diff options
| author | Kaushal M <kaushal@redhat.com> | 2015-07-07 12:52:30 +0530 |
|---|---|---|
| committer | Atin Mukherjee <amukherj@redhat.com> | 2015-07-13 03:12:18 -0700 |
| commit | 1e520ff415d50e3eeb6418710314fe61e8e78e35 (patch) | |
| tree | fa6987c3cb033720bc194285614237b9130692dc /xlators/mgmt/glusterd/src/glusterd-handler.c | |
| parent | 1509f6f2815cb75ecf45abef6d823c8cb30ed47b (diff) | |
glusterd: Fix management encryption issues with GlusterD
Backport for 01b82c6 from master
Management encryption was enabled incorrectly in GlusterD leading to
issues of cluster deadlocks. This has been fixed with this commit. The
fix is in two parts,
1. Correctly enable encrytion for the TCP listener in GlusterD and
re-enable own-threads for encrypted connections.
Without this, GlusterD could try to esatblish the blocking SSL
connects in the epoll thread, for eg. when handling friend updates,
which could lead to cluster deadlocks.
2. Explicitly enable encryption for outgoing peer connections.
Without enabling encryption explicitly for outgoing connections was
causing SSL socket events to be handled in the epoll thread. Some
events, like disconnects during peer detach, could lead to connection
attempts to happen in the epoll thread, leading to deadlocks again.
Change-Id: I438c2b43f7b1965c0e04d95c000144118d36272c
BUG: 1241784
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.org/11610
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Diffstat (limited to 'xlators/mgmt/glusterd/src/glusterd-handler.c')
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handler.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index b8e02ba1332..38d93725d96 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -3430,6 +3430,20 @@ glusterd_friend_rpc_create (xlator_t *this, glusterd_peerinfo_t *peerinfo, } } + /* Enable encryption for the client connection if management encryption + * is enabled + */ + if (this->ctx->secure_mgmt) { + ret = dict_set_str (options, "transport.socket.ssl-enabled", + "on"); + if (ret) { + gf_msg ("glusterd", GF_LOG_ERROR, 0, + GD_MSG_DICT_SET_FAILED, + "failed to set ssl-enabled in dict"); + goto out; + } + } + ret = glusterd_rpc_create (&peerinfo->rpc, options, glusterd_peer_rpc_notify, peerctx); if (ret) { |