No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 2600 V3 Storage System V300R005 HyperMetro Feature Guide 06

"This document describes the implementation principles and application scenarios of theHyperMetro feature. Also, it explains how to configure and manage HyperMetro."
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Quorum Site Connectivity

Quorum Site Connectivity

Configure IP addresses for the quorum server, configure VLANs on the switch, and configure the arbitration software.

Configuring Quorum Network Devices

The quorum network devices (such as Ethernet switches) must be properly configured to connect the quorum site to both DCs.

Configure the IP addresses and VLANs for the quorum network devices by following instructions in their respective documentation.

Configure Quorum Server Software

This section describes how to configure the quorum server software. Quorum server software needs to be configured only when a quorum server is used for HyperMetro.

Configuring the Arbitration Software (SUSE)

This section describes how to configure the arbitration software in SUSE.

Prerequisites

The arbitration software must be configured in user mode.

Procedure
  1. Prepare for the configuration.

    Before the configuration, make sure that the quorum server has been configured with service IP address and firewall.

    1. Configure a service IP address for the quorum server.
      NOTE:

      If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If the two ports of the quorum server are bonded, you only need to configure a virtual IP address for arbitration.

      • When deploying the arbitration software using VMs, you need to create network adapters and switches for VMs. In this example, arbitration software is deployed on VMs, and two ports of the quorum server are not bonded. Figure 2-14 and Table 2-11 show configuration requirements.
      Figure 2-14 Configuration requirements of virtual network adapters

      Table 2-11 Configuration requirements of virtual network adapters

      Name

      Configuration Requirement

      Example

      Network adapter 2

      vmnic0 connects to controller A of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 1
      • Physical adapters name: vmnic0
      • Physical adapters IP addresses and mask: 192.168.6.31/255.255.255.0

      Network adapter 3

      vmnic1 connects to controller B of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 2
      • Physical adapters name: vmnic1
      • Physical adapters IP addresses and mask: 192.168.7.31/255.255.255.0
      • When deploying the arbitration software using physical machines, the two ports of the quorum server are not bonded and you are advised to configure service IP addresses at two different network segments for arbitration ports. In this example, arbitration software is deployed on physical machines, and two ports of the quorum server are not bonded. Table 2-12 lists configuration examples.
      Table 2-12 Examples for configuring IP addresses of arbitration services

      Arbitration Port

      Service IP Address

      Mask

      Arbitration port 1

      192.168.6.31

      255.255.255.0

      Arbitration port 2

      192.168.7.31

      255.255.255.0

      Run the vi command to open the configuration file of the network adapter used by the quorum server for arbitration. The following uses network adapters eth1 and eth2 for arbitration ports as an example to describe how to modify the file. Modify the IPADDR in this file and then save the file.

      NOTICE:

      Parameter STARTMODE must be set to auto.

      XXX@Linux:~# vi /etc/sysconfig/network/ifcfg-eth1 
      BOOTPROTO='static' 
      BROADCAST='' 
      ETHTOOL_OPTIONS='' 
      IPADDR='192.168.6.31/24' 
      MTU='' 
      NAME='82540EM Gigabit Ethernet Controller' 
      NETWORK='' 
      REMOTE_IPADDR='' 
      STARTMODE='auto' 
      USERCONTROL='no'     
      XXX@Linux:~# vi /etc/sysconfig/network/ifcfg-eth2 
      BOOTPROTO='static' 
      BROADCAST='' 
      ETHTOOL_OPTIONS='' 
      IPADDR='192.168.7.31/24' 
      MTU='' 
      NAME='82540EM Gigabit Ethernet Controller' 
      NETWORK='' 
      REMOTE_IPADDR='' 
      STARTMODE='auto' 
      USERCONTROL='no'     
    2. Check whether the service IP address configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run the service network restart command in any directory to enable the IP address configuration to take effect. Then run the ifconfig command to check whether the configuration for eth1 and eth2 takes effect. If the IP address that you configured is displayed in the command output, the configuration takes effect.

