Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

4.3. 在外部模式部署后启用加密

先决条件

  • OpenShift Data Foundation 被部署并创建一个存储集群。

流程

  1. 对 storagecluster 进行补丁,以添加 启用 的加密为 true 存储集群 spec: 

    $ oc patch storagecluster ocs-external-storagecluster -n openshift-storage --type json --patch  '[{ "op": "replace", "path": "/spec/network", "value": {"connections": {"encryption": {"enabled": true}}} }]'
storagecluster.ocs.openshift.io/ocs-external-storagecluster patched
    Copy to Clipboard Toggle word wrap

  2. 检查 CR 中的连接设置。 

    oc get storagecluster
NAME                          AGE   PHASE   EXTERNAL   CREATED AT             VERSION
ocs-external-storagecluster   9h    Ready   true       2024-11-06T20:48:03Z   4.18.0
    Copy to Clipboard Toggle word wrap 
    $ oc get storagecluster ocs-external-storagecluster -o yaml | yq '.spec.network.connections'
encryption:
  enabled: true
    Copy to Clipboard Toggle word wrap

4.3.1. 在 Red Hat Ceph Storage 集群中应用加密功能
复制链接

流程

  1. 应用加密 in-transit 设置。 

    root@ceph-client ~]# ceph config set global ms_client_mode secure
[root@ceph-client ~]# ceph config set global ms_cluster_mode secure
[root@ceph-client ~]# ceph config set global ms_service_mode secure
[root@ceph-client ~]# ceph config set global rbd_default_map_options ms_mode=secure
    Copy to Clipboard Toggle word wrap

  2. 检查设置。 

    [root@ceph-client ~]# ceph config dump | grep ms_
ceph config dump | grep ms_
global   basic      ms_client_mode secure                    *
global   basic      ms_cluster_mode secure                   *
global   basic      ms_service_mode secure                   *
global   advanced   rbd_default_map_options ms_mode=secure   *
    Copy to Clipboard Toggle word wrap

  3. 重新启动所有 Ceph 守护进程。 

    [root@ceph-client ~]# ceph orch ls --format plain | tail -n +2 | awk '{print $1}' | xargs -I {} ceph orch restart {}
Scheduled to restart alertmanager.osd-0 on host 'osd-0'
Scheduled to restart ceph-exporter.osd-0 on host 'osd-0'
Scheduled to restart ceph-exporter.osd-2 on host 'osd-2'
Scheduled to restart ceph-exporter.osd-3 on host 'osd-3'
Scheduled to restart ceph-exporter.osd-1 on host 'osd-1'
Scheduled to restart crash.osd-0 on host 'osd-0'
Scheduled to restart crash.osd-2 on host 'osd-2'
Scheduled to restart crash.osd-3 on host 'osd-3'
Scheduled to restart crash.osd-1 on host 'osd-1'
Scheduled to restart grafana.osd-0 on host 'osd-0'
Scheduled to restart mds.fsvol001.osd-0.lpciqk on host 'osd-0'
Scheduled to restart mds.fsvol001.osd-2.wocnxz on host 'osd-2'
Scheduled to restart mgr.osd-0.dtkyni on host 'osd-0'
Scheduled to restart mgr.osd-2.kqcxwu on host 'osd-2'
Scheduled to restart mon.osd-2 on host 'osd-2'
Scheduled to restart mon.osd-3 on host 'osd-3'
Scheduled to restart mon.osd-1 on host 'osd-1'
Scheduled to restart node-exporter.osd-0 on host 'osd-0'
Scheduled to restart node-exporter.osd-2 on host 'osd-2'
Scheduled to restart node-exporter.osd-3 on host 'osd-3'
Scheduled to restart node-exporter.osd-1 on host 'osd-1'
Scheduled to restart osd.1 on host 'osd-0'
Scheduled to restart osd.4 on host 'osd-0'
Scheduled to restart osd.0 on host 'osd-2'
Scheduled to restart osd.5 on host 'osd-2'
Scheduled to restart osd.2 on host 'osd-3'
Scheduled to restart osd.6 on host 'osd-3'
Scheduled to restart osd.3 on host 'osd-1'
Scheduled to restart osd.7 on host 'osd-1'
Scheduled to restart prometheus.osd-0 on host 'osd-0'
Scheduled to restart rgw.rgw.ssl.osd-1.smzpfj on host 'osd-1'
    Copy to Clipboard Toggle word wrap

    等待所有守护进程重启。

4.3.2. 重新挂载现有卷。
复制链接

根据应用程序维护的最佳实践,您可以选择环境的最佳实践来重新挂载或重新映射卷。重新重新挂载的一种方法是删除现有应用程序 pod 并启动另一个应用程序 pod 来使用该卷。另一个选择是排空运行应用程序的节点。这样可保证卷已从当前 pod 卸载,然后挂载到新 pod,从而允许重新映射或重新挂载卷。

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat