With the change https://review.openstack.org/#/c/215173/, glusterfs_native driver mounts the GlusterFS volume on the Manila host without disabling TLS authentication. This sets the requirement for Manila host to have TLS credentials to be setup to access the GlusterFS volume.
In the create_share_from_snapshot call, the share, a GlusterFS volume, that is created from snapshot needs to retain the the TLS identities (Common Names) of the GlusterFS servers an the Manila host to allow the volume to be used by the glusterfs_native driver. Presently, this is done by retaining identities that are prefixed by 'glusterfs-server'. So the Manila host is forced to be setup with a TLS certificate having a CN prefixed by 'glusterfs-server' to allow glusterfs_native driver to create a share from snapshot. It's not OK to set such an unintuitive constraint for the CN of the TLS certificate in the Manila host.
Fix proposed to branch: master /review. openstack. org/224846
Review: https:/