glusterfs.git/rpc, branch v4.1.5 rpc: handle EAGAIN when SSL_ERROR_SYSCALL is returned 2018-09-21T13:09:41+00:00 Milind Changire mchangir@redhat.com 2018-08-25T13:15:34+00:00 ed59d4a8c4eafb7ff7709d0bf12c467a0bc35698 Problem: A return value of ENODATA was forcibly returned in the case where SSL_get_error(r) returned SSL_ERROR_SYSCALL. Sometimes SSL_ERROR_SYSCALL is a transient error which is identified by setting errno to EAGAIN. EAGAIN is not a fatal error and indicates that the syscall needs to be retried. Solution: Bubble up the errno in case SSL_get_error(r) returns SSL_ERROR_SYSCALL and let the upper layers handle it appropriately. fixes: bz#1601356 Change-Id: I76eff278378930ee79abbf9fa267a7e77356eed6 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
A return value of ENODATA was forcibly returned in the case where
SSL_get_error(r) returned SSL_ERROR_SYSCALL. Sometimes SSL_ERROR_SYSCALL
is a transient error which is identified by setting errno to EAGAIN.
EAGAIN is not a fatal error and indicates that the syscall needs to be
retried.

Solution:
Bubble up the errno in case SSL_get_error(r) returns SSL_ERROR_SYSCALL
and let the upper layers handle it appropriately.

fixes: bz#1601356
Change-Id: I76eff278378930ee79abbf9fa267a7e77356eed6
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc: Don't reset auth_value in disconnect 2018-05-25T12:57:27+00:00 Kotresh HR khiremat@redhat.com 2018-05-17T09:28:24+00:00 dbe0984d8a84e0ca0e0d42f84d856c6f1d2a5134 The auth_value was being reset to AUTH_GLUSTERFS_v2 during rpc disconnect. It shoud not be reset. The disconnect during portmap request can race with handshake. If handshake happens first and disconnect later, auth_value would set to default value and it never sets back to actual auth_value Back port of > BUG: 1579276 > Change-Id: Ib46c9e01a97f6defb3fd1e0423fdb4b899b4a361 > Signed-off-by: Kotresh HR <khiremat@redhat.com> (cherry picked from commit 2d5b179d1a545f5b7ae8b1b2274769691dd3468f) fixes: bz#1582063 Change-Id: Ib46c9e01a97f6defb3fd1e0423fdb4b899b4a361 Signed-off-by: Kotresh HR <khiremat@redhat.com> 
The auth_value was being reset to AUTH_GLUSTERFS_v2
during rpc disconnect. It shoud not be reset. The
disconnect during portmap request can race with
handshake. If handshake happens first and
disconnect later, auth_value would set to default
value and it never sets back to actual auth_value

Back port of
> BUG: 1579276
> Change-Id: Ib46c9e01a97f6defb3fd1e0423fdb4b899b4a361
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 2d5b179d1a545f5b7ae8b1b2274769691dd3468f)

fixes: bz#1582063
Change-Id: Ib46c9e01a97f6defb3fd1e0423fdb4b899b4a361
Signed-off-by: Kotresh HR <khiremat@redhat.com>
core: move logs which are only developer relevant to DEBUG level 2018-05-09T17:41:57+00:00 Amar Tumballi amarts@redhat.com 2018-02-07T06:13:22+00:00 c7e281fcb7fcabb13132ba3a3e7a1a784b020719 Change-Id: I8b38e231b6160db8075f73773d4e7dc115a90d95 updates: bz#1542829 BUG: 1542829 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Change-Id: I8b38e231b6160db8075f73773d4e7dc115a90d95
updates: bz#1542829
BUG: 1542829
Signed-off-by: Amar Tumballi <amarts@redhat.com>
rpc: set listen-backlog to high value 2018-04-13T03:23:47+00:00 Milind Changire mchangir@redhat.com 2018-04-09T05:56:05+00:00 31da3f1d8513b10d0449a1855fbad5060bd6191d Problem: On node reboot, when glusterd starts volumes rapidly, there's a flood of connections from the bricks to glusterd and from the self-heal daemons to the bricks. This causes SYN Flooding and dropped connections when the listen-backlog is not enough to hold the pending connections to compensate for the rate at which connections are accepted by the RPC layer. Solution: Increase the listen-backlog value to 1024. This is a partial solution. Part of the solution is to rearm the listener socket early for quicker accept() of connections. See commit 6964640a977cb10c0c95a94e03c229918fa6eca8 (change 19833) Change-Id: I62283d1f4990dd43839f9a6932cf8a36effd632c fixes: bz#1564600 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
On node reboot, when glusterd starts volumes rapidly, there's a flood of
connections from the bricks to glusterd and from the self-heal daemons
to the bricks. This causes SYN Flooding and dropped connections when the
listen-backlog is not enough to hold the pending connections to
compensate for the rate at which connections are accepted by the RPC
layer.

Solution:
Increase the listen-backlog value to 1024. This is a partial solution.
Part of the solution is to rearm the listener socket early for quicker
accept() of connections.
See commit 6964640a977cb10c0c95a94e03c229918fa6eca8 (change 19833)

Change-Id: I62283d1f4990dd43839f9a6932cf8a36effd632c
fixes: bz#1564600
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc: rearm listener socket early 2018-04-07T03:01:09+00:00 Milind Changire mchangir@redhat.com 2018-04-06T17:49:07+00:00 6964640a977cb10c0c95a94e03c229918fa6eca8 Problem: On node reboot, when glusterd starts volumes, a setup with a large number of bricks might cause SYN Flooding and connections to be dropped if the connections are not accepted quickly enough. Solution: accept() the connection and rearm the listener socket early to receive more connection requests as soon as possible. Change-Id: Ibed421e50284c3f7a8fcdb4de7ac86cf53d4b74e fixes: bz#1564600 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
On node reboot, when glusterd starts volumes, a setup with a large
number of bricks might cause SYN Flooding and connections to be dropped
if the connections are not accepted quickly enough.

