Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

23.2. Configuring Network Encryption for a New Trusted Storage Pool

You can configure network encryption for a new Red Hat Gluster Storage Trusted Storage Pool for both I/O encryption and management encryption. This section assumes that you have installed Red Hat Gluster Storage on the servers and the clients, but has never been run.

23.2.1. Enabling Management Encryption
复制链接

Though Red Hat Gluster Storage can be configured only for I/O encryption without using management encryption, it is recommended to have management encryption. If you want to enable SSL only on the I/O path, skip this section and proceed with Section 23.2.2, “Enabling I/O encryption for a Volume”.
On Servers

Perform the following on all the servers

  1. Create the /var/lib/glusterd/secure-access file. 
    # touch /var/lib/glusterd/secure-access
    Copy to Clipboard Toggle word wrap
  2. Start glusterd on all servers. 
    # service glusterd start
    Copy to Clipboard Toggle word wrap
  3. Setup the trusted storage pool by running appropriate peer probe commands. For more information on setting up the trusted storage pool, see Chapter 4, Adding Servers to the Trusted Storage Pool
On Clients

Perform the following on all the client machines

  1. Create the /var/lib/glusterd/secure-access file. 
    # touch /var/lib/glusterd/secure-access
    Copy to Clipboard Toggle word wrap
  2. Mount the volume on all the clients. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap

23.2.2. Enabling I/O encryption for a Volume
复制链接

Enable the I/O encryption between the servers and clients:
  1. Create the volume, but do not start it.
  2. Set the list of common names of all the servers to access the volume. Be sure to include the common names of clients which will be allowed to access the volume.. 
    # gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'gluster volume set VOLNAME auth.ssl-allow 'server1,server2,server3,client1,client2,client3'
    Copy to Clipboard Toggle word wrap

    Note

    If you set auth.ssl-allow option with * as value, any TLS authenticated clients can mount and access the volume from the application side. Hence, you set the option's value to * or provide common names of clients as well as the nodes in the trusted storage pool.
  3. Enable Transport Layer Security on the volume by setting the client.ssl and server.ssl options to on. 
    # gluster volume set VOLNAME client.ssl on
# gluster volume set VOLNAME server.ssl on
    Copy to Clipboard Toggle word wrap
  4. Start the volume. 
    # gluster volume start VOLNAMEgluster volume start VOLNAME
    Copy to Clipboard Toggle word wrap
  5. Mount the volume on all the clients which has been authorized. For example, to manually mount a volume and access data using Native client, use the following command: 
    # mount -t glusterfs server1:/test-volume /mnt/glusterfs
    Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat