|
|
3604df |
From 875a3e3369c59863304b87966ed9e05448588a2e Mon Sep 17 00:00:00 2001
|
|
|
3604df |
From: Rajesh Joseph <rjoseph@redhat.com>
|
|
|
3604df |
Date: Tue, 29 Nov 2016 21:57:37 +0530
|
|
|
3604df |
Subject: [PATCH 209/227] uss: snapd should enable SSL if SSL is enabled on
|
|
|
3604df |
volume
|
|
|
3604df |
|
|
|
3604df |
During snapd graph generation we should check if SSL is
|
|
|
3604df |
enabled on main volume or not. This is because clients
|
|
|
3604df |
will communicate with snapd as if it is communicating to
|
|
|
3604df |
a brick.
|
|
|
3604df |
|
|
|
3604df |
> Reviewed-on: http://review.gluster.org/15979
|
|
|
3604df |
> Smoke: Gluster Build System <jenkins@build.gluster.org>
|
|
|
3604df |
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
|
|
|
3604df |
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
|
|
|
3604df |
> Reviewed-by: Kaushal M <kaushal@redhat.com>
|
|
|
3604df |
|
|
|
3604df |
Change-Id: I0d7fe86c567b297a8528a48faf06161d4c3cb415
|
|
|
3604df |
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
|
|
|
3604df |
BUG: 1399598
|
|
|
3604df |
Reviewed-on: https://code.engineering.redhat.com/gerrit/91854
|
|
|
3604df |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
3604df |
---
|
|
|
3604df |
tests/bugs/snapshot/bug-1399598-uss-with-ssl.t | 98 ++++++++++++++++++++++++++
|
|
|
3604df |
xlators/mgmt/glusterd/src/glusterd-volgen.c | 15 ++++
|
|
|
3604df |
2 files changed, 113 insertions(+)
|
|
|
3604df |
create mode 100755 tests/bugs/snapshot/bug-1399598-uss-with-ssl.t
|
|
|
3604df |
|
|
|
3604df |
diff --git a/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t
|
|
|
3604df |
new file mode 100755
|
|
|
3604df |
index 0000000..1c50f74
|
|
|
3604df |
--- /dev/null
|
|
|
3604df |
+++ b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t
|
|
|
3604df |
@@ -0,0 +1,98 @@
|
|
|
3604df |
+#!/bin/bash
|
|
|
3604df |
+
|
|
|
3604df |
+. $(dirname $0)/../../include.rc
|
|
|
3604df |
+. $(dirname $0)/../../volume.rc
|
|
|
3604df |
+. $(dirname $0)/../../traps.rc
|
|
|
3604df |
+. $(dirname $0)/../../snapshot.rc
|
|
|
3604df |
+. $(dirname $0)/../../ssl.rc
|
|
|
3604df |
+
|
|
|
3604df |
+function file_exists
|
|
|
3604df |
+{
|
|
|
3604df |
+ if [ -f $1 ]; then echo "Y"; else echo "N"; fi
|
|
|
3604df |
+}
|
|
|
3604df |
+
|
|
|
3604df |
+function volume_online_brick_count
|
|
|
3604df |
+{
|
|
|
3604df |
+ $CLI volume status $V0 | awk '$1 == "Brick" && $6 != "N/A" { print $6}' | wc -l;
|
|
|
3604df |
+}
|
|
|
3604df |
+
|
|
|
3604df |
+cleanup;
|
|
|
3604df |
+
|
|
|
3604df |
+# Initialize the test setup
|
|
|
3604df |
+TEST setup_lvm 1;
|
|
|
3604df |
+
|
|
|
3604df |
+TEST create_self_signed_certs
|
|
|
3604df |
+
|
|
|
3604df |
+# Start glusterd
|
|
|
3604df |
+TEST glusterd
|
|
|
3604df |
+TEST pidof glusterd;
|
|
|
3604df |
+
|
|
|
3604df |
+# Create and start the volume
|
|
|
3604df |
+TEST $CLI volume create $V0 $H0:$L1/b1;
|
|
|
3604df |
+
|
|
|
3604df |
+TEST $CLI volume start $V0;
|
|
|
3604df |
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count
|
|
|
3604df |
+
|
|
|
3604df |
+# Mount the volume and create some files
|
|
|
3604df |
+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;
|
|
|
3604df |
+
|
|
|
3604df |
+TEST touch $M0/file;
|
|
|
3604df |
+
|
|
|
3604df |
+# Enable activate-on-create
|
|
|
3604df |
+TEST $CLI snapshot config activate-on-create enable;
|
|
|
3604df |
+
|
|
|
3604df |
+# Create a snapshot
|
|
|
3604df |
+TEST $CLI snapshot create snap1 $V0 no-timestamp;
|
|
|
3604df |
+
|
|
|
3604df |
+TEST $CLI volume set $V0 features.uss enable;
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT "Y" file_exists $M0/file
|
|
|
3604df |
+# Volume set can trigger graph switch therefore chances are we send this
|
|
|
3604df |
+# req to old graph. Old graph will not have .snaps. Therefore we should
|
|
|
3604df |
+# wait for some time.