Solution:
accept() the connection and rearm the listener socket early to receive
more connection requests as soon as possible.

Change-Id: Ibed421e50284c3f7a8fcdb4de7ac86cf53d4b74e
fixes: bz#1564600
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc: update tirpc registration to "force" unregister old mapping before re-registering 2018-03-28T07:38:59+00:00 Shreyas Siravara sshreyas@fb.com 2015-03-18T18:02:18+00:00 20fb08d5258f2324433dd465257bcd65e8fe12c2 > Reviewed-on: https://review.gluster.org/16849 > Reviewed-by: Shreyas Siravara <sshreyas@fb.com> Change-Id: I05ed6b7c715a71e5819fbe8116e7c3146010f836 BUG: 1521030 Signed-off-by: Kevin Vigor <kvigor@fb.com> Signed-off-by: Amar Tumballi <amarts@redhat.com> 
> Reviewed-on: https://review.gluster.org/16849
> Reviewed-by: Shreyas Siravara <sshreyas@fb.com>

Change-Id: I05ed6b7c715a71e5819fbe8116e7c3146010f836
BUG: 1521030
Signed-off-by: Kevin Vigor <kvigor@fb.com>
Signed-off-by: Amar Tumballi <amarts@redhat.com>
rpc: simplify parameters when a saved frame is forced to unwind 2018-03-28T07:38:10+00:00 Zhang Huan zhanghuan@open-fs.com 2017-11-10T03:57:31+00:00 3b578daaec3937f6ea0ae8173ed92437fa53c732 When a saved frame is to be forced unwind, there is no need to pass an empty iovector without any data pointed to. Change-Id: I6e858fb38644326e22239b83272b15db656035e5 BUG: 1523122 Signed-off-by: Zhang Huan <zhanghuan@open-fs.com> 
When a saved frame is to be forced unwind, there is no need to pass an
empty iovector without any data pointed to.

Change-Id: I6e858fb38644326e22239b83272b15db656035e5
BUG: 1523122
Signed-off-by: Zhang Huan <zhanghuan@open-fs.com>
rpc: fix incorrect return value when xdr decode fails 2018-03-28T07:37:34+00:00 Zhang Huan zhanghuan@open-fs.com 2017-08-25T07:15:46+00:00 f7d6d8579c4f741744a781d338850835765ed171 xdr_replymsg is called to decode reply message, and it returns failure if the message is corrupted. However, retrieving return value from the global errno is 0 even xdr_replymsg fails. Fix this issue by simply returning a negative value if call to xdr_replymsg fails. Change-Id: I2b9a1dc97652fbb6cf6568ea617f120713784a55 BUG: 1523122 Signed-off-by: Zhang Huan <zhanghuan@open-fs.com> 
xdr_replymsg is called to decode reply message, and it returns failure
if the message is corrupted. However, retrieving return value from
the global errno is 0 even xdr_replymsg fails.

Fix this issue by simply returning a negative value if call to
xdr_replymsg fails.

Change-Id: I2b9a1dc97652fbb6cf6568ea617f120713784a55
BUG: 1523122
Signed-off-by: Zhang Huan <zhanghuan@open-fs.com>
socket: Improve error logging when loading SSL files fails 2018-03-21T17:44:53+00:00 Niklas Hambüchen mail@nh2.me 2017-11-03T17:53:54+00:00 ba87963b7622e31cacb4348af817c777d1c443ab * Say which file had the problem * Dump openssl error stack Fixes gluster/glusterfs#431. Change-Id: I66e9a0ae7758e9d7d8a5f19cc8ff898f01f2b491 Signed-off-by: Niklas Hambüchen <mail@nh2.me> 
* Say which file had the problem
* Dump openssl error stack

Fixes gluster/glusterfs#431.

Change-Id: I66e9a0ae7758e9d7d8a5f19cc8ff898f01f2b491
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
glusterd: TLS verification fails while using intermediate CA 2018-03-19T19:00:03+00:00 Mohit Agrawal moagrawa@redhat.com 2018-03-14T04:07:52+00:00 cf06dd544004701ef43fa81c5b7a95353d5c1d65 Problem: TLS verification fails while using intermediate CA if mgmt SSL is enabled. Solution: There are two main issue of TLS verification failing 1) not calling ssl_api to set cert_depth 2) The current code does not allow to set certificate depth while MGMT SSL is enabled. After apply this patch to set certificate depth user need to set parameter option transport.socket.ssl-cert-depth <depth> in /var/lib/glusterd/secure_acccess instead to set in /etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx we will check the value of cert-depth and save the value of cert-depth in ctx.If user does not provide any value in cert-depth in that case it will consider default value is 1 BUG: 1555154 Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: TLS verification fails while using intermediate CA
         if mgmt SSL is enabled.

Solution: There are two main issue of TLS verification failing
          1) not calling ssl_api to set cert_depth
          2) The current code does not allow to set certificate depth
             while MGMT SSL is enabled.
          After apply this patch to set certificate depth user
          need to set parameter option transport.socket.ssl-cert-depth <depth>
          in /var/lib/glusterd/secure_acccess instead to set in
          /etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx
          we will check the value of cert-depth and save the value of cert-depth
          in ctx.If user does not provide any value in cert-depth in that case
          it will consider default value is 1

BUG: 1555154
Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>