金鱼哥RHCA回忆录:RH236GlusterFS-数据传输加密(练习)
【摘要】 RH236GlusterFS-数据传输加密(练习)
🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质:CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥
课本练习(以练习来进行了解)
[root@workstation ~]# lab io-encryption setup
1. 验证为prod-vol配置的选项。
[root@servera ~]# gluster volume info prod-vol
Volume Name: prod-vol
Type: Replicate
Volume ID: ea9d166d-ea03-4c39-b469-e3dbd06a670b
Status: Started
Number of Bricks: 1 x 2 =
Transport-type: tcp
Bricks:
Brick1: servera:/bricks/brick-a1/brick
Brick2: serverb:/bricks/brick-b1/brick
Options Reconfigured:
performance.readdir-ahead: on
2. 停止卷prod-vol。
[root@servera ~]# gluster volume stop prod-vol
Stopping volume will make its data inaccessible. Do you want to continue? (y/n) y
volume stop: prod-vol: success
3. 从服务器获取密钥、证书和证书颁发机构的证书到/etc/ssl。
[root@servera ~]# curl ftp://workstation.lab.example.com/pub/servera.pem -o /etc/ssl/glusterfs.pem
[root@servera ~]# curl ftp://workstation.lab.example.com/pub/servera.key -o /etc/ssl/glusterfs.key
[root@servera ~]# curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca
[root@serverb ~]# curl ftp://workstation.lab.example.com/pub/serverb.pem -o /etc/ssl/glusterfs.pem
[root@serverb ~]# curl ftp://workstation.lab.example.com/pub/serverb.key -o /etc/ssl/glusterfs.key
[root@serverb ~]# curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca
4. 配置允许访问prod-vol的服务器和客户端。
[root@servera ~]# gluster volume set prod-vol auth.ssl-allow 'servera.lab.example.com,serverb.lab.example.com,workstation.lab.example.com'
volume set: success
5. 为卷prod-vol启用SSL。
[root@servera ~]# gluster volume set prod-vol server.ssl on
volume set: success
[root@servera ~]# gluster volume set prod-vol client.ssl on
volume set: success
6. 为客户端工作站启用管理加密。
[root@workstation ~]# mkdir -p /var/lib/glusterd
[root@workstation ~]# touch /var/lib/glusterd/secure-access
7. 对服务器servera和serverb启用管理加密。
[root@workstation ~]# cat config-secure-access.sh
#!/bin/bash
for I in server{a..b};
do
echo "do run the ${I}"
echo -----------systemctl stop glusterd-------------------------
ssh root@${I} "systemctl stop glusterd"
echo -----------------------------------------------------------
sleep 2
echo -----------pkill glusterfs---------------------------------
ssh root@${I} "pkill glusterfs"
echo -----------------------------------------------------------
sleep 2
echo -----------touch /var/lib/glusterd/secure-access-----------
ssh root@${I} "touch /var/lib/glusterd/secure-access"
echo -----------------------------------------------------------
sleep 2
echo -----------systemctl start glusterd------------------------
ssh root@${I} "systemctl start glusterd"
echo -----------------------------------------------------------
sleep 2
echo -----------systemctl status glusterd-----------------------
ssh root@${I} "systemctl status glusterd"
echo -----------------------------------------------------------
done
[root@servera ~]# gluster volume start prod-vol
volume start: prod-vol: success
[root@servera ~]# gluster volume info prod-vol
Volume Name: prod-vol
Type: Replicate
Volume ID: ea9d166d-ea03-4c39-b469-e3dbd06a670b
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: servera:/bricks/brick-a1/brick
Brick2: serverb:/bricks/brick-b1/brick
Options Reconfigured:
performance.readdir-ahead: on
auth.ssl-allow: servera.lab.example.com,serverb.lab.example.com,workstation.lab.example.com
server.ssl: on
client.ssl: on
[root@workstation ~]# yum -y install glusterfs-fuse
[root@workstation ~]# mount -t glusterfs servera:/prod-vol /mnt
[root@workstation ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 xfs 10G 3.0G 7.0G 31% /
devtmpfs devtmpfs 902M 0 902M 0% /dev
tmpfs tmpfs 920M 84K 920M 1% /dev/shm
tmpfs tmpfs 920M 17M 904M 2% /run
tmpfs tmpfs 920M 0 920M 0% /sys/fs/cgroup
tmpfs tmpfs 184M 16K 184M 1% /run/user/42
