Re: [Gluster-devel] SSL in 3.4.0qa1

gluster-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gluster-devel] SSL in 3.4.0qa1

From:	Kaleb S. KEITHLEY
Subject:	Re: [Gluster-devel] SSL in 3.4.0qa1
Date:	Wed, 31 Oct 2012 07:33:23 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1

On 10/31/2012 06:31 AM, Emmanuel Dreyfus wrote:

Hi

I would like to test SSL in 3.4.0qa1 but cannot find the documentation.

 From prior testing, I recall I had to do gluster volume set in order
to configure CA, cert and key, but it does not work:

# gluster volume set gfs transport.socket.ssl-ca-list  /etc/openssl/ca.crt
volume set: failed: option : transport.socket.ssl-ca-list does not exist
Did you mean transport.keepalive?
volume set: failed

How would it be done?

In a quick grovel through the code I see things liketransport.socket.ssl-enabled, along with transport.socket.ssl-own-cert,transport.socket.ssl-private-key, and transport.socket.ssl-ca-list.

A quick read suggests to me that if you already have your key, cert, andca files in /etc/ssl/glusterfs.{key,pem,ca} you need simply settransport.socket.ssl-enabled = true.

Moreover, I only see transport.socket.ssl-enabled in the CLI side ofthings, i.e. .../xlators/mgmt/glusterd/src/..., which suggests that thekey, cert, and ca would need to be over-ridden in the volume file.


HTH.

--

Kaleb

[Prev in Thread]

Current Thread

[Next in Thread]

[Gluster-devel] glusterfs-3.4.0qa1 released, Gluster Build System, 2012/10/17
- Re: [Gluster-devel] [Gluster-users] glusterfs-3.4.0qa1 released, Anand Avati, 2012/10/17
- [Gluster-devel] SSL in 3.4.0qa1, Emmanuel Dreyfus, 2012/10/31
  - Re: [Gluster-devel] SSL in 3.4.0qa1, Kaleb S. KEITHLEY <=

Prev by Date: [Gluster-devel] SSL in 3.4.0qa1
Previous by thread: [Gluster-devel] SSL in 3.4.0qa1
Next by thread: [Gluster-devel] mkostemp vs mkstemp?
Index(es):
- Date
- Thread