Differences between revisions 1 and 2

GlusterFS Encryption

Servers

Once all this works we will continue by adding TLS encryption to the setup.

Keys

On each of the Glusterfs servers run.

mkdir /etc/ssl/glusterfs
cd /etc/ssl/glusterfs
openssl genrsa -out glusterfs.key 2048

Certificates

Now sign a certificate using that key.

root@gluster01:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
root@gluster02:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster02" -out glusterfs.pem
root@gluster03:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster03" -out glusterfs.pem
root@gluster04:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster04" -out glusterfs.pem

Clients

None: GlusterFS Encryption (last edited 2021-03-26 21:25:57 by Kristian Kallenberg)

-  ⇤ ← Revision 1 as of 2017-12-24 16:48:49 → 
  Size: 26
  Editor: Kristian Kallenberg
  Comment:
+   ← Revision 2 as of 2017-12-24 16:50:20 → ⇥
  Size: 843
  Editor: Kristian Kallenberg
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 2:
+== Servers ==

Once all this works we will continue by adding TLS encryption to the setup.

=== Keys ===
On each of the Glusterfs servers run.
{{{
mkdir /etc/ssl/glusterfs
cd /etc/ssl/glusterfs
openssl genrsa -out glusterfs.key 2048
}}}

=== Certificates ===
Now sign a certificate using that key.
{{{
root@gluster01:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
root@gluster02:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster02" -out glusterfs.pem
root@gluster03:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster03" -out glusterfs.pem
root@gluster04:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster04" -out glusterfs.pem
}}}

== Clients ==