From aea7759f1240b1e97684273b9369472695173a66 Mon Sep 17 00:00:00 2001
From: Jeff Darcy <jdarcy@redhat.com>
Date: Tue, 17 Jul 2012 10:50:43 -0400
Subject: rpc-transport/socket: Add SSL support.

Based on OpenSSL.  Key/certificate management is still manual.  Enabling
SSL also enables multi-threading, though multi-threading can be forced on
or off using a separate option.

Change-Id: Icd9f256bb2fd8c6266a7abefdff16936b4f8922d
BUG: 764731
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.com/362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-volgen.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'xlators/mgmt/glusterd/src/glusterd-volgen.c')

diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index ff35b8b08..ae86eb18c 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -175,6 +175,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = {
         {"network.frame-timeout",                "protocol/client",           NULL, NULL, NO_DOC, 0},
         {"network.ping-timeout",                 "protocol/client",           NULL, NULL, NO_DOC, 0},
         {"network.tcp-window-size",              "protocol/client",           NULL, NULL, NO_DOC, 0},
+        { "client.ssl",                          "protocol/client",           "transport.socket.ssl-enabled", NULL, NO_DOC, 0},
 
         {"network.tcp-window-size",              "protocol/server",           NULL, NULL, NO_DOC, 0},
         {"network.inode-lru-limit",              "protocol/server",           NULL, NULL, NO_DOC, 0},
@@ -182,6 +183,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = {
         {AUTH_REJECT_MAP_KEY,                    "protocol/server",           "!server-auth", NULL, DOC, 0},
         {"transport.keepalive",                  "protocol/server",           "transport.socket.keepalive", NULL, NO_DOC, 0},
         {"server.allow-insecure",                "protocol/server",           "rpc-auth-allow-insecure", NULL, NO_DOC, 0},
+        { "server.ssl",                          "protocol/server",           "transport.socket.ssl-enabled", NULL, NO_DOC, 0},
 
         {"performance.write-behind",             "performance/write-behind",  "!perf", "on", NO_DOC, 0},
         {"performance.read-ahead",               "performance/read-ahead",    "!perf", "on", NO_DOC, 0},
@@ -2157,6 +2159,8 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
         char                    *str                = NULL;
         glusterd_brickinfo_t    *brick              = NULL;
         xlator_t                *xl                 = NULL;
+        char                    *ssl_str            = NULL;
+        gf_boolean_t             ssl_bool;
 
         volname = volinfo->volname;
 
@@ -2222,6 +2226,19 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
                         }
                 }
 
+                if (dict_get_str(set_dict,"client.ssl",&ssl_str) == 0) {
+                        if (gf_string2boolean(ssl_str,&ssl_bool) == 0) {
+                                if (ssl_bool) {
+                                        ret = xlator_set_option(xl,
+                                                "transport.socket.ssl-enabled",
+                                                "true");
+                                        if (ret) {
+                                                goto out;
+                                        }
+                                }
+                        }
+                }
+
                 i++;
         }
 
-- 
cgit