server.allow-insecure aka rpc-auth-allow-insecure option does not work

最新推荐文章于 2024-05-26 19:37:28 发布
最新推荐文章于 2024-05-26 19:37:28 发布
阅读量1.8k 收藏
点赞数
用户报告了在GlusterFS 3.4.0 beta3版本中配置允许非特权端口连接的问题,并解决了通过设置选项rpc-auth-allow-insecure为on来启用非安全连接的方法。之后发现无法创建或写入文件,最终确定原因是文件权限不足。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Status: CLOSED NOTABUG
 
 
Component: glusterd (Show other bugs)
Unspecified Unspecified
 
unspecified Severity unspecified
: ---
: ---
Assigned To: krishnan parthasarathi
 
 
:  
 
Blocks:
  Show dependency tree / graph
 
Reported: 2013-06-27 22:08 EDT by Louis Zuckerman
Modified: 2013-06-27 23:04 EDT (History)
1 user (show)
 
Fixed In Version:  
Doc Text:
Environment:
Regression: ---
Documentation: ---
Verified Versions:  
 

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
   None ( edit)
Description Louis Zuckerman  2013-06-27 22:08:20 EDT 
Description of problem:

I need to allow clients to connect to the volume from insecure (unprivileged) ports >1024.  There appears to be an option in 3.4 to do this: server.allow-insecure.  However when I set this to "ON" or "on" it has no effect, glusterd still refuses to serve clients on unprivileged ports.

Version-Release number of selected component (if applicable):

3.4.0beta3


I'll update this bug with steps to reproduce as soon as I have a good procedure for you.

Thanks!
Comment 1 Louis Zuckerman  2013-06-27 22:30:34 EDT 
Shortly after I filed this bug Vijay chatted me on IRC to let me know that in addition to setting server.allow-insecure to on, I also needed to manually add an option to glusterd.vol:

    option rpc-auth-allow-insecure on

I restarted glusterd with the updated volfile and now I can use insecure ports.

Thanks again!
Comment 2 Louis Zuckerman  2013-06-27 22:51:33 EDT 
Ok now I have a real bug to report....

After making the change above to glusterd.vol my insecure client program is able to communicate with glusterd to fetch the volfile, however....

When I try to create a file in the volume, nothing happens -- no error, no crash, no file created.

Then when I try to write data into that file, the process crashes and I get a core dump.

To reproduce this problem see the instructions in the readme.md file of the libgfapi-jni project:

https://github.com/semiosis/libgfapi-jni

Those instructions include a "sudo bash" command which will run the test as root.  But DO NOT run it as root to reproduce this problem.  The test succeeds when run as root, but fails when run as an unprivileged user.
Comment 3 Louis Zuckerman  2013-06-27 23:00:36 EDT 
Ok I feel dumb.  The insecure client couldn't create or write to the file because the volume permissions didn't allow it.  Once i did a chmod ugo+rwx on the volume, it worked.

