Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
9.3. Configuring Network Encryption for an existing Trusted Storage Pool
You can configure network encryption for an existing Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption.
9.3.1. Enabling I/O encryption for a Volume
Copia collegamentoCollegamento copiato negli appunti!
Enable the I/O encryption between the servers and clients:
- Unmount the volume on all the clients.
umount mount-point
# umount mount-point# umount mount-pointCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop the volume.
gluster volume stop VOLNAME
# gluster volume stop VOLNAME# gluster volume stop VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Set the list of common names for clients allowed to access the volume. Be sure to include the common names of all the servers.
gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Enable
client.sslandserver.sslon the volume.gluster volume set VOLNAME client.ssl on gluster volume set VOLNAME server.ssl on
# gluster volume set VOLNAME client.ssl on # gluster volume set VOLNAME server.ssl onCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the volume.
gluster volume start VOLNAME
# gluster volume start VOLNAME# gluster volume start VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the volume from the new clients. For example, to manually mount a volume and access data using Native client, use the following command:
mount -t glusterfs server1:/test-volume /mnt/glusterfs
# mount -t glusterfs server1:/test-volume /mnt/glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
9.3.2. Enabling Management Encryption
Copia collegamentoCollegamento copiato negli appunti!
Though, Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, management encryption is recommended. On an existing installation, with running servers and clients, schedule a downtime of volumes, applications, clients, and other end-users to enable management encryption.
You cannot currently change between unencrypted and encrypted connections dynamically. Bricks and other local services on the servers and clients do not receive notifications from
glusterd if they are running when the switch to management encryption is made.
- Unmount the volume on all the clients.
umount mount-point
# umount mount-point# umount mount-pointCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop all the volumes.
gluster volume stop VOLNAME
# gluster volume stop VOLNAME# gluster volume stop VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop
glusterdon all servers.service glusterd stop
# service glusterd stopCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop all gluster-related processes on all servers.
pkill glusterfs
# pkill glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Create the
/var/lib/glusterd/secure-accessfile on all servers and clients.touch /var/lib/glusterd/secure-access
# touch /var/lib/glusterd/secure-accessCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start
glusterdon all the servers.service glusterd start
# service glusterd startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start all the volumes
gluster volume start VOLNAME
# gluster volume start VOLNAME# gluster volume start VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command:
mount -t glusterfs server1:/test-volume /mnt/glusterfs
# mount -t glusterfs server1:/test-volume /mnt/glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}