Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
23.2. Configuring Network Encryption for a New Trusted Storage Pool
You can configure network encryption for a new Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption. This section assumes that you have installed Red Hat Gluster Storage on the servers and the clients, but has never been run.
23.2.1. Enabling Management Encryption
Copia collegamentoCollegamento copiato negli appunti!
Though Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, it is recommended to have management encryption. If you want to enable SSL only on the I/O path, skip this section and proceed with Section 23.2.2, “Enabling I/O encryption for a Volume”.
On Servers
Perform the following on all the servers
- Create the
/var/lib/glusterd/secure-accessfile.touch /var/lib/glusterd/secure-access
# touch /var/lib/glusterd/secure-accessCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start
glusterdon all servers.service glusterd start
# service glusterd startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Setup the trusted storage pool by running appropriate peer probe commands. For more information on setting up the trusted storage pool, see Chapter 4, Adding Servers to the Trusted Storage Pool
On Clients
Perform the following on all the client machines
- Create the
/var/lib/glusterd/secure-accessfile.touch /var/lib/glusterd/secure-access
# touch /var/lib/glusterd/secure-accessCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command:
mount -t glusterfs server1:/test-volume /mnt/glusterfs
# mount -t glusterfs server1:/test-volume /mnt/glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
23.2.2. Enabling I/O encryption for a Volume
Copia collegamentoCollegamento copiato negli appunti!
Enable the I/O encryption between the servers and clients:
- Create the volume, but do not start it.
- Set the list of common names of all the servers to access the volume. Be sure to include the common names of clients which will be allowed to access the volume..
gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
# gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note
If you setauth.ssl-allowoption with*as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to*or provide common names of clients as well as the nodes in the trusted storage pool. - Enable Transport Layer Security on the volume by setting the
client.sslandserver.ssloptions toon.gluster volume set VOLNAME client.ssl on gluster volume set VOLNAME server.ssl on
# gluster volume set VOLNAME client.ssl on # gluster volume set VOLNAME server.ssl onCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the volume.
gluster volume start VOLNAME
# gluster volume start VOLNAMEgluster volume start VOLNAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow - Mount the volume on all the clients which has been authorized. For example, to manually mount a volume and access data using Native client, use the following command:
mount -t glusterfs server1:/test-volume /mnt/glusterfs
# mount -t glusterfs server1:/test-volume /mnt/glusterfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}