Differences between revisions 32 and 33
Revision 32 as of 2017-12-24 20:05:41
Size: 1049
Editor: Kristian Kallenberg
Comment:
Revision 33 as of 2017-12-24 20:06:04
Size: 0
Editor: Kristian Kallenberg
Comment: split into two pages
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= GlusterFS Server Encryption =
The default GlusterFS setup does not encrypt its communication. Use the method below enable encryption.

== Keys and Certificates ==
Make an encryption key and make sure to set the `CN` to match the name of the host. Repeat this on the client and on each of the servers.
{{{
cd /etc/ssl
openssl genrsa -out glusterfs.key 2048
openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
}}}

== Certificate Authorities ==

=== Server ===
Compile all the certificates in one place and concatenate them into one file `glusterfs.ca`
{{{
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem glusterclient01.pem > glusterfs.ca
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs-client.ca
}}}


=== Client ===
 and `glusterfs-client.ca`.
Copy `glusterfs.ca` to `/etc/ssl/glusterfs.ca` on all servers. Copy `glusterfs-client.ca` to `/etc/ssl/glusterfs.ca` on the client.

== Activate Encryption ==
{{{
touch /var/lib/glusterd/secure-access
}}}

None: GlusterFS Encryption (last edited 2021-03-26 21:25:57 by Kristian Kallenberg)