From 182f0d12040dab5081ca645a3f370f65cd68b528 Mon Sep 17 00:00:00 2001
From: Rajesh Joseph <rjoseph@redhat.com>
Date: Tue, 29 Nov 2016 21:57:37 +0530
Subject: uss: snapd should enable SSL if SSL is enabled on volume

During snapd graph generation we should check if SSL is
enabled on main volume or not. This is because clients
will communicate with snapd as if it is communicating to
a brick.

Change-Id: I0d7fe86c567b297a8528a48faf06161d4c3cb415
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
BUG: 1400013
Reviewed-on: http://review.gluster.org/15979
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Kaushal M <kaushal@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-volgen.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'xlators/mgmt/glusterd/src')

diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index 4625297e61d..a270f136c92 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -5619,6 +5619,8 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,
         char           *loglevel        = NULL;
         char           *xlator          = NULL;
         char           auth_path[]      = "auth-path";
+        char           *ssl_str         = NULL;
+        gf_boolean_t   ssl_bool         = _gf_false;
 
         set_dict = dict_copy (volinfo->dict, NULL);
         if (!set_dict)
@@ -5663,6 +5665,19 @@ glusterd_snapdsvc_generate_volfile (volgen_graph_t *graph,
         if (ret)
                 return -1;
 
+        if (dict_get_str (set_dict, "server.ssl", &ssl_str) == 0) {
+                if (gf_string2boolean (ssl_str, &ssl_bool) == 0) {
+                        if (ssl_bool) {
+                                ret = xlator_set_option(xl,
+                                        "transport.socket.ssl-enabled",
+                                        "true");
+                                if (ret) {
+                                        return -1;
+                                }
+                        }
+                }
+        }
+
         RPC_SET_OPT(xl, SSL_OWN_CERT_OPT,   "ssl-own-cert",         return -1);
         RPC_SET_OPT(xl, SSL_PRIVATE_KEY_OPT,"ssl-private-key",      return -1);
         RPC_SET_OPT(xl, SSL_CA_LIST_OPT,    "ssl-ca-list",          return -1);
-- 
cgit