On Thu, Feb 16, 2017 at 3:48 AM, dev <devuan.2 at gmail.com>
wrote:> I'm trying to setup SSL transport with glusterfs following the guide
> here: http://blog.gluster.org/author/zbyszek/
>
> I've copied the resulting ca, pem and key files to my server
> (to /etc/ssl) as well as a copy on my gluster client. The link
> above does not explain the proper mount options for mounting the
> volume on the client however.
>
> I've tried searching for the correct options to add to the mount
> command, however nothing has turned up yet. I have found some
> options to place in a volume file such as:
>
> option transport.socket.ssl-enabled on
> option transport tcp
> option direct-io-mode disable
> option transport.socket.ssl-own-cert /etc/ssl/glusterfs.pem
> option transport.socket.ssl-private-key /etc/ssl/glusterfs.key
> option transport.socket.ssl-ca-list /etc/ssl/glusterfs.ca
>
> but mounting with:
>
> glusterfs -f /etc/gluster-pm-vol /mnt/ib-data/hydra
>
> Only gives an error in the logfile such as:
> ...
> [socket.c:3594:socket_init] 0-pm1-dump: could not load our cert
> ...
>
> I've started to investigate ACL on server, but attempting to
> set auth.ssl-allow results in an error as well.
>
> # gluster volume info
> Volume Name: pm1-dump
> ...
> client.ssl: on
> ...
>
> # gluster volume set pm1-dump auth.ssl-allow foo
> volume set: failed: option : auth.ssl-allow does not exist
> Did you mean auth.allow?
>
> # gluster --version
> glusterfs 3.4.2 built on Jan 14 2014 18:05:37
>
>
> Is this version too old (ubuntu 14.04) to use SSL on or am I missing
> something?
This version is just too old. You can get up to date packages for
ubuntu from the gluster community ppa https://launchpad.net/~gluster .
I suggest you use glusterfs-3.8, which is the latest version to have
packages for trusty.
>
> Thanks in advance
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-users