mohit84
commented
8 years ago Hi,
As per shared logs it confirms SSL api (SSL_Connect) is failing to connect with host. [socket.c:384:ssl_setup_connection] 0-vol-ssl-client-0: SSL connect error.
After checked with size of glusterfs.ca it seems file is same on both host (client and server),size of .ca should not be same if client and server are on different host.To correct it please follow below steps
1) For self signed CA certificates on servers, collect the .pem certificates of clients and servers, that is, /etc/ssl/glusterfs.pem files from every system. Concatenate the collected files into a single file. Place this file in /etc/ssl /g l usterfs.ca on all the servers in the trusted storage pool.
2) For self-signed CA certificates on clients, collect the .pem certificates of servers, that is, /etc/ssl/glusterfs.pem files from every server. Concatenate the collected files into a single file. Place this file in /etc/ssl/glusterfs.ca on all the clients.
Regards Mohit Agrawal
drngsl
humblec
Hi, According to guide https://gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL/, I could not use glusterfs normally, so here I want to ask some questions. Env: on glusterfs host:
root@minion3:/etc/ssl# ll total 72 drwxr-xr-x 4 root root 4096 Sep 29 15:52 ./ drwxr-xr-x 136 root root 12288 Sep 29 15:37 ../ drwxr-xr-x 3 root root 24576 Sep 1 22:13 certs/ -rw-r--r-- 1 root root 733 Sep 29 15:52 glusterfs.ca -rw-r--r-- 1 root root 887 Sep 29 15:52 glusterfs.key -rw-r--r-- 1 root root 733 Sep 29 15:52 glusterfs.pem ...glusterfs versionroot@minion3:/etc/ssl# gluster --version glusterfs 3.6.9 built on Mar 2 2016 18:21:17 Repository revision: git://git.gluster.com/glusterfs.git Copyright (c) 2006-2011 Gluster Inc. <http://www.gluster.com> GlusterFS comes with ABSOLUTELY NO WARRANTY. You may redistribute copies of GlusterFS under the terms of the GNU General Public License.gluster volume info `root@minion3:/etc/ssl# gluster volume infoVolume Name: vol-ssl Type: Distribute Volume ID: 56a6148c-6abb-4ffa-abcb-35f2f0df4d42 Status: Started Number of Bricks: 1 Transport-type: tcp Bricks: Brick1: _..**.**_:/export/vol-ssl Options Reconfigured: client.ssl: on server.ssl: on`
on client host, copy ssl/tls related file from glusterfs server host.
root@minion2:/# ll /etc/ssl/ total 72 drwxr-xr-x 4 root root 4096 Sep 29 16:08 ./ drwxr-xr-x 135 root root 12288 Sep 29 19:44 ../ drwxr-xr-x 3 root root 24576 Sep 1 22:13 certs/ -rw-r--r-- 1 root root 733 Sep 29 16:05 glusterfs.ca -rw-r--r-- 1 root root 887 Sep 29 16:08 glusterfs.key -rw-r--r-- 1 root root 733 Sep 29 16:07 glusterfs.pem ...while execute cmd mount.glusterfs failedroot@minion2:/# mount.glusterfs ***.***.***.***:/vol-ssl /mnt Mount failed. Please check the log file for more details.LOG on client host:
[2016-09-29 11:44:34.850226] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-vol-ssl-client-0: changing port to 49152 (from 0) [2016-09-29 11:44:34.855100] E [socket.c:384:ssl_setup_connection] 0-vol-ssl-client-0: SSL connect error [2016-09-29 11:44:34.855160] E [socket.c:2386:socket_poller] 0-vol-ssl-client-0: client setup failed [2016-09-29 11:44:34.860610] I [fuse-bridge.c:5086:fuse_graph_setup] 0-fuse: switched to graph 0 [2016-09-29 11:44:34.861495] I [fuse-bridge.c:4015:fuse_init] 0-glusterfs-fuse: FUSE inited with protocol versions: glusterfs 7.22 kernel 7.23 [2016-09-29 11:44:34.861799] W [fuse-bridge.c:779:fuse_attr_cbk] 0-glusterfs-fuse: 2: LOOKUP() / => -1 (Transport endpoint is not connected) [2016-09-29 11:44:34.870410] I [fuse-bridge.c:4927:fuse_thread_proc] 0-fuse: unmounting /mnt [2016-09-29 11:44:34.870949] W [glusterfsd.c:1211:cleanup_and_exit] (--> 0-: received signum (15), shutting down [2016-09-29 11:44:34.870976] I [fuse-bridge.c:5607:fini] 0-fuse: Unmounting '/mnt'.on server host:[2016-09-29 12:03:38.884791] E [socket.c:1972:__socket_read_frag] 0-rpc: wrong MSG-TYPE (-1476197977) received from ***.***.***.***:1021Error happened when connect to server with ssl/tls. I don't know why.