[caree]

Hello,

I'm new to Arch, and recently installed Arch on 2 Odroid-HC2 NAS devices. I'm using the Odroid UX4 install:
http://os.archlinuxarm.org/os/ArchLinux ... est.tar.gz
The OS version shows as:
Linux OdroidHC1 4.14.133-1-ARCH #1 SMP PREEMPT Tue Jul 16 01:54:40 UTC 2019 armv7l GNU/Linux

I'm experimenting with the GlusterFS package, and wanted to try the Gluster encryption feature. I have a working GlusterFS volume, and have no issues with getting a basic Gluster volume working.

After setting up the master key and enabling the encryption feature, encryption does not seem to work, and the log "/var/log/glusterfs/glusterd.log" shows that it's looking for files in the "encryption" directory, which is actually missing. Log snippit below,

Can someone tell me if this port of GlusterFS simply isn't intended to include the encryption feature? I'm also new to GlusterFS, so maybe my question is, is the encryption feature fully implemented in GlusterFS v.6.5, which is available to Arch Arm?

Thanks in advance for help or advice on the topic.

[2019-08-15 21:17:26.363373] W [MSGID: 101095] [xlator.c:374:xlator_dynload] 0-xlator: /usr/lib/glusterfs/6.5/xlator/encryption/crypt.so: cannot open shared object file: No such file or directory
[2019-08-15 21:17:26.556600] W [MSGID: 101095] [xlator.c:210:xlator_volopt_dynload] 0-xlator: /usr/lib/glusterfs/6.5/xlator/encryption/crypt.so: cannot open shared object file: No such file or directory
[2019-08-15 21:17:26.712381] I [MSGID: 101204] [run.c:242:runner_log] 0-management: Ran script: /var/lib/glusterd/hooks/1/set/post/S30samba-set.sh --volname=gv0 -o encryption.master-key=/etc/glusterfs/gluster-master-key --gd-workdir=/var/lib/glusterd
[2019-08-15 21:17:26.730784] I [MSGID: 101204] [run.c:242:runner_log] 0-management: Ran script: /var/lib/glusterd/hooks/1/set/post/S32gluster_enable_shared_storage.sh --volname=gv0 -o encryption.master-key=/etc/glusterfs/gluster-master-key --gd-workdir=/var/lib/glusterd
[2019-08-15 21:17:35.029286] W [MSGID: 101088] [common-utils.c:4465:gf_backtrace_save] 0-management: Failed to save the backtrace.

[caree]

I'll post a reply and answer my own question, for future reference for others.

The simple answer is that the encryption feature for data at rest, Crypt xlator, was removed starting with v.6.x.

Unfortunately for me, it was easier to find articles for older versions explaining the feature and how to use it, and the articles not updated by the authors mentioning that it no longer exists, than it was to find info that the feature was completely removed.

See here for features removed starting v.6.x:
https://www.gluster.org/announcing-gluster-6/

Reading Redhat's bugzilla, there appears to have been memory leaks, data corruption, and numerous other complaints, so it appears they decided to remove this feature instead of fixing the bugs.

The best reference I can find on the missing feature is here:
https://bugzilla.redhat.com/show_bug.cgi?id=1597798

Amar Tumballi 2019-06-18 08:39:18 UTC

With glusterfs-6.0, we have removed encryption feature of glusterfs, and hence this bug can't be worked on further. Hence we will be closing the bug with CANTFIX/WONTFIX.

Please note that you can encrypt the protocol layer with tls, but volume encryption is not supported any more, and we recommend one to secure at rest data using features like dmcrypt etc.