|
Size: 1931
Comment:
|
Size: 0
Comment: split into two pages
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = GlusterFS Encryption = The default GlusterFS setup does not encrypt its communication. Use the method below enable encryption. == Keys and Certificates == Make an encryption key and make sure to set the `CN` to match the name of the host. Repeat this on the client and on each of the servers. {{{ mkdir /etc/ssl/glusterfs cd /etc/ssl/glusterfs openssl genrsa -out gluster01.key 2048 openssl req -new -x509 -key gluster01.key -subj "/CN=gluster01" -out gluster01.pem openssl req -new -x509 -key gluster01.key -subj "/CN=gluster01" -out gluster01.pem }}} == Certificate authorities == compile all the certificates in one place and concatename them into two files. glusterfs.ca and glusterfs-client.ca. {{{ cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem glusterclient01.pem > glusterfs.ca cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs-client.ca }}} {{{ # create the server keys openssl genrsa -out gluster01.key 2048 openssl genrsa -out gluster02.key 2048 openssl genrsa -out gluster03.key 2048 openssl genrsa -out gluster04.key 2048 # sign the server certificates openssl req -new -x509 -key gluster01.key -subj "/CN=gluster01" -out gluster01.pem openssl req -new -x509 -key gluster02.key -subj "/CN=gluster02" -out gluster02.pem openssl req -new -x509 -key gluster03.key -subj "/CN=gluster03" -out gluster03.pem openssl req -new -x509 -key gluster04.key -subj "/CN=gluster04" -out gluster04.pem # create the client keys openssl genrsa -out glusterclient01.key 2048 # sign the client certificates openssl req -new -x509 -key glusterclient01.key -subj "/CN=glusterclient01" -out glusterclient01.pem # server certificates authorities cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem glusterclient01.pem > glusterfs.ca # client certificates authorities cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs-client.ca }}} |