Bug 1574516 - The three gluster files should not be deleted for disabling I/O encryption
Summary: The three gluster files should not be deleted for disabling I/O encryption
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: doc-Container_Native_Storage_with_OpenShift
Version: cns-3.9
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Chandrakanth Pai
QA Contact: storage-qa-internal@redhat.com
Depends On:
Blocks: 1568866
TreeView+ depends on / blocked
Reported: 2018-05-03 13:00 UTC by Rachael
Modified: 2018-11-30 06:07 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-09-14 14:22:06 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Rachael 2018-05-03 13:00:00 UTC
Description of problem:
In Section 17.4.1. Disabling I/O Encryption for all the Volumes, step 4 specifies deleting the three gluster files glusterfs.pem, glusterfs.ca, glusterfs.key. For a setup where management encryption is also enabled, deleting these three files will result in glusterd failing on all the gluster pods. 

A warning or note should be added to this step specifying the same.

Version-Release number of selected component (if applicable):

How reproducible: 1/1

Steps to Reproduce:
1. Enable I/O encryption and management encryption
2. Stop all volumes
3. Reset the auth.ssl-allow, client.ssl and server.ssl options
4. Remove glusterfs.pem, glusterfs.ca, glusterfs.key from all nodes
5. Stop glusterfs storage pods by deleting the daemonset
6. Create a new daemonset

Actual results:
Gluster pods fail to come up because glusterd service fails to start

Additional info:

Note You need to log in before you can comment on or make changes to this bug.