NOTE
– The certificates must be replaced in user mode.
– The certificate request file of the quorum server can be used to generate certificates in a third-
party Certificate Authority (CA) organization. Copy the certificates to the
/opt/
quorum_server/export_import
directory of the quorum server. The certificates ensure
security of the quorum server.
– After installing the arbitration software, you are advised to grant the Secure File Transfer
Protocol (SFTP) permission only to the
/opt/quorum_server/export_import/
directory to
ensure that the security certificates can be imported and exported.
2.
Use the certificate request file to generate certificates.
Send the
qs_certreq.csr
file to a third party for the third-party CA organization to
generate certificates.
3.
Copy the certificates to the quorum server.
After the certificates are generated, copy the certificate (such as qs_cert.crt) of the
quorum server and the CA certificate (such as qs_cacert.crt) to the
/opt/quorum_server/
export_import
directory of the quorum server.
4.
Import the certificates to the arbitration software.
In the CLI of the arbitration software, run the
import tls_cert
ca=qs_cacert.crt
cert=qs_cert.crt
command to import the certificates to the arbitration software.
admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt
Command executed successfully.
5.
After replacing certificates on the quorum server, replace the certificates on the local and
remote storage arrays. For details, see
Managing Certificates
section.
Step 5
(Optional) Configure a whitelist.
After you replace a certificate, you must configure a whitelist.
NOTICE
The arbitration software allows a storage system to connect to the quorum server only after
you configure a whitelist and add the SN of storage system to the arbitration software. If you
replace another certificate, you do not need to configure a whitelist anymore.
1.
In the CLI of the storage system, run the
show system general
command to query the
storage system SN.
admin:/>show system general
System Name : reppub_10.103.20.176
Health Status : Normal
Running Status : Normal
Total Capacity : 2.025TB
SN : XXXXXXXXXXXXXXXXXXXX
Location :
Product Model : S5800T
Product Version : V200R003C00
High Water Level(%) : 80
Low Water Level(%) : 20
WWN : 21000022a1072506
Time : 2015-06-27/15:11:15 UTC+08:00
2.
In the CLI of the arbitration software, run the
add white_list
sn=?
command to add the
storage system SN to the arbitration software for management.
OceanStor V3 Series
HyperMetro Feature Guide for File
4 Configuration
Issue 05 (2018-01-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80