tmpfs tmpfs 184M 0 184M 0% /run/user/0
servera:/prod-vol fuse.glusterfs 2.0G 33M 2.0G 2% /mnt
8. 脚本评分。
[root@workstation ~]# lab io-encryption grade
课本练习(以练习来进行了解)
[root@workstation ~]# lab add-node setup
1. 为添加到可信存储池做好准备。
[root@serverc ~]# systemctl stop glusterd
[root@workstation ~]# umount /mnt/
2. 下载证书和密钥。
[root@serverc ~]# curl ftp://workstation.lab.example.com/pub/serverc.pem -o /etc/ssl/glusterfs.pem
[root@serverc ~]# curl ftp://workstation.lab.example.com/pub/serverc.key -o /etc/ssl/glusterfs.key
[root@serverc ~]# curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca
3. 为serverc启用管理加密。
[root@serverc ~]# touch /var/lib/glusterd/secure-access
[root@serverc ~]# systemctl start glusterd
4. 为serverc启用prod-vol访问。
[root@servera ~]# gluster volume set prod-vol auth.ssl-allow 'servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,workstation.lab.example.com'
volume set: success
5. 验证serverc的卷访问。
[root@servera ~]# gluster volume info prod-vol
Volume Name: prod-vol
Type: Replicate
Volume ID: ea9d166d-ea03-4c39-b469-e3dbd06a670b
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: servera:/bricks/brick-a1/brick
Brick2: serverb:/bricks/brick-b1/brick
Options Reconfigured:
client.ssl: on
server.ssl: on
auth.ssl-allow: servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,workstation.lab.example.com
performance.readdir-ahead: on
6. 添加serverc作为受信任的Gluster存储池的对等对象。
[root@servera ~]# gluster peer probe serverc.lab.example.com
peer probe: success.
7. 验证serverc是否是对等服务器。
[root@servera ~]# gluster peer status
Number of Peers: 2
Hostname: serverb.lab.example.com
Uuid: c216c71b-1208-407f-a248-f02978f71375
State: Peer in Cluster (Connected)
Hostname: serverc.lab.example.com
Uuid: e6cc17aa-29fc-4636-aeb9-7fd532086b2a
State: Peer in Cluster (Connected)
8. 脚本评分
[root@workstation ~]# lab add-node grade
课本练习(以练习来进行了解)
[root@workstation ~]# lab auth-client setup
1. 授权新客户端服务器访问受信任的存储池。
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/servere.pem -o /etc/ssl/glusterfs.pem
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/servere.key -o /etc/ssl/glusterfs.key
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca
2. 启用servere的管理加密。
[root@servere ~]# mkdir -p /var/lib/glusterd
[root@servere ~]# touch /var/lib/glusterd/secure-access
3. 启用对servere prod-vol的访问。
[root@servera ~]# gluster volume set prod-vol auth.ssl-allow servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,servere.lab.example.com,workstation.lab.example.com
volume set: success
4. 验证设置。
[root@servera ~]# gluster volume info prod-vol
Volume Name: prod-vol
Type: Replicate
Volume ID: ea9d166d-ea03-4c39-b469-e3dbd06a670b
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: servera:/bricks/brick-a1/brick
Brick2: serverb:/bricks/brick-b1/brick
Options Reconfigured:
performance.readdir-ahead: on
auth.ssl-allow: servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,servere.lab.example.com,workstation.lab.example.com
server.ssl: on
client.ssl: on
5. 从servere访问prod-vol。
[root@servere ~]# yum -y install glusterfs-fuse
[root@servere ~]# mount -t glusterfs servera:/prod-vol /mnt
[root@servere ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 xfs 10G 1.6G 8.5G 16% /
devtmpfs devtmpfs 902M 0 902M 0% /dev
tmpfs tmpfs 920M 0 920M 0% /dev/shm
tmpfs tmpfs 920M 17M 904M 2% /run
tmpfs tmpfs 920M 0 920M 0% /sys/fs/cgroup
tmpfs tmpfs 184M 0 184M 0% /run/user/0
servera:/prod-vol fuse.glusterfs 2.0G 33M 2.0G 2% /mnt
6. 脚本评分。
[root@workstation ~]# lab auth-client grade
总结
RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。
以上就是【金鱼哥】对 RH236GlusterFS-数据传输加密(练习) 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。
💾红帽认证专栏系列:
RHCSA专栏:戏说 RHCSA 认证
RHCE专栏:戏说 RHCE 认证
此文章收录在RHCA专栏:RHCA 回忆录
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。
如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)