From 875a3e3369c59863304b87966ed9e05448588a2e Mon Sep 17 00:00:00 2001

From: Rajesh Joseph <rjoseph@redhat.com>

Date: Tue, 29 Nov 2016 21:57:37 +0530

Subject: [PATCH 209/227] uss: snapd should enable SSL if SSL is enabled on

 volume

During snapd graph generation we should check if SSL is

enabled on main volume or not. This is because clients

will communicate with snapd as if it is communicating to

a brick.

> Reviewed-on: http://review.gluster.org/15979

> Smoke: Gluster Build System <jenkins@build.gluster.org>

> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>

> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>

> Reviewed-by: Kaushal M <kaushal@redhat.com>

Change-Id: I0d7fe86c567b297a8528a48faf06161d4c3cb415

Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>

BUG: 1399598

Reviewed-on: https://code.engineering.redhat.com/gerrit/91854

Reviewed-by: Atin Mukherjee <amukherj@redhat.com>

---

 tests/bugs/snapshot/bug-1399598-uss-with-ssl.t | 98 ++++++++++++++++++++++++++

 xlators/mgmt/glusterd/src/glusterd-volgen.c    | 15 ++++

 2 files changed, 113 insertions(+)

 create mode 100755 tests/bugs/snapshot/bug-1399598-uss-with-ssl.t

diff --git a/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t

new file mode 100755

index 0000000..1c50f74

--- /dev/null

+++ b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t

@@ -0,0 +1,98 @@

+#!/bin/bash

+

+. $(dirname $0)/../../include.rc

+. $(dirname $0)/../../volume.rc

+. $(dirname $0)/../../traps.rc

+. $(dirname $0)/../../snapshot.rc

+. $(dirname $0)/../../ssl.rc

+

+function file_exists

+{

+        if [ -f $1 ]; then echo "Y"; else echo "N"; fi

+}

+

+function volume_online_brick_count

+{

+        $CLI volume status $V0 | awk '$1 == "Brick" &&  $6 != "N/A" { print $6}' | wc -l;

+}

+

+cleanup;

+

+# Initialize the test setup

+TEST setup_lvm 1;

+

+TEST create_self_signed_certs

+

+# Start glusterd

+TEST glusterd

+TEST pidof glusterd;

+

+# Create and start the volume

+TEST $CLI volume create $V0 $H0:$L1/b1;

+

+TEST $CLI volume start $V0;

+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count

+

+# Mount the volume and create some files

+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;

+

+TEST touch $M0/file;

+

+# Enable activate-on-create

+TEST $CLI snapshot config activate-on-create enable;

+

+# Create a snapshot

+TEST $CLI snapshot create snap1 $V0 no-timestamp;

+

+TEST $CLI volume set $V0 features.uss enable;

+

+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist

+

+EXPECT "Y" file_exists $M0/file

+# Volume set can trigger graph switch therefore chances are we send this

+# req to old graph. Old graph will not have .snaps. Therefore we should

+# wait for some time.

+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" file_exists $M0/.snaps/snap1/file

+

+EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0

+

+# Enable management encryption

+touch  $GLUSTERD_WORKDIR/secure-access

+killall_gluster

+

+TEST glusterd

+TEST pidof glusterd;

+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count

+

+# Mount the volume

+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;

+

+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist

+

+EXPECT "Y" file_exists $M0/file

+EXPECT "Y" file_exists $M0/.snaps/snap1/file

+

+EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0

+

+# Enable I/O encryption

+TEST $CLI volume set $V0 client.ssl on

+TEST $CLI volume set $V0 server.ssl on

+

+killall_gluster

+

+TEST glusterd

+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count

+

+# Mount the volume

+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;

+

+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist

+

+EXPECT "Y" file_exists $M0/file

+EXPECT "Y" file_exists $M0/.snaps/snap1/file

+

+TEST $CLI snapshot delete all

+TEST $CLI volume stop $V0

+TEST $CLI volume delete $V0

+

+cleanup;

diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c

index 9e66547..7d2e4b4 100644

--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c

+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c

@@ -5408,6 +5408,8 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,

         char           *xlator          = NULL;

         char           *value           = NULL;

         char           auth_path[]      = "auth-path";

+        char           *ssl_str         = NULL;

+        gf_boolean_t   ssl_bool         = _gf_false;

         set_dict = dict_copy (volinfo->dict, NULL);

         if (!set_dict)

@@ -5452,6 +5454,19 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,

         if (ret)

                 return -1;

+        if (dict_get_str (set_dict, "server.ssl", &ssl_str) == 0) {

+                if (gf_string2boolean (ssl_str, &ssl_bool) == 0) {

+                        if (ssl_bool) {

+                                ret = xlator_set_option(xl,

+                                        "transport.socket.ssl-enabled",

+                                        "true");

+                                if (ret) {

+                                        return -1;

+                                }

+                        }

+                }

+        }

+

         RPC_SET_OPT(xl, SSL_OWN_CERT_OPT,   "ssl-own-cert",         return -1);

         RPC_SET_OPT(xl, SSL_PRIVATE_KEY_OPT,"ssl-private-key",      return -1);

         RPC_SET_OPT(xl, SSL_CA_LIST_OPT,    "ssl-ca-list",          return -1);

-- 

2.9.3