查看系统版本:
FusionStorage Block V100R006C30SPH505
故障描述:
重要 证书已经过期 FS_MANAGER Server FusionStorage
附加信息: 证书类型=OMM_Tomcat_Certificate
流水号: 1743
告警级别: 重要
对象类型: Server
对象ID: FS_MANAGER
部件名称: FusionStorage01
告警ID: 51302
告警名称: 证书已经过期
告警对象: FS_MANAGER
部件类型: FusionStorage
官方处理说明:
https://support.huawei.com/enterprise/zh/doc/EDOC1100171940?idPath=7919749%7C251364444%7C21430817%7C251366260%7C21905727
证书下载:
https://support.huawei.com/enterprise/zh/software/252011923-ESW2000293854
处理过程:
注意,需要先清除告警再替换证书,否则会造成告警无法清除,只能华为远程处理。
1、查看主节点
登录FSM主节点,即fusioncube的主IP,也是FCC的主IP,通过ssh登录
登陆用户名dsware
用户默认密码为IaaS@OS-CLOUD9!
,还有个fc2
用户也可以登录
登陆后切换到root
用户
su - root
root
用户默认密码为IaaS@OS-CLOUD8!
查看节点状态,active为
主节点,如果不是请确认IP是否正确
/opt/omm/oms/workspace/ha/module/hacom/script/get_harole.sh
active
2、上传证书
上传至/home/dsware/
3、执行一键替换脚本
证书密码为Huawei@123
,必须在root目录
中执行
[root@FCC02 ~]# sh /home/dsware/One-click_replace_cert.sh
------------------------------------------------------------------------
STEP 1 Check the environment requirements.
Check Success! HA role is active. [done]
Check Success! The certificate in use is the default certific[done]
Check Success! New Certificate file has upload /home/dsware. [done]
Node Version is V100R006C30SPH505 [done]
------------------------------------------------------------------------
STEP 2 Back up the certificate in use to the /home/dsware/ directory.
Backup the CRT in use to directory /home/backup_default_certi[done]
------------------------------------------------------------------------
STEP 3 Obtaining the Password of the New Certificate
Enter the protection key of the /home/dsware/tomcat_server.jks.
Please Enter: Huawei@123
/home/dsware/tomcat_server.jks password check SUCCESS. [done]
------------------------------------------------------------------------
STEP 4 Execute CLI to upload the script to the specified directory.
-----------------------step 4.1 save tomcat_client.jks----------------
Execute dsware_tool save tomcat_client.jks SUCCESS. [done]
-----------------------step 4.2 save tomcat_server.jks----------------
Execute dsware_tool save tomcat_server.jks SUCCESS. [done]
------------------------------------------------------------------------
STEP 5 Execute CLI to update TomcatCertificate.
-----------------------step 5.1 update cert ----------------
Execute dsware_tool update crt tomcat_server.jks SUCCESS. [done]
------------------------------------------------------------------------
STEP 6 Check whether the service is normal after the certificate is replaced.
-----------------------Check whether dsware_tool is available.----------------
Check dswareTool FAIL 1/5 TIMES [fail]
Check dswareTool FAIL 2/5 TIMES [fail]
Check dswareTool FAIL 3/5 TIMES [fail]
Check dswareTool SUCCESS.! [done]
Congratulations. Certificate replaced successfully.
4、故障码清除
咨询客服得知,故障码将在一段时间后自动清除
评论