Bug 849291 – [glusterfs-3.3.0q43]: clear-locks attempts to connect using privileged port

Bug 849291 - [glusterfs-3.3.0q43]: clear-locks attempts to connect using privileged port

Summary:	[glusterfs-3.3.0q43]: clear-locks attempts to connect using privileged port

Status:	CLOSED WORKSFORME

Aliases:	None

Product:	Red Hat Gluster Storage
Classification:	Red Hat
Component:	glusterfs (Show other bugs)
Sub Component:
Version:	2.0
Hardware:	Unspecified Unspecified

Priority	low Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	krishnan parthasarathi
QA Contact:	Sudhir D
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	825562
Blocks:
	Show dependency tree / graph

Reported:	2012-08-17 21:47 EDT by Vidya Sakar
Modified:	2015-11-03 18:04 EST (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	825562
Environment:
Last Closed:	2012-12-27 01:37:29 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Vidya Sakar 2012-08-17 21:47:20 EDT

+++ This bug was initially created as a clone of Bug #825562 +++

Version: 3.3.0qa34

clear-locks commands fail if rpc-auth-allow is not set as it attempts to connect via privileged port.

The CLI reports the error as:
Volume clear-locks unsuccessful
clear-locks getxattr command failed. Reason: Transport endpoint is not connected

### glusterd.vol.log has
[2012-05-27 12:54:33.217491] E [rpcsvc.c:491:rpcsvc_handle_rpc_call] 0-glusterd: Request received from non-privileged port. Failing request

--- Additional comment from joe@julianfamily.org on 2012-05-28 02:49:01 EDT ---

Did it again. Sorry, it's qa43 not 34.

--- Additional comment from joe@julianfamily.org on 2012-05-28 05:37:31 EDT ---

Created attachment 587189 [details]
mysql1-clearlocks-mnt.log

--- Additional comment from joe@julianfamily.org on 2012-05-28 06:02:06 EDT ---

Created attachment 587198 [details]
ewcs2:var-spool-glusterfs-a_mysql1.log

--- Additional comment from joe@julianfamily.org on 2012-05-28 06:11:43 EDT ---

Created attachment 587200 [details]
ewcs2: b,c,d

--- Additional comment from joe@julianfamily.org on 2012-05-28 06:15:34 EDT ---

Created attachment 587203 [details]
ewcs4: var-spool-glusterfs-{a,b,c,d}_mysql1.log

Each of these logs are for just the minutes that were in the clearlocks log. Let me know if that's not what you needed.

Comment 2 Amar Tumballi 2012-10-23 02:27:42 EDT

The work around exists to make this work even when insecure ports are used.

add below line to glusterd.vol:

"  option rpc-auth.ports.insecure on"
---- 

Hence reducing the priority of the bug in RHS.

Comment 3 Amar Tumballi 2012-12-27 01:37:29 EST

----------
amar@supernova:~/work/glusterfs$ git diff
diff --git a/doc/glusterd.vol b/doc/glusterd.vol
index de17d8f..8268c3d 100644
--- a/doc/glusterd.vol
+++ b/doc/glusterd.vol
@@ -4,5 +4,12 @@ volume management
     option transport-type socket,rdma
     option transport.socket.keepalive-time 10
     option transport.socket.keepalive-interval 2
+
+  # enable below option only if there are not many ports free below 1024
+  # to bind() the client process. In this case, you would have to run :
+  # 'gluster volume set <VOL> server.allow-insecure yes'
+  # on all the volumes to the proper functioning.
+  #
+#   option rpc-auth-allow-insecure yes
     option transport.socket.read-fail-log off
 end-volume
----------

The above patch is the only way at the moment to fix these things.

Also, Would like to close the bug with D(ocumentation)P(ending) flag set, once we have more better way of handling security (SSL/Kerberos etc), this issue will go away.

WORKSFORME always when we have the above two options set. WONTFIX the part of not having these options set for now.

Note You need to log in before you can comment on or make changes to this bug.