      XXX@Linux:~#ifconfig 
      eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:E2 
                inet addr: 192.168.6.31  Bcast:192.168.6.255  Mask:255.255.255.0 
                inet6 addr: fe80::a00:27ff:fe2e:fba6/64 Scope:Link 
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0 
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0 
                collisions:0 txqueuelen:1000 
                 RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb) 
       
      eth2      Link encap:Ethernet  HWaddr 08:00:27:45:7A:EB 
                inet addr: 192.168.7.31  Bcast:192.168.7.255  Mask:255.255.255.0 
                inet6 addr: fe80::a00:27ff:fe2e:fba7/64 Scope:Link 
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0 
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0 
                collisions:0 txqueuelen:1000  
                RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)     
    3. Configure a port ID for the firewall of the quorum server.

      Enter the CLI of the quorum server, go to any directory, run the vi /etc/sysconfig/SuSEfirewall2 command in any directory to open the firewall configuration file and add the port ID of FW_SERVICES_EXT_TCP to 30002.

      NOTE:
      • If you want to enable other ports for the firewall, add the port IDs to the FW_SERVICES_EXT_TCP configuration item. For example, if you want to enable port 22, type FW_SERVICES_EXT_TCP="30002 22".
      • If a virtual machine (VM) is used to deploy the arbitration software, enable the firewall port of the physical machine where the VM is deployed.
      XXX@Linux:~# ## Type:        string 
      # 
      # 9.) 
      # Which TCP services _on the firewall_ should be accessible from 
      # untrusted networks? 
      # 
      # Format: space separated list of ports, port ranges or well known 
      #         service names (see /etc/services) 
      # 
      # Examples: "ssh", "123 514", "3200:3299", "ftp 22 telnet 512:514" 
      # 
      # Note: this setting has precedence over FW_SERVICES_ACCEPT_* 
      # 
      FW_SERVICES_EXT_TCP="30002"     
    4. Check whether the firewall configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run the rcSuSEfirewall2 restart command in any directory to restart the firewall. Then run the iptables -L command to check whether the firewall configuration takes effect. If the ACCEPT tcp -- anywhere anywhere tcp dpt:pago-services2 information is displayed in the command output, the firewall configuration takes effect.

      XXX@Linux:~# iptables -L 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
      ACCEPT     tcp  --  anywhere     anywhere    tcp dpt:pago-services2 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
                                  .     

  2. Go to the command-line interface (CLI) of the arbitration software.

    In any directory of the quorum server's operating system, run the qsadmin command to open the arbitration software. The arbitration software page is displayed.

    XXX@Linux:~# qsadmin 
    start main! 
    Waiting for connecting to server... 
    admin:/>     
    NOTE:

    After the arbitration software is started, run the help command to check help information and understand the commands that are required during the configuration process.

  3. Add the service IP address and port ID of the quorum server to the arbitration software.

    In the CLI of the arbitration software, run the add server_ip command to add the service IP address and port ID of the quorum server to the arbitration software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002 
    Command executed succesfully. 
    admin:/>add server_ip ip=192.168.7.31 port=30002 
    Command executed succesfully.
    NOTE:
    • Service IP addresses of the quorum server are used for interworking with the storage array when an arbitration server is added to the storage array. If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If two ports of the quorum server are bonded, IP addresses of the two ports must be the same.
    • The ID of the arbitration software's listening port must be the same as that of the port enabled on the firewall.

    After configuration is complete, run the show server_ip command. If the command output shows the IP address and port ID that are added, the configuration succeeds.

    admin:/>show server_ip 
    Index      Server IP       Server Port 
    -----      ------------    ------------------ 
    1          192.168.6.31    30002 
    2          192.168.7.31    30002 
    Index      Local IP       Local Port      Remote IP     Remote Port    State
    -----      ------------    ---------       --------     ---------      ----- 

  4. (Optional) Replace the original certificates of the quorum server with new ones.

    NOTE:

    To further improve storage system security, you are advised to replace the default security certificate and private key of the storage systems and those of the quorum server with your own security certificate and private key.

    1. Export the certificate request file of the quorum server.

      In the CLI of the arbitration software, run the export tls_cert command to export the device information. The qs_certreq.csr file is generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert 
      Command executed successfully.     
      NOTE:
      • The certificates must be replaced in user mode.
      • The certificate request file of the quorum server can be used to generate certificates in a third-party Certificate Authority (CA) organization. Copy the certificates to the /opt/quorum_server/export_import directory of the quorum server. The certificates ensure security of the quorum server.
      • After installing the arbitration software, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to ensure that the security certificates can be imported and exported.
    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third party for the third-party CA organization to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the certificate (such as qs_cert.crt) of the quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/export_import directory of the quorum server.

