Description of problem: When SSL is enabled on management and I/O path i see that the following messages gets logged in glusterd.log every minute. [2016-12-19 06:45:28.516570] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:45:28.516595] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:45:39.458207] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:45:39.458237] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:45:55.225697] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:45:55.225734] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:992) [2016-12-19 06:45:55.326944] I [MSGID: 106488] [glusterd-handler.c:1539:__glusterd_handle_cli_get_volume] 0-management: Received get vol req [2016-12-19 06:45:55.426240] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:45:55.426259] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:46:01.541826] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:46:01.541857] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:992) [2016-12-19 06:46:03.414618] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:46:03.414639] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:46:08.844772] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:46:08.844790] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:992) [2016-12-19 06:46:11.416595] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:46:11.416614] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:46:14.766104] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:46:14.766136] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:992) [2016-12-19 06:46:39.404440] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.84 [2016-12-19 06:46:39.404463] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.84:992) There should be a way to reduce the logging of these messages in glusterd.log file Version-Release number of selected component (if applicable): glusterfs-3.8.4-8.el7rhgs.x86_64 How reproducible: Always Steps to Reproduce: 1. Have three nodes with glusterfs installed 2. Enable SSL on both management and I/O path. 3. After successful enablement look at glusterd.log file. Actual results: I see that the following messages comes in glusterd.log every minute. [2016-12-19 06:49:55.434637] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:49:55.434661] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:50:00.382347] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:50:00.382366] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:50:02.368641] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:50:02.368659] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:50:03.378959] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:50:03.378977] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:50:11.385735] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:50:11.385754] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:50:39.418306] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.83 [2016-12-19 06:50:39.418326] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.83:993) [2016-12-19 06:50:55.415020] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:50:55.415036] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) [2016-12-19 06:51:03.364260] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = 10.70.36.82 [2016-12-19 06:51:03.364281] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 10.70.36.82:985) Expected results: There should be a way to reduce these messages in glusterd.log file. Additional info:
Reproduced this on my setup. 4 Nodes,4 clients,1:1 mount via FUSE. Was running Bonnie++ default workload on all 4 mounts in different subdirectories. I see the following message being logged almost every second : [2016-12-20 06:12:55.755106] I [socket.c:343:ssl_setup_connection] 0-socket.management: peer CN = gqas010.sbu.lab.eng.bos.redhat.com [2016-12-20 06:12:55.755136] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: 192.168.79.141:1007) The message has been logged almost 45000 times in 24 hours and my logsize has bloated to 12MB in 24 hours.This is concerning as the logging is a bit over-zealous and is filling up "/" quickly.
Similar issue bug - https://bugzilla.redhat.com/show_bug.cgi?id=1389678
This would be an issue with Grafton on deployments with SSL enabled.
Got a chance to check this issue, here is the update. I am seeing this issue in my setup only when the FUSE mounted volume is stopped, this bz https://bugzilla.redhat.com/show_bug.cgi?id=1389678 tracks issue and not seeing this issue when the setup is idle OR busy with IOs
Posted a patch for the same in upstream https://review.gluster.org/#/c/16767/1
downstream patch : https://code.engineering.redhat.com/gerrit/#/c/101323/
BUILD : 3.8.4-35 Followed the steps mentioned in the bug, Not getting continuous info messages related to "Peer CN" and "SSL verification succeeded messages". Hence marking the bug as verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2774