|
|
74b1de |
From 9b58731c83bc1ee9c5f2a3cd58a8f845cf09ee82 Mon Sep 17 00:00:00 2001
|
|
|
12a457 |
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
|
|
|
12a457 |
Date: Mon, 21 Mar 2016 13:54:19 +0530
|
|
|
74b1de |
Subject: [PATCH 03/52] rpc: set bind-insecure to off by default
|
|
|
12a457 |
|
|
|
12a457 |
commit 243a5b429f225acb8e7132264fe0a0835ff013d5 turn's 'ON'
|
|
|
12a457 |
allow-insecure and bind-insecure by default.
|
|
|
12a457 |
|
|
|
12a457 |
Problem:
|
|
|
12a457 |
Now with newer versions we have bind-insecure 'ON' by default.
|
|
|
12a457 |
So, while upgrading subset of nodes from a trusted storage pool,
|
|
|
12a457 |
nodes which have older versions of glusterfs will expect
|
|
|
12a457 |
connection from secure ports only (since they still have
|
|
|
12a457 |
bind-insecure off) thus they reject connection from upgraded
|
|
|
12a457 |
nodes which now have insecure ports.
|
|
|
12a457 |
|
|
|
12a457 |
Hence we will run into connection issues between peers.
|
|
|
12a457 |
|
|
|
12a457 |
Solution:
|
|
|
12a457 |
This patch will turn bind-insecure 'OFF' by default to avoid
|
|
|
12a457 |
problem explained above.
|
|
|
12a457 |
|
|
|
12a457 |
Label: DOWNSTREAM ONLY
|
|
|
12a457 |
|
|
|
12a457 |
Change-Id: Id7a19b4872399d3b019243b0857c9c7af75472f7
|
|
|
12a457 |
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
|
|
|
12a457 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/70313
|
|
|
12a457 |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
12a457 |
Tested-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
12a457 |
---
|
|
|
d1681e |
rpc/rpc-lib/src/rpc-transport.c | 4 ++--
|
|
|
d1681e |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
12a457 |
|
|
|
12a457 |
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c
|
|
|
74b1de |
index f9cbdf1..4beaaf9 100644
|
|
|
12a457 |
--- a/rpc/rpc-lib/src/rpc-transport.c
|
|
|
12a457 |
+++ b/rpc/rpc-lib/src/rpc-transport.c
|
|
|
74b1de |
@@ -269,8 +269,8 @@ rpc_transport_load(glusterfs_ctx_t *ctx, dict_t *options, char *trans_name)
|
|
|
74b1de |
else
|
|
|
74b1de |
trans->bind_insecure = 0;
|
|
|
74b1de |
} else {
|
|
|
74b1de |
- /* By default allow bind insecure */
|
|
|
74b1de |
- trans->bind_insecure = 1;
|
|
|
74b1de |
+ /* Turning off bind insecure by default*/
|
|
|
74b1de |
+ trans->bind_insecure = 0;
|
|
|
74b1de |
}
|
|
|
12a457 |
|
|
|
74b1de |
ret = dict_get_str(options, "transport-type", &type);
|
|
|
12a457 |
--
|
|
|
d1681e |
1.8.3.1
|
|
|
12a457 |
|