Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

22.2. Configuring Network Encryption for a New Trusted Storage Pool

You can configure network encryption for a new Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption. This section assumes that you have installed Red Hat Gluster Storage on the servers and the clients, but has never been run.

22.2.1. Enabling Management Encryption
링크 복사

Though Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, it is recommended to have management encryption. If you want to enable SSL only on the I/O path, skip this section and proceed with Section 22.2.2, “Enabling I/O encryption for a Volume”.
On Servers

Perform the following on all the servers

  1. Create the /var/lib/glusterd/secure-access file. 
    # touch /var/lib/glusterd/secure-access
    Copy to Clipboard Toggle word wrap
  2. Start glusterd on all servers. 
    # service glusterd start
    Copy to Clipboard Toggle word wrap
  3. Setup the trusted storage pool by running appropriate peer probe commands. For more information on setting up the trusted storage pool, see Chapter 4, Adding Servers to the Trusted Storage Pool
On Clients

Perform the following on all the client machines

  1. Create the /var/lib/glusterd/secure-access file. 
    # touch /var/lib/glusterd/secure-access
    Copy to Clipboard Toggle word wrap
  2. Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap

22.2.2. Enabling I/O encryption for a Volume
링크 복사

Enable the I/O encryption between the servers and clients:
  1. Create the volume, but do not start it.
  2. Set the list of common names of all the servers to access the volume. Be sure to include the common names of clients which will be allowed to access the volume.. 
    # gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
    Copy to Clipboard Toggle word wrap

    Note

    If you set auth.ssl-allow option with * as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to * or provide common names of clients as well as the nodes in the trusted storage pool.
  3. Enable the client.ssl and server.ssl options on the volume. 
    # gluster volume set VOLNAME client.ssl on
# gluster volume set VOLNAME server.ssl on
    Copy to Clipboard Toggle word wrap
  4. Start the volume. 
    # gluster volume start VOLNAME
    Copy to Clipboard Toggle word wrap
  5. Mount the volume on all the clients which has been authorized. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat