Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

8.3. Enabling Encryption for an Existing Red Hat Openshift Container Storage Setup

You can configure network encryption for an existing Red Hat Openshift Container Storage Storage setup for both I/O encryption and management encryption.

8.3.1. Enabling I/O encryption for a Volume
링크 복사

Enable the I/O encryption between the servers and clients for a volume:

Note

The servers are the OpenShift nodes on which Red Hat Gluster Storage pods are running.
The clients are the remaining OpenShift nodes on which Red Hat Gluster Storage is not running.
  1. Stop all the application pods that have the Red Hat Gluster Storage volumes.
  2. Stop the volume. 
    # oc rsh <gluster_pod_name> gluster volume stop VOLNAME
    The gluster pod name is the name of one of the Red Hat Gluster Storage pods of the trusted storage pool to which the volume belongs.
  3. Set the list of common names for clients allowed to access the volume. Be sure to include the common names of all the servers. 
    # oc rsh <gluster_pod_name> gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'

    Note

    If you set auth.ssl-allow option with * as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to * or provide common names of clients as well as the nodes in the trusted storage pool.
  4. Enable client.ssl and server.ssl on the volume by using the following command: 
    # oc rsh <gluster_pod_name> gluster volume set VOLNAME client.ssl on
# oc rsh <gluster_pod_name> gluster volume set VOLNAME server.ssl on
  5. Start the volume. 
    # oc rsh <gluster_pod_name> gluster volume start VOLNAME
  6. Start the application pods to use the I/O encrypted Red Hat Gluster Storage volumes.

8.3.2. Enabling Management Encryption
링크 복사

Management encryption is recommended, even though, Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption. On an existing installation, with running servers and clients, schedule a downtime of volumes, applications, clients, and other end-users to enable management encryption.
You cannot currently change between unencrypted and encrypted connections dynamically. Bricks and other local services on the servers and clients do not receive notifications from glusterd if they are running when the switch to management encryption is made.
  1. Stop all the application pods that have the Red Hat Gluster Storage volumes.
  2. Stop all the volumes. 
    # oc rsh <gluster_pod_name> gluster volume stop VOLNAME
  3. Stop the Red Hat Gluster Storage pods. 
    # oc delete daemonset glusterfs
  4. On deletion of daemon set the pods go down. To verify if the pods are down, execute the following command: 
    # oc get pods
  5. Create the /var/lib/glusterd/secure-access file on all OpenShift nodes. 
    # touch /var/lib/glusterd/secure-access
  6. Create the Red Hat Gluster Storage daemonset by executing the following command:

    Note

    For Ansible deployments, the image name and the version has to be specified in the template, before executing the command. 
    # oc process glusterfs | oc create -f -
  7. On creation of daemon set the pods are started. To verify if the pods are started, execute the following command: 
    # oc get pods
  8. Start all the volumes. 
    # oc rsh <gluster_pod_name> gluster volume start VOLNAME
  9. Start the application pods to use the management encrypted Red Hat Gluster Storage.
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

Legal Notice

Theme

© 2026 Red Hat맨 위로 이동