Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
9.2. Configuring Network Encryption for a New Trusted Storage Pool
You can configure network encryption for a new Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption. This section assumes that you have installed Red Hat Gluster Storage on the servers and the clients, but has never been run.
9.2.1. Enabling Management Encryption
Copiar enlaceEnlace copiado en el portapapeles!
Though Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, it is recommended to have management encryption. If you want to enable SSL only on the I/O path, skip this section and proceed with Section 9.2.2, “Enabling I/O encryption for a Volume”.
On Servers
Perform the following on all the servers
- Create the
/var/lib/glusterd/secure-accessfile.# touch /var/lib/glusterd/secure-access - Start
glusterdon all servers.# service glusterd start - Setup the trusted storage pool by running appropriate peer probe commands. For more information on setting up the trusted storage pool, see Chapter 5, Trusted Storage Pools
On Clients
Perform the following on all the client machines
- Create the
/var/lib/glusterd/secure-accessfile.# touch /var/lib/glusterd/secure-access - Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command:
# mount -t glusterfs server1:/test-volume /mnt/glusterfs
9.2.2. Enabling I/O encryption for a Volume
Copiar enlaceEnlace copiado en el portapapeles!
Enable the I/O encryption between the servers and clients:
- Create the volume, but do not start it.
- Set the list of common names of all the servers to access the volume. Be sure to include the common names of clients which will be allowed to access the volume..
# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3' - Enable the
client.sslandserver.ssloptions on the volume.# gluster volume set VOLNAME client.ssl on # gluster volume set VOLNAME server.ssl on - Start the volume.
# gluster volume start VOLNAME - Mount the volume on all the clients which has been authorized. For example, to manually mount a volume and access data using Native client, use the following command:
# mount -t glusterfs server1:/test-volume /mnt/glusterfs
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}