: low    
Version: rhgs-3.2CC: amukherj, bturner, rcyriac, rhinduja, rhs-bugs, sasundar, sheggodu, srakonde, storage-qa-internal, vbellur, vdas
Target Milestone: ---Keywords: Rebase
Target Release: RHGS 3.5.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: ssl
Fixed In Version: glusterfs-6.0-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1643349 (view as bug list) Environment:
Last Closed: 2019-10-30 12:19:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1643349, 1696807    

Description Ambarish 2016-12-10 14:05:51 UTC 
Description of problem:
------------------------

gluster v get help shows no description for auth.ssl-allow :


[root@gqas009 ~]# gluster v set help |grep auth.ssl
[root@gqas009 ~]# 

[root@gqas009 ~]# gluster v set help |grep ssl
Option: client.ssl
Description: enable/disable client.ssl flag in the volume.
Option: server.ssl
Description: enable/disable server.ssl flag in the volume.
Option: ssl.own-cert
Option: ssl.private-key
Option: ssl.ca-list
Option: ssl.crl-path
Option: ssl.certificate-depth
Option: ssl.cipher-list
Option: ssl.dh-param
Option: ssl.ec-curve
[root@gqas009 ~]# 

[root@gqas009 ~]# gluster v get testvol auth.ssl-allow
Option                                  Value                                   
------                                  -----                                   
auth.ssl-allow                          *                                       
[root@gqas009 ~]# 


Version-Release number of selected component (if applicable):
-------------------------------------------------------------

glusterfs-3.8.4-5.el7rhgs.x86_64

How reproducible:
-----------------

Always

Steps to Reproduce:
-------------------

In Description.

Actual results:
---------------

No description available for auth.ssl-allow

Expected results:
------------------

gluster v get help should ideally show the option description and the default value.

Additional info:
-----------------

None.
Comment 2 Atin Mukherjee 2016-12-12 04:09:01 UTC 
RCA:

In GlusterD's volume map entry table this option has been marked as NO_DOC which means no description will be shown up in gluster volume set help. This will be a simple fix to add on however not a blocker for 3.2.0 and can be moved beyond 3.2.0.
Comment 7 Amar Tumballi 2018-10-24 12:10:30 UTC 
Below is present in server.c: but not in glusterd-volume-set.c, adding this to volume-set.c would be a good to fix this.

----
    {.key = {"ssl-allow"},
     .setkey = "auth.login.{{ brick.path }}.ssl-allow",
     .default_value = "*",
     .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST,
     .flags = OPT_FLAG_SETTABLE | OPT_FLAG_DOC,
     .description = "Allow a comma separated list of common names (CN) of"
                    "the clients that are allowed to access the server."
                    "By default, all TLS authenticated clients are"
                    "allowed to access the server."},
----
Comment 8 Worker Ant 2018-10-26 05:24:32 UTC 
REVISION POSTED: https://review.gluster.org/21492 (core: auth.ssl-allow has no option description) posted (#3) for review on master by Harpreet Kaur Lalwani
Comment 11 SATHEESARAN 2019-05-14 10:48:03 UTC 
Tested with RHGS 3.5.0 interim build ( glusterfs-6.0.2.el7rhgs )

volume set help contains information about 'auth.ssl-allow'

<snip>
Option: server.ssl
Default Value: off
Description: enable/disable server.ssl flag in the volume.

Option: auth.ssl-allow
Default Value: *
Description: Allow a comma separated list of common names (CN) of the clients that are allowed to access the server.By default, all TLS authenticated clients are allowed to access the server.

</snip>
Comment 18 errata-xmlrpc 2019-10-30 12:19:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:3249