You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug cluster.check from weed shell errors with a stack trace.
System Setup
command weed -v 4 -config_dir ./config/ shell
OS version VERSION="18.04.3 LTS (Bionic Beaver)"
output of weed versionversion 30GB 2.98 c6ec5269f4b34d79ab8e13050623501b8befda32 linux amd64
scaffold of filer.toml in use.
[leveldb2]
# local on disk, mostly for simple single-machine setup, fairly scalable# faster than previous leveldb, recommended.enabled = truedir = "./filerldb2"# directory to store level db files
Additional context
Really trying to filer.sync from an initial weed server test setup, but err from weed -config_dir ./config/ filer.sync -isActivePassive -a localhost:9999 -b localhost:8888 results in E0412 10:37:07 25622 filer_sync.go:105] sync from localhost:9999 to localhost:8888: GetFilerConfiguration localhost:9999: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake" so I'm checking the cluster is OK before getting into that error.
Also, this the security.toml note redactedN are all different hashes. If they/some need to be the same that's not in documentation I found.
# Put this file to one of the location, with descending priority# ./security.toml# $HOME/.seaweedfs/security.toml# /etc/seaweedfs/security.toml# this file is read by master, volume server, and filer# this jwt signing key is read by master and volume server, and it is used for write operations:# - the Master server generates the JWT, which can be used to write a certain file on a volume server# - the Volume server validates the JWT on writing# the jwt defaults to expire after 10 seconds.
[jwt.signing]
key = "redacted1"expires_after_seconds = 10# seconds# by default, if the signing key above is set, the Volume UI over HTTP is disabled.# by setting ui.access to true, you can re-enable the Volume UI. Despite# some information leakage (as the UI is not authenticated), this should not# pose a security risk.
[access]
ui = true# this jwt signing key is read by master and volume server, and it is used for read operations:# - the Master server generates the JWT, which can be used to read a certain file on a volume server# - the Volume server validates the JWT on reading# NOTE: jwt for read is only supported with master+volume setup. Filer does not support this mode.
[jwt.signing.read]
key = "redacted2"expires_after_seconds = 10# seconds# If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT:# - f.e. the S3 API Shim generates the JWT# - the Filer server validates the JWT on writing# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing]
key = "redacted3"expires_after_seconds = 10# seconds# If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:# - f.e. the S3 API Shim generates the JWT# - the Filer server validates the JWT on writing# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing.read]
key = "redacted4"expires_after_seconds = 10# seconds# all grpc tls authentications are mutual# the values for the following ca, cert, and key are paths to the PERM files.# the host name is not checked, so the PERM files can be shared.
[grpc]
ca = "/srv/seaweedfs/production/CertificateAuthority/out/SeaweedFS_CA.crt"# Set wildcard domain for enable TLS authentication by common namesallowed_wildcard_domain = ""# .mycompany.com
[grpc.volume]
cert = "/srv/seaweedfs/production/CertificateAuthority/out/volume01.crt"key = "/srv/seaweedfs/production/CertificateAuthority/out/volume01.key"allowed_commonNames = ""# comma-separated SSL certificate common names
[grpc.master]
cert = "/srv/seaweedfs/production/CertificateAuthority/out/master01.crt"key = "/srv/seaweedfs/production/CertificateAuthority/out/master01.key"allowed_commonNames = ""# comma-separated SSL certificate common names
[grpc.filer]
cert = "/srv/seaweedfs/production/CertificateAuthority/out/filer01.crt"key = "/srv/seaweedfs/production/CertificateAuthority/out/filer01.key"allowed_commonNames = ""# comma-separated SSL certificate common names
[grpc.msg_broker]
cert = ""key = ""allowed_commonNames = ""# comma-separated SSL certificate common names# use this for any place needs a grpc client# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert = "/srv/seaweedfs/production/CertificateAuthority/out/client01.crt"key = "/srv/seaweedfs/production/CertificateAuthority/out/client01.key"# volume server https options# Note: work in progress!# this does not work with other clients, e.g., "weed filer|mount" etc, yet.
[https.client]
enabled = true
[https.volume]
cert = ""key = ""ca = ""
[https.master]
cert = ""key = ""ca = ""
The text was updated successfully, but these errors were encountered:
Describe the bug
cluster.check
from weed shell errors with a stack trace.System Setup
weed -v 4 -config_dir ./config/ shell
VERSION="18.04.3 LTS (Bionic Beaver)"
weed version
version 30GB 2.98 c6ec5269f4b34d79ab8e13050623501b8befda32 linux amd64
filer.toml
in use.Additional context
Really trying to filer.sync from an initial weed server test setup, but err from
weed -config_dir ./config/ filer.sync -isActivePassive -a localhost:9999 -b localhost:8888
results inE0412 10:37:07 25622 filer_sync.go:105] sync from localhost:9999 to localhost:8888: GetFilerConfiguration localhost:9999: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"
so I'm checking the cluster is OK before getting into that error.Also, this the
security.toml
noteredactedN
are all different hashes. If they/some need to be the same that's not in documentation I found.The text was updated successfully, but these errors were encountered: