替换 VMware vCenter Server Appliance 5.5 证书

Posted on (Updated by yaoge123

1. 修改主机的IP、域名、主机名符合新证书的要求,将Certificate regeneration enabled改为Yes,Reboot vCenter,再将Certificate regeneration enabled改为No。

2. 停止服务:

service vmware-stsd stop
service vmware-vpxd stop


service vmware-rbd-watchdog stop
rm /var/vmware/vpxd/autodeploy_registered

2. 把证书、私钥、证书链传到ssl/vpxd下面,文件名分别为:证书rui.crt,私钥rui.key,证书链cachain.pem,内容为证书链的逆序文件最后应该为自签名的RootCA,合并证书和证书链

cd
mkdir ssl
mkdir ssl/vpxd
mkdir ssl/inventoryservice
mkdir ssl/logbrowser
mkdir ssl/autodeploy
cd ssl/vpxd
……
cat rui.crt cachain.pem > chain.pem

3. 替换vpxd证书

cd
cd ssl/vpxd
/usr/sbin/vpxd_servicecfg certificate change chain.pem rui.key

返回VC_CFG_RESULT = 0 表示成功,如果非0请看这里

4. 替换vCenter Inventory Service证书

service vmware-stsd start
cd /etc/vmware-sso/register-hooks.d
./02-inventoryservice --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk
cd
cp ssl/vpxd/* ssl/inventoryservice/
cd ssl/inventoryservice/
openssl pkcs12 -export -out rui.pfx -in chain.pem -inkey rui.key -name rui -passout pass:testpassword
cp rui.key /usr/lib/vmware-vpx/inventoryservice/ssl
cp rui.crt /usr/lib/vmware-vpx/inventoryservice/ssl
cp rui.pfx /usr/lib/vmware-vpx/inventoryservice/ssl
cd /usr/lib/vmware-vpx/inventoryservice/ssl/
chmod 400 rui.key rui.pfx
chmod 644 rui.crt
cd /etc/vmware-sso/register-hooks.d
./02-inventoryservice --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password
rm /var/vmware/vpxd/inventoryservice_registered
service vmware-inventoryservice stop
service vmware-vpxd stop
service vmware-inventoryservice start
service vmware-vpxd start

5. 替换VMware Log Browser service证书

cd /etc/vmware-sso/register-hooks.d
./09-vmware-logbrowser --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk
cd
cp ssl/vpxd/* ssl/logbrowser/
cd ssl/logbrowser/
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
cp rui.key /usr/lib/vmware-logbrowser/conf
cp rui.crt /usr/lib/vmware-logbrowser/conf
cp rui.pfx /usr/lib/vmware-logbrowser/conf
cd /usr/lib/vmware-logbrowser/conf
chmod 400 rui.key rui.pfx
chmod 644 rui.crt
cd /etc/vmware-sso/register-hooks.d
./09-vmware-logbrowser --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password
service vmware-logbrowser stop
service vmware-logbrowser start

6. 替换vSphere Auto Deploy证书

cd
cp ssl/vpxd/* ssl/autodeploy/
cp ssl/autodeploy/rui.crt /etc/vmware-rbd/ssl/waiter.crt
cp ssl/autodeploy/rui.key /etc/vmware-rbd/ssl/waiter.key
cd /etc/vmware-rbd/ssl/
chmod 644 waiter.crt
chmod 400 waiter.key
chown deploy:deploy waiter.crt waiter.key
service vmware-rbd-watchdog stop
rm /var/vmware/vpxd/autodeploy_registered
service vmware-vpxd restart

7. Reboot vCenter

GPFS Windows CIFS共享问题

Posted on (Updated by yaoge123

GPFS的盘在Windows 2008及以上版本上用CIFS共享出去,当GPFS的盘里面文件发生变化时(如增加删除),某些Windows Vista及以上版本的客户端无法看到这些变化,即使刷新也不行,必须在客户端上面建立或删除文件才能看到,而如果这个共享是Windows自己的硬盘上的则没有这个问题。

这里IBM说明了,从SMBv2(Vista和2008开始)开始引入了一个新的特性,客户端可以对文件和文件夹的metadata进行缓存,刷新这个缓存依赖于目录变更通知,但是GPFS的在Windows上面不支持这个功能,所以客户端并不知道目录中的文件发生了变化。解决方法也很简单暴利,直接关闭SMBv2回退到SMBv1即可。这里详述了打开关闭各个版本SMB的办法,对于Windows 2008 (R2)来说就是在注册表HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters下新增一个SMB2的DWORD为0的值,需要特别注意的是Windows 2008 HPC版本不支持这个注册表项目,添加后会导致共享整个就没有了。在这里详述了各个版本的Server Client之间会使用什么样版本的SMB,和在Windows 8/2012怎么查看SMB的版本。

Intel SSD 530 240GB vs Samsung 840 PRO 256GB

Posted on by yaoge123

Dell R620, 2*E5-2643, 32GB RAM, RHELS 6.5, Iozone 3.420,SSD分区4K对齐, ext4打开trim

./iozone -a -i 0 -i 1 -i 2 -y 4k -q 1m -s 64g -Rb ./test.xls

结果是除了大块数据的随机写840大幅落后外其它的小胜530,具体结果如下:

Intel SSD 530 240GB:

record size 4 8 16 32 64 128 256 512 1024
Writer Report 524440 523974 526780 527053 526968 526036 527036 525766 525890
Re-writer Report 522612 522613 522275 523206 522439 523246 522352 521813 522232
Reader Report 401357 400040 402251 404237 404396 403728 404063 403219 402921
Re-reader Report 400585 399216 400826 402105 402526 402288 403591 402457 402526
Random Read Report 24057 42185 71473 116760 181263 257251 320765 373026 400579
Random Write Report 265987 367024 436929 485591 506996 523238 522900 522817 522449

Samsung 840 PRO 256GB:

record size 4 8 16 32 64 128 256 512 1024
Writer Report 531851 532568 532486 534077 535260 535288 535185 535542 535103
Re-writer Report 529750 530555 530921 530615 530606 530297 530888 530316 531189
Reader Report 527696 527396 527468 527315 527693 527813 527855 527261 527416
Re-reader Report 527420 527422 527873 527182 527601 527822 527689 527391 527203
Random Read Report 34822 58758 94271 145413 216819 295532 338092 374540 391692
Random Write Report 269031 373047 407259 288842 286163 284136 285640 290691 295829

xCAT 更新root ssh key方法

Posted on by yaoge123

流程如下:生成新的key,分发新key,替换所有节点key,替换xcat key

ssh-keygen //生成新的key命令为id_rsa1
pscp id_rsa1.pub all:/root/.ssh/authorized_keys
mv id_rsa id_rsa.old
mv id_rsa.pub id_rsa.pub.old
mv id_rsa1 id_rsa
mv id_rsa1.pub id_rsa.pub 
pscp id_rsa all:/root/.ssh/
pscp id_rsa.pub all:/root/.ssh/
cp /root/.ssh/id_rsa.pub /install/postscripts/_ssh/authorized_keys

 

Posted in HPC