PEBKAC
lin_FS
关注
使用 allowInsecureProtocol 属性解决 gradle 的仓库地址HTTPS警告
baidu_33512336的博客
04-15 9093
前言 gradle高版本会出现maven仓库地址不是https安全连接便会报错的问题; 1.报错现象 Could not resolve all dependencies for configuration ':app:debugRuntimeClasspath'. Using insecure protocols with repositories, without explicit opt-in, is unsupported. Switch Maven repository 'maven2(ht
WebRTC之完整搭建Jitsi Meet指南
死磕音视频
06-29 2万+
前言 Jitsi是个优秀的WebRTC流媒体服务器,使用Java语言做开发,可以让很多Java人员也能进行流媒体开发,但是奈何国内的教程太少,官方文档更新太快,导致很多想用他的人却望而却步。 在写这篇文章之前,在搜索引擎上进行了搜索,发现没有一篇文章完整的把Jitsi Meet搭建起来并且能够多人正常音视频通话的文章 不管是论坛和QQ群经常有人问Jitsi搭建的问题,在此我就分享一篇我自己的搭建经验 注意!!!本篇使用的官方教程Manual installation(手动安装),为什么使用手动安装不是快速安
使用 allowInsecureProtocol 属性解决 gradle 的仓库地址不安全警告
热门推荐
qi_ming_hao_nan的博客
03-14 7万+
使用 allowInsecureProtocol 属性解决 gradle 的仓库地址不安全警告 在 IDEA 的 Terminal 中使用命令 gradlew --warning-mode all 可以打印出当前 gradle 存在的所有警告信息 正文 如果有报以下警告: Using insecure protocols with repositories, without explicit opt-in, has been deprecated. This is scheduled to be re
Ceph报错( ceph config set mon auth_allow_insecure_global_id_reclaim false)问题处理
niuwj666的博客
10-18 713
ceph
【使用allowInsecureProtocol = true 属性解决无法下载远程依赖】
weixin_43560397的博客
03-11 1738
解决无法下载远程依赖问题
git submodule update报错: error: Server does not allow request for unadvertised object
10km的专栏
05-14 2万+
周末在家里做了一些工作,周一到办公室,执行git更新办公室电脑上的代码时,报错了 git submodule update –init faceapi-rpc-cpp/dependencies/common_source_cpp/ error: Server does not allow request for unadvertised object 50db78feb4532369...
openEuler 22.03 LTS SP3源码编译部署OpenStack-Caracal
wstc2689784536的博客
05-26 1176
openEuler 22.03 LTS SP3源码编译部署OpenStack-Caracal,优化后的部署方法,比较安全。
我的django项目,python版本3.8.7,djongo版本4.2.11,启动时要向控制台输入 e: cd WeChat .\WeChat\Scripts\activate cd project python manage.py runserver 0.0.0.0:8000 可以看到我的项目在虚拟环境中,使用了微信自动化库wxauto,以下是导入语句 from django.shortcuts import render from django.views.decorators.http import require_http_methods from django.core import serializers from django.http import JsonResponse import json import spacy from wxauto import * from datetime import datetime, timedelta from .models import lisent,mission from django.db.models import CharField, Value as V, ExpressionWrapper, Func from django.db.models.functions import Concat from django.db.models import F from django.db.models.functions import Substr, StrIndex from django.db.models.expressions import RawSQL from django.utils.timezone import utc from django.utils import timezone from .GroupConcat import GroupConcat import re 以下是一段代码 @require_http_methods([“POST”]) def showgeneralize(request): result={} uid = request.POST.get(‘id’) try: # 检索数据并按 mtype 分组 missions = mission.objects.filter(mresult=0, uid=uid).order_by(‘mtype’) grouped_missions = {} for mission_item in missions: mtype = mission_item.mtype if mtype not in grouped_missions: grouped_missions[mtype] = { ‘clientnames’: [mission_item.clientname], # 初始化并加入当前clientname ‘mquantitys’: [mission_item.mquantity] # 初始化并加入当前mquantity } else: grouped_missions[mtype][‘clientnames’].append(mission_item.clientname) grouped_missions[mtype][‘mquantitys’].append(mission_item.mquantity) # 拼接 clientname 字符串 result_list = [] for mtype, details in grouped_missions.items(): clientnames_str = ', '.join(details[‘clientnames’]) quantitys_str = ', '.join(details[‘mquantitys’]) result_list.append({ ‘mtype’: mtype, ‘clientname’: clientnames_str, ‘mquantity’: quantitys_str }) result[‘list’] = result_list result[‘msg’] = ‘success’ except Exception as e: result[‘msg’] = ‘错误’ result[‘error’] = str(e) return JsonResponse(result) 数据库使用本地MySQL,以下是settings.py from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-$q7#%afr7m)df6+dlwb&s3y61&t%=-8c9m(gvv4vi@k#-!oya*' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = [] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'api_test', 'login', 'wx', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', #'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] CORS_ORIGIN_ALLOW_ALL = True ROOT_URLCONF = 'project.