Huawei OceanStor 2000 V3 Series Features Manual page 77

OceanStor V3 Series
HyperMetro Feature Guide for File
Command executed succesfully.
admin:/>add server_ip ip=192.168.7.31 port=30002
Command executed succesfully.
After configuration is complete, run the show server_ip command. If the command output
shows the IP address and port ID that are added, the configuration succeeds.
admin:/>show server_ip
Index
-----
1
2
Index
-----
Step 4 (Optional) Replace the original certificates of the quorum server with new ones.
1.
2.
3.
4.
Issue 05 (2018-01-30)
NOTE
l Service IP addresses of the quorum server are used for interworking with the storage array when an
arbitration server is added to the storage array. If two ports of the quorum server are not bonded, IP
addresses of the two ports must be from different network segments. If two ports of the quorum
server are bonded, IP addresses of the two ports must be the same.
l The ID of the arbitration software's listening port must be the same as that of the port enabled on the
firewall.
Server IP
------------
192.168.6.31
192.168.7.31
Local IP
------------
NOTE
To further improve storage system security, you are advised to replace the default security certificate and
private key of the storage systems and those of the quorum server with your own security certificate and
private key.
Export the certificate request file of the quorum server.
In the CLI of the arbitration software, run the export tls_cert command to export the
device information. The qs_certreq.csr file is generated in the /opt/quorum_server/
export_import directory of the quorum server.
admin:/>export tls_cert
Command executed successfully.
NOTE
– The certificates must be replaced in user mode.
– The certificate request file of the quorum server can be used to generate certificates in a third-
party Certificate Authority (CA) organization. Copy the certificates to the /opt/
quorum_server/export_import directory of the quorum server. The certificates ensure
security of the quorum server.
– After installing the arbitration software, you are advised to grant the Secure File Transfer
Protocol (SFTP) permission only to the /opt/quorum_server/export_import/ directory to
ensure that the security certificates can be imported and exported.
Use the certificate request file to generate certificates.
Send the qs_certreq.csr file to a third party for the third-party CA organization to
generate certificates.
Copy the certificates to the quorum server.
After the certificates are generated, copy the certificate (such as qs_cert.crt) of the
quorum server and the CA certificate (such as qs_cacert.crt) to the /opt/quorum_server/
export_import directory of the quorum server.
Import the certificates to the arbitration software.
In the CLI of the arbitration software, run the import tls_cert ca=qs_cacert.crt
cert=qs_cert.crt command to import the certificates to the arbitration software.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Server Port
------------------
30002
30002
Local Port Remote IP
--------- --------
4 Configuration
Remote Port State
--------- -----
69