HPE a00089072en us Installing and updating HPE Quorum Witness for HPE Primera and HPE 3PAR
advertisement
Installing and Updating HPE Quorum Witness
for HPE Primera and HPE 3PAR
Abstract
This guide provides instructions to install and update the HPE Quorum Witness server software used in HPE
Peer Persistence configurations.
Part Number: P23227-001
Published: September 2019
Edition: 4
© Copyright 2019 Hewlett Packard Enterprise Development LP
Notices
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise
products and services are set forth in the express warranty statements accompanying such products and services.
Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable
for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying.
Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and
Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no
control over and is not responsible for information outside the Hewlett Packard Enterprise website.
Acknowledgments
Linux® is a trademark of Linus Torvalds in the U.S. and other countries.
Microsoft®, Windows®, and Hyper-V® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
VMware®, VMware® ESX®, VMware®ESXi™, VMware®vCenter™, and VMware vSphere® are U.S. registered trademarks
of VMware, Inc.
Revision history
Part number
Publication date
Edition
Summary of changes
P23227-001
September 2019
4
•
Provides HTTPS protocol for encrypted communication
between the Quorum Witness server and the Quorum
Witness client on the storage systems
•
Supports HPE Primera
•
Changes guide name from HPE Quorum Witness
Installation and Update Guide
•
Updated host operating requirements to point to
SPOCK for the latest supported OSs
•
Updated expected response when configuring QW
version 2.1.000
QL226-10605
May 2019
3
QL226-10535a
February 2019
2
Added missing command to "Update Quorum Witness
firewall settings for IPv4"
QL226-10535
January 2019
1
Initial release
Contents
HPE Quorum Witness version 4.0.x............................................................................... 5
Preparing to install Quorum Witness version 4.0.x..................................................................................................................................... 5
Quorum Witness version 4.0.x requirements................................................................................................................................ 5
Managing Quorum Witness certificates............................................................................................................................................ 6
Downloading Quorum Witness version 4.0.x..............................................................................................................................14
Installing Quorum Witness version 4.0.x using an RPM........................................................................................................................ 15
Setting up an alternative port for Quorum Witness................................................................................................................16
Configuring the Quorum Witness 4.0.x client..............................................................................................................................................17
Troubleshooting Quorum Witness 4.0.x......................................................................................................................................................... 17
Verifying setup of Quorum Witness 4.0.x using CLI...............................................................................................................17
Certificates are missing, expired, or invalid..................................................................................................................................18
Cannot create the Quorum Witness 4.0.x client configuration in HPE 3PAR SSMC...........................................19
HPE Quorum Witness version 3.0.x............................................................................. 24
Downloading Quorum Witness version 3.0.x............................................................................................................................................... 24
Downloading Quorum Witness version 3.0.x from Software Depot..............................................................................24
Downloading Quorum Witness version 3.0.x from the media kit................................................................................... 25
Installing Quorum Witness version 3.0.x........................................................................................................................................................ 25
Quorum Witness version 3.0.x requirements............................................................................................................................. 25
Installing Quorum Witness version 3.0.x.......................................................................................................................................27
Configuring the Quorum Witness 3.0.x client..............................................................................................................................................27
Troubleshooting Quorum Witness 3.0.x......................................................................................................................................................... 28
Cannot connect to the Quorum Witness 3.0.x server............................................................................................................28
HPE Quorum Witness version 2.1.x............................................................................. 29
Downloading Quorum Witness version 2.1.x............................................................................................................................................... 29
Downloading Quorum Witness version 2.1.x from Software Depot..............................................................................29
Downloading Quorum Witness version 2.1.x from the media kit................................................................................... 29
Deploying Quorum Witness version 2.1.x......................................................................................................................................................29
Quorum Witness version 2.1.x requirements ............................................................................................................................30
Deploying Quorum Witness version 2.1.x on VMware ESXi.............................................................................................. 30
Deploying Quorum Witness version 2.1.x on Windows Hyper-V................................................................................... 32
Configuring Quorum Witness version 2.1.x.................................................................................................................................................. 33
Configuring the Quorum Witness server for the first time................................................................................................. 33
Configuring the IPv4 or IPv6 ethernet interface for the Quorum Witness server................................................ 35
Updating Quorum Witness firewall settings for IPv4.............................................................................................................37
HPE Quorum Witness update........................................................................................39
Updating existing Quorum Witness server software ..............................................................................................................................39
Removing the Quorum Witness client configuration..............................................................................................................39
Support and other resources.........................................................................................41
Accessing Hewlett Packard Enterprise Support.........................................................................................................................................41
Accessing updates........................................................................................................................................................................................................41
Customer self repair.................................................................................................................................................................................................... 42
3
Remote support............................................................................................................................................................................................................. 42
Warranty information................................................................................................................................................................................................. 42
Regulatory information............................................................................................................................................................................................. 43
Documentation feedback......................................................................................................................................................................................... 43
4
HPE Quorum Witness version 4.0.x
Quorum Witness (QW) enables automatic transparent failover (ATF) in a Peer Persistence environment. Quorum Witness
is a self-contained application that can be installed on any physical or virtual machine with a supported Linux host OS.
Quorum Witness version 4.0.x provides encrypted communication between the Quorum Witness client and the Quorum
Witness server.
If Quorum Witness is already installed and you want to update the software, see Updating existing Quorum Witness
server software on page 39.
Preparing to install Quorum Witness version 4.0.x
Procedure
1. Verify that the Quorum Witness requirements for QW version 4.0.x are met.
2. Manage the Quorum Witness certificates.
3. Download Quorum Witness version 4.0.x.
Quorum Witness version 4.0.x requirements
The Quorum Witness server is installed at a third site that would not be impacted by failure of the source or backup sites,
and connects to the source and backup storage systems using non-Remote Copy links.
Quorum Witness can support multiple Peer Persistence configurations.
Table 1: Quorum Witness version 4.0.x requirements
Feature
Requirements
Host operating system
See the HPE Primera OS Support Matrix in SPOCK for a list of supported Linux OS
versions.
Connectivity
•
Ethernet.
•
Hewlett Packard Enterprise recommends that Quorum Witness be installed on a
neutral or third site. This site has access to the same network as the two arrays that
are in a Peer Persistence relationship.
•
IPv4 or IPv6 address configured on the Quorum Witness server.
Maximum round-trip time
(RTT)
See the HPE Primera OS Support Matrix in SPOCK for the maximum RTT.
Memory
50 MiB
Disk space
150 MiB
Port 8443
Port 8443 must be open between the storage arrays and the Quorum Witness server.
HPE Quorum Witness version 4.0.x
5
Accessing the HPE Primera OS Support Matrix in SPOCK
Procedure
1. Use your HPE Passport account to log in to SPOCK.
TIP: If you do not have an HPE Passport account, create an account from the SPOCK login page.
2. In the left navigation pane, scroll to Other Hardware, and then click HPE Primera.
3. Click the HPE Primera Support Matrix.
Managing Quorum Witness certificates
Before configuring secure (HTTPS) communication between the storage systems and the Quorum Witness server, obtain
the needed certificates.
Procedure
1. Creating Quorum Witness certificate directories on page 6.
2. Exporting a root certificate on page 6.
3. Generating a CSR for the Quorum Witness client on each storage system on page 7.
4. Importing the Quorum Witness client and server certificates on page 10.
5. Creating a CA-signed certificate for the Quorum Witness server on page 9.
6. Creating certificate bundles on the Quorum Witness server on page 13.
Creating Quorum Witness certificate directories
Procedure
1. On your computer, create a directory for the Certificate Signing Requests (CSRs). For example:
C:\qw-secure\csrs
2. Create a directory for the Certificate Authority (CA) signed certificates. For example:
C:\qw-secure\certs
Exporting a root certificate
Prerequisites
•
If your company uses a CA tool, access the tool.
•
If your company does not use a CA tool, download and install any free, third-party CA tool to your computer.
Procedure
1. Use a CA tool to obtain a root certificate.
2. Export the root certificate in .pem format to the directory you created for certificates.
For example, C:\qw-secure\certs.
6
HPE Quorum Witness version 4.0.x
Generating a CSR for the Quorum Witness client on each storage system
Prerequisites
•
The Peer Persistence Remote Copy configuration that will use Quorum Witness
•
A Certificate Authority tool
•
Access to the HPE 3PAR StoreServ Management Console
Procedure
1. On the HPE 3PAR SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
2. In the list pane, select the Peer Persistence Remote Copy configuration, and then select Actions > Manage
Certificates.
The Manage Quorum Witness Certificates screen opens.
Source system
3. Generate a CSR for the source system.
HPE Quorum Witness version 4.0.x
7
a. Under Certificate Management, select the source system from the System drop-down list.
b. Click the Generate CSR radio button.
c. Click Generate CSR.
The Set CSR Details screen displays.
d. Enter the source system information and location.
•
Common Name: The FQDN of the source system
•
DNS: The name of the source system as it is known in DNS
•
IP: The IP address of the source system
e. Click OK.
f. On the Certificate Management screen, click Save.
The CSR is downloaded to your local download directory.
g. Move the file to the predefined CSRs directory.
For example, C:\qw-secure\csrs.
Target system
4. Generate a CSR for the target system from the Manage Quorum Witness Certificates screen.
8
HPE Quorum Witness version 4.0.x
a. Select the target system from the System drop-down list.
b. Click the Generate CSR radio button.
c. Click Generate CSR.
d. Enter the target system information and location on the details screen.
•
Common Name: The FQDN of the target system
•
DNS: The name of the target system as it is known in DNS
•
IP: The IP address of the target system
e. Click OK.
f. On the Certificate Management screen, click Save.
The CSR is downloaded to your local download directory.
g. Move the file to the predefined CSRs directory.
Certificate Authority tool
5. Access the CA tool.
6. Request a CA-signed certificate for each storage system using the copied CSR files you generated.
7. When you receive the CA-signed certificates:
a. Make sure that the certificates are compliant to X.509 certificate format and PEM encoding.
b. Move the certificates to your predefined CA-signed certificates folder.
For example, C:\qw-secure\certs.
Creating a CA-signed certificate for the Quorum Witness server
The Certificate Authority (CA) signed certificate is used to connect to the Quorum Witness (QW) server. Perform this
procedure on the server where you will install the Quorum Witness software. The OpenSSL commands used in this
procedure are examples only.
NOTE: Passphrases are not supported.
Prerequisites
Access to OpenSSL 1.0 or later or another tool for securing TLS and SSL protocol.
