How Do I Update a Cluster Certificate in a Multi-Cloud Cluster?

Prerequisites

All components in the multi-cloud cluster are running properly.
Each node in the multi-cloud cluster is in the ready state.

Procedure

Download ucs-ctl and save it to the /root/ucs directory on any management and control node in the on-premises cluster.

Record the passwords of all nodes in a table and save the table to the /root/ucs/update_cert.csv directory on the node where the binary tool is located. For details about the format, see Table 1.

**Table 1** Table template
Field	Description
Node IP	Node IP address, which is mandatory.
Node Role	Node role, which is mandatory. The options are master and node.
User	User name for logging in to the node, which is mandatory.
Password	Password for logging in to the node, which is optional.
Auth Type	Node authentication type, which is optional. The options are password and key.
Key Path	Key path for logging in to the node, which is optional.

An example is as follows:

Node IP,Node Role,User,Password,Auth Type,Key Path

192.168.0.145,master,root,xxx,password

192.168.0.225,master,root,xxx,password

192.168.0.68,master,root,xxx,password

192.168.0.89,node,root,xxx,password

Log in to the AWS console, edit security group {cluster_name}-node, and enable port 22 in the security group to ensure that the security group can be accessed.

Enable password access, log in to all nodes in the cluster, and run the following commands:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
systemctl restart sshd
passwd

Set the node passwords and save them to your local PC.

Configure environment variables.
```
export CUSTOM_DOMAIN={ucs_endpoint},10.247.0.1
```
- ucs_endpoint indicates the server access address. You can run the following command to obtain it:
cat /var/paas/srv/kubernetes/kubeconfig | grep server
- If you perform operations on the executor where the cluster is installed, you do not need to configure environment variables.

Update the certificate.

cd /root/ucs
cp /var/paas/srv/kubernetes/ca.key /var/paas/srv/kubernetes/ca_key.pem
./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv

Retry after a failure.

./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv -r

Perform a rollback after a failure.

./ucs-ctl kcm rollback-cert {cluster_name} -c update_cert.csv

Parent topic: Multi-Cloud Clusters

Multi-Cloud Clusters FAQs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot

more