Differences between revisions 27 and 33 (spanning 6 versions)
Revision 27 as of 2017-12-24 17:39:18
Size: 935
Editor: Kristian Kallenberg
Comment:
Revision 33 as of 2017-12-24 20:06:04
Size: 0
Editor: Kristian Kallenberg
Comment: split into two pages
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= GlusterFS Encryption =
The default GlusterFS setup does not encrypt its communication. Use the method below enable encryption.

== Keys and Certificates ==
Make an encryption key and make sure to set the `CN` to match the name of the host. Repeat this on the client and on each of the servers.
{{{
mkdir /etc/ssl/glusterfs
cd /etc/ssl/glusterfs
openssl genrsa -out gluster01.key 2048
openssl req -new -x509 -key gluster01.key -subj "/CN=gluster01" -out gluster01.pem
}}}

== Certificate Authorities ==
Compile all the certificates in one place and concatenate them into two files. `glusterfs.ca` and `glusterfs-client.ca`.
{{{
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem glusterclient01.pem > glusterfs.ca
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs-client.ca
}}}
Copy `glusterfs.ca` to `/etc/ssl` on all servers. Copy `glusterfs-client.ca` to `/etc/ssl` on the client.

None: GlusterFS Encryption (last edited 2021-03-26 21:25:57 by Kristian Kallenberg)