I am not really good at gluster as I just started using this yesterday.
I have 2 servers. Both are running glusterfs-servers.
From server 1: I run sudo glusterfs peer probe server2
and it is added to the cluster. There was no questions asked. I did nothing to tell server2 to allow server1 to add it to the cluster. Does not make sense to me.
This confuses me. I mean, what if someone adds my glusterfs servers to their cluster. Seemed like there was absolutely no security. It is insane and I do not get it.
Best Answer
TL,DR: Adding servers to the cluster (called pool) is safe, because a 3rd party cannot join an existing cluster on it's own, it needs to be invited from within. But make sure to restrict which clients can mount the volumes and encrypt the connections.
I had this question myself so I went to take a look at the documentation.
When you are creating a new cluster, you start on one server and add others using
gluster peer probe OTHER_SERVER
. Additional security isn't strictly required, because you are adding new, uninitialized glusterfs servers. (Unless you leave a freshly installed, uninitialized gluster running with public access - then you are in trouble).So what prevents an attacker from joining your existing cluster? The key is the following paragraph:
As the documentation says, a 3rd party/adversary cannot join your cluster, it needs to be invited from within.
Note that clients do not need to be in the pool to mount the volumes.
Gluster also provides other security mechanisms to restrict access to data and to mitigate against related attacks:
gluster volume set VOL_NAME auth.allow IP1,IP2
So if the volumes are not meant to be public:
auth.allow
(auth.ssl-allow
for TLS) for finer control on the volume level.