Hey David,
I wrote up this [1] last week because of the exact same reason. Please
go through it. It should be helpful enough to cover everything
required for using network encryption. If you've got any unanswered
questions I'll be happy help.
~kaushal
[1] https://kshlm.in/network-encryption-in-glusterfs/
On Wed, May 13, 2015 at 7:50 PM, David Roundy
<roundyd at physics.oregonstate.edu> wrote:> Hi all,
>
> I have only seen one bit of documentation on the existence of ssl support
in
> gluster:
>
> http://blog.gluster.org/author/zbyszek/
>
> This blog post is woefully inadequate, and the fact that a year has gone by
> without any additional documentation appearing leads me to doubt that ssl
> support is really existing. Is this a feature that one can actually use
and
> rely on? Is there some hidden documentation, or a reason why there is no
> documentation? I feel worried about potentially switching to glusterfs,
when
> "security" seems to be an undocumented patch, with little in the
way of
> help.
>
> As an aside, I'm having trouble getting ssl to work with glusterfs on
my
> Debian Jessie test machine. But before trying to fix that, I'd like to
hear
> if I really ought to just wait a few more years before trying glusterfs. I
> don't have a dedicated physical network, and don't care to set up a
VPN just
> for glusterfs, so lack of on-the-wire security and real authentication of
> clients is a showstopper for me. (Yes, I could set up a VPN, but I always
> find that to be a pain.)
>
> David
>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-users