Re: [Gluster-users] Can I do SSL with Gluster v3.4.2 ?

2017-02-15 Thread Kaushal M 
On Thu, Feb 16, 2017 at 3:48 AM, dev  wrote:
> I'm trying to setup SSL transport with glusterfs following the guide
> here: http://blog.gluster.org/author/zbyszek/
>
> I've copied the resulting ca, pem and key files to my server
> (to /etc/ssl) as well as a copy on my gluster client. The link
> above does not explain the proper mount options for mounting the
> volume on the client however.
>
> I've tried searching for the correct options to add to the mount
> command, however nothing has turned up yet. I have found some
> options to place in a volume file such as:
>
>option transport.socket.ssl-enabled on
>option transport tcp
>option direct-io-mode disable
>option transport.socket.ssl-own-cert/etc/ssl/glusterfs.pem
>option transport.socket.ssl-private-key /etc/ssl/glusterfs.key
>option transport.socket.ssl-ca-list /etc/ssl/glusterfs.ca
>
> but mounting with:
>
>glusterfs -f /etc/gluster-pm-vol /mnt/ib-data/hydra
>
> Only gives an error in the logfile such as:
>...
>[socket.c:3594:socket_init] 0-pm1-dump: could not load our cert
>...
>
> I've started to investigate ACL on server, but attempting to
> set auth.ssl-allow results in an error as well.
>
>   # gluster volume info
>   Volume Name: pm1-dump
>   ...
>   client.ssl: on
>   ...
>
> # gluster volume set pm1-dump auth.ssl-allow foo
> volume set: failed: option : auth.ssl-allow does not exist
> Did you mean auth.allow?
>
> # gluster --version
> glusterfs 3.4.2 built on Jan 14 2014 18:05:37
>
>
> Is this version too old (ubuntu 14.04) to use SSL on or am I missing
> something?

This version is just too old. You can get up to date packages for
ubuntu from the gluster community ppa https://launchpad.net/~gluster .
I suggest you use glusterfs-3.8, which is the latest version to have
packages for trusty.

>
> Thanks in advance
> ___
> Gluster-users mailing list
> Gluster-users@gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-users
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users

[Gluster-users] Can I do SSL with Gluster v3.4.2 ?

2017-02-15 Thread dev 
I'm trying to setup SSL transport with glusterfs following the guide
here: http://blog.gluster.org/author/zbyszek/

I've copied the resulting ca, pem and key files to my server
(to /etc/ssl) as well as a copy on my gluster client. The link
above does not explain the proper mount options for mounting the
volume on the client however.

I've tried searching for the correct options to add to the mount
command, however nothing has turned up yet. I have found some
options to place in a volume file such as:

   option transport.socket.ssl-enabled on
   option transport tcp
   option direct-io-mode disable
   option transport.socket.ssl-own-cert/etc/ssl/glusterfs.pem
   option transport.socket.ssl-private-key /etc/ssl/glusterfs.key
   option transport.socket.ssl-ca-list /etc/ssl/glusterfs.ca

but mounting with:

   glusterfs -f /etc/gluster-pm-vol /mnt/ib-data/hydra

Only gives an error in the logfile such as:
   ...
   [socket.c:3594:socket_init] 0-pm1-dump: could not load our cert
   ...

I've started to investigate ACL on server, but attempting to
set auth.ssl-allow results in an error as well.

  # gluster volume info
  Volume Name: pm1-dump
  ...
  client.ssl: on
  ...

# gluster volume set pm1-dump auth.ssl-allow foo
volume set: failed: option : auth.ssl-allow does not exist
Did you mean auth.allow?

# gluster --version
glusterfs 3.4.2 built on Jan 14 2014 18:05:37


Is this version too old (ubuntu 14.04) to use SSL on or am I missing
something?

Thanks in advance
___
Gluster-users mailing list
Gluster-users@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-users