Procedure
Quorum Witness server
1. Log in as the root user to the Quorum Witness server.
2. Confirm that you are in the /root directory using the pwd command.
3. Identify the FQDN of the server as the variable SYSTEM_QW.
For example: SYSTEM_QW=vm1234-ip6.abc.yourcorp.net
4. Generate a private key for the server certificate.
HPE Quorum Witness version 4.0.x
9
For example: openssl genrsa -out ${SYSTEM_QW}-server.key.pem 2048
Generating RSA private key, 2048 bit long modulus
......+++
.......................+++
e is 65537 (0x10001)
5. Generate a certificate signing request (CSR) using the server key. Replace the information between the quotes with
your location.
openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/C=Country
or region/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=$
{SYSTEM_QW}" -out ${SYSTEM_QW}-server-csr.pem
For example: openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/
C=US/ST=CA/L=Los Angeles/O=HPE/OU=DEV/CN=${SYSTEM_QW}" -out ${SYSTEM_QW}server-csr.pem
6. Confirm that two files are listed in the /root directory.
ls -l *.pem
ls -l *.pem
-rw-r--r-- 1 root root 1021 May 23 09:17 vm1234-ip6.abc.yourcorp.net-server.csr.pem
-rw-r--r-- 1 root root 1675 May 23 09:11 vm1234-ip6.abc.yourcorp.net-server.key.pem
Certificate Authority Tool
7. Access the CA tool.
8. Request a CA-signed certificate using the .csr.pem file.
9. When you receive the CA-signed certificate for the QW server:
a. Make sure that the CA-signed certificates are compliant to X.509 certificate format and PEM encoding.
b. Move the CA-signed, QW server certificate to your predefined CA-signed certificates folder.
For example: vm1234-ip6.abc.yourcorp.net_cert.pem certificate is located in C:\qw-secure
\certs.
Importing the Quorum Witness client and server certificates
The Quorum Witness client certificate, CA trust chain, and the Quorum Witness server root CA must be imported on each
storage system.
Prerequisites
•
Obtain a CA-signed certificate for the Quorum Witness client for each storage system.
•
Obtain a CA-signed certificate for the Quorum Witness server.
Procedure
1.
On the HPE 3PAR SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
2.
In the list pane, select the Peer Persistence Remote Copy configuration, and then select Actions > Manage
Certificates.
The Manage Quorum Witness Certificates screen opens.
Source system
10
HPE Quorum Witness version 4.0.x
3.
Import the Quorum Witness (QW) client certificate for the source system.
a. Select the source system from the System drop-down list.
b. Click Import QW Client Certificate.
c. For the QW Client CA trust chain, browse to the predefined certificates directory and open the CA chain
certificate .pem file.
d. Verify that the CA trust chain file appears.
e. For the QW Client Certificate, browse to the predefined certificates directory and open the FQDN
certificate .pem file.
f. Verify that the client certificate files appear.
4.
Import the Quorum Witness server certificate for the source system.
a. Click Import QW Server Certificate.
b. Browse to the predefined certificates directory and open the QW server certificate.
c. Verify that the certificate file appears.
HPE Quorum Witness version 4.0.x
11
5.
To import all certificates, click Import.
6.
Select the check box to accept the implications, and then click Yes, import.
The source client and server certificates display under Existing Quorum Witness Certificates.
Target system
7.
Import the Quorum Witness client certificate for the target system.
a. Select the target system from the System drop-down list.
b. Click Import QW Client Certificate.
c. For the QW Client CA trust chain, browse to the predefined certificates directory and open the CA chain
certificate .pem file.
d. Verify that the CA trust chain file appears.
e. For the QW Client Certificate, browse to the predefined certificates directory and open the FQDN
certificate .pem file.
f. Verify that the client certificate files appear.
8.
Import the Quorum Witness server certificate for the target system.
a. Click Import QW Server Certificate.
b. Browse to the predefined certificates directory and open the QW server certificate.
c. Verify that the QW server certificate file appears.
9.
To import all certificates, click Import.
The source and target client and server certificates display under Existing Quorum Witness Certificates.
12
HPE Quorum Witness version 4.0.x
10. Verify that you have three certificates for each storage system:
•
A self-signed rootCA for the qw-client
•
A CA-signed cert for the qw-client
•
A self-signed rootCA for the qw-server
Creating certificate bundles on the Quorum Witness server
Create two certificate bundles so that the Quorum Witness server can authenticate the Quorum Witness client. Perform
the following steps on the server where Quorum Witness will be installed.
Prerequisites
•
Obtain the CA-signed certificate and the trust chain for the Quorum Witness server.
•
Obtain the CA-signed certificate and the trust chain for the Quorum Witness client for each storage system.
Procedure
1. Log in as the root user to the Quorum Witness server.
2. Confirm that the following files are in the /root directory.
ls -l *.pem
[root@vm1234 ~]# ls -l *.pem
-rw-r--r-- 1 root root
1438
-rw-r--r-- 1 root root
1021
-rw-r--r-- 1 root root
1675
-rw-r--r-- 1 root root
1290
May
May
May
May
23
23
23
23
09:35
09:17
09:11
08:43
vm1234-ip6.abc.yourcorp.net_cert.pem
vm1234-ip6.abc.yourcorp.net-server.csr.pem
vm1234-ip6.abc.yourcorp.net-server.key.pem
RootCA_cert.pem
3. Create a file called cert.pem in the /root directory that contains the following files:
•
{SYSTEM_QW}.key.pem
•
{SYSTEM_QW}_cert.pem
•
RootCA_cert.pem
For example: cat vm1234-ip6.abc.yourcorp.net-server.key.pem vm1234ip6.abc.yourcorp.net_cert.pem RootCA_cert.pem > cert.pem.
HPE Quorum Witness version 4.0.x
13
Downloading Quorum Witness version 4.0.x
The Quorum Witness server software version 4.0.x is available from Software Depot as an RPM package. An ISO file that
includes the RPM package is also available from Software Depot or in the media kit.
Prerequisites
Make sure that Quorum Witness version 4.0.x requirements on page 5 have been met.
Procedure
1. Choose whether to download the Quorum Witness server software from Software Depot or the media kit.
•
Downloading Quorum Witness version 4.0.x from Software Depot on page 14
•
Downloading Quorum Witness version 4.0.x from the media kit on page 15
Downloading Quorum Witness version 4.0.x from Software Depot
Procedure
1. In HPE Software Depot, navigate to HPE Primera Quorum Witness and click Select.
For example, search on Quorum Witness and then select HPE Primera Quorum Witness.
2. Log in with your HPE Passport credentials.
3. Complete the requested information and click Next.
4. Download the ISO or RPM file.
5. Copy the files to the host location where you want to install the software.
The host location is called the Quorum Witness server.
6. Log in to the host location as root.
7. If you downloaded the ISO, burn the file to media or mount the file as a virtual drive and obtain the RPM package. For
example:
a. Create a mount point.
mkdir /mnt/iso
b. Mount the ISO.
mount -o loop /tmp/qwserv-4.0.xxx.iso /mnt/iso/
c. Navigate to the directory.
cd /mnt/iso
d. List the contents of the ISO.
ls /mnt/iso/
The ISO contains a README file and RPM package. For example:
Quorum Witness README.docx
14
HPE Quorum Witness version 4.0.x
qwserv-4.0.xxx.rpm
8. Review the README.docx file.
9. Copy the RPM package to the host location where you want to install the software.
Downloading Quorum Witness version 4.0.x from the media kit
Procedure
1. Obtain the DVD from the media kit and place the DVD in the media drive.
2. Mount the file as a virtual drive and obtain the RPM package. For example:
a. Create a mount point.
sudo mkdir /mnt/iso
b. Mount the ISO.
sudo mount -t iso9660 /dev/sr0 /mnt/iso
c. Navigate to the directory.
cd /mnt/iso
d. List the contents of the ISO.
ls /mnt/iso/
The ISO contains a README file and RPM package.
3. Review the README.docx file.
4. Copy the RPM package to the host location where you want to install the software.
The host location is called the Quorum Witness server.
5. Unmount the DVD.
sudo umount /mnt/iso
Installing Quorum Witness version 4.0.x using an RPM
Prerequisites
•
All the steps in Preparing to install Quorum Witness version 4.0.x on page 5 have been completed.
•
A supported Linux OS is installed and configured on the server where the Quorum Witness software is to be installed.
•
The QW server is set up on a separate system that is not a part of the host configuration.
•
The server SSL certificate trust chain and client root certificate files are available.
•
The RPM package has been downloaded.
Procedure
1. Log in to the root account of the Linux OS server.
2. Install the new RPM.
For example: rpm -vi qwserv-4.0.xxx.rpm
3. Verify the service status to make sure that the server is running.
systemctl list-units | grep qwserv
HPE Quorum Witness version 4.0.x
15
The result of the service status check indicates that the QW server is installed and running.
qwserv.service
loaded active running Quorum Witness server daemon
4. Copy the server SSL certificate trust chain to the default RPM configuration directory.
cp /root/cert.pem /usr/local/etc/cert.pem
5. Copy the root CA certificate to the default RPM configuration directory (/usr/local/etc), and rename it to
cacert.pem.
cp RootCA_cert.pem /usr/local/etc/cacert.pem
6. Confirm the cacert.pem and cert.pem files are in the /usr/local/etc/ directory.
ls -l /usr/local/etc
[root@vm1234 ~]# ls -l /usr/local/etc
total 12
-rw-r--r-- 1 root root 1290 May 23 09:39 cacert.pem
-rw-r--r-- 1 root root 4403 May 23 10:04 cert.pem
Setting up an alternative port for Quorum Witness
Port 8443 is the default port for Quorum Witness and is configured during installation. However, an alternative port can
be used for communication between the storage systems and the QW server. In this procedure, port 8444 is used as the
alternative port.
Prerequisites
Quorum Witness has been installed.
Procedure
1. Log in to the root account of the Linux OS server.
2. Stop the qwserv service if it is running.
systemctl stop qwserv
3. Edit the systemd unit file and insert the alternative port.
The qwserv application is run as a systemd service when installed using RPM. The systemd unit file is typically
stored under /lib/systemd/system/.
For example: vi /lib/systemd/system/qwserv.service
[Unit]
Description=Quorum Witness server daemon
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/qwserv -c /usr/local/etc/cert.pem -ca /usr/local/etc/cacert.pem -l –p 8444 $OPTIONS
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target
4. Save the edited file and restart the systemd service.
systemctl start qwserv
16
HPE Quorum Witness version 4.0.x
Configuring the Quorum Witness 4.0.x client
Create a secure connection between the Peer Persistence configuration and the Quorum Witness server.
Prerequisites
•
A Peer Persistence configuration is set up. See HPE Primera OS 4.0: Configuring disaster recovery with Remote Copy.
•
Host I/O paths are connected to each storage system such that the source and target volumes are visible to the host.
Procedure
1. On the SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
2. In the list pane, select the Peer Persistence Remote Copy configuration.
3. Select Actions > Configure Quorum Witness.
4. Enter the following information:
a. Enter the IP address or the FQDN of the Quorum Witness server.
b. Select Yes for Start.
c. Select Enabled for Secure Connection.
d. Enter 8443 for the default port of the QW server.
