Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1517470 - setup and suggestions related to etcd tls auth is not described in installation guide
Summary: setup and suggestions related to etcd tls auth is not described in installati...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: doc-RHGS_Web_Administration
Version: rhgs-3.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: RHGS 3.3.1
Assignee: storage-doc
QA Contact: Filip Balák
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-25 18:33 UTC by Martin Bukatovic
Modified: 2018-05-30 17:59 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-30 17:59:22 UTC


Attachments (Terms of Use)

Description Martin Bukatovic 2017-11-25 18:33:56 UTC
Document URL
============

https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/quick_start_guide/

Describe the issue
==================

Setup and suggestions related to tls etcd client-server authentication (between
etcd and tendrl components) is not described in installation guide.

To enable etcd client server tls based authentication, one needs to create and 
distribute tls cert files himself, and then configure tendrl-ansible via ansible
variables accordingly.

Authentication based on tls is not configured by tendrl-ansible by default. If
unconfigured, etcd will be deployed without any authentication, allowing anyone
to access it.

Comment 2 Martin Bukatovic 2017-11-25 18:40:31 UTC
Upstream documentation
======================

Installation guide[1] notes:

> To run secure ETCD (SSL/TLS based client server encryption and auth), please
> refer to:
> https://github.com/Tendrl/documentation/wiki/Tendrl-with-a-secure-etcd-cluster
> Note: this is covered by tendrl-ansible, but it's disabled by default, as the
> issuing and deployment of tls certificates on all machines is out of scope of
> tendrl-ansible and you need to do it yourself first.

tendrl-ansible then describes ansible variables related to tls auth in readme
of tendrl-server role[2], see description of etcd_tls_client_auth,
etcd_cert_file, etcd_key_file, etcd_trusted_ca_file variables.

[1] https://github.com/Tendrl/documentation/wiki/Tendrl-release-v1.5.4-(install-guide)
[2] https://github.com/Tendrl/tendrl-ansible/blob/master/roles/tendrl-server/README.md

Comment 4 Filip Balák 2017-12-11 15:10:44 UTC
Looks ok. Checked content with current implementation and also all issues from gdoc are fixed.


Note You need to log in before you can comment on or make changes to this bug.