Hi Joe, I know how the TLS works, but what is the MTLS in your email reference
anything different from TLS in terms of config.
--
Deepak
On Mar 21, 2017, at 2:51 AM, Joseph Lorenzini
mailto:jalo...@gmail.com>> wrote:
Hi Deepak,
The starting point would be that link you initially provided. In
Hi Deepak,
The starting point would be that link you initially provided. In terms of
help, could you elaborate more on what you are looking for? Do you need a
high level primer on how to create a chain-of-trust with openssl?
Certificate management? Or are you looking for more on how to properly
pr
Thanks Joe for your inputs. I guess comparing client -- glusterServer IO
performance over MTLS and non-MTLS should give me some idea on the
client/server IO overhead.
Also any URL related to setup & configuring MTLS is appreciated.
--
Deepak
On Mar 19, 2017, at 7:00 AM, Joseph Lorenzini
mai
Hi Deepak,
Sorta. I think it depends on what we mean by I/O path and performance.
If we are referring to disk I/O for gluster servers, then no. If we are
referring to the network I/O between a gluster client and server, than yes
there will by definition be some additional overhead. That however i
Hi Joe, thanks for taking time for explaining. I am having basic set of
requirements along with IO performance as key factor, my reply below should
justify what I am trying to achieve.
>>If I am understanding your use case properly, you want to ensure that a
>>client may only mount a gluster vo
Hi Deepak,
I am little confused about what you are trying to accomplish here. If I am
understanding your use case properly, you want to ensure that a client may
only mount a gluster volume if and only if it presents a key or secret that
attests to the client's identity, which the gluster server ca
Thanks Joseph for info.
>>In addition, gluster uses MTLS (each endpoint validate's the other's
>>chain-of-trust), so you get authentication as well.
Does it only do authentication of mounts. I am not interested at this moment on
IO path encryption only looking for authentication.
>>you can se
Hi Deepak,
Here's the TLDR
If you don't want the I/O path to be encrypted but you want to control
access to a gluster volume, you can set the auth.allow and auth.reject
options to whitelist and blacklist clients based on their source IPs.
There's also always iptables rules if you don't want to do
Any info guys ?
--
Deepak
From: Deepak Naidu
Sent: Friday, March 17, 2017 12:32 AM
To: gluster-users@gluster.org
Subject: Secured mount in GlusterFS using keys
Hello,
Is there a way like cephFS where a keyring can be passed for mount. I see SSL
in GlusterFS something secured mount based on pem
Hello,
Is there a way like cephFS where a keyring can be passed for mount. I see SSL
in GlusterFS something secured mount based on pem & key files, but I am bit
confused where these are only for mount authentication or for IO path
encryption. I only want authorized Glusterfs mount based on keys
10 matches
Mail list logo