NOTE
– The certificates must be replaced in user mode.
– The certificate request file of the quorum server can be used to generate certificates in a third-
party Certificate Authority (CA) organization. Copy the certificates to the /opt/
quorum_server/export_import directory of the quorum server. The certificates ensure
security of the quorum server.
– After installing the arbitration software, you are advised to grant the Secure File Transfer
Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to
ensure that the security certificates can be imported and exported.
2. Use the certificate request file to generate certificates.
Send the qs_certreq.csr file to a third party for the third-party CA organization to
generate certificates.
3. Copy the certificates to the quorum server.
After the certificates are generated, copy the certificate (such as qs_cert.crt) of the
quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/
export_import directory of the quorum server.
4. Import the certificates to the arbitration software.
In the CLI of the arbitration software, run the import tls_cert ca=qs_cacert.crt
cert=qs_cert.crt command to import the certificates to the arbitration software.
admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt
Command executed successfully.
5. After replacing certificates on the quorum server, replace the certificates on the local and
remote storage arrays. For details, see Managing Certificates section.
Step 5 (Optional) Configure a whitelist.
After you replace a certificate, you must configure a whitelist.
NOTICE
The arbitration software allows a storage system to connect to the quorum server only after
you configure a whitelist and add the SN of storage system to the arbitration software. If you
replace another certificate, you do not need to configure a whitelist anymore.
1. In the CLI of the storage system, run the show system general command to query the
storage system SN.
admin:/>show system general
System Name : XXXXXX
Health Status : Normal
Running Status : Normal
Total Capacity : X.XXXTB
SN : XXXXXXXXXXXXXXXXXXXX
Location :
Product Model : XXXXX
Product Version : VX00R00XC00
High Water Level(%) : XX
Low Water Level(%) : XX
WWN : XXXXXXXXXXXXXXX
Time : XXXX-XX-XX/15:11:15 UTC+08:00
2. In the CLI of the arbitration software, run the add white_list sn=? command to add the
storage system SN to the arbitration software for management.
OceanStor V3 Series
HyperMetro Feature Guide for File
4 Configuration
Issue 05 (2018-01-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
To Next Page
Loading...
