1. On a three glusterd nodes stopped the glusterd
2. Added the root ca and intermediate ca to glusterfs.ca to /etc/ssl/glusterfs.ca
3. copied root ca, ~]# rca.crt /etc/pki/ca-trust/source/anchors on all the gluster nodes
4. Updated the certs ~]# update-ca-trust
5. Created secure-access file in /var/lib/glusterd/secure-access and added the "option transport.socket.ssl-cert-depth 2"
6. Started glusterd.
7. Performed peer probe, created volume, started and mounted ran iozone.
8. Tried to mounted on non-ssl nodes, it failed as expected
9. Tried to peer probe to non-ssl nodes, it failed as expected
Hence moving to verified
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.