diff options
| author | Rajesh Joseph <rjoseph@redhat.com> | 2016-11-29 21:57:37 +0530 |
|---|---|---|
| committer | Kaushal M <kaushal@redhat.com> | 2017-01-02 22:46:50 -0800 |
| commit | fe65668466895d33a589a4a51c45cc52fcaf14bd (patch) | |
| tree | ff486c7fb4450f2846c73e6235a2f1e461a2822a | |
| parent | d8a19cede65f38cf48b9e1724a7f20b01672fe4e (diff) | |
uss: snapd should enable SSL if SSL is enabled on volume
During snapd graph generation we should check if SSL is
enabled on main volume or not. This is because clients
will communicate with snapd as if it is communicating to
a brick.
> Reviewed-on: http://review.gluster.org/15979
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Kaushal M <kaushal@redhat.com>
(cherry picked from commit 182f0d12040dab5081ca645a3f370f65cd68b528)
Change-Id: I0d7fe86c567b297a8528a48faf06161d4c3cb415
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
BUG: 1400460
Reviewed-on: http://review.gluster.org/15987
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Avra Sengupta <asengupt@redhat.com>
Reviewed-by: Kaushal M <kaushal@redhat.com>
| -rwxr-xr-x | tests/bugs/snapshot/bug-1399598-uss-with-ssl.t | 98 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-volgen.c | 15 |
2 files changed, 113 insertions, 0 deletions
diff --git a/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t new file mode 100755 index 00000000000..1c50f746527 --- /dev/null +++ b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t @@ -0,0 +1,98 @@ +#!/bin/bash + +. $(dirname $0)/../../include.rc +. $(dirname $0)/../../volume.rc +. $(dirname $0)/../../traps.rc +. $(dirname $0)/../../snapshot.rc +. $(dirname $0)/../../ssl.rc + +function file_exists +{ + if [ -f $1 ]; then echo "Y"; else echo "N"; fi +} + +function volume_online_brick_count +{ + $CLI volume status $V0 | awk '$1 == "Brick" && $6 != "N/A" { print $6}' | wc -l; +} + +cleanup; + +# Initialize the test setup +TEST setup_lvm 1; + +TEST create_self_signed_certs + +# Start glusterd +TEST glusterd +TEST pidof glusterd; + +# Create and start the volume +TEST $CLI volume create $V0 $H0:$L1/b1; + +TEST $CLI volume start $V0; +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume and create some files +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +TEST touch $M0/file; + +# Enable activate-on-create +TEST $CLI snapshot config activate-on-create enable; + +# Create a snapshot +TEST $CLI snapshot create snap1 $V0 no-timestamp; + +TEST $CLI volume set $V0 features.uss enable; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +# Volume set can trigger graph switch therefore chances are we send this +# req to old graph. Old graph will not have .snaps. Therefore we should +# wait for some time. +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" file_exists $M0/.snaps/snap1/file + +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 + +# Enable management encryption +touch $GLUSTERD_WORKDIR/secure-access +killall_gluster + +TEST glusterd +TEST pidof glusterd; +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +EXPECT "Y" file_exists $M0/.snaps/snap1/file + +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 + +# Enable I/O encryption +TEST $CLI volume set $V0 client.ssl on +TEST $CLI volume set $V0 server.ssl on + +killall_gluster + +TEST glusterd +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +EXPECT "Y" file_exists $M0/.snaps/snap1/file + +TEST $CLI snapshot delete all +TEST $CLI volume stop $V0 +TEST $CLI volume delete $V0 + +cleanup; diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c index 52331dac302..759314f5a70 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c @@ -5645,6 +5645,8 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph, char *xlator = NULL; char *value = NULL; char auth_path[] = "auth-path"; + char *ssl_str = NULL; + gf_boolean_t ssl_bool = _gf_false; set_dict = dict_copy (volinfo->dict, NULL); if (!set_dict) @@ -5689,6 +5691,19 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph, if (ret) return -1; + if (dict_get_str (set_dict, "server.ssl", &ssl_str) == 0) { + if (gf_string2boolean (ssl_str, &ssl_bool) == 0) { + if (ssl_bool) { + ret = xlator_set_option(xl, + "transport.socket.ssl-enabled", + "true"); + if (ret) { + return -1; + } + } + } + } + RPC_SET_OPT(xl, SSL_OWN_CERT_OPT, "ssl-own-cert", return -1); RPC_SET_OPT(xl, SSL_PRIVATE_KEY_OPT,"ssl-private-key", return -1); RPC_SET_OPT(xl, SSL_CA_LIST_OPT, "ssl-ca-list", return -1); |