Bug 1403543

Summary: RFE: [Ganesha+SSL] : Volume does not get exported when an attempt is made to TLS authenticate the clients and servers in an already existing Ganesha cluster.
Product: Red Hat Gluster Storage Reporter: Ambarish <asoman>
Component: nfs-ganeshaAssignee: Kaleb KEITHLEY <kkeithle>
Status: CLOSED NOTABUG QA Contact: Ambarish <asoman>
Severity: high Docs Contact:
Priority: unspecified    
Version: rhgs-3.2CC: amukherj, asoman, bturner, dang, ffilz, jthottan, mbenjamin, rhinduja, rhs-bugs, skoduri, storage-qa-internal
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-09 13:38:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ambarish 2016-12-11 09:04:16 UTC 
Description of problem:
-----------------------

*Looks like  Doc Bug,Raising a feature bug for starters to get everyone's opinion* 

*Case 1* : Have an SSL Setup(All clients and Servers authenticated),then create a Ganesha cluster - WORKS FINE.

*Case 2* : Have a 4 -node Ganesha cluster,proceed to authenticate IO and management via SSL.The volume does not get exported(showmount shows nothing).


Looks like if you need SSL with Ganesha,you have to do it via "Case 1",i.e.,SSL part first ,and then create the Ganesha cluster.

Or if it is the other way round(as mentioned in Case 2),then we have to do it the disruptive way by breaking the Ganesha cluster first. 


Version-Release number of selected component (if applicable):
-------------------------------------------------------------

nfs-ganesha-gluster-2.4.1-1.el7rhgs.x86_64
glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64

openssl-1.0.1e-60.el7.x86_64



How reproducible:
------------------

Every which way I try.

Steps to Reproduce:
-------------------

As in description.

Actual results:
-----------------

Volume does not get exported in a Ganesha cluster if setting up SSL is done after creating the Ganesha cluster.

Expected results:
------------------

Succesful exports and mounts.

Additional info:
----------------

OS : RHEL 7.3


*Vol Config* :
Volume Name: testvol
Type: Distributed-Replicate
Volume ID: 973991f6-8bdf-4b38-bef9-2abeaa829446
Status: Stopped
Snapshot Count: 0
Number of Bricks: 2 x 2 = 4
Transport-type: tcp
Bricks:
Brick1: gqas013.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick0
Brick2: gqas005.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick1
Brick3: gqas006.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick2
Brick4: gqas011.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick3
Options Reconfigured:
ganesha.enable: on
features.cache-invalidation: off
server.ssl: on
client.ssl: on
auth.ssl-allow: *
nfs.disable: on
performance.readdir-ahead: on
transport.address-family: inet
performance.stat-prefetch: off
server.allow-insecure: on
nfs-ganesha: enable
cluster.enable-shared-storage: enable
Comment 5 Ambarish 2017-02-09 13:38:50 UTC 
The problem was shared storage gets unmounted,when will kill the running gluster processes.

We are documenting setting up SSL on Ganesha in such a way that the admin would never hit this,which is by making sure that  the SS is remounted manually once the gluster processes are brought back up.

Closing this one as Not a Bug.