This is the multi-page printable view of this section. Click here to print.
This section describes how to create a certificate for a storage backend. If certificate verification is required for logging in to the storage, you can add a certificate by referring to this section. Currently, you can create a certificate for a storage backend based on the specified .crt or .pem file.
Before creating a certificate for a storage backend, import the prepared certificate to the storage array.
A certificate has been created. Take OceanStor Dorado as an example. For details about how to create a certificate, click here.
Prepare a certificate file in advance, for example, cert.crt.
Run the following command to obtain information about a storage backend.
oceanctl get backend
The following is an example of the command output.
NAMESPACE NAME PROTOCOL STORAGETYPE SN STATUS ONLINE URL
huawei-csi backend-1 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.157:8088
huawei-csi backend-2 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.158:8088
Run the following command to create a certificate for the specified storage backend.
oceanctl create cert cert-1 -b backend-1 -f /path/to/cert.crt
Check the certificate creation result.
oceanctl get cert -b backend-1
The following is an example of the command output.
NAMESPACE NAME BOUNDBACKEND
huawei-csi cert-1 backend-1
Query storage backend certificates using the commands in Querying a Storage Backend Certificate.
Before updating a certificate, prepare a new certificate file and update the storage backend certificate by following the instructions provided in this section. If the certificate is no longer used, delete the certificate from the storage backend by referring to Deleting a Storage Backend Certificate.
Run the following command to obtain information about a storage backend.
oceanctl get backend
The following is an example of the command output.
NAMESPACE NAME PROTOCOL STORAGETYPE SN STATUS ONLINE URL
huawei-csi backend-1 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.157:8088
huawei-csi backend-2 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.158:8088
Run the following command to check whether the specified storage backend has a certificate.
oceanctl get cert -b backend-1
The following is an example of the command output.
NAMESPACE NAME BOUNDBACKEND
huawei-csi cert-1 backend-1
Run the following command to update the certificate of the specified storage backend.
oceanctl update cert -b backend-1 -f /path/to/cert.crt
Run the following command to obtain information about a storage backend.
oceanctl get backend
The following is an example of the command output.
NAMESPACE NAME PROTOCOL STORAGETYPE SN STATUS ONLINE URL
huawei-csi backend-1 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.157:8088
huawei-csi backend-2 roce oceanstor-san xxxxxxxxxxxxxxxxxxxx Bound true https://192.168.129.158:8088
Run the following command to obtain information about the certificate of the specified storage backend.
oceanctl get cert -b backend-1
The following is an example of the command output.
NAMESPACE NAME BOUNDBACKEND
huawei-csi cert-1 backend-1
Run the following command to delete the certificate of the specified storage backend.
oceanctl delete cert -b backend-1
Check the deletion result.
oceanctl get cert -b backend-1
The following is an example of the command output. If no cert found is displayed, the deletion is successful.
Error from server (NotFound): no cert found on backend backend-1 in huawei-csi namespace