    4. Import the certificates to the arbitration software.

      In the CLI of the arbitration software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the arbitration software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt 
      Command executed successfully.     
    5. After replacing certificates on the quorum server, replace the certificates on the local and remote storage arrays. For details, see Managing Certificates section.

  5. (Optional) Configure a whitelist.

    After you replace a certificate, you must configure a whitelist.

    NOTICE:

    The arbitration software allows a storage system to connect to the quorum server only after you configure a whitelist and add the SN of storage system to the arbitration software. If you replace another certificate, you do not need to configure a whitelist anymore.

    1. In the CLI of the storage system, run the show system general command to query the storage system SN.
      admin:/>show system general 
       
      System Name : XXXXXX  
      Health Status : Normal  
      Running Status : Normal  
      Total Capacity : X.XXXTB  
      SN : XXXXXXXXXXXXXXXXXXXX  
      Location :  
      Product Model : XXXXX  
      Product Version : VX00R00XC00  
      High Water Level(%) : XX  
      Low Water Level(%) : XX  
      WWN : XXXXXXXXXXXXXXX  
      Time : XXXX-XX-XX/15:11:15 UTC+08:00     
    2. In the CLI of the arbitration software, run the add white_list sn=? command to add the storage system SN to the arbitration software for management.
      admin:/>add white_list sn=XXXXXXXXXXXXXXXXXXXX 
       
      Command executed successfully.     
    3. (Optional) Run the change white_list enable_switch=no command to close the whitelist if you do not need to configure it.

Configuring the Arbitration Software (Red Hat/Red Flag/NeoKylin/CentOS)

This section describes how to configure the arbitration software in Red Hat, Red Flag, NeoKylin, or CentOS.

Prerequisites

The arbitration software must be configured in user mode.

Procedure
  1. Prepare for the configuration.

    Before the configuration, make sure that the quorum server has been configured with service IP address and firewall.

    1. Configure a service IP address for the quorum server.
      NOTE:

      If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If the two ports of the quorum server are bonded, you only need to configure a virtual IP address for arbitration.

      • When deploying the arbitration software using VMs, you need to create virtual network adapters and switches for VMs. In this example, arbitration software is deployed on VMs, and two ports of the quorum server are not bonded. Figure 2-15 and Table 2-13 show configuration requirements.
      Figure 2-15 Configuration requirements of virtual network adapters

      Table 2-13 Configuration requirements of virtual network adapters

      Name

      Configuration Requirement

      Example

      Network adapter 2

      vmnic0 connects to controller A of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 1
      • Physical adapters name: vmnic0
      • Physical adapters IP addresses and mask: 192.168.6.31/255.255.255.0

      Network adapter 3

      vmnic1 connects to controller B of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 2
      • Physical adapters name: vmnic1
      • Physical adapters IP addresses and mask: 192.168.7.31/255.255.255.0
      • When deploying the arbitration software using physical machines, the two ports of the quorum server are not bonded and you are advised to configure service IP addresses at two different network segments for arbitration ports. In this example, arbitration software is deployed on physical machines, and two ports of the quorum server are not bonded. Table 2-14 lists configuration examples.
      Table 2-14 Examples for configuring IP addresses of arbitration services

      Arbitration Port

      Service IP Address

      Mask

      Arbitration port 1

      192.168.6.31

      255.255.255.0

      Arbitration port 2

      192.168.7.31

      255.255.255.0

      Run the vi command to open the configuration file of the network adapter used by the quorum server for arbitration. The following uses network adapters eth1 and eth2 for arbitration ports as an example to describe how to modify the file. Modify the IPADDR and NETMASK in this file and then save the file.

      NOTICE:

      Parameter ONBOOT must be set to yes.

