Bug 1574516 - The three gluster files should not be deleted for disabling I/O encryption
Summary: The three gluster files should not be deleted for disabling I/O encryption
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: doc-Container_Native_Storage_with_OpenShift
Version: cns-3.9
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Chandrakanth Pai
QA Contact: storage-qa-internal@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1568866
TreeView+ depends on / blocked
 
Reported: 2018-05-03 13:00 UTC by Rachael
Modified: 2018-11-30 06:07 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-14 14:22:06 UTC
Embargoed:

Attachments (Terms of Use)

Description Rachael 2018-05-03 13:00:00 UTC 
Description of problem:
In Section 17.4.1. Disabling I/O Encryption for all the Volumes, step 4 specifies deleting the three gluster files glusterfs.pem, glusterfs.ca, glusterfs.key. For a setup where management encryption is also enabled, deleting these three files will result in glusterd failing on all the gluster pods. 

A warning or note should be added to this step specifying the same.

Version-Release number of selected component (if applicable):


How reproducible: 1/1


Steps to Reproduce:
1. Enable I/O encryption and management encryption
2. Stop all volumes
3. Reset the auth.ssl-allow, client.ssl and server.ssl options
4. Remove glusterfs.pem, glusterfs.ca, glusterfs.key from all nodes
5. Stop glusterfs storage pods by deleting the daemonset
6. Create a new daemonset

Actual results:
Gluster pods fail to come up because glusterd service fails to start


Additional info:
https://access.redhat.com/documentation/en-us/container-native_storage/3.9/html/container-native_storage_for_openshift_container_platform/ch17s04
Note You need to log in before you can comment on or make changes to this bug.