No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage V100R006C30 Block Storage Service Disaster Recovery Feature Guide 03

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Quorum Server Software (Red Hat)

Configuring the Quorum Server Software (Red Hat)

This section describes how to configure the quorum server software in Red Hat.

Prerequisites

The quorum server software must be configured using the user that installs the arbitration software.

Procedure

  1. Prepare for the configuration.

    Before the configuration, ensure that the quorum server has been configured with service IP address and firewall.

    1. Configure a service IP address for the quorum server.

      NOTE:
      • If two quorum ports of the quorum server are not bound, two IP addresses in different network segments must be configured for the two ports for arbitration.
      • If two ports on the quorum server are bound, you need to configure only one virtual IP address for arbitration. For details about the configuration method, see The Arbitration Plane Uses an Independent Network Port.
      • When deploying the quorum server software on a VM, you need to create virtual network adapters and switches for the VM. In this example, the two ports of the quorum server are not bonded, and two service IP addresses need to be configured. Figure 2-3 and Table 2-15 show configuration requirements.
        Figure 2-3  Configuration requirements of virtual network adapters

        Table 2-15  Configuration requirements of virtual network adapters
        Name Configuration Requirement Example
        Network adapter 2

        vmnic0 connects to the DR nodes of the local and remote storage systems through the arbitration network.

        • Switch name: vSwitch 1
        • Physical adapter name: vmnic0
        • Physical adapter IP address and mask: 192.168.6.31/255.255.255.0
        Network adapter 3

        vmnic1 connects to the DR nodes of the local and remote storage systems through the arbitration network.

        • Switch name: vSwitch 2
        • Physical adapter name: vmnic1
        • Physical adapter IP address and mask: 192.168.7.31/255.255.255.0
      • When deploying the quorum server software on a physical machine, you are advised to configure IP addresses of different network segments for the ports. In this example, the two ports of the quorum server are not bonded, and two service IP addresses need to be configured. Table 2-16 lists configuration examples.
        Table 2-16  Examples for configuring IP addresses of arbitration services
        Arbitration Port Service IP Address Mask
        Arbitration port 1 192.168.6.31 255.255.255.0
        Arbitration port 2 192.168.7.31 255.255.255.0
      Run the vi command to open the configuration file of the network adapter used by the quorum server for arbitration. The following uses network adapters eth1 and eth2 for arbitration ports as an example to describe how to modify the file. Modify the IPADDR and NETMASK fields in this file and then save the file.
      • Parameter DEFROUTE must be set to no.
      • Parameter ONBOOT must be set to yes.
      Parameter ONBOOT must be set to yes.
      XXX@Linux:~# vi /etc/sysconfig/network-scripts/ifcfg-eth1
      DEVICE=eth1 
      HWADDR=08:00:27:45:7A:E2 
      TYPE=Ethernet 
      #UUID=e9f75670-fde9-4bf0-941e-c9a251341405
      ONBOOT=yes 
      NM_CONTROLLED=no
      BOOTPROTO=static 
      IPADDR=192.168.6.31                              #IP address of network adapter
      NETMASK=255.255.255.0                             #Subnet mask
      
      
      XXX@Linux:~# vi /etc/sysconfig/network-scripts/ifcfg-eth2
      DEVICE=eth2 
      HWADDR=08:00:27:45:7A:EB 
      TYPE=Ethernet 
      #UUID=e9f75670-fde9-4bf0-941e-c9a251341406
      ONBOOT=yes 
      NM_CONTROLLED=no
      BOOTPROTO=static 
      IPADDR=192.168.7.31                              #IP address of network adapter
      NETMASK=255.255.255.0                             #Subnet mask
      

    2. Check whether the service IP address configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, switch to a directory, and run the service network restart command to make the IP address configuration take effect. Then run the ifconfig command to check whether the configuration for eth1 and eth2 takes effect. If the IP addresses you configured are displayed in the command output, the configuration takes effect.

      XXX@Linux:~#ifconfig
      eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:E2  
                inet addr: 192.168.6.31  Bcast:192.168.255.255  Mask:255.255.255.0
                inet6 addr: fe80::a00:27ff:fe2e:fba6/64 Scope:Link
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1000
                 RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)
      
      eth2      Link encap:Ethernet  HWaddr 08:00:27:45:7A:EB  
                inet addr: 192.168.7.31  Bcast:192.168.255.255  Mask:255.255.255.0
                inet6 addr: fe80::a00:27ff:fe2e:fba7/64 Scope:Link
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0
                TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1000 
                RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)
      

    3. Configure a port number for the firewall of the quorum server.

      Enter the CLI of the quorum server, switch to a directory, and run the vi /etc/sysconfig/iptables command to open the firewall configuration file. Add configuration item -I INPUT -p tcp --dport=30002 -j ACCEPT so that to add port number 30002.

