No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing a Cascading Security Certificate for a Regional Database of Object Storage Service (Compatible with Amazon S3 APIs)

Replacing a Cascading Security Certificate for a Regional Database of Object Storage Service (Compatible with Amazon S3 APIs)

Replacing a cascading security certificate for a regional database of object storage service (compatible with S3 APIs) helps safeguard accounts. Regularly replacing security certificates is recommended.

Prerequisites

If the SSH certification type of nodes is only public key, ensure that the public and private key files of user omsftp have been imported.

The cascading security certificate of a regional database (including three files: cacert.pem, server.crt, and server.key) and the password of server.key have been obtained.

  1. During the certificate replacement, services in a region will be temporarily unavailable.
  2. You only need to apply for one security certificate for all services in a region. When it is necessary to replace the security certificate, replace it for all services in the region. If different security certificates are used in a region, services in the region will become unavailable.

Procedure

  1. Start PuTTY and enter the management IP address of the OceanStor 9000 to log in as account omuser to system.
  2. Run the cat /proc/monc_hamap | grep ip command to obtain the back-end network IP addresses of the primary and secondary management nodes of the object storage service (compatible with Amazon S3 APIs) database, as shown below. role(1) indicates the primary management node of the database, and role(2) indicates the secondary management node of the database.

    NODE1:/home/omuser # cat  /proc/monc_hamap | grep ip
    HA node info: ip(xxx.xxx.xxx.xxx),node id(6401),weight(1020)role(1)status(0)
    HA node info: ip(xxx.xxx.xxx.xxx),node id(6402),weight(1020)role(2)status(0)

  3. Run the ssh xxx.xxx.xxx.xxx command to skip to the primary management node of the object storage service (compatible with Amazon S3 APIs) database. xxx.xxx.xxx.xxx is the back-end network IP address of the primary management node of the object storage service (compatible with APIs) database.
  4. Run the su - root command to switch to user root.
  5. Run the TMOUT=0 command to disable automatic exit of PuTTY due to timeout.
  6. Use SFTP to upload files cacert.pem, server.crt, and server.key to a directory of a node, such as /home/omuser.
  7. Run the sh /opt/obs/scripts/poe/replaceGaussCA.sh -f /home/omuser to import the cascading security certificate of the regional database, as shown below. /home/omuser is the directory that saves the certificate file uploaded in 6.

    NODE1:/home/omuser # sh /opt/obs/scripts/poe/replaceGaussCA.sh -f /home/omuser
    When running the script, services are interrupted till database certificates of HA active and standby nodes are replaced.
    This script can only be performed on the HA nodes.If clusters are cascaded, perform the same operation on the other cluster.
    Do you want to continue?(yes/y, or no/n):y
    Please input the server password:
    Run success
    NOTE:
    password: is followed by the password of server.key.

    If the command output is Run success, the command is successfully executed.

  8. Run the ssh xxx.xxx.xxx.xxx command to skip to the secondary management node of the object storage service (compatible with Amazon S3 APIs) database. xxx.xxx.xxx.xxx is the back-end network IP address of the secondary management node of the object storage service (compatible with APIs) database. Repeat 4 to 7.
Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 10824

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next