      XXX@Linux:~# vi /etc/sysconfig/network-scripts/ifcfg-eth1 
      DEVICE=eth1  
      HWADDR=08:00:27:45:7A:E2  
      TYPE=Ethernet  
      #UUID=e9f75670-fde9-4bf0-941e-c9a251341405 
      ONBOOT=yes  
      NM_CONTROLLED=no 
      BOOTPROTO=static  
      IPADDR=192.168.6.31                              #IP address of network adapter 
      NETMASK=255.255.255.0                             #Subnet mask 
           
      XXX@Linux:~# vi /etc/sysconfig/network-scripts/ifcfg-eth2 
      DEVICE=eth2  
      HWADDR=08:00:27:45:7A:EB  
      TYPE=Ethernet  
      #UUID=e9f75670-fde9-4bf0-941e-c9a251341406 
      ONBOOT=yes  
      NM_CONTROLLED=no 
      BOOTPROTO=static  
      IPADDR=192.168.7.31                              #IP address of network adapter 
      NETMASK=255.255.255.0                             #Subnet mask     
    2. Check whether the service IP address configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run the service network restart command in any directory to enable the IP address configuration to take effect. Then run the ifconfig command to check whether the configuration for eth1 and eth2 takes effect. If the IP address that you configured is displayed in the command output, the configuration takes effect.

      XXX@Linux:~#ifconfig 
      eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:E2 
                inet addr: 192.168.6.31  Bcast:192.168.255.255  Mask:255.255.255.0 
                inet6 addr: fe80::a00:27ff:fe2e:fba6/64 Scope:Link 
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0 
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0 
                collisions:0 txqueuelen:1000 
                 RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb) 
       
      eth2      Link encap:Ethernet  HWaddr 08:00:27:45:7A:EB 
                inet addr: 192.168.7.31  Bcast:192.168.255.255  Mask:255.255.255.0 
                inet6 addr: fe80::a00:27ff:fe2e:fba7/64 Scope:Link 
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0 
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0 
                collisions:0 txqueuelen:1000  
                RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)     
    3. Configure a port ID for the firewall of the quorum server.

      Enter the CLI of the quorum server, go to any directory, run the vi /etc/sysconfig/iptables command in any directory to open the firewall configuration file and add the port ID to 30002.

      NOTE:

      If you want to enable other ports for the firewall, add the port IDs to the -I INPUT –p XXX –-dport=XXX –j ACCEPT configuration item. For example, -I INPUT -p tcp --dport=22 -j ACCEPT.

      XXX@Linux:~# vi /etc/sysconfig/iptables 
      *filter 
      :INPUT ACCEPT [0:0] 
      :FORWARD ACCEPT [0:0] 
      :OUTPUT ACCEPT [0:0] 
       
      -I INPUT -p tcp --dport=30002 -j ACCEPT 
      COMMIT
      NOTE:
      • If /etc/sysconfig/iptables does not exist or is empty, write all the preceding content into the configuration file.
      • If /etc/sysconfig/iptables has content, add -I INPUT –p tcp –-dport=30002 –j ACCEPT at the beginning of COMMIT.
      • If you want to enable other ports for the firewall, add the port IDs to the -I INPUT –p XXX –-dport=XXX –j ACCEPT configuration item. For example, if you want to enable port 22, type -I INPUT –p tcp –-dport=22 –j ACCEPT.
      • If a virtual machine (VM) is used to deploy the arbitration software, enable the firewall port of the physical machine where the VM is deployed.
    4. Check whether the firewall configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run the service iptables restart command in any directory to restart the firewall. Then run the iptables -L command to check whether the firewall configuration takes effect. If the ACCEPT tcp -- anywhere anywhere tcp dpt:pago-services2 information is displayed in the command output, the firewall configuration takes effect.

      XXX@Linux:~# iptables -L 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
      ACCEPT     tcp  --  anywhere     anywhere    tcp dpt:pago-services2 
                                  . 
                                  . 
                                  . 
                                  . 
                                  . 
                                  .     

  2. Go to the command-line interface (CLI) of the arbitration software.

    In any directory of the quorum server's operating system, run the qsadmin command to open the arbitration software. The arbitration software page is displayed.

    XXX@Linux:~# qsadmin 
    start main! 
    Waiting for connecting to server... 
    admin:/> 
    NOTE:

    After the arbitration software is started, run the help command to check help information and understand the commands that are required during the configuration process.

