RCA: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool, and a user has access to delete/ stop the volume.To resolve the same replace the list of RPC programs at the time of connection initialization in glusterd. Regards Mohit Agrawal
Patch is posted https://review.gluster.org/#/c/20338 Regards Mohit Agrawal
REVIEW: https://review.gluster.org/20338 (glusterfs: access trusted peer group via remote-host command) posted (#2) for review on release-4.1 by Shyamsundar Ranganathan
COMMIT: https://review.gluster.org/20338 committed in release-4.1 by "Shyamsundar Ranganathan" <srangana> with a commit message- glusterfs: access trusted peer group via remote-host command Problem: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool Solution: Change the list of rpc program in glusterd.c at the time of initialization while SSL is enabled > Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 > cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed BUG: 1593525 fixes: bz#1593525 Change-Id: Ice4eda3d8104a4d5641de3cffd7249e46080d48f Signed-off-by: Mohit Agrawal <moagrawa>