<p dir="ltr">Thanks, that was exactly the issue. I had assumed that the default for auth.ssl-allow was *, which was what I wanted. Setting that and stopping and starting my volume fixed things. Thanks!</p>
<p dir="ltr">David</p>
<br><div class="gmail_quote"><div dir="ltr">On Mon, Jun 15, 2015, 6:19 PM Jeff Darcy <<a href="mailto:jdarcy@redhat.com">jdarcy@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div dir="ltr">Hi all,<div><br></div><div>I'm just installing my first ever glusterfs volume, and am running into trouble, which I think may be related to using ssl. I don't have a network I can trust, so using secure authentication and encryption is a show-stopper for me.</div><div><br></div><div>I am using gluster 3.6.3 on Debian stable, and the command I'm using to mount is:</div><div><div><br></div><div># mount -t glusterfs localhost:/austen /home</div></div><div><br></div><div>and the error message I am seeing is the following:<br></div><div><br></div><div><div># tail -23 /var/log/glusterfs/home.log </div><div>+------------------------------------------------------------------------------+</div><div>[2015-06-16 00:12:12.691413] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot</div><div>[2015-06-16 00:12:12.691978] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-0: changing port to 49152 (from 0)</div><div>[2015-06-16 00:12:12.694267] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth</div><div>[2015-06-16 00:12:12.695846] I [rpc-clnt.c:1761:rpc_clnt_reconfig] 0-austen-client-1: changing port to 49152 (from 0)</div><div>[2015-06-16 00:12:12.703270] I [socket.c:379:ssl_setup_connection] 0-austen-client-0: peer CN = elliot</div><div>[2015-06-16 00:12:12.703544] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-0: Using Program GlusterFS 3.3, Num (1298437), Version (330)</div><div>[2015-06-16 00:12:12.703912] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-0: failed to set the volume (Permission denied)</div></div></div></blockquote><div><br></div></div></div><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Are you setting auth.ssl-allow to enable specific users (identified by CN) to access the volume? The following page shows how.<br></div><div><br></div><div><a href="http://www.gluster.org/community/documentation/index.php/SSL" target="_blank">http://www.gluster.org/community/documentation/index.php/SSL</a></div><div><br></div><div>Also, note that the CN can't contain spaces. I know that's inconvenient, but space was already used as a delimiter and changing that would have affected backward compatibility.<br></div><div><br></div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"></blockquote></div></div><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div dir="ltr"><div><div>[2015-06-16 00:12:12.703940] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-0: failed to get 'process-uuid' from reply dict</div><div>[2015-06-16 00:12:12.703956] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-0: SETVOLUME on remote-host failed: Authentication failed</div><div>[2015-06-16 00:12:12.703970] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-0: sending AUTH_FAILED event</div><div>[2015-06-16 00:12:12.703992] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.</div><div>[2015-06-16 00:12:12.704010] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.</div><div>[2015-06-16 00:12:12.709146] I [socket.c:379:ssl_setup_connection] 0-austen-client-1: peer CN = wentworth</div><div>[2015-06-16 00:12:12.710243] I [client-handshake.c:1413:select_server_supported_programs] 0-austen-client-1: Using Program GlusterFS 3.3, Num (1298437), Version (330)</div><div>[2015-06-16 00:12:12.711294] W [client-handshake.c:1109:client_setvolume_cbk] 0-austen-client-1: failed to set the volume (Permission denied)</div><div>[2015-06-16 00:12:12.711321] W [client-handshake.c:1135:client_setvolume_cbk] 0-austen-client-1: failed to get 'process-uuid' from reply dict</div><div>[2015-06-16 00:12:12.711330] E [client-handshake.c:1141:client_setvolume_cbk] 0-austen-client-1: SETVOLUME on remote-host failed: Authentication failed</div><div>[2015-06-16 00:12:12.711339] I [client-handshake.c:1225:client_setvolume_cbk] 0-austen-client-1: sending AUTH_FAILED event</div><div>[2015-06-16 00:12:12.711349] E [fuse-bridge.c:5145:notify] 0-fuse: Server authenication failed. Shutting down.</div><div>[2015-06-16 00:12:12.711358] I [fuse-bridge.c:5599:fini] 0-fuse: Unmounting '/home'.</div><div>[2015-06-16 00:12:12.711374] E [mount-common.c:228:fuse_mnt_umount] 0-glusterfs-fuse: fuse: failed to unmount /home: Invalid argument</div><div>[2015-06-16 00:12:12.711586] W [glusterfsd.c:1194:cleanup_and_exit] (--> 0-: received signum (15), shutting down</div></div><div><br></div><div>Sadly, I have very little idea as to how to debug this. I fear it may be a problem with my ssl keys (I created a CA key and used it to sign the keys for the two servers, but may have done this wrong.</div><div><br></div><div>Any suggestions are welcome. I understand I haven't given all the information you likely need to help, but I don't even know what information would really be relevant, as I do not understand what this AUTH_FAILED event means.</div><div><br></div><div>David</div></div><br></blockquote></div></div><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt">_______________________________________________<br>Gluster-users mailing list<br><a href="mailto:Gluster-users@gluster.org" target="_blank">Gluster-users@gluster.org</a><br><a href="http://www.gluster.org/mailman/listinfo/gluster-users" target="_blank">http://www.gluster.org/mailman/listinfo/gluster-users</a></blockquote><div><br></div></div></div></blockquote></div>