红帽全球峰会此内容没有您所选择的语言版本。
20.7. Deauthorizing a Client
To revoke the authorization of a client to access the Red Hat Gluster Storage trusted storage pool, you can do any of the following:
- Remove an authorized client from the allowed list
- Revoke SSL/TLS certificate authorization through a certificate revocation list (CRL)
Procedure 20.12. Removing an authorized client from the allowed list
List currently authorized clients and servers
gluster volume get VOLNAME auth.ssl-allow
$ gluster volume get VOLNAME auth.ssl-allowCopy to Clipboard Copied! Toggle word wrap Toggle overflow For example, the following command shows that there are three authorized servers and five authorized clients.gluster volume get sample_volname auth.ssl-allow
$ gluster volume get sample_volname auth.ssl-allow server1,server2,server3,client1,client2,client3,client4,client5Copy to Clipboard Copied! Toggle word wrap Toggle overflow Remove clients to deauthorize from the output
For example, if you want to deauthorize client2 and client4, copy the string and remove those clients from the list.server1,server2,server3,client1,client3,client5
server1,server2,server3,client1,client3,client5Copy to Clipboard Copied! Toggle word wrap Toggle overflow Set the new list of authorized clients and servers
Set the value ofauth.ssl-allowto your updated string.gluster volume set VOLNAME auth.ssl-allow <list_of_systems>
$ gluster volume set VOLNAME auth.ssl-allow <list_of_systems>Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example, the updated list shows three servers and three clients.gluster volume set sample_volname auth.ssl-allow server1,server2,server3,client1,client3,client5
$ gluster volume set sample_volname auth.ssl-allow server1,server2,server3,client1,client3,client5Copy to Clipboard Copied! Toggle word wrap Toggle overflow
To protect the cluster from malicious or unauthorized network entities, you can specify a path to a directory containing SSL certificate revocation list (CRL) using the
ssl.crl-path option. The path containing the list of revoked certificates enables server nodes to stop the nodes with revoked certificates from accessing the cluster.
For example, you can provide the path to a directory containing CRL with the
volume set command as follows:
gluster volume set vm-images ssl.crl-path /etc/ssl/
$ gluster volume set vm-images ssl.crl-path /etc/ssl/Note
Only the CA signed certificates can be revoked and not the self-signed certificates
To set up the CRL files, perform the following:
- Copy the CRL files to a directory.
- Change directory to the directory containing CRL files.
- Compute hashes to the CRL files using the
c_rehashutility.c_rehash .
$ c_rehash .Copy to Clipboard Copied! Toggle word wrap Toggle overflow The hash and symbolic linking can be done using thec_rehashutility, which is available through theopenssl-perlRPM. The name of the symbolic link must be the hash of the Common Name. For more information, see thecrlman page. - Set the
ssl.crl-pathvolume option.gluster volume set VOLNAME ssl.crl-path path-to-directory
$ gluster volume set VOLNAME ssl.crl-path path-to-directoryCopy to Clipboard Copied! Toggle word wrap Toggle overflow where, path-to-directory has to be an absolute name of the directory that hosts the CRL files.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}