diff options
author | Kaushal M <kaushal@redhat.com> | 2015-07-07 12:52:30 +0530 |
---|---|---|
committer | Krishnan Parthasarathi <kparthas@redhat.com> | 2015-07-09 18:44:22 -0700 |
commit | 01b82c66155a8d92893a386d7a314c95e0f0702b (patch) | |
tree | dbd3848d5f41b18b63699ddcef787bbd4f651211 /xlators/mgmt/glusterd/src/glusterd-handler.c | |
parent | b6a7a44079c724cbf6fb24c7ac83892f551dc5f6 (diff) |
glusterd: Fix management encryption issues with GlusterD
Management encryption was enabled incorrectly in GlusterD leading to
issues of cluster deadlocks. This has been fixed with this commit. The
fix is in two parts,
1. Correctly enable encrytion for the TCP listener in GlusterD and
re-enable own-threads for encrypted connections.
Without this, GlusterD could try to esatblish the blocking SSL
connects in the epoll thread, for eg. when handling friend updates,
which could lead to cluster deadlocks.
2. Explicitly enable encryption for outgoing peer connections.
Without enabling encryption explicitly for outgoing connections was
causing SSL socket events to be handled in the epoll thread. Some
events, like disconnects during peer detach, could lead to connection
attempts to happen in the epoll thread, leading to deadlocks again.
Change-Id: I438c2b43f7b1965c0e04d95c000144118d36272c
BUG: 1240564
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.org/11559
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Diffstat (limited to 'xlators/mgmt/glusterd/src/glusterd-handler.c')
-rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handler.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index 6fccad5cd9b..ff5707bab28 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -3426,6 +3426,20 @@ glusterd_friend_rpc_create (xlator_t *this, glusterd_peerinfo_t *peerinfo, } } + /* Enable encryption for the client connection if management encryption + * is enabled + */ + if (this->ctx->secure_mgmt) { + ret = dict_set_str (options, "transport.socket.ssl-enabled", + "on"); + if (ret) { + gf_msg ("glusterd", GF_LOG_ERROR, 0, + GD_MSG_DICT_SET_FAILED, + "failed to set ssl-enabled in dict"); + goto out; + } + } + ret = glusterd_rpc_create (&peerinfo->rpc, options, glusterd_peer_rpc_notify, peerctx); if (ret) { |