Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE Agent Linux Integration and Solutions Guides

Using CTE with GlusterFS

search

Please Note:

Using CTE with GlusterFS

This chapter describes how to configure CTE with GlusterFS. It contains the following sections:

Overview

GlusterFS is a scalable network file system suitable for data-intensive tasks such as cloud storage and media streaming. The Gluster share can also be mounted as an NFS client.

Thales provides support for GuardPoints in a Gluster environment.

Considerations and Requirements

  • Gluster is supported on Red Hat 7 and Red Hat 8. Other versions of Red Hat are not supported.

  • Clients must have gluster-fuse installed.

  • Encryption keys for GlusterFS GuardPoints must use the CBC or CBC-CS1 encryption mode.

  • The following CTE features are not supported in GlusterFS:

    • Auto-mounted file systems.

    • CTE-Live Data Transformation.

    • IDT-Capable GuardPoints.

Note

In a multi-node configuration, Thales has tested only the close-to-open consistency for GlusterFS. Other consistencies offered by GlusterFS are not guaranteed to work with CTE.

Configuring GlusterFS for CTE

  1. On the Gluster server, configure the following Gluster volume properties for all configurations:

    • performance.flush-behind should be off.

    • network.remote-dio should be disabled.

    • performance.strict-o-direct should be on.

    For example, if the Gluster volume name is MyGlusterVolume, you would enter the following commands:

     gluster vol set MyGlusterVolume performance.flush-behind off
 gluster vol set MyGlusterVolume network.remote-dio disable
 gluster vol set MyGlusterVolume performance.strict-o-direct on

  2. If you want to use CBC-CS1 encryption keys, configure the following additional Gluster volume properties on the Gluster server:

    • performance.read-ahead should be off.

    • performance.cache-size should be 1GB.

    • performance.write-behind should be off.

    • performance.client-io-threads should be on.

    For example:

    gluster vol set MyGlusterVolume performance.read-ahead off
gluster vol set MyGlusterVolume performance.cache-size 1GB
gluster vol set MyGlusterVolume performance.write-behind off
gluster vol set MyGlusterVolume performance.client-io-threads on

  3. On the clients, do the following based on your configuration:

    • If the kernel version is earlier than version 4.0.0, the Gluster share must be mounted with the use-readdir=no mount option.

      mount -t glusterfs -o acl,use-readdirp=no MyGlusterVolume /gluster

    • If you want to use CBC-CS1 encryption keys, the Gluster share must be mounted with the direct-io-mode=enable mount option.

      mount -t glusterfs -o acl,direct-io-mode=enable MyGlusterVolume /gluster

    • If you are using only CBC encryption keys with kernel versions 4.0.0 and later, no changes need to be made on the clients.

On this page