This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

(Optional) Adding a Certificate to a Storage Backend

This section describes how to create a certificate for a storage backend. If certificate verification is required for logging in to the storage, you can add a certificate by referring to this section. Currently, you can create a certificate for a storage backend based on the specified .crt or .pem file.

Before creating a certificate for a storage backend, import the prepared certificate to the storage array.

1 - Creating a Certificate for a Storage Backend

Prerequisites

A certificate has been created. Take OceanStor Dorado as an example. For details about how to create a certificate, click here.

Example of Creating a Certificate

  1. Prepare a certificate file in advance, for example, cert.crt.

  2. Run the following command to obtain information about a storage backend.

    oceanctl get backend  
    

    The following is an example of the command output.

    NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
    huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
    huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088  
    
  3. Run the following command to create a certificate for the specified storage backend.

    oceanctl create cert cert-1 -b backend-1 -f /path/to/cert.crt
    
  4. Check the certificate creation result.

    oceanctl get cert -b backend-1
    

    The following is an example of the command output.

    NAMESPACE    NAME    BOUNDBACKEND   
    huawei-csi   cert-1  backend-1 
    

2 - Querying a Storage Backend Certificate

Query storage backend certificates using the commands in Querying a Storage Backend Certificate.

3 - Updating a Storage Backend Certificate

Before updating a certificate, prepare a new certificate file and update the storage backend certificate by following the instructions provided in this section. If the certificate is no longer used, delete the certificate from the storage backend by referring to Deleting a Storage Backend Certificate.

Procedure

  1. Run the following command to obtain information about a storage backend.

    oceanctl get backend 
    

    The following is an example of the command output.

    NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
    huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
    huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088  
    
  2. Run the following command to check whether the specified storage backend has a certificate.

    oceanctl get cert -b backend-1
    

    The following is an example of the command output.

    NAMESPACE   NAME    BOUNDBACKEND    
    huawei-csi  cert-1  backend-1  
    
  3. Run the following command to update the certificate of the specified storage backend.

    oceanctl update cert -b backend-1 -f /path/to/cert.crt
    

4 - Deleting a Storage Backend Certificate

Procedure

  1. Run the following command to obtain information about a storage backend.

    oceanctl get backend  
    

    The following is an example of the command output.

    NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
    huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
    huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088  
    
  2. Run the following command to obtain information about the certificate of the specified storage backend.

    oceanctl get cert -b backend-1
    

    The following is an example of the command output.

    NAMESPACE   NAME    BOUNDBACKEND    
    huawei-csi  cert-1  backend-1  
    
  3. Run the following command to delete the certificate of the specified storage backend.

    oceanctl delete cert -b backend-1
    
  4. Check the deletion result.

    oceanctl get cert -b backend-1
    

    The following is an example of the command output. If no cert found is displayed, the deletion is successful.

    Error from server (NotFound): no cert found on backend backend-1 in huawei-csi namespace