第 4 章 在部署后启用和禁用加密

流程

1. 对 storagecluster 进行补丁，将启用 为 true 的加密添加到存储集群 spec 中：

   $ oc patch storagecluster ocs-storagecluster -n openshift-storage --type json --patch  '[{ "op": "replace", "path": "/spec/network", "value": {"connections": {"encryption": {"enabled": true}}} }]'
   storagecluster.ocs.openshift.io/ocs-storagecluster patched

   Copy to Clipboard Toggle word wrap

2. 检查配置。

   $ oc get storagecluster ocs-storagecluster -n openshift-storage -o yaml | yq ‘.spec.network’
   connections:
     encryption:
       enabled: true

   Copy to Clipboard Toggle word wrap

3. 等待大约 10 分钟，让 ceph 守护进程重启，然后检查 pod。

   $ oc get pods -n openshift-storage | grep rook-ceph
   rook-ceph-crashcollector-ip-10-0-2-111.ec2.internal-796ffcm9kn9   1/1     Running     0          5m11s
   rook-ceph-crashcollector-ip-10-0-27-61.ec2.internal-854b4d8sk5z   1/1     Running     0          5m9s
   rook-ceph-crashcollector-ip-10-0-33-53.ec2.internal-589d9f4f8vx   1/1     Running     0          5m7s
   rook-ceph-exporter-ip-10-0-2-111.ec2.internal-6d48cdc5fd-2tmsl    1/1     Running     0          5m9s
   rook-ceph-exporter-ip-10-0-27-61.ec2.internal-546c66c7cc-9lnpz    1/1     Running     0          5m7s
   rook-ceph-exporter-ip-10-0-33-53.ec2.internal-b5555994c-x8mzz     1/1     Running     0          5m5s
   rook-ceph-mds-ocs-storagecluster-cephfilesystem-a-7bd754f6vwps2   2/2     Running     0          4m56s
   rook-ceph-mds-ocs-storagecluster-cephfilesystem-b-6cc5cc647c78m   2/2     Running     0          4m30s
   rook-ceph-mgr-a-6f8467578d-f8279                                  3/3     Running     0          3m40s
   rook-ceph-mgr-b-66754d99cf-9q58g                                  3/3     Running     0          3m27s
   rook-ceph-mon-a-75bc5dd655-tvdqf                                  2/2     Running     0          4m7s
   rook-ceph-mon-b-6b6d4d9b4c-tjbpz                                  2/2     Running     0          4m55s
   rook-ceph-mon-c-7456bb5f67-rtwpj                                  2/2     Running     0          4m32s
   rook-ceph-operator-7b5b9cdb9b-tvmb6                               1/1     Running     0          45m
   rook-ceph-osd-0-b78dd99f6-n4wbm                                   2/2     Running     0          3m3s
   rook-ceph-osd-1-5887bf6d8d-2sncc                                  2/2     Running     0          2m39s
   rook-ceph-osd-2-784b59c4c8-44phh                                  2/2     Running     0          2m14s
   rook-ceph-osd-prepare-a075cf185c9b2e5d92ec3f7769565e38-ztrms      0/1     Completed   0          42m
   rook-ceph-osd-prepare-b4b48dc5e3bef99ab377e2a255a9142a-mvgnd      0/1     Completed   0          42m
   rook-ceph-osd-prepare-fae2ea2ad4aacbf62010ae5b60b87f57-6t9l5      0/1     Completed   0          42m

   Copy to Clipboard Toggle word wrap

   $ oc get storagecluster -n openshift-storage
   NAME                 AGE   PHASE   EXTERNAL   CREATED AT             VERSION
   ocs-storagecluster   27m   Ready              2024-11-06T16:15:26Z   4.18.0

   Copy to Clipboard Toggle word wrap

4. 重新挂载现有卷。

   根据应用程序维护的最佳实践，您可以选择环境的最佳实践来重新挂载或重新映射卷。重新重新挂载的一种方法是删除现有应用程序 pod 并启动另一个应用程序 pod 来使用该卷。另一个选择是排空运行应用程序的节点。这样可保证从当前 pod 卸载该卷，然后挂载到新 pod，允许重新映射或重新映射或重新挂载卷。"