Command executed succesfully.
admin:/>add server_ip ip=192.168.7.31 port=30002
Command executed succesfully.
NOTE
l
Service IP addresses of the quorum server are used for interworking with the storage array when an
arbitration server is added to the storage array. If two ports of the quorum server are not bonded, IP
addresses of the two ports must be from different network segments. If two ports of the quorum
server are bonded, IP addresses of the two ports must be the same.
l
The ID of the arbitration software's listening port must be the same as that of the port enabled on the
firewall.
After configuration is complete, run the
show server_ip
command. If the command output
shows the
IP address
and
port ID
that are added, the configuration succeeds.
admin:/>show server_ip
Index Server IP Server Port
----- ------------ ------------------
1 192.168.6.31 30002
2 192.168.7.31 30002
Index Local IP Local Port Remote IP Remote Port State
----- ------------ --------- -------- --------- -----
Step 4
(Optional) Replace the original certificates of the quorum server with new ones.
NOTE
To further improve storage system security, you are advised to replace the default security certificate and
private key of the storage systems and those of the quorum server with your own security certificate and
private key.
1.
Export the certificate request file of the quorum server.
In the CLI of the arbitration software, run the
export tls_cert
command to export the
device information. The
qs_certreq.csr
file is generated in the
/opt/quorum_server/
export_import
directory of the quorum server.
admin:/>export tls_cert
Command executed successfully.
NOTE
– The certificates must be replaced in user mode.
– The certificate request file of the quorum server can be used to generate certificates in a third-
party Certificate Authority (CA) organization. Copy the certificates to the
/opt/
quorum_server/export_import
directory of the quorum server. The certificates ensure
security of the quorum server.
– After installing the arbitration software, you are advised to grant the Secure File Transfer
Protocol (SFTP) permission only to the
/opt/quorum_server/export_import/
directory to
ensure that the security certificates can be imported and exported.
2.
Use the certificate request file to generate certificates.
Send the
qs_certreq.csr
file to a third party for the third-party CA organization to
generate certificates.
3.
Copy the certificates to the quorum server.
After the certificates are generated, copy the certificate (such as qs_cert.crt) of the
quorum server and the CA certificate (such as qs_cacert.crt) to the
/opt/quorum_server/
export_import
directory of the quorum server.
4.
Import the certificates to the arbitration software.
In the CLI of the arbitration software, run the
import tls_cert
ca=qs_cacert.crt
cert=qs_cert.crt
command to import the certificates to the arbitration software.
OceanStor V3 Series
HyperMetro Feature Guide for File
4 Configuration
Issue 05 (2018-01-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69