|
|
|
3604df |
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" file_exists $M0/.snaps/snap1/file
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0
|
|
|
3604df |
+
|
|
|
3604df |
+# Enable management encryption
|
|
|
3604df |
+touch $GLUSTERD_WORKDIR/secure-access
|
|
|
3604df |
+killall_gluster
|
|
|
3604df |
+
|
|
|
3604df |
+TEST glusterd
|
|
|
3604df |
+TEST pidof glusterd;
|
|
|
3604df |
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count
|
|
|
3604df |
+
|
|
|
3604df |
+# Mount the volume
|
|
|
3604df |
+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT "Y" file_exists $M0/file
|
|
|
3604df |
+EXPECT "Y" file_exists $M0/.snaps/snap1/file
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0
|
|
|
3604df |
+
|
|
|
3604df |
+# Enable I/O encryption
|
|
|
3604df |
+TEST $CLI volume set $V0 client.ssl on
|
|
|
3604df |
+TEST $CLI volume set $V0 server.ssl on
|
|
|
3604df |
+
|
|
|
3604df |
+killall_gluster
|
|
|
3604df |
+
|
|
|
3604df |
+TEST glusterd
|
|
|
3604df |
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count
|
|
|
3604df |
+
|
|
|
3604df |
+# Mount the volume
|
|
|
3604df |
+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist
|
|
|
3604df |
+
|
|
|
3604df |
+EXPECT "Y" file_exists $M0/file
|
|
|
3604df |
+EXPECT "Y" file_exists $M0/.snaps/snap1/file
|
|
|
3604df |
+
|
|
|
3604df |
+TEST $CLI snapshot delete all
|
|
|
3604df |
+TEST $CLI volume stop $V0
|
|
|
3604df |
+TEST $CLI volume delete $V0
|
|
|
3604df |
+
|
|
|
3604df |
+cleanup;
|
|
|
3604df |
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
3604df |
index 9e66547..7d2e4b4 100644
|
|
|
3604df |
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
3604df |
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
|
|
|
3604df |
@@ -5408,6 +5408,8 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,
|
|
|
3604df |
char *xlator = NULL;
|
|
|
3604df |
char *value = NULL;
|
|
|
3604df |
char auth_path[] = "auth-path";
|
|
|
3604df |
+ char *ssl_str = NULL;
|
|
|
3604df |
+ gf_boolean_t ssl_bool = _gf_false;
|
|
|
3604df |
|
|
|
3604df |
set_dict = dict_copy (volinfo->dict, NULL);
|
|
|
3604df |
if (!set_dict)
|
|
|
3604df |
@@ -5452,6 +5454,19 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,
|
|
|
3604df |
if (ret)
|
|
|
3604df |
return -1;
|
|
|
3604df |
|
|
|
3604df |
+ if (dict_get_str (set_dict, "server.ssl", &ssl_str) == 0) {
|
|
|
3604df |
+ if (gf_string2boolean (ssl_str, &ssl_bool) == 0) {
|
|
|
3604df |
+ if (ssl_bool) {
|
|
|
3604df |
+ ret = xlator_set_option(xl,
|
|
|
3604df |
+ "transport.socket.ssl-enabled",
|
|
|
3604df |
+ "true");
|
|
|
3604df |
+ if (ret) {
|
|
|
3604df |
+ return -1;
|
|
|
3604df |
+ }
|
|
|
3604df |
+ }
|
|
|
3604df |
+ }
|
|
|
3604df |
+ }
|
|
|
3604df |
+
|
|
|
3604df |
RPC_SET_OPT(xl, SSL_OWN_CERT_OPT, "ssl-own-cert", return -1);
|
|
|
3604df |
RPC_SET_OPT(xl, SSL_PRIVATE_KEY_OPT,"ssl-private-key", return -1);
|
|
|
3604df |
RPC_SET_OPT(xl, SSL_CA_LIST_OPT, "ssl-ca-list", return -1);
|
|
|
3604df |
--
|
|
|
3604df |
2.9.3
|
|
|
3604df |
|