diff options
| -rwxr-xr-x | tests/bugs/snapshot/bug-1399598-uss-with-ssl.t | 98 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-volgen.c | 15 |
2 files changed, 113 insertions, 0 deletions
diff --git a/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t new file mode 100755 index 00000000000..1c50f746527 --- /dev/null +++ b/tests/bugs/snapshot/bug-1399598-uss-with-ssl.t @@ -0,0 +1,98 @@ +#!/bin/bash + +. $(dirname $0)/../../include.rc +. $(dirname $0)/../../volume.rc +. $(dirname $0)/../../traps.rc +. $(dirname $0)/../../snapshot.rc +. $(dirname $0)/../../ssl.rc + +function file_exists +{ + if [ -f $1 ]; then echo "Y"; else echo "N"; fi +} + +function volume_online_brick_count +{ + $CLI volume status $V0 | awk '$1 == "Brick" && $6 != "N/A" { print $6}' | wc -l; +} + +cleanup; + +# Initialize the test setup +TEST setup_lvm 1; + +TEST create_self_signed_certs + +# Start glusterd +TEST glusterd +TEST pidof glusterd; + +# Create and start the volume +TEST $CLI volume create $V0 $H0:$L1/b1; + +TEST $CLI volume start $V0; +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume and create some files +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +TEST touch $M0/file; + +# Enable activate-on-create +TEST $CLI snapshot config activate-on-create enable; + +# Create a snapshot +TEST $CLI snapshot create snap1 $V0 no-timestamp; + +TEST $CLI volume set $V0 features.uss enable; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +# Volume set can trigger graph switch therefore chances are we send this +# req to old graph. Old graph will not have .snaps. Therefore we should +# wait for some time. +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" file_exists $M0/.snaps/snap1/file + +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 + +# Enable management encryption +touch $GLUSTERD_WORKDIR/secure-access +killall_gluster + +TEST glusterd +TEST pidof glusterd; +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +EXPECT "Y" file_exists $M0/.snaps/snap1/file + +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 + +# Enable I/O encryption +TEST $CLI volume set $V0 client.ssl on +TEST $CLI volume set $V0 server.ssl on + +killall_gluster + +TEST glusterd +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" volume_online_brick_count + +# Mount the volume +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT 'Y' check_if_snapd_exist + +EXPECT "Y" file_exists $M0/file +EXPECT "Y" file_exists $M0/.snaps/snap1/file + +TEST $CLI snapshot delete all +TEST $CLI volume stop $V0 +TEST $CLI volume delete $V0 + +cleanup; diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c index 52331dac302..759314f5a70 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c @@ -5645,6 +5645,8 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph, char *xlator = NULL; char *value = NULL; char auth_path[] = "auth-path"; + char *ssl_str = NULL; + gf_boolean_t ssl_bool = _gf_false; set_dict = dict_copy (volinfo->dict, NULL); if (!set_dict) @@ -5689,6 +5691,19 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph, if (ret) return -1; + if (dict_get_str (set_dict, "server.ssl", &ssl_str) == 0) { + if (gf_string2boolean (ssl_str, &ssl_bool) == 0) { + if (ssl_bool) { + ret = xlator_set_option(xl, + "transport.socket.ssl-enabled", + "true"); + if (ret) { + return -1; + } + } + } + } + RPC_SET_OPT(xl, SSL_OWN_CERT_OPT, "ssl-own-cert", return -1); RPC_SET_OPT(xl, SSL_PRIVATE_KEY_OPT,"ssl-private-key", return -1); RPC_SET_OPT(xl, SSL_CA_LIST_OPT, "ssl-ca-list", return -1); |