      XXX@Linux:~# vi /etc/sysconfig/iptables
      *filter
      :INPUT ACCEPT [0:0]
      :FORWARD ACCEPT [0:0]
      :OUTPUT ACCEPT [0:0]
      -I INPUT -p tcp --dport=30002 -j ACCEPT
      COMMIT
      NOTE:
      • If /etc/sysconfig/iptables does not exist or is empty, write all the preceding content into the configuration file.
      • If /etc/sysconfig/iptables has content, add -I INPUT –p tcp –-dport=30002 –j ACCEPT before you enter COMMIT.
      • If another port needs to be enabled for the firewall, add a -I INPUT –p XXX –-dport=XXX –j ACCEPT configuration item to the configuration file. For example, if port number 22 needs to be enabled, add -I INPUT –p tcp –-dport=22 –j ACCEPT.
      • If a VM is used to deploy the quorum server software, enable the firewall port of the physical machine where the VM is deployed.

    4. Check whether the firewall configuration of the quorum server takes effect.

      Enter the CLI of the quorum server, switch to a directory, and run the service iptables restart command to restart the firewall. Then run the iptables -L command to check whether the firewall configuration takes effect. If ACCEPT tcp -- anywhere anywhere tcp dpt:pago-services2 is displayed in the command output, the firewall configuration takes effect.

      XXX@Linux:~# iptables -L
                                  .
                                  .
                                  .
                                  .
                                  .
                                  .
      ACCEPT     tcp  --  anywhere     anywhere    tcp dpt:pago-services2
                                  .
                                  .
                                  .
                                  .
                                  .
                                  .
      

  2. Open the CLI of the quorum server software.

    Enter the CLI of the quorum server, switch to a directory, and run the qsadmin command to open the quorum server software. The CLI of the quorum server software is displayed.

    XXX@Linux:~# qsadmin
    start main!
    Waiting for connecting to server...
    admin:/>
    
    NOTE:
    After the quorum server software is opened, you can run the help command to view help information and learn the commands required for the configuration.

  3. Add the service IP addresses and port numbers of the quorum server to the quorum server software.

    In the CLI of the quorum server software, run the add server_ip command to add the service IP addresses and port numbers of the quorum server to the quorum server software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002
    
    Command executed succesfully.
    
    admin:/>add server_ip ip=192.168.7.31 port=30002
    
    Command executed succesfully.
    
    NOTE:
    • Service IP addresses of the quorum server are used for interworking with the storage systems when a quorum server is added to the storage system.
    • The listening port of the quorum server software must be the same as that enabled on the firewall.

    After the configuration is complete, run the show server_ip command. If the command output displays the added IP addresses and port numbers, the configuration is successful.

    admin:/>show server_ip
    
    Index      Server IP       Server Port
    -----      ------------    ------------------
    1          192.168.6.31    30002
    2          192.168.7.31    30002
    
    Index      Local IP       Local Port      Remote IP     Remote Port    State
    -----      ------------    ---------       --------     ---------      -----
    

  4. (Optional) Update the certificates.

    NOTE:

    To further improve storage system reliability, you are advised to update the default security certificates and private keys of the storage systems and those of the quorum server with your own security certificates and private keys.

    1. Export the certificate request file of the quorum server.

      In the CLI of the quorum server software, run the export tls_cert command to export the device information. The qs_certreq.csr file will be generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert
      Command executed successfully.
      
      NOTE:
      • The certificates must be updated in the CLI of the quorum server software. You can run the qsadmin command as user root to switch to the CLI of the quorum server software.
      • The certificate request file of the quorum server can be used to generate certificates in a third-party Certificate Authority (CA) organization. Copy the certificates to the /opt/quorum_server/export_import directory of the quorum server. The certificates ensure the security of the quorum server.
      • After the quorum server software is installed, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to ensure that the security certificates can be imported and exported.

    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third party for the third-party CA organization to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the certificate (such as qs_cert.crt) of the quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/export_import directory of the quorum server.

    4. Import the certificates to the quorum server software.

      In the CLI of the quorum server software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the quorum server software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt
      Command executed successfully.
      

    5. After certificates on the quorum server have been updated, update the certificates on the local and remote storage systems.

      For details, see section Updating the Arbitration Certificate of the Replication Cluster in the FusionStorage Block Storage Service Disaster Recovery CLI Command Usage Guide.

Translation
Download
Updated: 2019-01-17

Document ID: EDOC1100044928

Views: 17578

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next