Description of problem: ----------------------- Gluster supports SSL/TLS encryption on management path as well as data path, when enabled on the volume and management daemon. keys, certs and ca files required for Gluster SSL/TLS to work are /etc/glusterfs.key, /etc/glusterfs.pem, /etc/glusterfs.ca respectively. In the case of Grafton project ( hyperconverged RHV & RHGS ), Gluster could make use of vdsm certs which are generated already. This RFE is to find a detailed process for Gluster to reuse vdsm certs for SSL/TLS encryption. Version-Release number of selected component (if applicable): ------------------------------------------------------------- RHV 4.1 How reproducible: ----------------- Not Applicable for RFE Steps to Reproduce: ------------------- Not Applicable for RFE Actual results: --------------- Gluster need to generate separate certs for SSL/TLS encryption Expected results: ----------------- There should be a flexible way for Gluster to reuse vdsm certs. Additional info:
This issue may sound like there is a solution straight-forward to use vdsm certs. The problem is the correct certs are generated and pushed from engine to the node, only after the node is added to the engine. In the case of hyperconvergence, we make use of self hosted-engine which again resides on the gluster volume. In this case, gluster cluster and gluster volumes are created well before hosted-engine deployment. The question here is how to make use of vdsm certs, which would get created post adding the host to the engine So, we should find a way or process, to make use of vdsm certs for Gluster cluster creation and gluster volume creation. Hence this RFE. Caveat to note here is, gluster cluster and gluster volume needs to be reinitialized ( restarted ) after enabling SSL/TLS encryption with management and data path.
Not a priority based on the customer use cases encountered so far. Closing this for now.