5. Click Configure.
After a few minutes, the Quorum Witness client is configured.
6. To verify that the Quorum Witness client configuration is added and started, select the Targets view.
The QW server field displays the location of the Quorum Witness server. The QW Status field displays Started.
Troubleshooting Quorum Witness 4.0.x
Verifying setup of Quorum Witness 4.0.x using CLI
Procedure
Storage systems
1. Verify connectivity from one of the storage systems to the Quorum Witness server.
cli% setrcopytarget witness check -ssl <new_witness_IP>
•
If Connectivity check passed displays, the certificates are valid and the storage systems can connect
to the Quorum Witness server. The Quorum Witness client is ready to be configured.
•
If No route to Quorum Witness at <new_witness_IP> from any node displays, go to
step 2.
2. On both storage systems, verify the certificate health.
cli% checkhealth -detail cert
HPE Quorum Witness version 4.0.x
17
•
If The following components are healthy: cert displays for both systems, go to step 3.
•
If a certificate is expired or invalid, see Certificates are missing, expired, or invalid on page 18 .
Quorum Witness server
3. Log in as root user to the Quorum Witness server.
4. On both storage systems, verify connectivity from the Quorum Witness server to the storage systems.
a. Ping the storage system.
Ping <systemname>
b. To stop the ping, wait a few seconds for the system to respond, and then press Ctrl+C.
•
If packets are transmitted without packet loss, go to Cannot create the Quorum Witness 4.0.x client
configuration in HPE 3PAR SSMC on page 19.
•
If packets were not transmitted or packet loss occurred, contact your network administrator.
Certificates are missing, expired, or invalid
Symptom
An error message displays in HPE 3PAR SSMC that a certificate is missing or invalid.
Action
1. On the HPE 3PAR SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
2. In the list pane, select the Peer Persistence Remote Copy configuration, and then select Actions > Manage
Certificates.
3. Review the certificates under Existing Quorum Witness Certificates.
4. Verify that you have three certificates for each storage system:
•
A self-signed rootCA for the qw-client
•
A CA-signed cert for the qw-client
•
A self-signed rootCA for the qw-server
5. Review the Expires on dates for each certificate and verify that no certificate has expired.
6. If any certificates are missing or expired, correct the certificates:
•
For qw-client certificates, repeat Importing the Quorum Witness client and server certificates on page 10.
•
For the qw-server certificate, repeat Creating a CA-signed certificate for the Quorum Witness server on page 9.
7. If the problem persists, verify that the certificate bundles are on the Quorum Witness server.
a. Log in as the root user to the Quorum Witness server.
b. Confirm the cacert.pem and cert.pem files are in the /root directory. For example:
ls -l /root
18
HPE Quorum Witness version 4.0.x
[root@vm1234 ~]# ls -l /root
total 12
-rw-r--r-- 1 root root 1290 May 23 09:39 cacert.pem
-rw-r--r-- 1 root root 4403 May 23 10:04 cert.pem
c. If a certificate bundle is missing, repeat Creating certificate bundles on the Quorum Witness server on page 13.
Make sure that the cert.pem contains the following files:
•
{SYSTEM_QW}.key.pem
•
{SYSTEM_QW}_cert.pem
•
RootCA_cert.pem
d. If the certificate bundles are correct, go to the next step.
8. Restart Quorum Witness so that the Quorum Witness server is using the latest certificates in the /root directory.
a. Stop Quorum Witness.
systemctl stop qwserv
b. Start Quorum Witness.
systemctl start qwserv
c. Verify the status of the server.
systemctl status qwserv
● qwserv.service - Quorum Witness server daemon
Loaded: loaded (/usr/lib/systemd/system/qwserv.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-05-23 10:16:07 MDT; 6 days ago
Main PID: 52545 (qwserv)
CGroup: /system.slice/qwserv.service
├─52545 /usr/local/bin/qwserv -c /usr/local/etc/cert.pem -ca /usr/...
└─52546 /usr/local/bin/qwserv -c /usr/local/etc/cert.pem -ca /usr/...
Active: active (running) indicates the server has been restarted.
Cannot create the Quorum Witness 4.0.x client configuration in HPE 3PAR SSMC
Symptom
The Quorum Witness server is active and running with valid certificates, but the Quorum Witness client cannot be
configured.
Solution 1
Cause
HPE 3PAR SSMC or a third-party port scan tool shows port 8443 is not open or a firewall is on and blocking the
connections from the storage systems.
Action
Quorum Witness server
1. Log in as the root user to the Quorum Witness server.
2. Confirm that the Quorum Witness server is running.
systemctl status qwserv
HPE Quorum Witness version 4.0.x
19
● qwserv.service - Quorum Witness server daemon
Loaded: loaded (/usr/lib/systemd/system/qwserv.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-05-23 10:16:07 MDT; 6 days ago
Main PID: 52545 (qwserv)
CGroup: /system.slice/qwserv.service
├─52545 /usr/local/bin/qwserv -c /usr/local/etc/cert.pem -ca /usr/...
└─52546 /usr/local/bin/qwserv -c /usr/local/etc/cert.pem -ca /usr/...
Active: active (running) indicates that the server is running.
3. Add the port to the firewall.
firewall-cmd --zone=public --add-port=8443/tcp --permanent
4. Reload the firewall.
firewall-cmd --reload
Storage systems
5. On both storage systems, confirm that the storage systems are connected to the Quorum Witness server.
cli% setrcopytarget witness check -ssl <new_witness_IP>
where <new_witness_IP> is the IP address or FQDN of the QW server
Connectivity check passed
Solution 2
Action
1. If the problem persists, perform the following steps:
a. Creating a secure Quorum Witness client configuration using CLI on page 20.
b. Starting the Quorum Witness client using the CLI on page 22.
