1403543 – RFE: [Ganesha+SSL] : Volume does not get exported when an attempt is made to TLS authenticate the clients and servers in an already existing Ganesha cluster.

Bug 1403543 - RFE: [Ganesha+SSL] : Volume does not get exported when an attempt is made to TLS authenticate the clients and servers in an already existing Ganesha cluster.

Summary: RFE: [Ganesha+SSL] : Volume does not get exported when an attempt is made to ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat
Component:	nfs-ganesha
Sub Component:
Version:	rhgs-3.2
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Kaleb KEITHLEY
QA Contact:	Ambarish
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-11 09:04 UTC by Ambarish
Modified:	2017-02-09 13:38 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-02-09 13:38:50 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ambarish 2016-12-11 09:04:16 UTC

Description of problem:
-----------------------

*Looks like  Doc Bug,Raising a feature bug for starters to get everyone's opinion* 

*Case 1* : Have an SSL Setup(All clients and Servers authenticated),then create a Ganesha cluster - WORKS FINE.

*Case 2* : Have a 4 -node Ganesha cluster,proceed to authenticate IO and management via SSL.The volume does not get exported(showmount shows nothing).


Looks like if you need SSL with Ganesha,you have to do it via "Case 1",i.e.,SSL part first ,and then create the Ganesha cluster.

Or if it is the other way round(as mentioned in Case 2),then we have to do it the disruptive way by breaking the Ganesha cluster first. 


Version-Release number of selected component (if applicable):
-------------------------------------------------------------

nfs-ganesha-gluster-2.4.1-1.el7rhgs.x86_64
glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64

openssl-1.0.1e-60.el7.x86_64



How reproducible:
------------------

Every which way I try.

Steps to Reproduce:
-------------------

As in description.

Actual results:
-----------------

Volume does not get exported in a Ganesha cluster if setting up SSL is done after creating the Ganesha cluster.

Expected results:
------------------

Succesful exports and mounts.

Additional info:
----------------

OS : RHEL 7.3


*Vol Config* :
Volume Name: testvol
Type: Distributed-Replicate
Volume ID: 973991f6-8bdf-4b38-bef9-2abeaa829446
Status: Stopped
Snapshot Count: 0
Number of Bricks: 2 x 2 = 4
Transport-type: tcp
Bricks:
Brick1: gqas013.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick0
Brick2: gqas005.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick1
Brick3: gqas006.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick2
Brick4: gqas011.sbu.lab.eng.bos.redhat.com:/bricks/testvol_brick3
Options Reconfigured:
ganesha.enable: on
features.cache-invalidation: off
server.ssl: on
client.ssl: on
auth.ssl-allow: *
nfs.disable: on
performance.readdir-ahead: on
transport.address-family: inet
performance.stat-prefetch: off
server.allow-insecure: on
nfs-ganesha: enable
cluster.enable-shared-storage: enable

Comment 5 Ambarish 2017-02-09 13:38:50 UTC

The problem was shared storage gets unmounted,when will kill the running gluster processes.

We are documenting setting up SSL on Ganesha in such a way that the admin would never hit this,which is by making sure that  the SS is remounted manually once the gluster processes are brought back up.

Closing this one as Not a Bug.

Note You need to log in before you can comment on or make changes to this bug.