How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
Prerequisites
- All components in the on-premises cluster are running normally.
- Each node in the on-premises cluster is in the ready state.
Procedure
- Download ucs-ctl and save it to the /root/ucs directory on any master node in the on-premises cluster.
- Record the passwords of all nodes in a table and save the table to the /root/ucs/update_cert.csv directory on the node where the binary tool is located. For details, see Table 1.
Table 1 Table template Field
Description
Node IP
Node IP address, which is mandatory.
Node Role
Node role, which is mandatory. The options are master and node.
User
User name for logging in to a node, which is mandatory.
Password
Password for logging in to a node, which is optional.
Auth Type
Node authentication type, which is optional. The options are password and key.
Key Path
Key path for logging in to a node, which is optional.
Example:
Node IP,Node Role,User,Password,Auth Type,Key Path
192.168.0.145,master,root,xxx,password,
192.168.0.225,master,root,xxx,password,
192.168.0.68,master,root,xxx,password,
192.168.0.89,node,root,xxx,password,
- Export environment variables.
export CUSTOM_DOMAIN={ucs_endpoint},10.247.0.1
- ucs_endpoint indicates the server access address. You can run the following command to obtain it:
cat /var/paas/srv/kubernetes/kubeconfig | grep server
- If you need to update the certificate again, delete the files in the certificate directory and run the following command to update the certificate:
rm -rf /var/paas/ucs/{cluster_name}/cert_update
- ucs_endpoint indicates the server access address. You can run the following command to obtain it:
- Update the certificate.
cd /root/ucs
./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv
- Update the certificate again after a failure.
./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv -r
- Roll back the certificate update after a failure.
./ucs-ctl kcm rollback-cert {cluster_name} -c update_cert.csv
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot