Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

4.4. 在外部模式部署后禁用加密

先决条件

  • OpenShift Data Foundation 被部署并创建一个存储集群。
  • 为外部模式集群启用加密功能。

流程

从 Red Hat Ceph Storage 集群中删除加密设置

  1. 删除并检查转换中的加密。 

    [root@ceph-client ~]# ceph config rm global ms_client_mode
[root@ceph-client ~]# ceph config rm global ms_cluster_mode
[root@ceph-client ~]# ceph config rm global ms_service_mode
[root@ceph-client ~]# ceph config rm global rbd_default_map_options

[root@ceph-client ~]# ceph config dump | grep ms_
[root@ceph-client ~]#
    Copy to Clipboard Toggle word wrap

  2. 重新启动所有 Ceph 守护进程。 

    [root@ceph-client ~]# ceph orch ls --format plain | tail -n +2 | awk '{print $1}' | xargs -I {} ceph orch restart {}
Scheduled to restart alertmanager.osd-0 on host 'osd-0'
Scheduled to restart ceph-exporter.osd-0 on host 'osd-0'
Scheduled to restart ceph-exporter.osd-2 on host 'osd-2'
Scheduled to restart ceph-exporter.osd-3 on host 'osd-3'
Scheduled to restart ceph-exporter.osd-1 on host 'osd-1'
Scheduled to restart crash.osd-0 on host 'osd-0'
Scheduled to restart crash.osd-2 on host 'osd-2'
Scheduled to restart crash.osd-3 on host 'osd-3'
Scheduled to restart crash.osd-1 on host 'osd-1'
Scheduled to restart grafana.osd-0 on host 'osd-0'
Scheduled to restart mds.fsvol001.osd-0.lpciqk on host 'osd-0'
Scheduled to restart mds.fsvol001.osd-2.wocnxz on host 'osd-2'
Scheduled to restart mgr.osd-0.dtkyni on host 'osd-0'
Scheduled to restart mgr.osd-2.kqcxwu on host 'osd-2'
Scheduled to restart mon.osd-2 on host 'osd-2'
Scheduled to restart mon.osd-3 on host 'osd-3'
Scheduled to restart mon.osd-1 on host 'osd-1'
Scheduled to restart node-exporter.osd-0 on host 'osd-0'
Scheduled to restart node-exporter.osd-2 on host 'osd-2'
Scheduled to restart node-exporter.osd-3 on host 'osd-3'
Scheduled to restart node-exporter.osd-1 on host 'osd-1'
Scheduled to restart osd.1 on host 'osd-0'
Scheduled to restart osd.4 on host 'osd-0'
Scheduled to restart osd.0 on host 'osd-2'
Scheduled to restart osd.5 on host 'osd-2'
Scheduled to restart osd.2 on host 'osd-3'
Scheduled to restart osd.6 on host 'osd-3'
Scheduled to restart osd.3 on host 'osd-1'
Scheduled to restart osd.7 on host 'osd-1'
Scheduled to restart prometheus.osd-0 on host 'osd-0'
Scheduled to restart rgw.rgw.ssl.osd-1.smzpfj on host 'osd-1'
    Copy to Clipboard Toggle word wrap 
    [root@ceph-client ~]# ceph orch ps
NAME                       HOST   PORTS             STATUS          REFRESHED  AGE  MEM USE  MEM LIM  VERSION           IMAGE ID      CONTAINER ID
alertmanager.osd-0         osd-0  *:9093,9094       running (116s)     9s ago  10h    19.5M        -  0.26.0            7dbf12091920  4694a72d4bbd
ceph-exporter.osd-0        osd-0                    running (19s)      9s ago  10h    7310k        -  18.2.1-229.el9cp  3fd804e38f5b  49bdc7d99471
ceph-exporter.osd-1        osd-1                    running (97s)     26s ago  10h    7285k        -  18.2.1-229.el9cp  3fd804e38f5b  7000d59d23b4
ceph-exporter.osd-2        osd-2                    running (76s)     26s ago  10h    7306k        -  18.2.1-229.el9cp  3fd804e38f5b  3907515cc352
ceph-exporter.osd-3        osd-3                    running (49s)     26s ago  10h    6971k        -  18.2.1-229.el9cp  3fd804e38f5b  3f3952490780
crash.osd-0                osd-0                    running (17s)      9s ago  10h    6878k        -  18.2.1-229.el9cp  3fd804e38f5b  38e041fb86e3
crash.osd-1                osd-1                    running (96s)     26s ago  10h    6895k        -  18.2.1-229.el9cp  3fd804e38f5b  21ce3ef7d896
crash.osd-2                osd-2                    running (74s)     26s ago  10h    6899k        -  18.2.1-229.el9cp  3fd804e38f5b  210ca9c8d928
crash.osd-3                osd-3                    running (47s)     26s ago  10h    6899k        -  18.2.1-229.el9cp  3fd804e38f5b  710d42d9d138
grafana.osd-0              osd-0  *:3000            running (114s)     9s ago  10h    72.9M        -  10.4.0-pre        f142b583a1b1  3dc5e2248e95
mds.fsvol001.osd-0.qjntcu  osd-0                    running (99s)      9s ago  10h    17.5M        -  18.2.1-229.el9cp  3fd804e38f5b  50efa881c04b
mds.fsvol001.osd-2.qneujv  osd-2                    running (51s)     26s ago  10h    15.3M        -  18.2.1-229.el9cp  3fd804e38f5b  a306f2d2d676
mgr.osd-0.zukgyq           osd-0  *:9283,8765,8443  running (21s)      9s ago  10h     442M        -  18.2.1-229.el9cp  3fd804e38f5b  8ef9b728675e
mgr.osd-1.jqfyal           osd-1  *:8443,9283,8765  running (92s)     26s ago  10h     480M        -  18.2.1-229.el9cp  3fd804e38f5b  1ab52db89bfd
mon.osd-1                  osd-1                    running (90s)     26s ago  10h    41.7M    2048M  18.2.1-229.el9cp  3fd804e38f5b  88d1fe1e10ac
mon.osd-2                  osd-2                    running (72s)     26s ago  10h    31.1M    2048M  18.2.1-229.el9cp  3fd804e38f5b  02f57d3bb44f
mon.osd-3                  osd-3                    running (45s)     26s ago  10h    24.0M    2048M  18.2.1-229.el9cp  3fd804e38f5b  5e3783f2b4fa
node-exporter.osd-0        osd-0  *:9100            running (15s)      9s ago  10h    7843k        -  1.7.0             8c904aa522d0  2dae2127349b
node-exporter.osd-1        osd-1  *:9100            running (94s)     26s ago  10h    11.2M        -  1.7.0             8c904aa522d0  010c3fcd55cd
node-exporter.osd-2        osd-2  *:9100            running (69s)     26s ago  10h    17.2M        -  1.7.0             8c904aa522d0  436f2d513f31
node-exporter.osd-3        osd-3  *:9100            running (41s)     26s ago  10h    12.4M        -  1.7.0             8c904aa522d0  5579f0d494b8
osd.0                      osd-0                    running (109s)     9s ago  10h     126M    4096M  18.2.1-229.el9cp  3fd804e38f5b  997076cd39d4
osd.1                      osd-1                    running (85s)     26s ago  10h     139M    4096M  18.2.1-229.el9cp  3fd804e38f5b  08b720f0587d
osd.2                      osd-2                    running (65s)     26s ago  10h     143M    4096M  18.2.1-229.el9cp  3fd804e38f5b  104ad4227163
osd.3                      osd-3                    running (36s)     26s ago  10h    94.5M    1435M  18.2.1-229.el9cp  3fd804e38f5b  db8b265d9f43
osd.4                      osd-0                    running (104s)     9s ago  10h     164M    4096M  18.2.1-229.el9cp  3fd804e38f5b  50dcbbf7e012
osd.5                      osd-1                    running (80s)     26s ago  10h     131M    4096M  18.2.1-229.el9cp  3fd804e38f5b  63b21fe970b5
osd.6                      osd-3                    running (32s)     26s ago  10h     243M    1435M  18.2.1-229.el9cp  3fd804e38f5b  26c7ba208489
osd.7                      osd-2                    running (61s)     26s ago  10h     130M    4096M  18.2.1-229.el9cp  3fd804e38f5b  871a2b75e64f
prometheus.osd-0           osd-0  *:9095            running (12s)      9s ago  10h    44.6M        -  2.48.0            58069186198d  e49a064d2478
rgw.rgw.ssl.osd-1.bsmbgd   osd-1  *:80              running (78s)     26s ago  10h    75.4M        -  18.2.1-229.el9cp  3fd804e38f5b  d03c9f7ae4a4
    Copy to Clipboard Toggle word wrap

