Configuring the secure communication for NBOSVM
You can use the secure communication for NBOSVM. If you want to use the secure communication, you must upload the certificate and its private key.
To configure the secure communication
- Log on to the NetBackup for OpenStack configurator UI.
- On the Configuration Details tab, click Reconfigure at the end of the page.
- Click Advanced Settings.
- In the NetBackup for OpenStack URL(s) field, change HTTP to HTTPS in the URL.
- Click Certificate and Private Key to upload the files.
To generate the certificate and the key, go to the location
/etc/nbos/sslon any of the NBOSVM nodes and run the following command:./gen-cer <NBOSVM VIP>
This command generates the certificate and key files with NBOSVM virtual IP as a file name.
For example, if the NBOSVM virtual IP is 10.10.20.111, you run the command./gen-cert 10.10.20.111
This command generates files such as
10.10.20.111.crtand10.10.20.111.key.Upload the
10.10.20.111.crtand10.10.20.111.keyfiles. - Click the drop-down next to the NetBackup for OpenStack URL(s) field.
In the NetBackup for OpenStack Admin URL and NetBackup for OpenStack Internal URL fields, change HTTP to HTTPS.
- After NBOSVM configuration is successful, copy
/opt/stack/data/cert/nbosjm.certfile from NBOSVM to each controller node at the following location.Kolla-openstack:
/etc/kolla/horizonRHOSP:
/var/lib/config-data/puppet-generated/horizon
- Provide the following permissions to these files.
Kolla-openstack:
chmod o+x /etc/kolla/horizon chmod o+rx /etc/kolla/horizon/nbosjm.cert
RHOSP:
chmod o+rx /var/lib/config-data/puppet-generated/horizon/nbosjm.cert
- Run the following command on the NBOSVM before you use the nbosjm CLI.
export OS_CACERT=/etc/nbosjm/ca-chain.pem