Note
This feature is available starting from the MCP 2019.2.4 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.
This section provides the instruction on how to configure the list of allowed and rejected IP addresses for the GlusterFS volumes.
By default, MCP restricts the access to the control network for all preconfigured GlusterFS volumes.
To configure the GlusterFS authentication:
Log in to the Salt Master node.
Open your project Git repository with the Reclass model on the cluster level.
In the infra/glusterfs.yml
file, configure the GlusterFS authentication
depending on the needs of your MCP deployment:
To adjust the list of allowed and rejected IP addresses on all
preconfigured GlusterFS volumes, define the glusterfs_allow_ips
and glusterfs_reject_ips
parameters as required:
parameters:
_param:
glusterfs_allow_ips: <comma-seprated list of IPs>
glusterfs_reject_ips: <comma-seprated list of IPs>
Note
You can use the \*
wildcard to specify the IP ranges.
Configuration example:
parameters:
_param:
glusterfs_allow_ips: 10.0.0.1, 192.168.1.*
glusterfs_reject_ips: 192.168.1.201
The configuration above allows the access to all GlusterFS volumes from
10.0.0.1
and all IP addresses in the 192.168.1.0/24
network
except for 192.168.1.201
.
To change allowed and rejected IP addresses for a single volume:
parameters:
glusterfs:
server:
volumes:
<volume_name>:
options:
auth.allow: <comma-seprated_list_of_IPs>
auth.reject: <comma-seprated_list_of_IPs>
To define the same access-control lists (ACL) as for all preconfigured
GlusterFS volumes to a custom GlusterFS volume, define the auth.allow
and auth.reject
options for the targeted volume as follows:
auth.allow: ${_param:glusterfs_allow_ips}
auth.reject: ${_param:glusterfs_reject_ips}
Apply the changes:
salt -I 'glusterfs:server:role:primary' state.apply glusterfs