RCA: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool, and user has access to delete/ stop the volume.To resolve the same replace the list of rpc programs at the time of connection initialization in glusterd. Regards Mohit Agreawal
Patch is posted on upstream https://review.gluster.org/#/c/20328/ Regards Mohit Agrawal
COMMIT: https://review.gluster.org/20328 committed in master by "Atin Mukherjee" <amukherj> with a commit message- glusterfs: access trusted peer group via remote-host command Problem: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool Solution: Change the list of rpc program in glusterd.c at the time of initialization while SSL is enabled BUG: 1593232 Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 fixes: bz#1593232 Signed-off-by: Mohit Agrawal <moagrawa>
REVIEW: https://review.gluster.org/20338 (glusterfs: access trusted peer group via remote-host command) posted (#1) for review on release-4.1 by MOHIT AGRAWAL
REVIEW: https://review.gluster.org/20339 (glusterfs: access trusted peer group via remote-host command) posted (#1) for review on release-3.12 by MOHIT AGRAWAL
REVISION POSTED: https://review.gluster.org/20338 (glusterfs: access trusted peer group via remote-host command) posted (#2) for review on release-4.1 by Shyamsundar Ranganathan
REVISION POSTED: https://review.gluster.org/20339 (glusterfs: access trusted peer group via remote-host command) posted (#2) for review on release-3.12 by Shyamsundar Ranganathan
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-5.0, please open a new bug report. glusterfs-5.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://lists.gluster.org/pipermail/announce/2018-October/000115.html [2] https://www.gluster.org/pipermail/gluster-users/