0.实验环境图
1.节点servera:主要是关防火墙(可以配置放行,但比较麻烦,不是本次实验的关注点,因而采取简单处理),关selinux,下载密钥(改为指定文件名,注意这里的大O,如果写成小o,会生成一个指定名称的空文件),创建secure-access文件(IO加密的开关文件),重启服务glusterd(注意可能存在进程关闭滞后的情况,手动pkill或kill -9,重启后一定要确认)。
[root@servera ~]# systemctl stop firewalld
[root@servera ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@servera ~]# setenforce 0
[root@servera ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/servera.key -O /etc/ssl/glusterfs.key
--2019-03-11 14:52:55-- ftp://workstation.lab.example.com/pub/servera.key
=> ‘/etc/ssl/glusterfs.key’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE servera.key ... 1704
==> PASV ... done. ==> RETR servera.key ... done.
Length: 1704 (1.7K) (unauthoritative)
100%[=================================================================================================================================>] 1,704 --.-K/s in 0s
[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/servera.pem -O /etc/ssl/glusterfs.pem
--2019-03-11 14:53:31-- ftp://workstation.lab.example.com/pub/servera.pem
=> ‘/etc/ssl/glusterfs.pem’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE servera.pem ... 6253
==> PASV ... done. ==> RETR servera.pem ... done.
Length: 6253 (6.1K) (unauthoritative)
100%[=================================================================================================================================>] 6,253 --.-K/s in 0s
2019-03-11 14:53:31 (1.12 GB/s) - ‘/etc/ssl/glusterfs.pem’ saved [6253]
[root@servera ssl]# wget ftp://workstation.lab.example.com/pub/glusterfs.ca -O /etc/ssl/glusterfs.ca
--2019-03-11 14:53:52-- ftp://workstation.lab.example.com/pub/glusterfs.ca
=> ‘/etc/ssl/glusterfs.ca’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connecting to workstation.lab.example.com (workstation.lab.example.com)|172.25.250.254|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub ... done.
==> SIZE glusterfs.ca ... 1391
==> PASV ... done. ==> RETR glusterfs.ca ... done.
Length: 1391 (1.4K) (unauthoritative)
100%[=================================================================================================================================>] 1,391 --.-K/s in 0s
2019-03-11 14:53:52 (220 MB/s) - ‘/etc/ssl/glusterfs.ca’ saved [1391]
[root@servera ~]# touch /var/lib/glusterd/secure-access
[root@servera ~]# systemctl stop glusterd
[root@servera ~]# pkill glusterd
[root@servera ~]# pkill glusterfs
[root@servera ~]# systemctl restart glusterd
[root@servera ssl]# systemctl restart glusterd
[root@servera ssl]# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-03-11 14:54:34 CST; 5min ago
Process: 16151 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 16152 (glusterd)
CGroup: /system.slice/glusterd.service
└─16152 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level INFO
Mar 11 14:54:09 servera.lab.example.com systemd[1]: Starting GlusterFS, a clustered file-system server...
Mar 11 14:54:34 servera.lab.example.com systemd[1]: Started GlusterFS, a clustered file-system server.
2.节点serverb:主要是关防火墙(可以配置放行,但比较麻烦,不是本次实验的关注点,因而采取简单处理),关selinux,下载密钥(改为指定文件名,注意这里的大O,如果写成小o,会生成一个指定名称的空文件),创建secure-access文件(IO加密的开关文件),重启服务glusterd(注意可能存在进程关闭滞后的情况,手动pkill或kill -9,重启后一定要确认)。
[root@serverb ~]# systemctl stop firewalld
[root@serverb ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@serverb ~]# setenforce 0
[root@serverb ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@serverb ~]# wget ftp://workstation.lab.example.com/pub/serverb.key -O /etc/ssl/glusterfs.key
--2019-03-11 15:27:00-- ftp://workstation.lab.example.com/pub/serverb.key
=> ‘/etc/ssl/glusterfs.key’
Resolving workstation.lab.example.com (workstation.lab.example.com)... 172.25.250.254, 172.25.250.254
Connectin