華為超融合故障處理一則 fusioncube6.5 證書已經(jīng)過期 FS_MANAGER


查看系統(tǒng)版本:
FusionStorage Block V100R006C30SPH505
故障描述:
重要 ? ?證書已經(jīng)過期 ? ?FS_MANAGER ? ?Server ? ?FusionStorage
附加信息: ? ?證書類型=OMM_Tomcat_Certificate
流水號(hào): ? ?1743
告警級(jí)別: ? ?重要
對(duì)象類型: ? ?Server
對(duì)象ID: ? ?FS_MANAGER
部件名稱: ? ?FusionStorage01
告警ID: ? ?51302
告警名稱: ? ?證書已經(jīng)過期
告警對(duì)象: ? ?FS_MANAGER
部件類型: ? ?FusionStorage
官方處理說明:
https://support.huawei.com/enterprise/zh/doc/EDOC1100171940?idPath=7919749%7C251364444%7C21430817%7C251366260%7C21905727
證書下載:
https://support.huawei.com/enterprise/zh/software/252011923-ESW2000293854
處理過程:
1、查看主節(jié)點(diǎn)
登錄FSM主節(jié)點(diǎn),即fusioncube的主IP,也是FCC的主IP,通過ssh登錄
登陸用戶名dsware
用戶默認(rèn)密碼為IaaS@OS-CLOUD9!
登陸后切換到root
用戶
su - root
root
用戶默認(rèn)密碼為IaaS@OS-CLOUD8!
查看節(jié)點(diǎn)狀態(tài),active為
主節(jié)點(diǎn),如果不是請(qǐng)確認(rèn)IP是否正確
/opt/omm/oms/workspace/ha/module/hacom/script/get_harole.sh
active
2、上傳證書
上傳至/home/dsware/
3、執(zhí)行一鍵替換腳本
證書密碼為Huawei@123
,必須在root目錄
中執(zhí)行
[root@FCC02 ~]# sh /home/dsware/One-click_replace_cert.sh------------------------------------------------------------------------
STEP 1 ? ? Check the environment requirements.
? ? Check Success! HA role is active. ? ? ? ? ? ? ? ? ? ? ? ? ? ?[done]
? ? Check Success! The certificate in use is the default certific[done]
? ? Check Success! New Certificate file has upload /home/dsware. [done]
? ? Node Version is V100R006C30SPH505 ? ? ? ? ? ? ? ? ? ? ? ? ? ?[done]
------------------------------------------------------------------------
STEP 2 ? ? Back up the certificate in use to the /home/dsware/ directory.
? ? Backup the CRT in use to directory /home/backup_default_certi[done]
------------------------------------------------------------------------
STEP 3 ? ? Obtaining the Password of the New Certificate
? ? Enter the protection key of the /home/dsware/tomcat_server.jks.
Please Enter: Huawei@123
? ? /home/dsware/tomcat_server.jks password check SUCCESS. ? ? ? [done]
------------------------------------------------------------------------
STEP 4 ? ?Execute CLI to upload the script to the specified directory.
-----------------------step 4.1 save tomcat_client.jks----------------
? ? Execute dsware_tool save tomcat_client.jks SUCCESS. ? ? ? ? ?[done]
-----------------------step 4.2 save tomcat_server.jks----------------
? ? Execute dsware_tool save tomcat_server.jks SUCCESS. ? ? ? ? ?[done]
------------------------------------------------------------------------
STEP 5 ? ?Execute CLI to update TomcatCertificate.
-----------------------step 5.1 update cert ----------------
? ? Execute dsware_tool update crt tomcat_server.jks SUCCESS. ? ?[done]
------------------------------------------------------------------------
STEP 6 ? ? ?Check whether the service is normal after the certificate is replaced.
-----------------------Check whether dsware_tool is available.----------------
? ? Check dswareTool FAIL 1/5 TIMES ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[fail]
? ? Check dswareTool FAIL 2/5 TIMES ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[fail]
? ? Check dswareTool FAIL 3/5 TIMES ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[fail]
? ? Check dswareTool SUCCESS.! ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? [done]
Congratulations. Certificate replaced successfully.
4、故障碼清除
咨詢客服得知,故障碼將在一段時(shí)間后自動(dòng)清除
