Introduction

The Global Cache TLS configuration consists of two parts. The first part is the TLS configuration for the communication between Ceph and Global Cache, internal communication of Global Cache, and the Global Cache Remote Procedure Call (GC RPC) communication. The second part is the TLS configuration for the communication between Global Cache and ZooKeeper. The two parts share the same certificate. The configuration file is /opt/gcache/conf/gcache.conf.

1. Modify the gcache.conf configuration file on all client and server nodes.

   vi /opt/gcache/conf/gcache.conf

   • To enable TLS (which will cause about 30% performance loss), set tls_status to on.
   • To disable TLS, set tls_status to off.
2. Modify the zk_server_list configuration item in the ccm label in gcache.conf on each node.

   vi /opt/gcache/conf/gcache.conf

   • To enable ZooKeeper TLS, set tls_status to on and change the port number in zk_server_list to 2281 (TLS port).
   • To disable ZooKeeper TLS, set tls_status to off and change the port number in zk_server_list to 2181 (common port).

The TLS configurations on all server and client nodes must be the same.