-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ionel Roiban
committed
Apr 19, 2014
1 parent
f43f13a
commit fd47dd0
Showing
1 changed file
with
43 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,43 @@ | ||
# Enable glusterfs SSL mode | ||
## GlusterFS Security | ||
|
||
So you want to enable SSL on glusterfs and you are lost? Well you are not alone - SSL mode is not documented and you can find little info about it on mailing lists. I will try to help you out with this small tips... | ||
|
||
So here it goes, first you need to generate SSL certificates using following commands: | ||
``` | ||
openssl genrsa -out glusterfs.key 1024 | ||
openssl req -new -x509 -key gluster.key -subj /CN=Anyone -out glusterfs.pem | ||
``` | ||
Now you need to move that files into proper location, gluster have that hardcoded, so until you don't want to mess with sources put them into /etc/ssl/. Next step is to create glusterfs.ca file - you do that by simply copy glusterfs.pem into glusterfs.ca. You should end-up with this files in /etc/ssl/: | ||
``` | ||
glusterfs.ca | ||
glusterfs.key | ||
glusterfs.pem | ||
``` | ||
Now, let's finally enable SSL mode on the volume. Do it by setting following parameters on volume: | ||
``` | ||
gluster volume set gv0 client.ssl on | ||
gluster volume set gv0 server.ssl on | ||
``` | ||
Verify: | ||
``` | ||
gluster volume info gv0 | ||
Volume Name: gv0 | ||
Type: Replicate | ||
Volume ID: c9205800-11e7-491d-be9b-d695098beddc | ||
Status: Started | ||
Number of Bricks: 1 x 2 = 2 | ||
Transport-type: tcp | ||
Bricks: | ||
Brick1: mx-1:/export/brick1 | ||
Brick2: mx-2:/export/brick1 | ||
Options Reconfigured: | ||
server.ssl: on | ||
client.ssl: on | ||
``` | ||
|
||
stop gv0, restart glusterd, start gv0 and to be sure that SSL is working, checkout glustershd.log log, it should read: | ||
``` | ||
[socket.c:3480:socket_init] 0-gv0-client-0: SSL support is ENABLED | ||
``` | ||
repeat that procedure on all nodes, that's all! |