Creating a secure Quorum Witness client configuration using CLI
For the storage systems to communicate with the Quorum Witness server, the IP address or FQDN of the QW server must
be set on the target of each system. In this procedure, s1234 is used to identify the primary or source storage system.
s4321 is used to identify the secondary or target storage system. See the HPE Primera OS 4.0 Command Line Interface
reference guide for more information.
Prerequisites
A Peer Persistence configuration is set up.
Procedure
Primary storage system
1.
Log in to the source storage system.
2.
Verify connectivity to the Quorum Witness server.
cli% setrcopytarget witness check -ssl <new_witness_ip>
Where: <new_witness_ip>—The IP address or the FQDN of the Quorum Witness server.
3.
Create the Quorum Witness client.
cli% setrcopytarget witness create -ssl <new_witness_ip> <target_name>
20
HPE Quorum Witness version 4.0.x
Where:
4.
•
<new_witness_ip>—The IP address or the FQDN of the Quorum Witness server
•
<target_name>—Name of the target on the secondary system
Verify that the Quorum Witness client is initializing.
cli% showrcopy -qw targets
Secondary storage system
5.
Log in to the target storage system.
6.
Verify connectivity to the Quorum Witness server.
cli% setrcopytarget witness check -ssl <new_witness_ip>
7.
Create the Quorum Witness client.
cli% setrcopytarget witness create -ssl <new_witness_ip> <target_name>
Where:
8.
•
<new_witness_ip>—The IP address or the FQDN of the Quorum Witness server
•
<target_name>—Name of the target on the primary system
Verify that the Quorum Witness client is initializing.
cli% showrcopy -qw targets
9.
Wait for the quorum state to stabilize. Reissue the showrcopy -qw targets command until the Q-Status
column changes from Initializing to Not-started. Stabilization may take up to 30 seconds.
Primary storage system
10. Confirm the Q-Status column changes from Initializing to Not-started on the primary system.
cli% showrcopy -qw targets
Example
Primary storage system
s1234 cli% setrcopytarget witness check -ssl 10.xxx.xxx.205
Connectivity check passed
s1234 cli% setrcopytarget witness create -ssl 10.xxx.xxx.205 s4321
s1234 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
Q-Status-Qual
s4321 20 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Initializing Quorum not stable
Secondary storage system
s4321 cli% setrcopytarget witness check -ssl 10.xxx.xxx.205
Connectivity check passed
s4321 cli% setrcopytarget witness create -ssl 10.xxx.xxx.205 s1234
HPE Quorum Witness version 4.0.x
21
s4321 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
Q-Status-Qual
s1234 20 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Initializing Quorum not stable
s4321 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
s1234 20 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Not-started
Q-Status-Qual
Primary storage system
s1234 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
Q-Status-Qual
s4321 20 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Not-started Quorum not stable
Starting the Quorum Witness client using the CLI
Start the Quorum Witness client to activate communication between the storage systems and the Quorum Witness server.
In this procedure, System1234 is used to identify the primary or source storage system. System4321 is used to
identify the secondary or target storage system.
Prerequisites
The quorum must be in the Not-Started state.
Procedure
Primary storage system
1. Start the Quorum Witness client.
cli% setrcopytarget witness start <target_name>
Where: <target_name>—Name of the target on the secondary system
2. Verify that the Quorum Witness client has started. The Q-Status column displays Started.
cli% showrcopy -qw targets
Secondary storage system
3. Start the Quorum Witness client.
cli% setrcopytarget witness start <target_name>
4. Verify that the Quorum Witness client has started. The Q-Status column displays Started.
cli% showrcopy -qw targets
22
HPE Quorum Witness version 4.0.x
Example
Primary storage system
s1234 cli% setrcopytarget witness start s4321
s1234 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
s4321 3 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Started
Q-Status-Qual
Secondary storage system
s4321 cli% setrcopytarget witness start s1234
s4321 cli% showrcopy -qw targets
Remote Copy System Information
Status: Started, Normal
Target Information
Name ID Type Status Policy
QW-Server
QW-Ver Q-Status
s1234 3 IP
ready mirror_config https://xxxxxx:8443" 4.0.xxx Started
Q-Status-Qual
HPE Quorum Witness version 4.0.x
23
HPE Quorum Witness version 3.0.x
Quorum Witness (QW) is used for automatic transparent failover (ATF) within a Peer Persistence environment. Quorum
Witness is a self-contained application, installed as an RPM package. Quorum Witness is no longer restricted to VMware
ESXi or Microsoft Hyper-V environments. Quorum Witness can be installed on any physical machine or virtual machine of
any supported host OS.
If you already have Quorum Witness installed and you want to update the software, see HPE Quorum Witness update on
page 39.
Downloading Quorum Witness version 3.0.x
The QW version 3.0.x RPM package is available from Software Depot. The RPM package is also encapsulated in an ISO file
which is available from Software Depot or in the media kit.