    修补 CR

  3. 对 storagecluster 进行补丁,以在存储集群规格中启用为 false 

    $ oc patch storagecluster ocs-external-storagecluster -n openshift-storage --type json --patch  '[{ "op": "replace", "path": "/spec/network", "value": {"connections": {"encryption": {"enabled": false}}} }]'
storagecluster.ocs.openshift.io/ocs-external-storagecluster patched
    Copy to Clipboard Toggle word wrap

  4. 检查配置。 

    $ oc get storagecluster
NAME                          AGE   PHASE   EXTERNAL   CREATED AT             VERSION
ocs-external-storagecluster   12h   Ready   true       2024-11-06T20:48:03Z   4.18.0
    Copy to Clipboard Toggle word wrap 
    $ oc get storagecluster ocs-external-storagecluster -o yaml | yq '.spec.network.connections'
encryption:
  enabled: false
    Copy to Clipboard Toggle word wrap

    重新挂载现有卷

    根据应用程序维护的最佳实践,您可以选择环境的最佳实践来重新挂载或重新映射卷。重新重新挂载的一种方法是删除现有应用程序 pod 并启动另一个应用程序 pod 来使用该卷。另一个选择是排空运行应用程序的节点。这样可保证卷已从当前 pod 卸载,然后挂载到新 pod,从而允许重新映射或重新挂载卷。

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat