Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.このコンテンツは選択した言語では利用できません。
12.4. Disabling Encryption
You can disable encryption for on Container Native Storage setup in the following two scenarios:
- Disabling I/O Encryption for a Volume
- Disabling Management Encryption
12.4.1. Disabling I/O Encryption for all the Volumes
Execute the following commands to disable the I/O encryption between the servers and clients for a volume:
Note
The servers are the OpenShift nodes on which Red Hat Gluster Storage pods are running.
The clients are the remaining OpenShift nodes on which Red Hat Gluster Storage is not running.
- Stop all the application pods that have the Red Hat Gluster Storage volumes.
- Stop all the volumes.
# oc rsh <gluster_pod_name> gluster volume stop VOLNAME
- Reset all the encryption options for a volume:
# oc rsh <gluster_pod_name> gluster volume reset VOLNAME auth.ssl-allow # oc rsh <gluster_pod_name> gluster volume reset VOLNAME client.ssl # oc rsh <gluster_pod_name> gluster volume reset VOLNAME server.ssl
- Delete the files that were used for network encryption using the following command on all the OpenShift nodes:
# rm /etc/ssl/glusterfs.pem /etc/ssl/glusterfs.key /etc/ssl/glusterfs.ca
- Stop the Red Hat Gluster Storage pods.
# oc delete daemonset glusterfs
- On deletion of daemon set the pods go down. To verify if the pods are down, execute the following command:
# oc get pods
- Create the Red Hat Gluster Storage deamonset by executing the following command:
# oc process glusterfs | oc create -f -
- On creation of daemon set the pods are started. To verify if the pods are started, execute the following command:
# oc get pods
- Start the volume.
# oc rsh <gluster_pod_name> gluster volume start VOLNAME
- Start the application pods to use the I/O encrypted Red Hat Gluster Storage volumes.
12.4.2. Disabling Management Encryption
You cannot currently change between unencrypted and encrypted connections dynamically. Bricks and other local services on the servers and clients do not receive notifications from glusterd if they are running when the switch to management encryption is made.
Execute the following commands to disable the management encryption
- Stop all the application pods that have the Red Hat Gluster Storage volumes.
- Stop all the volumes.
# oc rsh <gluster_pod_name> gluster volume stop VOLNAME
- Stop the Red Hat Gluster Storage pods.
# oc delete daemonset glusterfs
- On deletion of daemon set the pods go down. To verify if the pods are down, execute the following command:
# oc get pods
- Delete the /var/lib/glusterd/secure-access file on all OpenShift nodes to disable management encryption.
# rm /var/lib/glusterd/secure-access
- Delete the files that were used for network encryption using the following command on all the OpenShift nodes:
# rm /etc/ssl/glusterfs.pem /etc/ssl/glusterfs.key /etc/ssl/glusterfs.ca
- Create the Red Hat Gluster Storage deamonset by executing the following command:
# oc process glusterfs | oc create -f -
- On creation of daemon set the pods are started. To verify if the pods are started, execute the following command:
# oc get pods
- Start all the volumes.
# oc rsh <gluster_pod_name> gluster volume start VOLNAME
- Start the application pods to use the management encrypted Red Hat Gluster Storage.
