Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

23.3. Configuring Network Encryption for an existing Trusted Storage Pool

You can configure network encryption for an existing Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption.

23.3.1. Enabling I/O encryption for a Volume
リンクのコピー

Enable the I/O encryption between the servers and clients:
  1. Unmount the volume on all the clients. 
    # umount mount-pointumount mount-point
    Copy to Clipboard Toggle word wrap
  2. Stop the volume. 
    # gluster volume stop VOLNAMEgluster volume stop VOLNAME
    Copy to Clipboard Toggle word wrap
  3. Set the list of common names for clients allowed to access the volume. Be sure to include the common names of all the servers. 
    # gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
    Copy to Clipboard Toggle word wrap

    Note

    If you set auth.ssl-allow option with * as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to * or provide common names of clients as well as the nodes in the trusted storage pool.
  4. Enable Transport Layer Security on the volume by setting the client.ssl and server.ssl options to on. 
    # gluster volume set VOLNAME client.ssl on
# gluster volume set VOLNAME server.ssl on
    Copy to Clipboard Toggle word wrap
  5. Start the volume. 
    # gluster volume start VOLNAMEgluster volume start VOLNAME
    Copy to Clipboard Toggle word wrap
  6. Mount the volume from the new clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap

23.3.2. Enabling Management Encryption
リンクのコピー

Though, Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, management encryption is recommended. On an existing installation, with running servers and clients, schedule a downtime of volumes, applications, clients, and other end-users to enable management encryption.
You cannot currently change between unencrypted and encrypted connections dynamically. Bricks and other local services on the servers and clients do not receive notifications from glusterd if they are running when the switch to management encryption is made.
  1. Unmount all the volumes on all the clients. 
    # umount mount-pointumount mount-point
    Copy to Clipboard Toggle word wrap
  2. If you are using either NFS Ganesha or Samba service, then stop the service. For more information regarding NFS Ganesha see, Section 6.2.3, “NFS Ganesha” . For more information regarding Samba, see Section 6.3, “SMB”.
  3. If shared storage is being used, then unmount the shared storage on all nodes 
    # umount /var/run/gluster/shared_storage
    Copy to Clipboard Toggle word wrap

    Note

    Services dependent on shared storage, such as snapshot and geo-replication may not work until it is remounted again.
  4. Stop all the volumes including the shared storage. 
    # gluster volume stop VOLNAMEgluster volume stop VOLNAME
    Copy to Clipboard Toggle word wrap
  5. Stop glusterd on all servers. 
    # service glusterd stop
    Copy to Clipboard Toggle word wrap

    Important

    If glusterd crashes, there is no functionality impact to this crash as it occurs during the shutdown. For more information, see Section 24.3, “Resolving glusterd Crash”
  6. Stop all gluster-related processes on all servers. 
    # pkill glusterfs
    Copy to Clipboard Toggle word wrap
  7. Create the /var/lib/glusterd/secure-access file on all servers and clients. 
    # touch /var/lib/glusterd/secure-access
    Copy to Clipboard Toggle word wrap
  8. Start glusterd on all the servers. 
    # service glusterd start
    Copy to Clipboard Toggle word wrap
  9. Start all the volumes including shared storage. 
    # gluster volume start VOLNAMEgluster volume start VOLNAME
    Copy to Clipboard Toggle word wrap
  10. Mount the shared used if used earlier. 
    # mount -t glusterfs <hostname>:/gluster_shared_storage /run/gluster/shared_storagemount -t glusterfs <hostname>:/gluster_shared_storage /run/gluster/shared_storagemount -t glusterfs <hostname>:/gluster_shared_storage /run/gluster/shared_storage
    Copy to Clipboard Toggle word wrap
  11. If you are using either NFS Ganesha or Samba service, then start the service. For more information regarding NFS Ganesha see, Section 6.2.3, “NFS Ganesha”. For more information regarding Samba, see Section 6.3, “SMB”.
  12. Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap
トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat