• GlusterFS Encryption

GlusterFS Encryption

Keys

On each of the Glusterfs servers and clients run.

mkdir /etc/ssl/glusterfs
cd /etc/ssl/glusterfs
openssl genrsa -out glusterfs.key 2048

Certificates

Now sign certificates using those keys. Replace the CN so it matches the host you are siging the certificate for.

openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem

Compile

Compile all the certificates into one large file

scp gluster01:/etc/ssl/glusterfs/gluster.pem gluster01.pem
scp gluster02:/etc/ssl/glusterfs/gluster.pem gluster02.pem
scp gluster03:/etc/ssl/glusterfs/gluster.pem gluster03.pem
scp gluster04:/etc/ssl/glusterfs/gluster.pem gluster04.pem
scp glusterclient01:/etc/ssl/glusterfs/gluster.pem glusterclient01.pem
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs.ca