이 콘텐츠는 선택한 언어로 제공되지 않습니다.
22.4. Enabling Management Encryption
Prerequisites
- Enabling management encryption requires that storage servers are offline. Schedule an outage window for volumes, applications, clients, and other end users before beginning this process. Be aware that features such as snapshots and geo-replication may also be affected by this outage.
Procedure 22.7. Enabling management encryption
Prepare to enable encryption
Unmount all volumes from all clients
Run the following command on each client, for each volume mounted on that client.umount mount-point
# umount mount-point
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Stop NFS Ganesha or SMB services, if used
Run the following command on any gluster server to disable NFS-Ganesha.systemctl stop nfs-ganesha
# systemctl stop nfs-ganesha
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the following command on any gluster server to stop SMB.systemctl stop ctdb
# systemctl stop ctdb
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Unmount shared storage, if used
Run the following command on all servers to unmount shared storage.umount /var/run/gluster/shared_storage
# umount /var/run/gluster/shared_storage
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Important
Features that require shared storage, such as snapshots and geo-replication, may not work until after this process is complete.Stop all volumes
Run the following command on any server to stop all volumes, including the shared storage volume.for vol in `gluster volume list`; do gluster --mode=script volume stop $vol; sleep 2s; done
# for vol in `gluster volume list`; do gluster --mode=script volume stop $vol; sleep 2s; done
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Stop gluster services on all servers
For Red Hat Enterprise Linux 7 based installations:systemctl stop glusterd pkill glusterfs
# systemctl stop glusterd # pkill glusterfs
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For Red Hat Enterprise Linux 6 based installations:service glusterd stop pkill glusterfs
# service glusterd stop # pkill glusterfs
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Important
Bug 1635071 may cause glusterd to crash during shutdown, but there is no functionality impact to this crash. See Resolving glusterd crash for details.
Create and edit the secure-access file on all servers and clients
Create a new/var/lib/glusterd/secure-access
file. This file can be empty if you are using the default settings.touch /var/lib/glusterd/secure-access
# touch /var/lib/glusterd/secure-access
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Your Certificate Authority may require changes to the SSL certificate depth setting,transport.socket.ssl-cert-depth
, in order to work correctly. To edit this setting, add the following line to thesecure-access
file, replacing n with the certificate depth required by your Certificate Authority.echo "option transport.socket.ssl-cert-depth n" > /var/lib/glusterd/secure-access
echo "option transport.socket.ssl-cert-depth n" > /var/lib/glusterd/secure-access
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Clean up after configuring management encryption
Start the glusterd service on all servers
For Red Hat Enterprise Linux 7 based installations:systemctl start glusterd
# systemctl start glusterd
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For Red Hat Enterprise Linux 6 based installations:service glusterd start
# service glusterd start
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Start all volumes
Run the following command on any host to start all volumes including shared storage.for vol in `gluster volume list`; do gluster --mode=script volume start $vol; sleep 2s; done
# for vol in `gluster volume list`; do gluster --mode=script volume start $vol; sleep 2s; done
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Mount shared storage, if used
Run the following command on all servers to mount shared storage.mount -t glusterfs hostname:/gluster_shared_storage /run/gluster/shared_storage
# mount -t glusterfs hostname:/gluster_shared_storage /run/gluster/shared_storage
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Restart NFS Ganesha or SMB services, if used
Run the following command on any gluster server to start NFS-Ganesha.systemctl start nfs-ganesha
# systemctl start nfs-ganesha
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the following command on any gluster server to start SMB.systemctl start ctdb
# systemctl start ctdb
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Mount volumes on clients
The process for mounting a volume depends on the protocol your client is using. The following command mounts a volume using the native FUSE protocol.mount -t glusterfs server1:/testvolume /mnt/glusterfs
# mount -t glusterfs server1:/testvolume /mnt/glusterfs
Copy to Clipboard Copied! Toggle word wrap Toggle overflow