华为超融合故障处理一则 fusioncube6.5 证书已经过期

查看系统版本：

FusionStorage Block V100R006C30SPH505

故障描述：

重要    证书已经过期    FS_MANAGER    Server    FusionStorage

附加信息：    证书类型=OMM_Tomcat_Certificate

流水号：    1743

告警级别：    重要

对象类型：    Server

对象ID：    FS_MANAGER

部件名称：    FusionStorage01

告警ID：    51302

告警名称：    证书已经过期

告警对象：    FS_MANAGER

部件类型：    FusionStorage

官方处理说明：

https://support.huawei.com/enterprise/zh/doc/EDOC1100171940?idPath=7919749%7C251364444%7C21430817%7C251366260%7C21905727

证书下载：

https://support.huawei.com/enterprise/zh/software/252011923-ESW2000293854

处理过程：

1、查看主节点

登录FSM主节点，即fusioncube的主IP，也是FCC的主IP，通过ssh登录

登陆用户名dsware用户默认密码为IaaS@OS-CLOUD9!

登陆后切换到root用户

su - root

root用户默认密码为IaaS@OS-CLOUD8!

查看节点状态，active为主节点，如果不是请确认IP是否正确

/opt/omm/oms/workspace/ha/module/hacom/script/get_harole.sh

active

2、上传证书

上传至/home/dsware/

3、执行一键替换脚本

证书密码为Huawei@123，必须在root目录中执行

[root@FCC02 ~]# sh /home/dsware/One-click_replace_cert.sh------------------------------------------------------------------------

STEP 1     Check the environment requirements.

Check Success! HA role is active.                            [done]

Check Success! The certificate in use is the default certific[done]

Check Success! New Certificate file has upload /home/dsware. [done]

Node Version is V100R006C30SPH505                            [done]

------------------------------------------------------------------------

STEP 2     Back up the certificate in use to the /home/dsware/ directory.

Backup the CRT in use to directory /home/backup_default_certi[done]

------------------------------------------------------------------------

STEP 3     Obtaining the Password of the New Certificate

Enter the protection key of the /home/dsware/tomcat_server.jks.

Please Enter: Huawei@123

/home/dsware/tomcat_server.jks password check SUCCESS.       [done]

------------------------------------------------------------------------

STEP 4    Execute CLI to upload the script to the specified directory.

-----------------------step 4.1 save tomcat_client.jks----------------

Execute dsware_tool save tomcat_client.jks SUCCESS.          [done]

-----------------------step 4.2 save tomcat_server.jks----------------

Execute dsware_tool save tomcat_server.jks SUCCESS.          [done]

------------------------------------------------------------------------

STEP 5    Execute CLI to update TomcatCertificate.

-----------------------step 5.1 update cert ----------------

Execute dsware_tool update crt tomcat_server.jks SUCCESS.    [done]

------------------------------------------------------------------------

STEP 6      Check whether the service is normal after the certificate is replaced.

-----------------------Check whether dsware_tool is available.----------------

Check dswareTool FAIL 1/5 TIMES                              [fail]

Check dswareTool FAIL 2/5 TIMES                              [fail]

Check dswareTool FAIL 3/5 TIMES                              [fail]

Check dswareTool SUCCESS.!                                   [done]

Congratulations. Certificate replaced successfully.

4、故障码清除

咨询客服得知，故障码将在一段时间后自动清除