diff options
| author | Jeff Darcy <jdarcy@redhat.com> | 2012-07-17 10:50:43 -0400 |
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2012-07-17 13:18:32 -0700 |
| commit | aea7759f1240b1e97684273b9369472695173a66 (patch) | |
| tree | 2e019059c2f79a159e5c5d5bf56d943be1eff16e /xlators/mgmt | |
| parent | ea0a0937a0524b8a449e470fbaea772a349d40fb (diff) | |
rpc-transport/socket: Add SSL support.
Based on OpenSSL. Key/certificate management is still manual. Enabling
SSL also enables multi-threading, though multi-threading can be forced on
or off using a separate option.
Change-Id: Icd9f256bb2fd8c6266a7abefdff16936b4f8922d
BUG: 764731
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.com/362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators/mgmt')
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-volgen.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c index ff35b8b085e..ae86eb18c65 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c @@ -175,6 +175,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = { {"network.frame-timeout", "protocol/client", NULL, NULL, NO_DOC, 0}, {"network.ping-timeout", "protocol/client", NULL, NULL, NO_DOC, 0}, {"network.tcp-window-size", "protocol/client", NULL, NULL, NO_DOC, 0}, + { "client.ssl", "protocol/client", "transport.socket.ssl-enabled", NULL, NO_DOC, 0}, {"network.tcp-window-size", "protocol/server", NULL, NULL, NO_DOC, 0}, {"network.inode-lru-limit", "protocol/server", NULL, NULL, NO_DOC, 0}, @@ -182,6 +183,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = { {AUTH_REJECT_MAP_KEY, "protocol/server", "!server-auth", NULL, DOC, 0}, {"transport.keepalive", "protocol/server", "transport.socket.keepalive", NULL, NO_DOC, 0}, {"server.allow-insecure", "protocol/server", "rpc-auth-allow-insecure", NULL, NO_DOC, 0}, + { "server.ssl", "protocol/server", "transport.socket.ssl-enabled", NULL, NO_DOC, 0}, {"performance.write-behind", "performance/write-behind", "!perf", "on", NO_DOC, 0}, {"performance.read-ahead", "performance/read-ahead", "!perf", "on", NO_DOC, 0}, @@ -2157,6 +2159,8 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo, char *str = NULL; glusterd_brickinfo_t *brick = NULL; xlator_t *xl = NULL; + char *ssl_str = NULL; + gf_boolean_t ssl_bool; volname = volinfo->volname; @@ -2222,6 +2226,19 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo, } } + if (dict_get_str(set_dict,"client.ssl",&ssl_str) == 0) { + if (gf_string2boolean(ssl_str,&ssl_bool) == 0) { + if (ssl_bool) { + ret = xlator_set_option(xl, + "transport.socket.ssl-enabled", + "true"); + if (ret) { + goto out; + } + } + } + } + i++; } |