No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor BCManager 6.5.0 eReplication User Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing the GaussDB or the HA Certificate of the eReplication Server

Replacing the GaussDB or the HA Certificate of the eReplication Server

Function

For security purposes, you may want to use a certificate issued by a third-party authority. The eReplication Server allows you to replace GaussDB and HA certificates of the Linux management server as long as you provide the authentication certificate and private key. You are advised to replace a certificate when the service load is light because this operation will restart GaussDB or the HA service of the eReplication Server.

Format

  • Replace the GaussDB certificate: replaceHACert.sh db
  • Replace the HA certificate: replaceHACert.sh ommha

Parameters

None

Usage Guidelines

  • Replace the GaussDB certificate.
    1. Use PuTTY to log in to the eReplication Server management server.
      • In template-based installation mode: Log in as user DRManager, and run the su root command to switch to user root.
      • In software package-based installation mode: Log in as user root.
      NOTE:
      The default password of user DRManager is Huawei@CLOUD8. In template-based installation mode, the default password of user root is Huawei@CLOUD8!.
    2. Run the following command to prevent PuTTY from exiting due to session timeout:

      TMOUT=0

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run the exit command to exit the system after completing your operations.

    3. Run the following command to go to the save directory of the script.

      cd /opt/BCManager/Runtime/bin

    4. Run the following command to replace the GaussDB certificate.

      sh replaceHACert.sh db

    5. Enter y and press Enter.
    6. Enter the full path to the CA certificate of the device (example: /opt/BCManager/Runtime/tmp/cacert.pem) and press Enter.
    7. Enter the full path to the GaussDB certificate file (example: /opt/BCManager/Runtime/tmp/server.cert) and press Enter.
    8. Enter the full path to the private key file of the GaussDB certificate (example: /opt/BCManager/Runtime/tmp/server.key) and press Enter.
    9. Enter the private key password of the GaussDB certificate and press Enter.
  • Replace the HA certificate.
    1. Use PuTTY to log in to the eReplication Server management server.
      • In template-based installation mode: Log in as user DRManager, and run the su root command to switch to user root.
      • In software package-based installation mode: Log in as user root.
      NOTE:
      The default password of user DRManager is Huawei@CLOUD8. In template-based installation mode, the default password of user root is Huawei@CLOUD8!.
    2. Run the following command to prevent PuTTY from exiting due to session timeout:

      TMOUT=0

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run the exit command to exit the system after completing your operations.

    3. Run the following command to go to the save directory of the script.

      cd /opt/BCManager/Runtime/bin

    4. Run the following command to replace the HA certificate.

      sh replaceHACert.sh ommha

    5. Enter y and press Enter.
    6. Enter the full path to the CA certificate of the device (example: /opt/BCManager/Runtime/tmp/cacert.pem) and press Enter.
    7. Enter the full path to the HA certificate file (example: /opt/BCManager/Runtime/ha/server.cert) and press Enter.
    8. Enter the full path to the private key file of the HA certificate (example: /opt/BCManager/Runtime/ha/server.key) and press Enter.
    9. Enter the private key password of the HA certificate and press Enter.

Example

Replacing the GaussDB certificate is used as an example.

linux-h8g4:/opt/BCManager/Runtime/bin # sh replaceHACert.sh db
This operation will replace the certificate. Notice that the certificates on both ends must be replaced.
Warning: This operation will restart the GaussDB service.
Are you sure you want to continue? (y/n):y


Please enter the full path to the CA certificate file:
/opt/gs/app/data/cacert.pem

Please enter the full path to the GaussDB certificate file:
/opt/gs/app/data/server.cert

Please enter the full path to the private key file:
/opt/gs/app/data/server.key

Please enter the password of the private key file:

Restarting the GaussDB service... This will take several minutes.
Replacing certificate db succeeded!
Translation
Download
Updated: 2019-05-21

Document ID: EDOC1100075861

Views: 17806

Downloads: 76

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next