Bug 1101910 - Dist-geo-rep: If the user is created without primary group in mount-broker setup, geo-rep fails to set proper ownership of .ssh and authorized keys.
Summary: Dist-geo-rep: If the user is created without primary group in mount-broker se...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: geo-replication
Version: rhgs-3.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: RHGS 3.0.0
Assignee: Avra Sengupta
QA Contact: Bhaskar Bandari
URL:
Whiteboard:
Depends On:
Blocks: 1087818 1101948
TreeView+ depends on / blocked
 
Reported: 2014-05-28 07:00 UTC by Vijaykumar Koppad
Modified: 2015-05-13 17:01 UTC (History)
10 users (show)

Fixed In Version: glusterfs-3.6.0.25-1
Doc Type: Known Issue
Doc Text:
While setting up mount-broker geo-replication, if the user is created without primary group, proper ownership of .ssh and authorized keys is not set. Workaround: Manually set the right permissions for .ssh and authorized keys
Clone Of:
: 1101948 (view as bug list)
Environment:
Last Closed: 2014-09-22 19:39:31 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2014:1278 0 normal SHIPPED_LIVE Red Hat Storage Server 3.0 bug fix and enhancement update 2014-09-22 23:26:55 UTC

Description Vijaykumar Koppad 2014-05-28 07:00:55 UTC 
Description of problem:  If the user is created without primary group in mount-broker setup, geo-rep fails to set proper ownership of .ssh and authorized keys. 
which consequently fails mount-broker setup.  

Version-Release number of selected component (if applicable): glusterfs-3.6.0.8-1


How reproducible: Happens everytime.


Steps to Reproduce:
1. create and start a master and slave volumes. 
2. Create a new group on the slave nodes. For example, geogroup
3. Create a unprivileged account on the slave nodes without the primary group.   For example, geoaccount. Make it a member of geogroup on all the slave nodes.
CMD : "useradd geoaccount -N -G geogroup"
4. Create a new directory on all the slave nodes owned by root and with permissions 0711. Ensure that the location where this directory is created is writable only by root but geoaccount is able to access it. For example, create a mountbroker-root directory at /var/mountbroker-root.
5. Add the following options to the glusterd volfile on the slave nodes, (which you can find in /etc/glusterfs/glusterd.vol) assuming the name of the slave volume as slavevol:

   option mountbroker-root /var/mountbroker-root
   option mountbroker-geo-replication.geoaccount slavevol
   option geo-replication-log-group geogroup
   option rpc-auth-allow-insecure on
6. Restart glusterd on all the slave nodes.
7. Setup a passwdless ssh from one of the master node, to user on one of the slave node. For ex: to geoaccount
8. Create geo-rep relationship between master and slave to the user from master one of the master node.
for ex: gluster volume geo-rep MASTERNODE geoaccount@SLAVENODE::slavevol create push-pem
9. In the slavenode which is used to create relationship, run /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh as a root with
user name as argument. Ex: # /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh geoaccount
Start the geo-rep with slave user
Ex: gluster volume geo-rep MASTERNODE geoaccount@SLAVENODE::slavevol start


Actual results: set_geo_rep_pem_keys.sh actually fails to setup proper ownership of authorized keys


Expected results: It shouldn't be able to set proper ownership. 


Additional info:
Comment 2 Avra Sengupta 2014-06-05 07:19:26 UTC 
Fix at https://code.engineering.redhat.com/gerrit/26327
Comment 5 Vijaykumar Koppad 2014-07-23 10:12:51 UTC 
verified on the build glusterfs-3.6.0.25-1
Comment 9 errata-xmlrpc 2014-09-22 19:39:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1278.html
Note You need to log in before you can comment on or make changes to this bug.