Bug 825562 - [glusterfs-3.3.0q43]: clear-locks attempts to connect using privileged port
Summary: [glusterfs-3.3.0q43]: clear-locks attempts to connect using privileged port
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: GlusterFS
Classification: Community
Component: cli
Version: pre-release
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: krishnan parthasarathi
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 849291
TreeView+ depends on / blocked
 
Reported: 2012-05-27 19:57 UTC by Joe Julian
Modified: 2015-11-03 23:04 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
: 849291 (view as bug list)
Environment:
Last Closed: 2012-12-27 06:11:22 UTC
Regression: ---
Mount Type: ---
Documentation: DP
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)
mysql1-clearlocks-mnt.log (59.36 KB, text/plain)
2012-05-28 09:37 UTC, Joe Julian 		no flags Details
ewcs2:var-spool-glusterfs-a_mysql1.log (7.18 KB, text/plain)
2012-05-28 10:02 UTC, Joe Julian 		no flags Details
ewcs2: b,c,d (22.86 KB, text/plain)
2012-05-28 10:11 UTC, Joe Julian 		no flags Details
ewcs4: var-spool-glusterfs-{a,b,c,d}_mysql1.log (29.26 KB, text/plain)
2012-05-28 10:15 UTC, Joe Julian 		no flags Details
View All

Description Joe Julian 2012-05-27 19:57:54 UTC 
Version: 3.3.0qa34

clear-locks commands fail if rpc-auth-allow is not set as it attempts to connect via privileged port.

The CLI reports the error as:
Volume clear-locks unsuccessful
clear-locks getxattr command failed. Reason: Transport endpoint is not connected

### glusterd.vol.log has
[2012-05-27 12:54:33.217491] E [rpcsvc.c:491:rpcsvc_handle_rpc_call] 0-glusterd: Request received from non-privileged port. Failing request
Comment 1 Joe Julian 2012-05-28 06:49:01 UTC 
Did it again. Sorry, it's qa43 not 34.
Comment 2 Joe Julian 2012-05-28 09:37:31 UTC 
Created attachment 587189 [details]
mysql1-clearlocks-mnt.log
Comment 3 Joe Julian 2012-05-28 10:02:06 UTC 
Created attachment 587198 [details]
ewcs2:var-spool-glusterfs-a_mysql1.log
Comment 4 Joe Julian 2012-05-28 10:11:43 UTC 
Created attachment 587200 [details]
ewcs2: b,c,d
Comment 5 Joe Julian 2012-05-28 10:15:34 UTC 
Created attachment 587203 [details]
ewcs4: var-spool-glusterfs-{a,b,c,d}_mysql1.log

Each of these logs are for just the minutes that were in the clearlocks log. Let me know if that's not what you needed.
Comment 6 Amar Tumballi 2012-12-21 09:45:35 UTC 
one of the work around is to make sure everything works by adding "rpc-auth-allow-insecure yes" in volume files (both glusterd.vol and glusterfsd.vol, for which one can do 'gluster volume set <VOL> server.allow-insecure yes').

as the work around exists, would like to move the priority to medium.
Comment 7 Amar Tumballi 2012-12-27 06:10:15 UTC 
----------
amar@supernova:~/work/glusterfs$ git diff
diff --git a/doc/glusterd.vol b/doc/glusterd.vol
index de17d8f..8268c3d 100644
--- a/doc/glusterd.vol
+++ b/doc/glusterd.vol
@@ -4,5 +4,12 @@ volume management
     option transport-type socket,rdma
     option transport.socket.keepalive-time 10
     option transport.socket.keepalive-interval 2
+
+  # enable below option only if there are not many ports free below 1024
+  # to bind() the client process. In this case, you would have to run :
+  # 'gluster volume set <VOL> server.allow-insecure yes'
+  # on all the volumes to the proper functioning.
+  #
+#   option rpc-auth-allow-insecure yes
     option transport.socket.read-fail-log off
 end-volume
----------

The above patch is the only way at the moment to fix these things.

Also, Would like to close the bug with D(ocumentation)P(ending) flag set, once we have more better way of handling security (SSL/Kerberos etc), this issue will go away.
Comment 8 Amar Tumballi 2012-12-27 06:11:22 UTC 
as per comment #7 (WORKSFORME always when we have the above two options set). WONTFIX the part of not having these options set for now.
Note You need to log in before you can comment on or make changes to this bug.