No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
OceanStor Dorado 6.0.0 HyperMetro Feature Guide
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Third-Party Server Running Ubuntu

Third-Party Server Running Ubuntu

This section describes how to configure the quorum server software on a third-party quorum server running Ubuntu.

Context

The quorum server software must be configured by the same user account used to install it.

Procedure

  1. Prepare for the configuration.

    Before the configuration, make sure that service IP addresses and a firewall have been configured for the quorum server.

    1. Configure service IP addresses for the quorum server.

      If the two ports on the quorum server are not bonded, they must use IP addresses on different network segments for arbitration. If they are bonded, you only need to configure a virtual IP address.

      • If you deploy the quorum server software on a VM, you must create virtual network adapters and switches for it. Table 9-8 describes the configuration requirements.
        Figure 9-2 Virtual network adapter configuration
        Table 9-8 Configuration requirements

        Item

        Configuration Requirement

        Example

        Network adapter 2

        vmnic0 connects to controller A of the local and remote storage systems in the HyperMetro pair.
        • Virtual switch name: vSwitch 1
        • Physical adapter name: vmnic0
        • Physical adapter IP address and mask: 192.168.6.31 and 255.255.255.0

        Network adapter 3

        vmnic1 connects to controller B of the local and remote storage systems in the HyperMetro pair.
        • Virtual switch name: vSwitch 2
        • Physical adapter name: vmnic1
        • Physical adapter IP address and mask: 192.168.7.31 and 255.255.255.0
      • If you deploy the quorum server software on a physical machine, it is recommended that you configure two IP addresses on different network segments for the ports on the quorum server. Table 9-9 provides an example.
        Table 9-9 Service IP address configuration

        Quorum Port

        Service IP Address

        Mask

        Quorum port 1

        192.168.6.31

        255.255.255.0

        Quorum port 2

        192.168.7.31

        255.255.255.0

        Run the sudo vi /etc/network/interfaces command to open the configuration file of the network adapter used by the quorum server. The following example uses quorum ports on network adapters eth1 and eth2. Modify address and netmask and then save the file.

        The start mode must be set to auto.

        XXX@ubuntu:~$sudo vi /etc/network/interfaces 
auto eth1  //The parameter must be set to auto. 
iface eth1 inet static 
address 192.168.6.31 
gateway 192.168.6.1 
netmask 255.255.255.0 
 
auto eth2  //The parameter must be set to auto. 
iface eth2 inet static 
address 192.168.7.31 
gateway 192.168.7.1 
netmask 255.255.255.0
      • If you deploy the quorum server software on a physical machine and want to bond the ports, you must configure a virtual IP address.

        For details about port bonding, see the documentation of your operating system.

    2. Verify that the service IP addresses for the quorum server have taken effect.

      Enter the CLI of the quorum server and run sudo ifdown eth1 and sudo ifup eth1 in any directory to restart the network adapter. Then run the ifconfig eth1 command to check whether the configuration has taken effect. If the IP address that you configured is displayed in the command output, the configuration has taken effect.

      XXX@ubuntu:~$ifconfig eth1 
eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:E2    
          inet addr: 192.168.6.31  Bcast:192.168.6.255  Mask:255.255.255.0  
          inet6 addr: fe80::a00:27ff:fe2e:fba6/64 Scope:Link  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1  
          RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0  
          TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0  
          collisions:0 txqueuelen:1000 
          RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)

      Follow the same procedure for eth2. Run sudo ifdown eth2 and sudo ifup eth2 in any directory to restart the network adapter. Then run the ifconfig eth2 command to check whether the configuration has taken effect. If the IP address that you configured is displayed in the command output, the configuration has taken effect.

      XXX@ubuntu:~$ifconfig eth2 
eth1      Link encap:Ethernet  HWaddr 08:00:27:45:7A:EB    
          inet addr: 192.168.7.31  Bcast:192.168.7.255  Mask:255.255.0.0  
          inet6 addr: fe80::a00:27ff:fe2e:fba7/64 Scope:Link  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1  
          RX packets:43285954 errors:0 dropped:5051127 overruns:0 frame:0  
          TX packets:5819 errors:0 dropped:0 overruns:0 carrier:0  
          collisions:0 txqueuelen:1000 
          RX bytes:2916916679 (2781.7 Mb)  TX bytes:720809 (703.9 Kb)
    3. Configure a port ID for the firewall of the quorum server.

      Enter the CLI of the quorum server and run the sudo ufw allow 30002/tcp command in any directory (taking ufw as an example) to enable port 30002.

      • If you want to enable other ports for the firewall, run the sudo ufw allow XXX/XXX command again to add the port IDs. For example, if you want to enable port 22, run the sudo ufw allow 22/tcp command.
      • If you deploy the quorum server software on a VM, enable the firewall port of the physical machine where the VM is deployed.
      XXX@ubuntu:~$sudo ufw allow 30002/tcp 
Rule added 
Rule added (v6)
    4. Verify that the firewall configuration has taken effect.

