华为超融合故障处理一则 fusioncube6.5 证书已经过期 FS_MANAGER

查看系统版本：
FusionStorage Block V100R006C30SPH505

故障描述：

重要    证书已经过期    FS_MANAGER    Server    FusionStorage
附加信息：    证书类型=OMM_Tomcat_Certificate
流水号：    1743
告警级别：    重要
对象类型：    Server
对象ID：    FS_MANAGER
部件名称：    FusionStorage01
告警ID：    51302
告警名称：    证书已经过期
告警对象：    FS_MANAGER
部件类型：    FusionStorage

官方处理说明：
https://support.huawei.com/enterprise/zh/doc/EDOC1100171940?idPath=7919749%7C251364444%7C21430817%7C251366260%7C21905727
证书下载：
https://support.huawei.com/enterprise/zh/software/252011923-ESW2000293854

处理过程：
注意，需要先清除告警再替换证书，否则会造成告警无法清除，只能华为远程处理。
1、查看主节点
登录FSM主节点，即fusioncube的主IP，也是FCC的主IP，通过ssh登录
登陆用户名dsware用户默认密码为IaaS@OS-CLOUD9!，还有个fc2用户也可以登录
登陆后切换到root用户

su - root

root用户默认密码为IaaS@OS-CLOUD8!
查看节点状态，active为主节点，如果不是请确认IP是否正确

/opt/omm/oms/workspace/ha/module/hacom/script/get_harole.sh
active

2、上传证书
上传至/home/dsware/

3、执行一键替换脚本
证书密码为Huawei@123，必须在root目录中执行

[root@FCC02 ~]# sh /home/dsware/One-click_replace_cert.sh

------------------------------------------------------------------------
STEP 1     Check the environment requirements.
     Check Success! HA role is active.                            [done]
     Check Success! The certificate in use is the default certific[done]
     Check Success! New Certificate file has upload /home/dsware. [done]
     Node Version is V100R006C30SPH505                            [done]

------------------------------------------------------------------------
STEP 2     Back up the certificate in use to the /home/dsware/ directory.
     Backup the CRT in use to directory /home/backup_default_certi[done]

------------------------------------------------------------------------
STEP 3     Obtaining the Password of the New Certificate
     Enter the protection key of the /home/dsware/tomcat_server.jks.
Please Enter: Huawei@123
     /home/dsware/tomcat_server.jks password check SUCCESS.       [done]

------------------------------------------------------------------------
STEP 4    Execute CLI to upload the script to the specified directory.
-----------------------step 4.1 save tomcat_client.jks----------------
     Execute dsware_tool save tomcat_client.jks SUCCESS.          [done]
-----------------------step 4.2 save tomcat_server.jks----------------
     Execute dsware_tool save tomcat_server.jks SUCCESS.          [done]

------------------------------------------------------------------------
STEP 5    Execute CLI to update TomcatCertificate.
-----------------------step 5.1 update cert ----------------
     Execute dsware_tool update crt tomcat_server.jks SUCCESS.    [done]

------------------------------------------------------------------------
STEP 6      Check whether the service is normal after the certificate is replaced.
-----------------------Check whether dsware_tool is available.----------------
     Check dswareTool FAIL 1/5 TIMES                              [fail]
     Check dswareTool FAIL 2/5 TIMES                              [fail]
     Check dswareTool FAIL 3/5 TIMES                              [fail]
     Check dswareTool SUCCESS.!                                   [done]

Congratulations. Certificate replaced successfully.

4、故障码清除
咨询客服得知，故障码将在一段时间后自动清除