No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Installation Guide

OceanStor 5000, 5000F, 6000, and 6000F V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, and 6800F V5 storage systems. It describes hardware installation of those storage systems for helping you easily and quickly finish the installation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NTP Service (Linux)

Configuring the NTP Service (Linux)

This section describes how to configure the NTP service on the Linux server, import the NTP certificate and configure the NTP parameter on DeviceManager, and enable the storage system to normally synchronize time.

Configuring an NTP Service on the Server

This section describes how to log in to the CLI of a storage device through a management network port of a server running Linux for device management and maintenance.

Prerequisites
  • The maintenance terminal has been connected to the server through a management network port.
  • GNU Compiler Collection (GCC) has been installed on the server running Linux.
Context

This section uses PuTTY as an example. You can download PuTTY from the chiark website.

Procedure
  1. Run PuTTY.

    The PuTTY Configuration dialog box is displayed, as shown in Figure 10-25.

    Figure 10-25 PuTTY Configuration

  2. Select Session. In Host Name (or IP address) of the Specify the destination you want to connect to area, enter the IP address of the Linux server's management network port that connects to the maintenance terminal and set Connection type to SSH.
  3. Click Open. The CLI login page is displayed, as shown in the following:

    login as:

  4. Enter the user name and password as prompted. The following figure shows the result of a successful login.

    Last login: Mon Apr 10 10:38:06 2017 from XXX.XXX.XXX.XXX 
    [storage ~]# 

  5. Create the directory for saving certificate and private key files.

    1. Run the cd /etc command to open etc file.
    2. Run the mkdir ntp_config command to create ntp_config file.

      The execution result is as follows:

      Storage:~ # cd /etc/ 
      Storage:/etc # mkdir ntp_config     

  6. Generate the certificate and private key file.

    1. Run the cd ntp_config to open ntp_config file.
    2. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 command to generate the private key file.

      server_password is the private key encryption password when the certificate is generated. 3650 indicates the validity period and is variable.

      The execution result is as follows:

      Storage:/etc # cd ntp_config 
      Storage:/etc/ntp_config # ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 
      Using OpenSSL version OpenSSL 0.9.8j-fips 07 Jan 2009 
      Using host Storage group Storage 
      Generating RSA keys (2048 bits)... 
      RSA 0 100 191 1 2 6          3 1 2 
      Generating new host file and link 
      ntpkey_host_Storage->ntpkey_RSAhost_Storage.3707466522 
      Using host key as sign key 
      Generating new certificate Storage RSA-SHA256 
      X509v3 Basic Constraints: critical,CA:TRUE 
      X509v3 Key Usage: digitalSignature,keyCertSign 
      X509v3 Extended Key Usage: trustRoot 
      Generating new cert file and link 
      ntpkey_cert_Storage->ntpkey_RSA-SHA256cert_Storage.3707466522 
      Storage:/etc/ntp_config # 
           
    NOTE:

    If a message shows that the parameter -1 is not supported, upgrade the NTP on the server to a version later than 4.2.8.

  7. Run the ls command to check the generated file.

    The execution result is as follows:

    Storage:/etc/ntp_config # ls 
    ntpkey_RSA-SHA256cert_Storage.3707466522 
    ntpkey_RSAhost_Storage.3707466522 
    ntpkey_cert_Storage 
    ntpkey_host_Storage     

  8. Run the hostname command to obtain the host name.

    This section uses the host name Storage as an example.

  9. Run the vi /etc/ntp.conf command to modify the NTP configuration file.

    Add the following information at the beginning of the ntp.conf file:

    crypto pw server_password host Storage ident Storage

    keysdir /etc/ntp_config

    NOTE:

    server_password is the private key encryption password used in generating the certificate (which can be specified by the user), Storage is the host name, and /etc/ntp_config is the directory where the certificate and private key files are saved.

  10. Restart the NTP service.

    • For SUSE operating system, Run /etc/init.d/ntp restart command.
    • For Red Hat operating system, Run systemctl restart ntpd.service command.
    NOTE:

    If multiple NTP servers need to be configured, you can copy ntpkey_cert_Storage and ntpkey_host_Storage files generated in Step 6 to the corresponding directory of other NTP servers and change the file permission to be the same as on the original server. Configure the ntp.conf file under this server and restart the NTP service.

  11. Configure the samba user.

    1. Input the cd /etc/init.d command and press Enter to enter the etc/init.d directory.
    2. Input the ./smb start command and press Enter to enable the SMB service.
    3. Add the samba user and set a password. The following figure uses user root as an example. Run the smbpasswd -a root command to add user root.
    4. Run the vi /etc/samba/smb.conf command and press Enter. In the opened file, add the following codes to change the user samba permission.
      [ntp_config] 
      public=no 
      path=/etc/ntp_config 
      write list=@root root      
      writable=yes     
    NOTE:

    In write list=@root root, the root and root are the account and password of the samba user that were just added. Set the codes as required.

Configuring NTP Parameters on the Storage System

If the time of a storage system is inaccurate, adjust it. In this way, when alarms are generated, you can accurately determine the alarm generation time based on alarm logs. This section describes how to set the NTP service on the maintenance terminal and enable the storage system to synchronize the server time.

Prerequisites
  • The IP address of a network time protocol (NTP) server has been obtained.
  • You have obtained the samba user name and password for logging in to the NTP server.
  • You have configured the maintenance terminal with a Windows operating system.
  • The maintenance terminal communicates with the storage system properly.
Procedure
  1. Obtain the certificate from the NTP server and copy it to the maintenance terminal.

    1. On the maintenance terminal, press Win+R.

      The Run dialog box is displayed.

    2. Enter \\NTP server IP address and click OK.

      The maintenance terminal attempts to remotely access the NTP server.

    3. Enter the samba Username and Password for logging to the NTP server and click OK to enter the shared directory.
    4. Enter the ntp_config folder and select the NTP certificate that contains the ntpkey_cert field and press Ctrl+C to copy the certificate.
    5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the NTP certificate to the maintenance terminal.
    6. Select the NTP certificate file, right-click, select Rename in the shortcut menu, add the .crt extension to the file, and click Enter.

  2. Log in to DeviceManager through the maintenance terminal.
  3. Import and activate the signed certificate.

    1. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
    2. Click Import and Activate.

      The Import Certificate dialog box is displayed.

    3. In Certificate Type, select NTP certificate.
    4. Click Select next to CA Certificate File.

      In the dialog box that is displayed, find the NTP file directory, select the NTP certificate, and click Open.

    5. Click OK.

      The security alert dialog box is displayed.

    6. Confirm the information of the dialog box and select I have read and understand the consequences associated with performing this operation, and then click OK.

      The Success dialog box is displayed.

    7. Click OK.

      The certificate list shows imported certificates.

  4. Configure the NTP parameter.

    1. Choose Settings > Basic Information > Device Time.
    2. Select Set NTP automatic synchronization.
    3. Type the IPv4 address, IPv6 address or domain name of the NTP server in NTP Server Address.
      NOTE:
      • A maximum of two NTP servers can be added. If the time of the one NTP server cannot be automatically synchronized to devices, the system synchronizes the time of another NTP server to devices.
      • Ensure that the time of two NTP servers is consistent.
    4. In NTP Authentication, select Enable.
    NOTE:

    Some device models do not support this function. Only when NTPv4 or later is used, NTP authentication can be enabled to complete identity authentication for the NTP server and automatically synchronize the system clock to storage devices.

  5. Confirm the NTP configuration.

    1. Click Save.

      The Warning dialog box is displayed.

    2. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation.
    3. Click OK.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

    4. Click Close.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181531

Views: 93807

Downloads: 871

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next