No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
OceanStor Dorado 6.0.0 HyperMetro Feature Guide
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Huawei Dedicated Quorum Server

Huawei Dedicated Quorum Server

This section describes how to configure the quorum server software on a Huawei quorum server.

Context

The quorum server software must be configured by the same user account used to install it.

Procedure

  1. Prepare for the configuration.

    Before the configuration, make sure that service IP addresses and a firewall have been configured for the quorum server.

    The quorum server software needs to use port 30002, which has been enabled by default on the firewall of the quorum server.

    1. Configure service IP addresses for the quorum server.

      If the two ports on the quorum server are not bonded, they must use IP addresses on different network segments. If they are bonded, you only need to configure a virtual IP address.

      • If the ports are not bonded, configure two IP addresses on different network segments for the ports on the quorum server. Table 9-4 provides an example.
        Table 9-4 Service IP address configuration

        Quorum Port

        Service IP Address

        Mask

        Quorum port 1

        192.168.6.31

        255.255.255.0

        Quorum port 2

        192.168.7.31

        255.255.255.0

        Run the vi command to open the configuration file of the network adapters used by the quorum server. The following example uses quorum ports on network adapters eth1 and eth2. Modify IPADDR and NETMASK and then save the file.

        • The ONBOOT parameter must be set to yes.
        • The STARTMODE parameter must be set to auto.
        Euler:~ # vi /etc/sysconfig/network-scripts/ifcfg-eth1

BOOTPROTO="static"
DEVICE="eth0"
IPADDR="192.168.6.31"                                        
NETMASK="255.255.255.0"
STARTMODE="auto"
ONBOOT="yes"
GATEWAY="192.168.6.1"

Euler:~ # vi /etc/sysconfig/network-scripts/ifcfg-eth2

BOOTPROTO="static"
DEVICE="eth0"
IPADDR="192.168.7.31"
NETMASK="255.255.225.0"
STARTMODE="auto"
ONBOOT="yes"
GATEWAY="192.168.7.1"
      • If the ports are bonded, you must configure a virtual IP address. The bond1 mode is recommended.
        The port bonding method for EulerOS is the same as that for CentOS. You can refer to the documentation of CentOS for details. The following is an example of bonding ports on the 2280 quorum server:
        1. Run the cd /etc/sysconfig/network-scripts command to enter the path where the port configuration file is saved.
        2. Run the vi ifcfg-Port name command to modify the configuration file as described in Table 9-5.
          Table 9-5 Port configuration file

          File Name

          Content

          ifcfg-eth0

          DEVICE=eth0

          BOOTPROTO=none

          ONBOOT=yes

          MASTER=bond1

          SLAVE=yes

          USERCTL=no

          NM_CONTROLLED=no

          ifcfg-eth1

          DEVICE=eth1

          BOOTPROTO=none

          ONBOOT=yes

          MASTER=bond1

          SLAVE=yes

          USERCTL=no

          NM_CONTROLLED=no

          ifcfg-bond1

          USERCTL=no

          TYPE=Bonding

          MTU=1500

          BONDING_OPTS='mode=1 miimon=100'

          DEVICE=bond1

          BOOTPROTO=static

          ONBOOT=yes

          IPADDR=xxx.xxx.xxx.xxx

          PREFIX=xx

          GATEWAY=xxx.xxx.xxx.xxx

          NM_CONTROLLED=no

          BONDING_SLAVE0=eth0

          BONDING_SLAVE1=eth1
        3. Press Esc and enter :wq to save and quit the configuration file.
        4. Run the service network restart command to restart the network service.
        5. Ping the virtual IP address to verify the network connectivity.

    2. Verify that the service IP addresses for the quorum server have taken effect.

      Enter the CLI of the quorum server and run the service network restart command in any directory for the IP address settings to take effect. Then run the ifconfig command to check whether the configurations for eth1 and eth2 have taken effect. If the IP addresses that you configured are displayed in the command output, the configurations have taken effect.

      XXX@Linux:~#ifconfig 
Euler:~ # ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.6.31  netmask 255.255.225.0  broadcast 192.168.6.255
        inet6 fe80::3ee8:24ff:fe8d:a02e  prefixlen 64  scopeid 0x20<link>
        ether 3c:e8:24:8d:a0:2e  txqueuelen 1000  (Ethernet)
        RX packets 14234838  bytes 931264105 (888.1 MiB)
        RX errors 0  dropped 27  overruns 0  frame 0
        TX packets 6201  bytes 429317 (419.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xc6400000-c64fffff  

eth2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.7.31  netmask 255.255.255.0  broadcast 192.168.7.255
        ether 3c:e8:24:8d:a0:31  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xc6100000-c61fffff
    3. Configure a gateway for the quorum port of the quorum server.
      1. Run the vim /etc/sysconfig/network-scripts/route-ethx command to open the configuration file.
      2. Add the following gateway information to the configuration file.
        0.0.0.0/0 via xxx.xxx.xxx.xxx dev ethx

        In the preceding information, ethx represents the name of the quorum port and xxx.xxx.xxx represents the gateway address.

