Top
PRIMECLUSTER Installation and Administration Guide4.6 Cloud Services
FUJITSU Software
Part 5 Azure Environment > Chapter 29 Changing the Configurations > 29.1 Changing the Configuration of the Azure Environment > 29.1.1 Updating the Certificate Used by the Service Principal
PreviousNext

29.1.1 Updating the Certificate Used by the Service Principal

This section describes how to update the certificate used by the service principal.

  1. Execute the following command on any one of the nodes in the cluster system to stop RMS.

    # hvshut -a

  2. Execute the following command on all nodes to stop the shutdown facility.

    # sdtool -e

  3. Update the certificate used by the service principal.

    3-1) Log in with an Azure account on any one node in the cluster.

    # az login -u account

    Create a certificate to be used by the service principal.
    Example) When appID is "d5b7dac1-718f-448b-8e11-4a8cca6d9004"

    # az ad sp credential reset --name d5b7dac1-718f-448b-8e11-4a8cca6d9004 --create-cert
{
  "appId": "d5b7dac1-718f-448b-8e11-4a8cca6d9004",
  "fileWithCertAndPrivateKey": "/root/tmphzHer5.pem",
  "name": "d5b7dac1-718f-448b-8e11-4a8cca6d9004",
  "password": null,
  "tenant": "8ff7ddfd-fbcb-4700-ae52-6d071ac8d1b4"
}

    For the --name option, you can also specify the name when registering the service principal.
    For details on registering service principals, refer to step 3 of "27.3 Presetting."

    Log out from Azure.

    # az logout

    3-2) Store the certificate created in fileWithCertAndPrivateKey in the location specified by CertPath in step 2 of "27.8.1.2 Setting up the Shutdown Facility" on all cluster nodes, and set the permissions to 600.
    Example) When CertPath is "/root/examplecert.pem"

    # cp /root/tmprjbQbI.pem /root/examplecert.pem
# chmod 600 /root/examplecert.pem

    Delete the certificate created in fileWithCertAndPrivateKey using the rm command.

    3-3) Make sure that you can log in with the service principal using the updated certificate on all cluster nodes.

    # az login --service-principal --username appID --tenant tenant --password CertPath confirmed in 3-2)

    3-4) Log out from Azure on all cluster nodes.

    # az logout

  4. Execute the following command on all nodes to start the shutdown facility.

    # sdtool -b

  5. Execute the following command on all nodes and make sure that the shutdown facility operates normally.

    # sdtool -s

  6. Execute the following command on any one of the nodes in the cluster system to start RMS.

    # hvcm -a

  7. Execute the following command on any one of the nodes in the cluster system and make sure that RMS operates normally.

    If RMS is stopped, "RMS is not running" is output.

    # hvdisp -a

PreviousNext
Copyright FUJITSU LIMITED 2019-2022