Procedure
1. Choose whether to download the QW server software from Software Depot or the media kit:
•
Downloading Quorum Witness version 3.0.x from Software Depot on page 24
•
Downloading Quorum Witness version 3.0.x from the media kit on page 25
Downloading Quorum Witness version 3.0.x from Software Depot
Procedure
1. In HPE Software Depot, select your operating system and then navigate to Quorum Witness and click Select.
For example, select one of the following:
•
Storage > HPE Primera and then HPE Primera Quorum Witness
•
Storage > HPE 3PAR StoreServ and then HPE 3PAR Quorum Witness
2. Log in with your HPE Passport credentials.
3. Complete the requested information and click Next.
4. Download the ISO or RPM.
5. Copy the ISO or RPM to the host location where you want to install the software.
The host location is called the Quorum Witness server.
6. Log in to the host location as root.
7. If you downloaded the ISO, burn the file to media or mount the file as a virtual drive and obtain the RPM package. For
example:
a. Create a mount point.
mkdir /mnt/iso
b. Use the mount command to mount the ISO.
mount -o loop /tmp/qwserv-3.0.xxx.iso /mnt/iso/
c. Navigate to the directory.
24
HPE Quorum Witness version 3.0.x
cd /mnt/iso
d. List the contents of the ISO.
ls /mnt/iso/
The ISO contains a README file and the RPM package.
8. Review the README.docx.
9. Extract the RPM package.
Downloading Quorum Witness version 3.0.x from the media kit
Procedure
1. Obtain the DVD from the media kit and place the DVD in the media drive.
2. Mount the file as a virtual drive and obtain the RPM package. For example:
a. Create a mount point.
sudo mkdir /mnt/iso
b. Use the mount command to mount the ISO.
sudo mount -t iso9660 /dev/sr0 /mnt/iso
c. Navigate to the directory.
cd /mnt/iso
d. List the contents of the ISO.
ls /mnt/iso/
The ISO contains a README file and the RPM package.
3. Extract and review the README.docx.
4. Extract the RPM package.
5. Copy the RPM package to the host location where you want to install the software. The host location is called the
Quorum Witness server.
6. Unmount the DVD.
sudo umount /mnt/iso
Installing Quorum Witness version 3.0.x
Quorum Witness version 3.0.x is installed as application software on a virtual machine or physical server of any supported
host OS.
NOTE: The QW server software must be installed on a separate server that is not part of the host configuration.
Quorum Witness version 3.0.x requirements
The Quorum Witness server is installed at a third site that would not be impacted by failure of the source or backup sites,
and connects to the source and backup storage systems using non-Remote Copy links.
Quorum Witness can support multiple Peer Persistence configurations.
HPE Quorum Witness version 3.0.x
25
Table 2: Quorum Witness version 3.0.x requirements
Feature
Requirement
Host operating system
Depending on your OS, see the HPE support matrix in SPOCK for a list of supported
Linux OS versions.
Connectivity
Maximum RTT
•
To access the HPE Primera OS Support Matrix, see Accessing the HPE Primera OS
Support Matrix in SPOCK on page 6.
•
To access the HPE 3PAR Support Matrix, see Accessing the HPE 3PAR OS Support
Matrix in SPOCK on page 26.
•
Ethernet.
•
Hewlett Packard Enterprise recommends that the Quorum Witness be installed on a
neutral or third site. This site has access to the same network as the two arrays that
are in a Peer Persistence relationship.
•
IPv4 or IPv6 address configured on the Quorum Witness server.
RTT is 250 ms (with a connection timeout of 250 ms and a response timeout of 3
seconds).
Software license requirements •
•
HPE Remote Copy License
HPE Peer Persistence License
NOTE: With HPE Primera, Remote Copy and Peer Persistence licenses are included with
HPE Primera.
With HPE 3PAR OS 3.3.1 the HPE 3PAR All-inclusive Software License for HPE 3PAR
StoreServ 8000, 20000, and newer platforms include Remote Copy and Peer
Persistence licenses. These licenses are included in the Base and Multi-Storage licenses
for HPE 3PAR OS. Only HPE 3PAR StoreServ 7000 and 10000 arrays require software
licenses regardless of the HPE 3PAR OS version.
Memory
50 MiB
Disk space
150 MiB
Port 8080
Port 8080 must be open between the storage arrays and the Quorum Witness server.
Accessing the HPE 3PAR OS Support Matrix in SPOCK
Procedure
1. Use your HPE Passport account to log in to SPOCK.
TIP: If you do not have an HPE Passport account, create an account from the SPOCK login page.
2. In the left navigation pane of the SPOCK home page, scroll down to Other Hardware, and then click 3PAR.
3. Click the Support Matrix that applies to your OS version.
26
HPE Quorum Witness version 3.0.x
Installing Quorum Witness version 3.0.x
Prerequisites
•
Quorum Witness host OS requirements are met.
•
The QW server is set up on a separate system that is not a part of the host configuration.
•
The RPM package has been downloaded.
Procedure
1. Log in to the root account of the Quorum Witness server.
2. Install the new RPM.
For example: rpm -vi qwserv-3.0.xxx.rpm
3. Verify the service status to make sure that the server is running.
systemctl list-units | grep qwserv
The result of the service status check indicates that the QW server is installed and running.
qwserv.service
loaded active running Quorum Witness server daemon
Configuring the Quorum Witness 3.0.x client
Create a connection between the Peer Persistence configuration and the Quorum Witness server.
Prerequisites
•
A Peer Persistence configuration is set up. See the HPE 3PAR Remote Copy Software User's Guide.
•
Host I/O paths are connected to each storage system such that the source and target volumes are visible to the host.
Procedure
Primary storage system
1. Access the primary storage system (System1 in this example).
2. Verify connectivity from the storage system to the Quorum Witness server.
cli% setrcopytarget witness check <new_witness_ip>
Where: <new_witness_ip>—The IP address of the Quorum Witness server
The result of the quorum witness check indicates connectivity between the QW server and the storage system.
