glusterfs icon indicating copy to clipboard operation
glusterfs copied to clipboard
verified publisher icon gluster

Support both ssl/non-ssl volumes on the same client node

Open jiankyu opened this issue 9 months ago • 4 comments

glusterfsd supports the '--secure-mgmt' cli option to specify management transport type (ssl or non ssl), when we start a fuse daemon, this option tells the daemon how to initialize the mamangement socket and establish the connection to the remote glusterd.

However, this option is missing in the mount.glusterfs script, as a result, we can only rely on the presence of the /var/lib/glusterd/secure-access file to decide the tranport type. This is cumbersome, it literally makes it impossible to mount two volumes on the same client node: one from a regular glusterfs cluster, one from a "secure" cluster where glusterd runs on ssl transport.

We do have this use case due to data classification requirements. Adding this option into mount.glusterfs would resolve the issue: on the client side we properly set the secure-access file, and the cert files. To mount a regular volume, add the '-o secure-mgmt=false' option, to mount a secure volume, either leave this option not set, or set it to 'true'.

jiankyu avatar Mar 19 '25 23:03 jiankyu

Can one of the admins verify this patch?

gluster-ant avatar Mar 19 '25 23:03 gluster-ant

Can one of the admins verify this patch?

gluster-ant avatar Mar 19 '25 23:03 gluster-ant

@pranithk can you take a look at this PR? Thanks!

jiankyu avatar Dec 02 '25 21:12 jiankyu

@sanjurakonde Please take a look

pranithk avatar Dec 04 '25 01:12 pranithk