  3. Add the service IP address and port ID of the quorum server to the arbitration software.

    In the CLI of the arbitration software, run the add server_ip command to add the service IP address and port ID of the quorum server to the arbitration software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002 
    Command executed successfully. 
    admin:/>add server_ip ip=192.168.7.31 port=30002 
    Command executed successfully.
    NOTE:
    • Service IP addresses of the quorum server are used for interworking with the storage array when an arbitration server is added to the storage array. If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If two ports of the quorum server are bonded, IP addresses of the two ports must be the same.
    • The ID of the arbitration software's listening port must be the same as that of the port enabled on the firewall.

    After configuration is complete, run the show server_ip command. If the command output shows the IP address and port ID that are added, the configuration succeeds.

    admin:/>show server_ip 
    Index      Server IP       Server Port 
    -----      ------------    ------------------ 
    1          192.168.6.31    30002
    2          192.168.7.31    30002 
    Index      Local IP       Local Port      Remote IP     Remote Port    State 
    -----      ------------    ---------       --------     ---------      -----
    

  4. (Optional) Replace the original certificates of the quorum server with new ones.

    NOTE:

    To further improve storage system security, you are advised to replace the default security certificate and private key of the storage systems and those of the quorum server with your own security certificate and private key.

    1. Export the certificate request file of the quorum server.

      In the CLI of the arbitration software, run the export tls_cert command to export the device information. The qs_certreq.csr file is generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert 
      Command executed successfully.     
      NOTE:
      • The certificates must be replaced in user mode.
      • The certificate request file of the quorum server can be used to generate certificates in a third-party Certificate Authority (CA) organization. Copy the certificates to the /opt/quorum_server/export_import directory of the quorum server. The certificates ensure security of the quorum server.
      • After installing the arbitration software, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to ensure that the security certificates can be imported and exported.
    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third party for the third-party CA organization to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the certificate (such as qs_cert.crt) of the quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/export_import directory of the quorum server.

    4. Import the certificates to the arbitration software.

      In the CLI of the arbitration software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the arbitration software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt 
      Command executed successfully.     
    5. After replacing certificates on the quorum server, replace the certificates on the local and remote storage arrays. For details, see Managing Certificates section.

  5. (Optional) Configure a whitelist.

    After you replace a certificate, you must configure a whitelist.

    NOTICE:

    The arbitration software allows a storage system to connect to the quorum server only after you configure a whitelist and add the SN of storage system to the arbitration software. If you replace another certificate, you do not need to configure a whitelist anymore.

    1. In the CLI of the storage system, run the show system general command to query the storage system SN.
      admin:/>show system general 
       
      System Name : XXXXXX  
      Health Status : Normal  
      Running Status : Normal  
      Total Capacity : X.XXXTB  
      SN : XXXXXXXXXXXXXXXXXXXX  
      Location :  
      Product Model : XXXXX  
      Product Version : VX00R00XC00  
      High Water Level(%) : XX  
      Low Water Level(%) : XX  
      WWN : XXXXXXXXXXXXXXX  
      Time : XXXX-XX-XX/15:11:15 UTC+08:00     
    2. In the CLI of the arbitration software, run the add white_list sn=? command to add the storage system SN to the arbitration software for management.
      admin:/>add white_list sn=XXXXXXXXXXXXXXXXXXXX 
       
      Command executed successfully.     
    3. (Optional) Run the change white_list enable_switch=no command to close the whitelist if you do not need to configure it.

Configuring the Arbitration Software (Ubuntu)

This section describes how to configure the arbitration software in Ubuntu.

Prerequisites

The arbitration software must be configured in user mode.

Procedure
  1. Prepare for the configuration.

    Before the configuration, make sure that the quorum server has been configured with service IP address and firewall.

    1. Configure a service IP address for the quorum server.
      NOTE:

      If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If the two ports of the quorum server are bonded, you only need to configure a virtual IP address for arbitration.

      • When deploying the arbitration software using VMs, you need to create virtual network adapters and switches for VMs. In this example, arbitration software is deployed on VMs, and two ports of the quorum server are not bonded. Figure 2-16 and Table 2-15 show configuration requirements.
      Figure 2-16 Configuration requirements of virtual network adapters

      Table 2-15 Configuration requirements of virtual network adapters

      Name

      Configuration Requirement

      Example

      Network adapter 2

      vmnic0 connects to controller A of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 1
      • Physical adapters name: vmnic0
      • Physical adapters IP addresses and mask: 192.168.6.31/255.255.255.0

      Network adapter 3

      vmnic1 connects to controller B of the local and remote storage systems in the HyperMetro pair.

