From b67f788dfe5855c455c8f4b41fe8159a5b41c4bd Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever Date: Mon, 21 Mar 2016 13:54:19 +0530 Subject: [PATCH 04/74] rpc: set bind-insecure to off by default commit 243a5b429f225acb8e7132264fe0a0835ff013d5 turn's 'ON' allow-insecure and bind-insecure by default. Problem: Now with newer versions we have bind-insecure 'ON' by default. So, while upgrading subset of nodes from a trusted storage pool, nodes which have older versions of glusterfs will expect connection from secure ports only (since they still have bind-insecure off) thus they reject connection from upgraded nodes which now have insecure ports. Hence we will run into connection issues between peers. Solution: This patch will turn bind-insecure 'OFF' by default to avoid problem explained above. Label: DOWNSTREAM ONLY Change-Id: Id7a19b4872399d3b019243b0857c9c7af75472f7 Signed-off-by: Prasanna Kumar Kalever Reviewed-on: https://code.engineering.redhat.com/gerrit/70313 Reviewed-by: Atin Mukherjee Tested-by: Atin Mukherjee --- rpc/rpc-lib/src/rpc-transport.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index fc26f46..94880f4 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -258,8 +258,8 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name) else trans->bind_insecure = 0; } else { - /* By default allow bind insecure */ - trans->bind_insecure = 1; + /* Turning off bind insecure by default*/ + trans->bind_insecure = 0; } ret = dict_get_str (options, "transport-type", &type); -- 1.8.3.1