ClusterStorage-236-1-配置网络节点IO加密与节点池

最新推荐文章于 2023-08-08 17:04:54 发布

VIP文章 ligan1115

最新推荐文章于 2023-08-08 17:04:54 发布

阅读量459

点赞数

分类专栏： RHCA 文章标签： glusterd secure-access peer probe glusterfs key pem ca

本文链接：https://blog.csdn.net/ligan1115/article/details/88387201

版权

0.实验环境图

1.节点servera:主要是关防火墙（可以配置放行，但比较麻烦，不是本次实验的关注点，因而采取简单处理），关selinux，下载密钥（改为指定文件名，注意这里的大O，如果写成小o，会生成一个指定名称的空文件），创建secure-access文件（IO加密的开关文件），重启服务glusterd（注意可能存在进程关闭滞后的情况，手动pkill或kill -9，重启后一定要确认）。

[root@servera ~]# systemctl stop firewalld
[root@servera ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@servera ~]# setenforce 0
[root@servera ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/servera.key -O /etc/ssl/glusterfs.key
--2019-03-11 14:52:55-- ftp://workstation.lab.example.com/pub/servera.key
=> ‘/etc/ssl/glusterfs.key’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE servera.key ... 1704
==> PASV ... done. ==> RETR servera.key ... done.
Length: 1704 (1.7K) (unauthoritative)

100%[=================================================================================================================================>] 1,704 --.-K/s in 0s

[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/servera.pem -O /etc/ssl/glusterfs.pem
--2019-03-11 14:53:31-- ftp://workstation.lab.example.com/pub/servera.pem
=> ‘/etc/ssl/glusterfs.pem’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE servera.pem ... 6253
==> PASV ... done. ==> RETR servera.pem ... done.
Length: 6253 (6.1K) (unauthoritative)

100%[=================================================================================================================================>] 6,253 --.-K/s in 0s

2019-03-11 14:53:31 (1.12 GB/s) - ‘/etc/ssl/glusterfs.pem’ saved [6253]

[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/glusterfs.ca -O /etc/ssl/glusterfs.ca
--2019-03-11 14:53:52-- ftp://workstation.lab.example.com/pub/glusterfs.ca
=> ‘/etc/ssl/glusterfs.ca’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE glusterfs.ca ... 1391
==> PASV ... done. ==> RETR glusterfs.ca ... done.
Length: 1391 (1.4K) (unauthoritative)

100%[=================================================================================================================================>] 1,391 --.-K/s in 0s

2019-03-11 14:53:52 (220 MB/s) - ‘/etc/ssl/glusterfs.ca’ saved [1391]
[root@servera ~]# touch /var/lib/glusterd/secure-access
[root@servera ~]# systemctl stop glusterd
[root@servera ~]# pkill glusterd
[root@servera ~]# pkill glusterfs
[root@servera ~]# systemctl restart glusterd

[root@servera ssl]# systemctl restart glusterd
[root@servera ssl]# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-03-11 14:54:34 CST; 5min ago
Process: 16151 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 16152 (glusterd)
CGroup: /system.slice/glusterd.service
└─16152 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level INFO

Mar 11 14:54:09 servera.lab.example.com systemd[1]: Starting GlusterFS, a clustered file-system server...
Mar 11 14:54:34 servera.lab.example.com systemd[1]: Started GlusterFS, a clustered file-system server.

2.节点serverb:主要是关防火墙（可以配置放行，但比较麻烦，不是本次实验的关注点，因而采取简单处理），关selinux，下载密钥（改为指定文件名，注意这里的大O，如果写成小o，会生成一个指定名称的空文件），创建secure-access文件（IO加密的开关文件），重启服务glusterd（注意可能存在进程关闭滞后的情况，手动pkill或kill -9，重启后一定要确认）。

[root@serverb ~]# systemctl stop firewalld
[root@serverb ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@serverb ~]# setenforce 0
[root@serverb ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

[root@serverb ~]# wget ftp://workstation.lab.example.com/pub/serverb.key -O /etc/ssl/glusterfs.key
--2019-03-11 15:27:00-- ftp://workstation.lab.example.com/pub/serverb.key
=> ‘/etc/ssl/glusterfs.key’
Resolving works

最低0.47元/天解锁文章

ligan1115

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ClusterStorage-236-1-配置网络节点IO加密与节点池

0.实验环境图1.节点servera:主要是关防火墙（可以配置放行，但比较麻烦，不是本次实验的关注点，因而采取简单处理），关selinux，下载密钥（改为指定文件名，注意这里的大O，如果写成小o，会生成一个指定名称的空文件），创建secure-access文件（IO加密的开关文件），重启服务glusterd（注意可能存在进程关闭滞后的情况，手动pkill或kill -9，重启后一定要...
复制链接

扫一扫