Bug 1657398
| Summary: | Unable to mount with custom certificate file | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | James <jamesiarmes> | ||||||||
| Component: | transport | Assignee: | Sanju <srakonde> | ||||||||
| Status: | CLOSED UPSTREAM | QA Contact: | |||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | 4.1 | CC: | bugs, pasik | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | x86_64 | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2020-03-17 03:31:00 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
Created attachment 1512679 [details]
Log file when the custom cert file does not exist.
Created attachment 1512681 [details]
Log file when both cert files are present.
Notice that it does actually set the custom path in the volume file.
This bug is moved to https://github.com/gluster/glusterfs/issues/1114, and will be tracked there from now on. Visit GitHub issues URL for further details |
Created attachment 1512678 [details] Log file when the default cert file does not exist. Description of problem: Mounting gluster with custom cert fails when the cert does not also exist at the default path. We're trying to mount multiple file systems on a system, each one with it's own client certificate. We should be able to do so with the "transport.socket.ssl-own-cert" option (we'll also want to set the ca list and private key, but we're starting with the cert to make sure we can actually configure it). When we mount using the option, it fails with "could not load our cert at /etc/ssl/glusterfs.pem." However, if the default cert is in place but the one we specify isn't, it fails with "could not load our cert at /etc/ssl/backup.pem" (the path of the custom cert). If both certs are in place in succeeds. The command I'm running is mount -t HOST:gluster-volume -o "server-port=49152,xlator-option=*client*.transport.socket.ssl-own-cert=/etc/ssl/backup.pem" /mnt/jarmes Version-Release number of selected component (if applicable): 4.1.5 How reproducible: consistently Steps to Reproduce: 1. Configure volume with SSL. 2. Attempt to mount with a custom path to the cert file. Actual results: Mount fails unless both the default and custom cert exist. Expected results: Mount succeeds with custom cert only. Additional info: I've set the severity to high as we are blocked on this.