20.3. Configuring Network Encryption for an existing Trusted Storage Pool
Follow this section to configure I/O and management encryption for an existing Red Hat Gluster Storage Trusted Storage Pool.
20.3.1. Enabling I/O Encryption
Follow this section to enable I/O encryption between servers and clients.
Procedure 20.6. Enabling I/O encryption
Unmount the volume from all clients
Unmount the volume by running the following command on all clients.# umount mountpoint
Stop the volume
Stop the volume by running the following command from any server.# gluster volume stop VOLNAME
Specify servers and clients to allow
Provide a list of the common names of servers and clients that are allowed to access the volume. The common names provided must be exactly the same as the common name specified when you created theglusterfs.pem
file for that server or client.# gluster volume set volname auth.ssl-allow 'server1,server2,client1,client2,client3'
This provides an additional check in case you want to leave keys in place, but temporarily restrict a client or server by removing it from this list, as shown in Section 20.7, “Deauthorizing a Client”.You can also use the default value of*
, which indicates that any TLS authenticated machine can mount and access the volume.Enable TLS/SSL encryption on the volume
Run the following command from any server to enable TLS/SSL encryption.# gluster volume set volname client.ssl on # gluster volume set volname server.ssl on
Start the volume
# gluster volume start volname
Verify
Verify that the volume can be mounted only on authorized clients. The process for mounting a volume depends on the protocol your client is using.The following command mounts a volume using the native FUSE protocol. Ensure that this command works on authorized clients, and does not work on unauthorized clients.# mount -t glusterfs server1:/testvolume /mnt/glusterfs