No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Importing the Security Certificate of the Keystone Server

Importing the Security Certificate of the Keystone Server

To ensure that the object storage service (compatible with OpenStack Switch APIs) can communicate with the keystone server after HTTPS is enabled on the Keystone server, import the security certificate (that is, the Authority Certification certificate) of the Keystone server to a storage cluster.

Context

The security certificate and revocation certificate of the Keystone server are customer-supplied. The methods of importing the two types of certificates are the same. The following uses how to import a security certificate as an example.

Procedure

  1. Log in to the Keystone server and copy the security certificate to the management node of the storage cluster.

    scp ca.pem omuser@192.168.102.103:/home/omuser

    The previous parameters are described as follows:
    • ca.pem: security certificate of the Keystone server
    • 192.168.102.103: management IP address of the storage cluster. The value is for reference only.

  2. Log in to the management node of the storage cluster, copy the security certificate to the swift directory of the management node, and set the access permission for the security certificate.

    To log in to the management node of the storage cluster, run ssh omuser@192.168.102.103;

    To switch to user root, run su - root;

    To copy the security certificate to the swift directory of the management node, run cp /home/omuser/ca.pem /opt/obs/obsconf/swift/ca.pem;

    Set the access permission for the security certificate, run the following commands:
    • chmod 640 /opt/obs/obsconf/swift/ca.pem
    • chown obs:obsgrp /opt/obs/obsconf/swift/ca.pem

  3. Copy the security certificate from the management node of the storage cluster to other nodes over the back-end storage network.

    scp /home/omuser/ca.pem omuser@172.16.0.11:/home/omuser

    In the command, 172.16.0.11 is the back-end storage IP address of the node to which the security certificate is copied. The given IP address is for reference only. Repeat the step on each node to ensure that the security certificate is copied to each node.

  4. Log in to a node and copy the security certificate to the swift directory of the node. Repeat the step on each node to ensure that the security certificate is copied to the swift directory of each node.

    To log in to the management node of the storage cluster, run ssh omuser@192.168.102.103;

    To switch to user root, run su - root;

    To log in to another node from the management node, run ssh omuser@172.16.0.11;

    To copy the security certificate to the swift directory of the management node, run cp /home/omuser/ca.pem /opt/obs/obsconf/swift/ca.pem;

    Set the access permission for the security certificate, run the following commands:
    • chmod 640 /opt/obs/obsconf/swift/ca.pem
    • chown obs:obsgrp /opt/obs/obsconf/swift/ca.pem

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 11009

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next