• Recent blogs

    How to Enable Gluster encryption

     You will create a self signed certificate for each master and have it be trusted by its peers.

    For more options see Setting up Transport Layer Security in the Additional Information section of this page

    1. (On all masters) Create a private key and then create a certificate for this host signed with this key
      # openssl genrsa -out /etc/ssl/glusterfs.key 2048
      # openssl req -new -x509 -days 365 -key /etc/ssl/glusterfs.key \
                                         -out /etc/ssl/glusterfs.pem \
                                         -subj "/CN=${HOSTNAME}/"
    2. (On all masters) Combine the certificate from each node into one file all masters can trust
      # cat /etc/ssl/glusterfs.pem >> /vagrant/combined.ca.pem
    3. (On all masters) Copy the combined list of trusted certificates to the local system for Gluster use
      # cp /vagrant/combined.ca.pem /etc/ssl/glusterfs.ca
    4. (On all masters) Enable encryption for Gluster management traffic
      # touch /var/lib/glusterd/secure-access
    5. On master1: Enable encryption on the Gluster volume sharedvol
      # gluster volume set sharedvol client.ssl on
      # gluster volume set sharedvol server.ssl on
    6. (On all masters) Restart the Gluster service
      # systemctl restart glusterd

    Our Gluster volume now has transport encryption enabled

    1. # gluster volume info
      Volume Name: sharedvol
      Type: Replicate
      Volume ID: 970effb5-5d9a-4ece-9188-7f0525010acf
      Status: Started
      Snapshot Count: 0
      Number of Bricks: 1 x 3 = 3
      Transport-type: tcp
      Brick1: master1:/data/glusterfs/sharedvol/mybrick/brick
      Brick2: master2:/data/glusterfs/sharedvol/mybrick/brick
      Brick3: master3:/data/glusterfs/sharedvol/mybrick/brick
      Options Reconfigured:
      server.ssl: on
      client.ssl: on
      transport.address-family: inet
      nfs.disable: on
      performance.client-io-threads: off
    2. How to Create a highly available NFS service with Oracle Linux 7
    3. How to Configure NFS / NFS-Ganesha Server Clustering Using Pacemaker on CentOS7/RHEL7/Oracle Linux 7 

    No comments