From 0b3612f81f21a5e8a01dc564c0fd0337b898d0d5 Mon Sep 17 00:00:00 2001
From: Ashish Pandey <aspandey@redhat.com>
Date: Wed, 23 Mar 2016 11:26:49 +0530
Subject: [PATCH 39/80] glfs/heal: Use encrypted connection in shd
When management encryption is enabled, GlusterD
only allows encrypted connections for port 24007.
SHD is trying to fetch it's volfile using an
unencrypted connection.
If /var/lib/glusterd/secure-access is present , i.e.
if management ssl is enabled, use encrypted connection
fecth info from glusterd.
master -
http://review.gluster.org/#/c/13815/
release-3.7 -
http://review.gluster.org/#/c/13832/
Change-Id: Ia41dcde1a69375379409889ec5b3a70cb95a4fd0
BUG: 1279628
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
Reviewed-on: http://review.gluster.org/13815
Smoke: Gluster Build System <jenkins@build.gluster.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/71390
Tested-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
---
heal/src/glfs-heal.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/heal/src/glfs-heal.c b/heal/src/glfs-heal.c
index 83c1b10..59bd21f 100644
--- a/heal/src/glfs-heal.c
+++ b/heal/src/glfs-heal.c
@@ -15,6 +15,7 @@
#include "glfs-handles.h"
#include "glfs-internal.h"
#include "protocol-common.h"
+#include "syscall.h"
#include "syncop.h"
#include "syncop-utils.h"
#include <string.h>
@@ -902,6 +903,10 @@ main (int argc, char **argv)
goto out;
}
+ if (sys_access(SECURE_ACCESS_FILE, F_OK) == 0) {
+ fs->ctx->secure_mgmt = 1;
+ }
+
ret = glfs_set_volfile_server (fs, "unix", DEFAULT_GLUSTERD_SOCKFILE, 0);
if (ret) {
printf("Setting the volfile server failed, %s\n", strerror (errno));
--
1.7.1