diff options
| author | Kotresh HR <khiremat@redhat.com> | 2015-01-16 14:32:09 +0530 |
|---|---|---|
| committer | Venky Shankar <vshankar@redhat.com> | 2015-01-21 22:58:41 -0800 |
| commit | f3ad194918dbbf00dcc9aebb226728294161ed7a (patch) | |
| tree | b7bb5ec817d849818108cd95893f22b8cc4bdb06 /xlators/mgmt | |
| parent | 27f2b8839e4d3ebe9ccbde071864b3e8016a3c4d (diff) | |
geo-rep: Handle copying of common_secret.pem.pub to slave correctly.
Current Behaviour:
1. Geo-replication gsec_create creates common_secret.pem.pub file
containing public keys of the all the nodes of master cluster
in the location /var/lib/glusterd/
2. Geo-replication create push-pem copies the common_secret.pem.pub
to the same location on all the slave nodes with same name.
Problem:
Wrong public keys might get copied on to slave nodes in multiple
geo-replication sessions simultaneosly.
E.g.
A geo-rep session is established between Node1(vol1:Master) to
Node2 (vol2:Slave). And one more geo-rep session where
Node2 (vol3) becomes master to Node3 (vol4) as below.
Session1: Node1 (vol1) ---> Node2 (vol2)
Session2: Node2 (vol3) ---> Node3 (vol4)
If steps followed to create both geo-replication session is as
follows, wrong public keys are copied on to Node3 from Node2.
1. gsec_create is done on Node1 (vol1) -Session1
2. gsec_create is done on Node2 (vol3) -Session2
3. create push-pem is done Node1 - Session1.
-This overwrites common_secret.pem.pub in Node2
created by gsec_create in second step.
4. create push-pem on Node2 (vol3) copies overwrited
common_secret.pem.pub keys to Node3. -Session2
Consequence:
Session2 fails to start with Permission denied because of wrong
public keys
Solution:
On geo-rep create push-pem, don't copy common_secret.pem.pub
file with same name on to all slave nodes. Prefix master and
slave volume names to the filename.
NOTE: This brings change in manual steps to be followed to setup
non-root geo-replication (mountbroker). To copy ssh public
keys, extra two arguments needs to be followed.
set_geo_rep_pem_keys.sh <mountbroker_user> <master vol name> \
<slave vol name>
Path to set_geo_rep_pem_keys.sh:
Source Installation:
/usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh
Rpm Installatino:
/usr/libexec/glusterfs/set_geo_rep_pem_keys.sh
Change-Id: If38cd4e6f58d674d5fe2d93da15803c73b660c33
BUG: 1183229
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/9460
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'xlators/mgmt')
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-geo-rep.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c index b48ea6f40fd..f75f7261ca1 100644 --- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c +++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c @@ -5294,9 +5294,9 @@ glusterd_op_gsync_create (dict_t *dict, char **op_errstr, dict_t *rsp_dict) is_pem_push = 0; snprintf(hooks_args, sizeof(hooks_args), - "is_push_pem=%d,pub_file=%s,slave_user=%s,slave_ip=%s", - is_pem_push, common_pem_file, slave_user, slave_ip); - + "is_push_pem=%d,pub_file=%s,slave_user=%s,slave_ip=%s," + "slave_vol=%s", is_pem_push, common_pem_file, + slave_user, slave_ip, slave_vol); } else snprintf(hooks_args, sizeof(hooks_args), "This argument will stop the hooks script"); |