Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
22.4. Expanding Volumes
In a network encrypted Red Hat Gluster Storage trusted storage pool, you must ensure that you meet the prerequisites listed at Section 22.1, “Prerequisites”.
22.4.1. Certificate Signed with a Common Certificate Authority
Copia collegamentoCollegamento copiato negli appunti!
Adding a server to a storage pool is simple if the servers all use a common Certificate Authority.
- Copy
/etc/ssl/glusterfs.cafile from one of the existing servers and save it on the/etc/ssl/directory on the new server. - If you are using management encryption, create
/var/lib/glusterd/secure-accessfile.touch /var/lib/glusterd/secure-access
# touch /var/lib/glusterd/secure-accesstouch /var/lib/glusterd/secure-accessCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start
glusterdon the new peerservice glusterd start
# service glusterd startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Add the common name of the new server to the
auth.ssl-allowlist for all volumes which have encryption enabled.gluster volume set VOLNAME auth.ssl-allow servernew
# gluster volume set VOLNAME auth.ssl-allow servernewgluster volume set VOLNAME auth.ssl-allow servernewgluster volume set VOLNAME auth.ssl-allow servernewgluster volume set VOLNAME auth.ssl-allow servernewCopy to Clipboard Copied! Toggle word wrap Toggle overflow Note
Thegluster volume setcommand does not append to existing values of the options. To append the new name to the list, get the existing list usinggluster volume infocommand, append the new name to the list and set the option again usinggluster volume setcommand. - Run gluster peer probe [server] to add additional servers to the trusted storage pool. For more information on adding servers to the trusted storage pool, see Chapter 4, Adding Servers to the Trusted Storage Pool .
22.4.2. Self-signed Certificates
Copia collegamentoCollegamento copiato negli appunti!
Using self-signed certificates would require a downtime of servers to add a new server into the trusted storage pool, as the CA list cannot be dynamically reloaded. To add a new server:
- Generate the private key and self-signed certificate on the new server using the steps listed at Section 22.1, “Prerequisites”.
- Copy the following files:
- On an existing server, copy the
/etc/ssl/glusterfs.cafile, append the content of new server's certificate to it, and distribute it to all servers, including the new server. - On an existing client, copy the
/etc/ssl/glusterfs.ca file, append the content of the new server's certificate to it, and distribute it to all clients.
- Stop all gluster-related processes on all servers.
pkill glusterfs
# pkill glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Create the
/var/lib/glusterd/secure-accessfile on the server if management encryption is enable in the trusted storage pool. - Start
glusterdon the new peerservice glusterd start
# service glusterd startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Add the common name of the new server to the
auth.ssl-allowlist for all volumes which have encryption enabled.Note
If you setauth.ssl-allowoption with*as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to*or provide common names of clients as well as the nodes in the trusted storage pool. - Restart all the glusterfs processes on existing servers and clients by performing the following .
- Unmount the volume on all the clients.
umount mount-point
# umount mount-pointumount mount-pointCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop all volumes.
gluster volume stop VOLNAME
# gluster volume stop VOLNAMEgluster volume stop VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart glusterd on all the servers.
service glusterd start
# service glusterd startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the volumes
gluster volume start VOLNAME
# gluster volume start VOLNAMEgluster volume start VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command:
mount -t glusterfs server1:/test-volume /mnt/glusterfs
# mount -t glusterfs server1:/test-volume /mnt/glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
- Peer probe the new server to add it to the trusted storage pool. For more information on peer probe, see Chapter 4, Adding Servers to the Trusted Storage Pool
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}