So you want to enable SSL on glusterfs and you are lost? Well you are not alone – SSL mode is not documented and you can find little info about it on mailing lists. I will try to help you out with this small tips…
openssl genrsa -out glusterfs.key 1024
openssl req -new -x509 -key gluster.key -subj /CN=Anyone -out glusterfs.pem
now you need to move that files into proper location, gluster have that hardcoded, so until you don’t want to mess with sources put them into /etc/ssl/. Next step is to create glusterfs.ca file – you do that by simply copy glusterfs.pem into glusterfs.ca. You should end-up with this files in /etc/ssl/:
glusterfs.ca
glusterfs.key
glusterfs.pem
Now, let’s finally enable SSL mode on the volume. Do it by setting following parameters on volume:
gluster volume set gv0 client.ssl on
gluster volume set gv0 server.ssl on
Verify with gluster volume info gv0:
Volume Name: gv0
Type: Replicate
Volume ID: c9205800-11e7-491d-be9b-d695098beddc
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: mx-1:/export/brick1
Brick2: mx-2:/export/brick1
Options Reconfigured:
server.ssl: on
client.ssl: on
stop gv0, restart glusterd, start gv0 and to be sure that SSL is working, checkout glustershd.log log, it should read:
[socket.c:3480:socket_init] 0-gv0-client-0: SSL support is ENABLED
repeat that procedure on all nodes, that’s all!
2020 has not been a year we would have been able to predict. With a worldwide pandemic and lives thrown out of gear, as we head into 2021, we are thankful that our community and project continued to receive new developers, users and make small gains. For that and a...
It has been a while since we provided an update to the Gluster community. Across the world various nations, states and localities have put together sets of guidelines around shelter-in-place and quarantine. We request our community members to stay safe, to care for their loved ones, to continue to be...
The initial rounds of conversation around the planning of content for release 8 has helped the project identify one key thing – the need to stagger out features and enhancements over multiple releases. Thus, while release 8 is unlikely to be feature heavy as previous releases, it will be the...