The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
You can use the Gluster native client on an Oracle Linux host to access a Gluster volume. The native client takes advantage of the File System in Userspace (FUSE) software interface that allows you to mount a Gluster volume without requiring a kernel driver or module.
To access a volume using the Gluster native client (FUSE):
On the host where you intend to mount the Gluster volume, enable access to the Gluster Storage for Oracle Linux packages. For information on enabling access, see Section 2.3, “Enabling Access to the Gluster Storage for Oracle Linux Packages”.
Install the Gluster native client packages:
#
yum install glusterfs glusterfs-fuseCreate the directory where you intend to mount the volume. For example:
#
mkdir /gluster-storageIf you have configured TLS for a volume, you may need to perform additional steps before a client system is able to mount the Gluster volume. See Section 3.2, “Setting up Transport Layer Security (TLS)” for more information. The following steps are required to complete client configuration for TLS:
To set up TLS with the Gluster native client (FUSE):
Set up a certificate and private key on the client system. You can either use a CA signed certificate or create a self-signed certificate, as follows:
#
openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/glusterfs.key \ -x509 -days 365 -out /etc/ssl/glusterfs.pemAppend the client certificate to the
/etc/ssl/glusterfs.cafile on each node in the trusted server pool. Equally, ensure that the client has a copy of the/etc/ssl/glusterfs.cafile that includes either the CA certificate that signed each node's certificate, or that contains all of the self-signed certificates for each node. Since Gluster performs mutual authentication, it is essential that both the client and the server node are able to validate each other's certificates.If you enabled encryption on management traffic, you must enable this facility on the client system to allow it to perform the initial mount. To do this, Gluster looks for a file at
/var/lib/glusterfs/secure-access. This directory may not exist on a client system, so you might need to create it before touching the file:#
mkdir -p /var/lib/glusterfs#touch /var/lib/glusterfs/secure-accessIf the Gluster volume is already set up and running before you added the client certificate to
/etc/ssl/glusterfs.ca, you must stop the volume, restart the Gluster service and start up the volume again for the new certificate to be registered:#
gluster volume stop#myvolumesystemctl restart glusterd#gluster volume startmyvolume
Mount the volume on the directory using the
glusterfsmount type and by specifying a node within the pool along with the volume name. For example:#
mount -t glusterfsnode1:myvolume/gluster-storageIf you have set up the volume to enable mounting a subdirectory, you can add the subdirectory name to the path on the Gluster file system:
#
mount -t glusterfsnode1:myvolume/subdirectory/gluster-storageCheck the permissions on the new mount to make sure the appropriate users can read and write to the storage. For example:
#
chmod 777 /gluster-storageTo make the mount permanent, edit your
/etc/fstabfile to include the mount. For example:node1:/myvolume/gluster-storageglusterfs defaults,_netdev 0 0If you are mounting a subdirectory on the volume, add the subdirectory name to the path on the Gluster file system. For example:
node1:/myvolume/subdirectory/gluster-storageglusterfs defaults,_netdev 0 0
If you have trouble mounting the volume, you can check the logs
on the client system at /var/log/glusterfs/
to try to debug connection issues. For example, if TLS is not
properly configured and the server node is unable to validate
the client, you may see an error similar to the following in the
logs:
… error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca