diff options
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handler.c | 14 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd.c | 13 |
2 files changed, 19 insertions, 8 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index 6fccad5cd9b..ff5707bab28 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -3426,6 +3426,20 @@ glusterd_friend_rpc_create (xlator_t *this, glusterd_peerinfo_t *peerinfo, } } + /* Enable encryption for the client connection if management encryption + * is enabled + */ + if (this->ctx->secure_mgmt) { + ret = dict_set_str (options, "transport.socket.ssl-enabled", + "on"); + if (ret) { + gf_msg ("glusterd", GF_LOG_ERROR, 0, + GD_MSG_DICT_SET_FAILED, + "failed to set ssl-enabled in dict"); + goto out; + } + } + ret = glusterd_rpc_create (&peerinfo->rpc, options, glusterd_peer_rpc_notify, peerctx); if (ret) { diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c index 1c4c613027d..9a8759f2fc3 100644 --- a/xlators/mgmt/glusterd/src/glusterd.c +++ b/xlators/mgmt/glusterd/src/glusterd.c @@ -1585,19 +1585,16 @@ init (xlator_t *this) goto out; } + /* Enable encryption for the TCP listener is management encryption is + * enabled + */ if (this->ctx->secure_mgmt) { - /* - * The socket code will turn on SSL based on the same check, - * but that will by default turn on own-thread as well and - * we're not multi-threaded enough to handle that. Thus, we - * override the value here. - */ ret = dict_set_str (this->options, - "transport.socket.own-thread", "off"); + "transport.socket.ssl-enabled", "on"); if (ret != 0) { gf_msg (this->name, GF_LOG_ERROR, 0, GD_MSG_DICT_SET_FAILED, - "failed to clear own-thread"); + "failed to set ssl-enabled in dict"); goto out; } /* |