To enable TLS/SSL encryption with a Glusterfs storage cluster on Linux, follow these steps:
Connect to one of the Glusterfs servers via SSH as the root user.
Generate a self-signed certificate and private key by running the following commands:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
This will create two files: key.pem and certificate.pem. The private key will be stored in key.pem and the certificate will be stored in certificate.pem.
Copy the key.pem and certificate.pem files to all of the Glusterfs servers in the cluster.
Edit the /etc/glusterfs/glusterd.vol file on all of the servers by running the following command:
nano /etc/glusterfs/glusterd.vol
transport line and change it to the following:transport.socket.ssl-cert-path /path/to/certificate.pem transport.socket.ssl-key-path /path/to/key.pem
Replace /path/to/certificate.pem and /path/to/key.pem with the actual paths to the certificate.pem and key.pem files, respectively.
Save the file and exit the editor.
Restart the Glusterfs daemon on all of the servers by running the following command:
systemctl restart glusterd
TLS/SSL encryption will now be enabled for the Glusterfs cluster.
Note: If you want to use a certificate signed by a trusted certificate authority (CA) instead of a self-signed certificate, you can generate a certificate signing request (CSR) and have it signed by the CA. You can then use the signed certificate and private key in the same way as the self-signed certificate and private key.