Versions Compared

Old Version 38

changes.mady.by.user Maureen Jean

Saved on

compared with

New Version 39

changes.mady.by.user Maureen Jean

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  • sudo access configured
  • password-less ssh configured
  • pdsh installed (or some other means of running multiple remote commands in parallel)

In addition the server nodes should also have:

...

In this section certificates will be generated and installed for encrypting DAOS control plane communications.

Administrative nodes require the following certificate files:

...

  1. Generate a new set of certificates.

    Code Block
    languagebash
    cd /tmp
/usr/lib64/daos/certgen/gen_certificates.sh


    Note

    These files should be protected from unauthorized access and preserved for future use.


  2. Copy the certificates to a common location on each node in order to be able to move them to the final location

    Code Block
    languagebash
    pdsh -S -w $ALL_NODES -x $(hostname -s) scp -r $(hostname -s):/tmp/daosCA /tmp


  3. Copy the certificates to their default location (/etc/daos) on each client node

    Code Block
    languagebash
    pdsh -S -w $CLIENT_NODES sudo cp /tmp/daosCA/certs/daosCA.crt /etc/daos/certs/.
pdsh -S -w $CLIENT_NODES sudo cp /tmp/daosCA/certs/agent.crt /etc/daos/certs/.
pdsh -S -w $CLIENT_NODES sudo cp /tmp/daosCA/certs/agent.key /etc/daos/certs/.
pdsh -S -w $CLIENT_NODES sudo cp /tmp/daosCA/certs/admin.crt /etc/daos/certs/.
pdsh -S -w $CLIENT_NODES sudo cp /tmp/daosCA/certs/admin.key /etc/daos/certs/.


    Note

    If the /etc/daos/certs directory does not exist on the client nodes then use the following command to create it:

    pdsh -S -w $CLIENT_NODES sudo mkdir /etc/daos/certs


  4. Copy the certificates to their default location (/etc/daos) on each server node

    Code Block
    languagebash
    pdsh -S -w $SERVER_NODES sudo cp /tmp/daosCA/certs/daosCA.crt /etc/daos/certs/. 
pdsh -S -w $SERVER_NODES sudo cp /tmp/daosCA/certs/server.crt /etc/daos/certs/. 
pdsh -S -w $SERVER_NODES sudo cp /tmp/daosCA/certs/server.key /etc/daos/certs/. 
pdsh -S -w $SERVER_NODES sudo cp /tmp/daosCA/certs/agent.crt /etc/daos/certs/clients/agent.crt


  5. Set the ownership of the client and admin certificates on each client node

    Code Block
    languagebash
    pdsh -S -w $CLIENT_NODES sudo chown $USER:$USER /etc/daos/certs/daosCA.crt 
pdsh -S -w $CLIENT_NODES sudo chown daos_agent:daos_agent /etc/daos/certs/agent.*
pdsh -S -w $CLIENT_NODEsNODES sudo chown $USER:$USER /etc/daos/certs/admin.*


  6. Set the ownership of the server certificates on each server node

    Code Block
    languagebash
    pdsh -S -w $SERVER_NODES sudo chown daos_server:daos_server /etc/daos/certs/daosCA.crt 
pdsh -S -w $SERVER_NODES sudo chown daos_server:daos_server /etc/daos/certs/server.* 
pdsh -S -w $SERVER_NODES sudo chown daos_server:daos_server /etc/daos/certs/clients/agent.crt 
pdsh -S -w $SERVER_NODES sudo chown daos_server:daos_server /etc/daos/certs/clients


...