      • Switch name: vSwitch 2
      • Physical adapters name: vmnic1
      • Physical adapters IP addresses and mask: 192.168.7.31/255.255.255.0
      • When deploying the arbitration software using physical machines, the two ports of the quorum server are not bonded and you are advised to configure service IP addresses at two different network segments for arbitration ports. In this example, arbitration software is deployed on physical machines, and two ports of the quorum server are not bonded. Table 2-16 lists configuration examples.
      Table 2-16 Examples for configuring IP addresses of arbitration services

      Arbitration Port

      Service IP Address

      Mask

      Arbitration port 1

      192.168.6.31

      255.255.255.0

      Arbitration port 2

      192.168.7.31

      255.255.255.0

      Run the sudo vi /etc/network/interfaces command to open the configuration file of the network adapter used by the quorum server for arbitration. The following uses network adapters eth1 and eth2 for arbitration ports as an example to describe how to modify the file. Modify the address and netmask in this file and then save the file.

      NOTICE:

      The start mode must be set to auto.

      XXX@ubuntu:~$sudo vi /etc/network/interfaces 
      auto eth1  //The parameter must be set to auto. 
      iface eth1 inet static 
      address 192.168.6.31 
      gateway 192.168.6.1 
      netmask 255.255.255.0 
       
      auto eth2  //The parameter must be set to auto. 
      iface eth2 inet static 
      address 192.168.7.31 
      gateway 192.168.7.1 
      netmask 255.255.255.0
    2. Check whether the service IP address configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run sudo ifdown eth1 and sudo ifup eth1 command in any directory to restart the network adapter. Then run the ifconfig eth1 command to check whether the configuration takes effect. If the IP address that you configure is displayed in the command output, the configuration takes effect.

      XXX@ubuntu:~$ifconfig eth1 
      eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:E2    
                inet addr: 192.168.6.31  Bcast:192.168.6.255  Mask:255.255.255.0  
                inet6 addr: fe80::a00:27ff:fe2e:fba6/64 Scope:Link  
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1  
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0  
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0  
                collisions:0 txqueuelen:1000 
                RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)     

      Enter the CLI of the quorum server, go to any directory, run sudo ifdown eth2 and sudo ifup eth2 command in any directory to restart the network adapter. Then run the ifconfig eth2 command to check whether the configuration takes effect. If the IP address that you configure is displayed in the command output, the configuration takes effect.

      XXX@ubuntu:~$ifconfig eth2 
      eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:EB    
                inet addr: 192.168.7.31  Bcast:192.168.7.255  Mask:255.255.0.0  
                inet6 addr: fe80::a00:27ff:fe2e:fba7/64 Scope:Link  
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1  
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0  
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0  
                collisions:0 txqueuelen:1000 
                RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)     
    3. Configure a port ID for the firewall of the quorum server.

      Enter the CLI of the quorum server, go to any directory, (take ufw as example), run the sudo ufw allow 30002/tcp command in any directory to add the port to 30002.

      NOTE:
      • If you want to enable other ports for the firewall, run the sudo ufw allow XXX/XXX command to add the port IDs to the firewall. For example, if you want to enable port 22, run the sudo ufw allow 22/tcp command.
      • If a virtual machine (VM) is used to deploy the arbitration software, enable the firewall port of the physical machine where the VM is deployed.
      XXX@ubuntu:~$sudo ufw allow 30002/tcp 
      Rule added 
      Rule added (v6)     
    4. Check whether the firewall configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, go to any directory, run the sudo ufw status command to check whether the firewall configuration takes effect. If the 30002/tcp ALLOW Anaywhere and 30002/tcp(v6) ALLOW Anaywhere (v6) information is displayed in the command output, the firewall configuration takes effect.