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'project.wsgi.application' DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'wechat', 'USER':'root', 'PASSWORD':'1234', 'HOST':'127.0.0.1', } } AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_TZ = True STATIC_URL = 'static/' DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' 以下是models.py内容 from django.db import models # Create your models here. # 监听表 class lisent(models.Model): lesientname=models.CharField(max_length=20) uid=models.IntegerField() # 事务表 class mission(models.Model): id = models.AutoField(primary_key=True) missiontalk=models.CharField(max_length=200) uid=models.IntegerField() clientname=models.CharField(max_length=20) # # 类型 mtype=models.CharField(max_length=20) # 处理结果: # 0:未处理 # 1:完成任务 # 2:拒绝/未完成 # 3:忽略 mresult=models.PositiveSmallIntegerField() mtime = models.DateTimeField(auto_now_add=True) # 数目 mquantity = models.CharField(max_length=20,null = True) manswer=models.CharField(max_length=200,null = True) 现在要把项目发给其他设备使用,假设其他设备的使用者不会安装任何环境(MySQL和python等),也没有耐心输入网址,只想一键启动,我该如何处理项目,使得客户拿到手后能够直接一键使用
最新发布
07-04
项目目录结构:-project/- manage.py-... (其他Django项目文件)-db.sqlite3- data.json (备份,可选)- requirements.txt-python/(便携版Python)- vcredist_x64.exe-start.bat8.用户操作:解压后双击`start.bat`。...
kubernetes1.11开启swagger-ui
graysonfan程序人生
11-09 3779
kubernetes1.8开启swagger-ui 现在的版本默认只开启了6443安全端口,需要证书验证才能访问api,实现起来稍微有点麻烦,这里提供一个简单的方法。 先来看看官方说明: Complete API details are documented using Swagger v1.2 and OpenAPI. The Kubernetes apiserver (aka “master”...
2020.12.17课堂笔记(HBase分布式环境搭建)
超可爱慕之
12-17 542
HBase分布式环境搭建 一、HBase分布式环境安装 1.1 Zookeeper正常部署启动 首先保证Zookeeper集群的正常部署,并启动: [root@hadoop102 zookeeper]$ $ZK_HOME/bin/zkServer.sh start [root@hadoop103 zookeeper]$ $ZK_HOME/bin/zkServer.sh start [root@hadoop104 zookeeper]$ $ZK_HOME/bin/zkServer.sh start 1.2
github操作, 解决坑点的总结(持续更新...)
weixin_36888577的博客
05-08 2160
文章目录本地新建一个仓库要push到github上git pull拒绝合并无关历史git pull: 当前分之没有跟踪信息想要统计github仓库代码每次git clone过慢每次提交都要输用户名和密码git 的撤销操作 本地新建一个仓库要push到github上 在github上创建一个同名空仓库 在本地仓库中执行 : $: git init $: git add $: git commi......
Win10 提示你不能访问此共享文件夹,因为你组织的安全策略阻止未经身份验证的来宾访问
AndyYang2017的博客
04-15 1万+
1、以前的方法都不凑效了,可以试试这个方法 windows + R 打开运行 输入 regedit 打开注册表。 计算机 \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters 将AllowInsecureGuestAuth设置为1 计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation,
Chrome浏览器启动参数大全(命令行参数)
bigcarp的专栏
11-04 4万+
前言 在开发Web项目当中,浏览器必不可少,而浏览器的启动参数可以帮我们实现很多功能。 常用参数 常用参数请参考下表。 序号 参数 说明 1 --allow-outdated-plugins 不停用过期的插件。 2 --allow-running-insecure-content 默认情况下,https 页面不允许从 http 链接引用 javascript/css/plug-ins。添加这一参数会放行这些内容。 3 --allow-scri
Git之深入解析子模块提交冲突的问题
╰つ栺尖篴夢ゞ
03-29 3413
开发的时候,更新项目,使用 git submodule 进行 update,可能会出现下面的错误信息: # 子模块更新报错 $ git submodule update Submodule path 'project1': checked out 'f0246e6589fcb0f80e62f99c5ac39cfb397aff9d' Another git process seems to be running in this repository, e.g. an editor opened by '.
FileZilla - The free FTP solution
程永强
09-05 979
FileZilla - The free FTP solution
更改setting文件的mirror_Maven settings.xml文件中的Mirror是什么?
weixin_39969448的博客
12-21 284
Correct me if I'm wrong, but a Mirror is used to redirect all traffic to a specific repository URL and block everything else (including Maven central repo).Now what if I have a Mirror to http://a.com:...
zecloud 大端口连接设置
peter_cloud的专栏
06-11 981
zecloud lvolume set tvol server.allow-insecure on 其中tvol是卷的名字
alertmanager中--cluster.allow-insecure-public-advertise-address-discovery做什么的
09-16
`--cluster.allow-insecure-public-advertise-address-discovery` 选项是 Alertmanager 集群中的一个命令行选项,用于允许节点的公共 IP 地址被不安全地发现并且广播。 在使用集群模式时,Alertmanager 节点需要...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值