Bug 1317792 - glusterd crashing on touching secure-access file
Summary: glusterd crashing on touching secure-access file
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: encryption-xlator
Version: 3.6.9
Hardware: All
OS: All
medium
medium
Target Milestone: ---
Assignee: bugs@gluster.org
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-15 08:49 UTC by Thomas Urban
Modified: 2016-08-23 12:32 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-08-23 12:32:45 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Thomas Urban 2016-03-15 08:49:11 UTC 
I was setting up glusterd 3.6.9 on two servers running Ubuntu Trusty
using Quick Start Guide. Everything is running fine as long as I don't
create /var/lib/glusterd/secure-access. After restarting daemon it segfaults.

Tried this:

root@storage2 ~ # start glusterfs-server
glusterfs-server start/running, process 11482
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on

Connection failed. Please check if gluster daemon is operational.
root@storage2 ~ # gluster volume info
Connection failed. Please check if gluster daemon is operational.
root@storage2 ~ # dmesg
...
[ 4417.013001] init: glusterfs-server main process (11227) killed by
SEGV signal
[ 4662.521818] init: glusterfs-server main process (11376) killed by
SEGV signal
[ 4788.023631] init: glusterfs-server main process (11482) killed by
SEGV signal

By removing empty file /var/lib/glusterd/secure-access daemons are
working fine again:

root@storage2 ~ # restart glusterfs-server
glusterfs-server start/running, process 11920
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on
root@storage2 ~ # gluster volume info

Volume Name: customers
Type: Replicate
Volume ID: ef08867a-8ddf-44d2-8dba-346219da9a40
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: storage1.cepharum.de:/data/brick1/customers
Brick2: storage2.cepharum.de:/data/brick1/customers
Options Reconfigured:
client.ssl: on
server.ssl: on
Comment 1 Jeff Darcy 2016-03-15 11:32:43 UTC 
Just to be clear: you created this file on *one* server but not the other(s)?  It's still a bug that it crashes, but a cleaner kind of failure would still be expected in that case.  Mixed TLS and non-TLS communication within the management plane is not supported.
Comment 2 Thomas Urban 2016-03-15 12:10:08 UTC 
The file was created on both nodes.
Comment 3 Kaushal 2016-08-23 12:32:45 UTC 
Newer releases of GlusterFS-3.7 and GlusterFS-3.8 release have had many fixes to network encryption, which should have fixed this.

This bug is being closed as GlusterFS-3.6 is nearing its End-Of-Life and only important security bugs will be fixed. This bug has been fixed in more recent GlusterFS releases. If you still face this bug with the newer GlusterFS versions, please open a new bug.
Note You need to log in before you can comment on or make changes to this bug.