        For example, if the quorum port is eth0 and gateway address is 192.168.6.1, add the following information:

        0.0.0.0/0 via 192.168.6.1 dev eth0
      3. Save and close the configuration file.

  2. Open the CLI of the quorum server software.

    In any directory of the quorum server's operating system, run the qsadmin command to open the quorum server software. The quorum server software page is displayed.

    XXX@Euler:~# qsadmin 
start main! 
Waiting for connecting to server... 
admin:/>

    After you open the quorum server software, run the help command for information and to learn about the commands that are required during the configuration process.

  3. Add the service IP addresses and port ID of the quorum server to the quorum server software.

    In the CLI of the quorum server software, run the add server_ip command to add the service IP addresses and port ID of the quorum server to the quorum server software for management.

    admin:/>add server_ip ip=192.168.6.31 port=30002 
Command executed succesfully.
admin:/>add server_ip ip=192.168.7.31 port=30002 
Command executed succesfully.
    • The quorum server uses these service IP addresses to communicate with the storage systems.
    • The ID of the quorum server software's listening port must be the same as that enabled on the firewall.

    After configuration is complete, run the show server_ip command. If the command output shows the IP addresses and port ID that you add, the configuration is successful.

    admin:/>show server_ip 
Index      Server IP       Server Port 
-----      ------------    ------------------ 
1          192.168.6.31    30002 
2          192.168.7.31    30002 
Index      Local IP       Local Port      Remote IP     Remote Port    State
-----      ------------    ---------       --------     ---------      -----

  4. (Optional) Replace the original certificates of the quorum server with new ones.

    The storage systems and quorum server have default security certificates and private keys. To enhance security, replace them with your own.

    1. Export the certificate request file of the quorum server.

      In the CLI of the quorum server software, run the export tls_cert command to export the device information. The qs_certreq.csr file is generated in the /opt/quorum_server/export_import directory of the quorum server.

      admin:/>export tls_cert 
Command executed succesfully.
      • The certificates must be replaced in user mode.
      • The certificate request file of the quorum server is used to generate certificates in a third-party Certificate Authority (CA). You can then copy these certificates to the /opt/quorum_server/export_import directory of the quorum server to enhance security.
      • After installing the quorum server software, you are advised to grant the Secure File Transfer Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory. This allows the security certificates to be imported and exported.
    2. Use the certificate request file to generate certificates.

      Send the qs_certreq.csr file to a third-party CA to generate certificates.

    3. Copy the certificates to the quorum server.

      After the certificates are generated, copy the quorum server certificate (for example, qs_cert.crt) and CA certificate (for example, qs_cacert.crt) to the /opt/quorum_server/export_import directory.

    4. Change the owning user and user group of the quorum server certificate (for example, qs_cert.crt) and CA certificate (for example, qs_cacert.crt) to the user and user group used to install the quorum server software.
      chown quorumsvr:quorumsvr qs_cacert.crt
chown quorumsvr:quorumsvr qs_cert.crt

      In this example, quorumsvr is the default installation user of the quorum server software. Change it to the actual user and user group you use to install the quorum server software.

    5. Import the certificates to the quorum server software.

      In the CLI of the quorum server software, run the import tls_cert ca=qs_cacert.crt cert=qs_cert.crt command to import the certificates to the quorum server software.

      admin:/>import tls_cert ca=qs_cacert.crt cert=qs_cert.crt 
 
Command executed succesfully.
    6. After replacing the certificates on the quorum server, replace the certificates on the local and remote storage systems. For details, see Replacing Certificates on Storage Systems.

  5. (Optional) Configure a whitelist.

    The first time you replace the certificates, you must configure a whitelist.

    The quorum server software allows a storage system to connect to the quorum server only after you have added the SN of storage system to the whitelist. You do not need to configure a whitelist again when replacing certificates.

    1. In the CLI of the storage system, run the show system general command to query the storage system SN.
      admin:/>show system general 
 
System Name : XXXXXX  
Health Status : Normal  
Running Status : Normal  
Total Capacity : X.XXXTB  
SN : XXXXXXXXXXXXXXXXXXXX  
Location :  
Product Model : XXXXX  
Product Version : VX00R00XC00  
High Water Level(%) : XX  
Low Water Level(%) : XX  
WWN : XXXXXXXXXXXXXXX  
Time : XXXX-XX-XX/15:11:15 UTC+08:00
    2. In the CLI of the quorum server software, run the add white_list sn=? command to add the storage system SN to the quorum server software for management.
      admin:/>add white_list sn=XXXXXXXXXXXXXXXXXXXX 
 
Command executed succesfully.
    3. (Optional) Run the change white_list enable_switch=no command to close the whitelist if you do not need to configure it.

Download
Updated: 2021-11-25

Document ID: EDOC1100112636

Views: 212262

Downloads: 1850

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :