22.3. Configuring Network Encryption for an existing Trusted Storage Pool


Follow this section to configure I/O and management encryption for an existing Red Hat Gluster Storage Trusted Storage Pool.

22.3.1. Enabling I/O Encryption

Follow this section to enable I/O encryption between servers and clients.

Procedure 22.6. Enabling I/O encryption

  1. Unmount the volume from all clients

    Unmount the volume by running the following command on all clients.
    # umount mountpoint
  2. Stop the volume

    Stop the volume by running the following command from any server.
    # gluster volume stop VOLNAME
  3. Specify servers and clients to allow

    Provide a list of the common names of servers and clients that are allowed to access the volume. The common names provided must be exactly the same as the common name specified when you created the glusterfs.pem file for that server or client.
    # gluster volume set volname auth.ssl-allow 'server1,server2,client1,client2,client3'
    This provides an additional check in case you want to leave keys in place, but temporarily restrict a client or server by removing it from this list, as shown in Section 22.7, “Deauthorizing a Client”.
    You can also use the default value of *, which indicates that any TLS authenticated machine can mount and access the volume.
  4. Enable TLS/SSL encryption on the volume

    Run the following command from any server to enable TLS/SSL encryption.
    # gluster volume set volname client.ssl on
    # gluster volume set volname server.ssl on
  5. Start the volume

    # gluster volume start volname
  6. Verify

    Verify that the volume can be mounted only on authorized clients. The process for mounting a volume depends on the protocol your client is using.
    The following command mounts a volume using the native FUSE protocol. Ensure that this command works on authorized clients, and does not work on unauthorized clients.
    # mount -t glusterfs server1:/testvolume /mnt/glusterfs
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.