Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

9.3. Configuring Network Encryption for an existing Trusted Storage Pool

You can configure network encryption for an existing Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption.

9.3.1. Enabling I/O encryption for a Volume

Enable the I/O encryption between the servers and clients:
  1. Unmount the volume on all the clients. 
    # umount mount-point
  2. Stop the volume. 
    # gluster volume stop VOLNAME
  3. Set the list of common names for clients allowed to access the volume. Be sure to include the common names of all the servers. 
    # gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
  4. Enable client.ssl and server.ssl on the volume. 
    # gluster volume set VOLNAME client.ssl on
# gluster volume set VOLNAME server.ssl on
  5. Start the volume. 
    # gluster volume start VOLNAME
  6. Mount the volume from the new clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs

9.3.2. Enabling Management Encryption

Though, Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, management encryption is recommended. On an existing installation, with running servers and clients, schedule a downtime of volumes, applications, clients, and other end-users to enable management encryption.
You cannot currently change between unencrypted and encrypted connections dynamically. Bricks and other local services on the servers and clients do not receive notifications from glusterd if they are running when the switch to management encryption is made.
  1. Unmount the volume on all the clients. 
    # umount mount-point
  2. Stop all the volumes. 
    # gluster volume stop VOLNAME
  3. Stop glusterd on all servers. 
    # service glusterd stop
  4. Stop all gluster-related processes on all servers. 
    # pkill glusterfs
  5. Create the /var/lib/glusterd/secure-access file on all servers and clients. 
    # touch /var/lib/glusterd/secure-access
  6. Start glusterd on all the servers. 
    # service glusterd start
  7. Start all the volumes 
    # gluster volume start VOLNAME
  8. Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.