华为超融合故障处理一则 fusioncube6.5 证书已经过期 FS_MANAGER

华为超融合故障处理一则 fusioncube6.5 证书已经过期 FS_MANAGER

王忘杰
2023-03-06 / 0 评论 / 283 阅读 / 正在检测是否收录...
温馨提示:
本文最后更新于2023年03月10日,已超过626天没有更新,若内容或图片失效,请留言反馈。

lew7zwru.png

查看系统版本:
FusionStorage Block V100R006C30SPH505

故障描述:

重要    证书已经过期    FS_MANAGER    Server    FusionStorage
附加信息:    证书类型=OMM_Tomcat_Certificate
流水号:    1743
告警级别:    重要
对象类型:    Server
对象ID:    FS_MANAGER
部件名称:    FusionStorage01
告警ID:    51302
告警名称:    证书已经过期
告警对象:    FS_MANAGER
部件类型:    FusionStorage

官方处理说明:
https://support.huawei.com/enterprise/zh/doc/EDOC1100171940?idPath=7919749%7C251364444%7C21430817%7C251366260%7C21905727
证书下载:
https://support.huawei.com/enterprise/zh/software/252011923-ESW2000293854

处理过程:
注意,需要先清除告警再替换证书,否则会造成告警无法清除,只能华为远程处理。
1、查看主节点
登录FSM主节点,即fusioncube的主IP,也是FCC的主IP,通过ssh登录
登陆用户名dsware用户默认密码为IaaS@OS-CLOUD9!,还有个fc2用户也可以登录
登陆后切换到root用户

su - root

root用户默认密码为IaaS@OS-CLOUD8!
查看节点状态,active为主节点,如果不是请确认IP是否正确

/opt/omm/oms/workspace/ha/module/hacom/script/get_harole.sh
active

2、上传证书
上传至/home/dsware/

3、执行一键替换脚本
证书密码为Huawei@123,必须在root目录中执行

[root@FCC02 ~]# sh /home/dsware/One-click_replace_cert.sh

------------------------------------------------------------------------
STEP 1     Check the environment requirements.
     Check Success! HA role is active.                            [done]
     Check Success! The certificate in use is the default certific[done]
     Check Success! New Certificate file has upload /home/dsware. [done]
     Node Version is V100R006C30SPH505                            [done]

------------------------------------------------------------------------
STEP 2     Back up the certificate in use to the /home/dsware/ directory.
     Backup the CRT in use to directory /home/backup_default_certi[done]

------------------------------------------------------------------------
STEP 3     Obtaining the Password of the New Certificate
     Enter the protection key of the /home/dsware/tomcat_server.jks.
Please Enter: Huawei@123
     /home/dsware/tomcat_server.jks password check SUCCESS.       [done]

------------------------------------------------------------------------
STEP 4    Execute CLI to upload the script to the specified directory.
-----------------------step 4.1 save tomcat_client.jks----------------
     Execute dsware_tool save tomcat_client.jks SUCCESS.          [done]
-----------------------step 4.2 save tomcat_server.jks----------------
     Execute dsware_tool save tomcat_server.jks SUCCESS.          [done]

------------------------------------------------------------------------
STEP 5    Execute CLI to update TomcatCertificate.
-----------------------step 5.1 update cert ----------------
     Execute dsware_tool update crt tomcat_server.jks SUCCESS.    [done]

------------------------------------------------------------------------
STEP 6      Check whether the service is normal after the certificate is replaced.
-----------------------Check whether dsware_tool is available.----------------
     Check dswareTool FAIL 1/5 TIMES                              [fail]
     Check dswareTool FAIL 2/5 TIMES                              [fail]
     Check dswareTool FAIL 3/5 TIMES                              [fail]
     Check dswareTool SUCCESS.!                                   [done]

Congratulations. Certificate replaced successfully.

4、故障码清除
咨询客服得知,故障码将在一段时间后自动清除
lewcuv9d.png

2

评论

博主关闭了所有页面的评论