Differences between revisions 30 and 33 (spanning 3 versions)
Revision 30 as of 2017-12-24 18:18:22
Size: 970
Editor: Kristian Kallenberg
Comment:
Revision 33 as of 2017-12-24 20:06:04
Size: 0
Editor: Kristian Kallenberg
Comment: split into two pages
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= GlusterFS Encryption =
The default GlusterFS setup does not encrypt its communication. Use the method below enable encryption.

== Keys and Certificates ==
Make an encryption key and make sure to set the `CN` to match the name of the host. Repeat this on the client and on each of the servers.
{{{
cd /etc/ssl
openssl genrsa -out glusterfs.key 2048
openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
}}}

== Certificate Authorities ==
Compile all the certificates in one place and concatenate them into two files. `glusterfs.ca` and `glusterfs-client.ca`.
{{{
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem glusterclient01.pem > glusterfs.ca
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs-client.ca
}}}
Copy `glusterfs.ca` to `/etc/ssl` on all servers. Copy `glusterfs.ca` to `/etc/ssl` on the client.

== Activate Encryption ==
{{{
touch /var/lib/glusterd/secure-access
}}}

None: GlusterFS Encryption (last edited 2021-03-26 21:25:57 by Kristian Kallenberg)