Dear All, I'm Pradeep, and I manage Spectrum Scale in a Stretched cluster environment for a financial institution.
Prior to this, I was supporting GPFS protocol nodes in the Media & Entertainment industry using a tailored environment. City: Basingstoke, UK Country: United Kingdom Here is my first post, for which I am asking for clarity. Subject: Query on renewing the certificates for Spectrum Scale via SKLM. Environment: Spectrum Scale Version: 5.1.1 We have 2 certificate present that seem to be authenticating to SKLM. One expires in October (REST) and one is next year (KMIP) [cid:cb0f8fd5-a48d-4d42-82eb-7ed583f89254] We are currently therefore seeing the rkmconf_certexp_warn event within the node health status… [cid:102dd4cb-190b-4824-9804-7715bc52555c] Query 1: We want to update the REST certificate; we have a key group setup in SKLM where the keys for Scale are held – it is labelled as follows [cid:40dba048-5f9d-4324-87da-1f1d2c8de215] The key is stored in SKLM within these management groups. The question we have is, in terms of updating the key on the Spectrum Scale environment – basically – how do we do it. So, we would like if possible a step by step guide on how to replace the key on the Spectrum Scale side and how that interacts with SKLM. As encryption is already up and running and we are just refreshing / renewing an existing deployment I am really looking to know what I need to do and in what order, and where we drop between SKLM activities and Scale activities. Also once we have the key in place does it just propagate to all servers within scale once one has picked it up? Example 1. Create a key within Scale 2. Add third party data to key, and then chain together using scale utility – example below? [cid:66d2775a-0456-4a80-8a15-41224f1c6cb7] 1. Register key? In effect how do we get the server to “pickup” the new key? 2. Copy key over to SKLM server 3. Add key to SKLM within the existing group 4. Create a file check it is encrypted Query 2: What is KMIP Certificate for and how to renew that certificate before it expires. [cid:2a66373a-17d8-40d5-8d11-2d7d4599c234] Thanks in advance Regards Pradeep S <http://aka.ms/weboutlook>
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