      Enter the CLI of the quorum server and run the sudo ufw status command in any directory to check whether the firewall configuration has taken effect. If 30002/tcp ALLOW Anywhere and 30002/tcp(v6) ALLOW Anywhere (v6) are displayed in the command output, the firewall configuration has taken effect.

      XXX@ubuntu:~$sudo ufw status 
To                    Action            From 
--                    ------            ---- 
                          .  
                          .  
                          .  
                          .  
30002/tcp             ALLOW           Anywhere 
                          . 
                          . 
                          . 
30002/tcp (v6)       ALLOW           Anywhere (v6)

  2. Open the CLI of the quorum server software.

    In any directory of the quorum server's operating system, run the qsadmin command to open the quorum server software. The quorum server software page is displayed.

    XXX@ubuntu:~$ qsadmin 
start main!
Waiting for connecting to server...
admin:/>

    After you open the quorum server software, run the help command for information and to learn about the commands that are required during the configuration process.

  3. Add the service IP addresses and port ID of the quorum server to the quorum server software.

    In the CLI of the quorum server software, run the add server_ip command to add the service IP addresses and port ID of the quorum server to the quorum server software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002 
Command executed succesfully. 
admin:/>add server_ip ip=192.168.7.31 port=30002 
Command executed succesfully.
    • The quorum server uses these service IP addresses to communicate with the storage systems.
      • If the two quorum ports on the quorum server are not bonded, the IP addresses on different network segments must be configured for the two quorum ports.
      • If the two quorum ports on the quorum server are bonded, you can only configure a virtual IP address for arbitration.
    • The ID of the quorum server software's listening port must be the same as that enabled on the firewall.

    After configuration is complete, run the show server_ip command. If the command output shows the IP addresses and port ID that you add, the configuration is successful.

    admin:/>show server_ip 
Index      Server IP       Server Port 
1          192.168.6.31    30002 
2          192.168.7.31    30002
Index      Local IP       Local Port      Remote IP     Remote Port    State
-----      ------------    ---------       --------     ---------      -----

  4. (Optional) Replace the original certificates of the quorum server with new ones.

    The storage systems and quorum server have default security certificates and private keys. To enhance security, replace them with your own.

    1. Export the certificate request file of the quorum server.

      In the CLI of the quorum server software, run the export tls_cert command to export the device information. The qs_certreq.csr file is generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert 
Command executed successfully.
      • The certificates must be replaced in user mode.
      • The certificate request file of the quorum server is used to generate certificates in a third-party Certificate Authority (CA). You can then copy these certificates to the /opt/quorum_server/export_import directory of the quorum server to enhance security.
      • After installing the quorum server software, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory. This allows the security certificates to be imported and exported.
    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third-party CA to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the quorum server certificate (for example, qs_cert.crt) and CA certificate (for example, qs_cacert.crt) to the /opt/quorum_server/export_import directory.

    4. Change the owning user and user group of the quorum server certificate (for example, qs_cert.crt) and CA certificate (for example, qs_cacert.crt) to the user and user group used to install the quorum server software.
      chown quorumsvr:quorumsvr qs_cacert.crt
chown quorumsvr:quorumsvr qs_cert.crt

      In this example, quorumsvr is the default installation user of the quorum server software. Change it to the actual user and user group you use to install the quorum server software.

    5. Import the certificates to the quorum server software.

      In the CLI of the quorum server software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the quorum server software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt 
Command executed successfully.
    6. After replacing the certificates on the quorum server, replace the certificates on the local and remote storage systems. For details, see Replacing Certificates on Storage Systems.

  5. (Optional) Configure a whitelist.

    The first time you replace the certificates, you must configure a whitelist.

    The quorum server software allows a storage system to connect to the quorum server only after you have added the SN of storage system to the whitelist. You do not need to configure a whitelist again when replacing certificates.

    1. In the CLI of the storage system, run the show system general command to query the storage system SN.
      admin:/>show system general 
 
  System Name         : reppub_10.103.20.176         
  Health Status       : Normal                        
  Running Status      : Normal                        
  Total Capacity      : 2.025TB                       
  SN                  : XXXXXXXXXXXXXXXXXXXX          
  Location            :                               
  Product Model       : S5800T                        
  Product Version     : V200R003C00                   
  High Water Level(%) : 80                            
  Low Water Level(%)  : 20                            
  WWN                 : 21000022a1072506              
  Time                : 2015-06-27/15:11:15 UTC+08:00
    2. In the CLI of the quorum server software, run the add white_list sn=? command to add the storage system SN to the quorum server software for management.
      admin:/>add white_list sn=xxxxxxxxxxxxxxxx 
 
Command executed successfully.
    3. (Optional) Run the change white_list enable_switch=no command to close the whitelist if you do not need to configure it.

Download
Updated: 2021-11-25

Document ID: EDOC1100112636

Views: 212326

Downloads: 1850

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :