Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1356296 - [RFE] Extend gdeploy functionality to support other features required by hyperconverged environments
Summary: [RFE] Extend gdeploy functionality to support other features required by hype...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: gdeploy
Version: rhgs-3.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: RHGS 3.2.0
Assignee: Sachidananda Urs
QA Contact: SATHEESARAN
URL:
Whiteboard:
Depends On:
Blocks: 1351503
TreeView+ depends on / blocked
 
Reported: 2016-07-13 22:29 UTC by Paul Cuzner
Modified: 2017-03-23 04:57 UTC (History)
5 users (show)

Fixed In Version: gdeploy-2.0.1-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-23 04:57:36 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:0483 normal SHIPPED_LIVE gdeploy bug fix and enhancement update 2017-03-23 08:56:29 UTC
Red Hat Bugzilla 1376473 None None None Never

Internal Links: 1376473

Description Paul Cuzner 2016-07-13 22:29:03 UTC
Description of problem:
hyperconverged environments need additional settings to satisfy some customer requirements - specifically around security. I've talked these through with Sac, so these enhancements are all bundled into one RFE 

I've broken the request into short/medium term goals


Short term (3-6 months)

- configure SSL for the control and data path
- configure auth.allow to lock down client connections to a specified list of IP's
- configure glusterd to support gfapi (rhel 7.3/ovirt 4 timeframe)
- configure systemd slice, and glusterd.service overrides for CPU control


Medium term 6-9 months
- support gluster based tiering in addition to lvmcache
- automatically configure the lvmcache lv sizes instead of having them hard-coded by the admin in the conf file - still support current settings as an override, but the tool should make some sensible default choices, based on device size.




Additional info:

Comment 4 Sachidananda Urs 2016-09-01 09:47:40 UTC
(In reply to Paul Cuzner from comment #0)
> Description of problem:
> hyperconverged environments need additional settings to satisfy some
> customer requirements - specifically around security. I've talked these
> through with Sac, so these enhancements are all bundled into one RFE 
> 
> I've broken the request into short/medium term goals
> 
> 
> Short term (3-6 months)
> 
> - configure SSL for the control and data path

Done pushed to master.

> - configure auth.allow to lock down client connections to a specified list
> of IP's

Currently not taken care of.

> - configure glusterd to support gfapi (rhel 7.3/ovirt 4 timeframe)

I need steps/documentation on how to do this.

> - configure systemd slice, and glusterd.service overrides for CPU control

Will be done in gdeploy.

> 
> 
> Medium term 6-9 months
> - support gluster based tiering in addition to lvmcache
> - automatically configure the lvmcache lv sizes instead of having them
> hard-coded by the admin in the conf file - still support current settings as
> an override, but the tool should make some sensible default choices, based
> on device size.
>

Comment 5 SATHEESARAN 2016-09-15 13:44:00 UTC
(In reply to Sachidananda Urs from comment #4)
> (In reply to Paul Cuzner from comment #0)
> > Description of problem:
> > hyperconverged environments need additional settings to satisfy some
> > customer requirements - specifically around security. I've talked these
> > through with Sac, so these enhancements are all bundled into one RFE 
> > 
> > I've broken the request into short/medium term goals
> > 
> > 
> > Short term (3-6 months)
> > 
> > - configure SSL for the control and data path
> 
> Done pushed to master.
> 
> > - configure auth.allow to lock down client connections to a specified list
> > of IP's
> 
> Currently not taken care of.
> 
> > - configure glusterd to support gfapi (rhel 7.3/ovirt 4 timeframe)
> 
> I need steps/documentation on how to do this.

I think glusterd by defaults allows requests coming in from insecure ports.
@Sac, you can double check this one with Kaushal

Comment 6 SATHEESARAN 2016-09-15 13:57:45 UTC
This bug's intent was split in to short-term and medium term requirements.

The short-term requirements list goes as :

- configure SSL for the control and data path
- configure auth.allow to lock down client connections to a specified list of IP's
- configure glusterd to support gfapi (rhel 7.3/ovirt 4 timeframe)
- configure systemd slice, and glusterd.service overrides for CPU control

And these requirements will be tracked as part of this bug.

The medium term requirement are tracked as part of the bug - BZ1376473

Comment 7 SATHEESARAN 2016-11-07 09:40:17 UTC
All the observations are made with gdeploy-2.0.1-1.el7rhgs installed on RHEL 7.3

Enabling SSL/TLS encryption through gdeploy is already verified with the bug - https://bugzilla.redhat.com/show_bug.cgi?id=1360980

With the above bug verification SSL/TLS is enabled on management and data path.
Also specific ssl clients could be set for the volume which locks down client connections to the volume.

glusterfs slice is also created for glusterfs slice using 'slice_setup' configuration.

With all these information, marking this bug as VERIFIED

Comment 9 errata-xmlrpc 2017-03-23 04:57:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2017-0483.html


Note You need to log in before you can comment on or make changes to this bug.