      XXX@ubuntu:~$sudo ufw status 
      To                    Action            From 
      --                    ------            ---- 
                                .  
                                .  
                                .  
                                .  
      30002/tcp             ALLOW           Anywhere 
                                . 
                                . 
                                . 
      30002/tcp (v6)       ALLOW           Anywhere (v6)     

  2. Go to the command-line interface (CLI) of the arbitration software.

    In any directory of the quorum server's operating system, run the qsadmin command to open the arbitration software. The arbitration software page is displayed.

    XXX@ubuntu:~$ qsadmin  
    start main! 
    Waiting for connecting to server...
    admin:/>
    NOTE:

    After the arbitration software is started, run the help command to check help information and understand the commands that are required during the configuration process.

  3. Add the service IP address and port ID of the quorum server to the arbitration software.

    In the CLI of the arbitration software, run the add server_ip command to add the service IP address and port ID of the quorum server to the arbitration software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002 
    Command executed succesfully. 
    admin:/>add server_ip ip=192.168.7.31 port=30002
    Command executed succesfully. 
    NOTE:
    • Service IP addresses of the quorum server are used for interworking with the storage array when an arbitration server is added to the storage array. If two ports of the quorum server are not bonded, IP addresses of the two ports must be from different network segments. If two ports of the quorum server are bonded, IP addresses of the two ports must be the same.
    • The ID of the arbitration software's listening port must be the same as that of the port enabled on the firewall.

    After configuration is complete, run the show server_ip command. If the command output shows the IP address and port ID that are added, the configuration succeeds.

    admin:/>show server_ip 
    Index      Server IP       Server Port 
    -----      ------------    ------------------ 
    1          192.168.6.31    30002 
    2          192.168.7.31    30002 
    Index      Local IP       Local Port      Remote IP     Remote Port    State 
    -----      ------------    ---------       --------     ---------      ----- 

  4. (Optional) Replace the original certificates of the quorum server with new ones.

    NOTE:

    To further improve storage system security, you are advised to replace the default security certificate and private key of the storage systems and those of the quorum server with your own security certificate and private key.

    1. Export the certificate request file of the quorum server.

      In the CLI of the arbitration software, run the export tls_cert command to export the device information. The qs_certreq.csr file is generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert 
      Command executed successfully.     
      NOTE:
      • The certificates must be replaced in user mode.
      • The certificate request file of the quorum server can be used to generate certificates in a third-party Certificate Authority (CA) organization. Copy the certificates to the /opt/quorum_server/export_import directory of the quorum server. The certificates ensure security of the quorum server.
      • After installing the arbitration software, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to ensure that the security certificates can be imported and exported.
    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third party for the third-party CA organization to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the certificate (such as qs_cert.crt) of the quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/export_import directory of the quorum server.

    4. Import the certificates to the arbitration software.

      In the CLI of the arbitration software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the arbitration software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt 
      Command executed successfully.     
    5. After replacing certificates on the quorum server, replace the certificates on the local and remote storage arrays. For details, see Managing Certificates section.

  5. (Optional) Configure a whitelist.

    After you replace a certificate, you must configure a whitelist.

    NOTICE:

    The arbitration software allows a storage system to connect to the quorum server only after you configure a whitelist and add the SN of storage system to the arbitration software. If you replace another certificate, you do not need to configure a whitelist anymore.

    1. In the CLI of the storage system, run the show system general command to query the storage system SN.
      admin:/>show system general 
       
        System Name         : reppub_10.103.20.176         
        Health Status       : Normal                        
        Running Status      : Normal                        
        Total Capacity      : 2.025TB                       
        SN                  : XXXXXXXXXXXXXXXXXXXX          
        Location            :                               
        Product Model       : XXXXX                        
        Product Version   : VXXXRXXX                   
        High Water Level(%) : 80                            
        Low Water Level(%)  : 20                            
        WWN                 : 21000022a1072506              
        Time                : 2015-06-27/15:11:15 UTC+08:00      
    2. In the CLI of the arbitration software, run the add white_list sn=? command to add the storage system SN to the arbitration software for management.
      admin:/>add white_list sn=XXXXXXXXXXXXXXXXXXXX 
       
      Command executed successfully.     
    3. (Optional) Run the change white_list enable_switch=no command to close the whitelist if you do not need to configure it.

Translation
Download
Updated: 2018-09-03

Document ID: EDOC1000106183

Views: 26261

Downloads: 269

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next