Connectivity check passed
Secondary storage system
3. Verify connectivity from the target system to the Quorum Witness server.
cli% setrcopytarget witness check <new_witness_ip>
The result of the Quorum Witness check indicates connectivity between the QW server and the storage system.
HPE Quorum Witness version 3.0.x
27
Connectivity check passed
Troubleshooting Quorum Witness 3.0.x
Cannot connect to the Quorum Witness 3.0.x server
Symptom
Quorum Witness server is active and running, but the Quorum Witness 3.0.x client cannot be configured.
Cause
Firewall is on and blocking the connections from the storage systems.
Action
Storage systems
1. On one of the storage systems, confirm that the storage system cannot connect to the Quorum Witness server.
cli% setrcopytarget witness check <new_witness_IP>
No route to Quorum Witness at <new_witness_IP> from any node
Quorum Witness server
2. Log in as root user to the Quorum Witness server.
3. Confirm that the QW server is running.
systemctl status qwserv
Active: active (running) indicates that the server is running.
4. Identify the firewall zones.
firewall-cmd --get-active-zones
5. Add port 8080 to the firewall.
firewall-cmd --zone=public --add-port=8080/tcp --permanent
6. Reload the firewall.
firewall-cmd --reload
Storage systems
7. On both of the storage systems, confirm that the storage systems are connected to the QW server.
cli% setrcopytarget witness check <new_witness_IP>
Connectivity check passed
28
HPE Quorum Witness version 3.0.x
HPE Quorum Witness version 2.1.x
Quorum Witness (QW) is used for automatic transparent failover (ATF) within a Peer Persistence environment. Download,
deploy, and configure the Quorum Witness version 2.1.x server software.
If you already have Quorum Witness deployed and you want to update the software, see HPE Quorum Witness update
on page 39.
Downloading Quorum Witness version 2.1.x
QW version 2.1.x is an ISO file which is available from Software Depot or in the media kit. There is a media kit for VMware
ESXi and a separate kit for Windows Hyper-V.
Procedure
1. Choose whether to download the QW server software from the media kit or from Software Depot:
•
Downloading Quorum Witness version 2.1.x from Software Depot on page 29
•
Downloading Quorum Witness version 2.1.x from the media kit on page 29
Downloading Quorum Witness version 2.1.x from Software Depot
Procedure
1. From SPOCK, navigate to HPE 3PAR Quorum Witness and click Select.
2. Complete the requested information and click Next.
3. Download the appropriate ISO file (ESXi or Hyper-V).
4. Copy the ISO file to the location where you want to install the software.
The host location is called the Quorum Witness server.
Downloading Quorum Witness version 2.1.x from the media kit
Procedure
1. Obtain the DVD from the media kit and place the DVD in the media drive.
2. Mount the ISO file as a virtual drive.
3. Extract the ISO file.
4. Copy the ISO file to the host location where you want to install the software.
The host location is called the Quorum Witness server.
Deploying Quorum Witness version 2.1.x
Two different versions of Quorum Witness are available to support the different VM host systems, ESXi and Hyper-V.
Procedure
1. Deploy the Quorum Witness ISO image that matches your VM host OS.
HPE Quorum Witness version 2.1.x
29
•
Deploying Quorum Witness version 2.1.x on VMware ESXi on page 30
•
Deploying Quorum Witness version 2.1.x on Windows Hyper-V on page 32
Quorum Witness version 2.1.x requirements
Quorum Witness can support more than a single configuration using Peer Persistence.
Table 3: Quorum Witness version 2.1.x requirements
Feature
Requirement
Host operating system
See the 3PAR support matrices in SPOCK for a list of supported hypervisors.
Connectivity
•
Ethernet.
•
Hewlett Packard Enterprise recommends that Quorum Witness be installed on a
neutral or third site. This site has a network interface with access to the same network
as the two arrays that are in a Peer Persistence relationship.
•
IPv4 or IPv6 address configured on the Quorum Witness server.
Maximum RTT
RTT is 250 ms (with a connection timeout of 250 ms and a response timeout of 3
seconds).
Software license
requirements
•
Remote Copy license
•
HPE Peer Persistence license
NOTE: Starting with HPE 3PAR OS 3.3.1 the HPE 3PAR All-inclusive Software License
for HPE 3PAR StoreServ 8000, 20000, and newer platforms include Remote Copy and
Peer Persistence Licenses. These licenses are included in the Base and Multi-Storage
licenses for HPE 3PAR OS. Only HPE 3PAR StoreServ 7000 and 10000 arrays require
software licenses regardless of the HPE 3PAR OS version.
Memory
2,048 MB
Disk space
20 GB
NOTE: At least 20 GB disk space is recommended for the Quorum Witness VM.
Port 8080
Port 8080 must be open between the storage arrays and the Quorum Witness server.
Deploying Quorum Witness version 2.1.x on VMware ESXi
If your ESXi host VMware version is newer than the Quorum Witness VMware tools in the 3PAR OS 3.2.1 release, the
status of the VMware tools on the summary page may show “Running (Out-of-date)”. If you update the Quorum Witness
VMware tools, the Quorum Witness might be unavailable briefly when the network is being restarted.
30
HPE Quorum Witness version 2.1.x
Prerequisites
•
The user name and password for the ESXi server.
•
The QW server is not part of the host configuration.
•
The ISO has been downloaded to a location accessible by the QW server.
Procedure
1. Review Quorum Witness version 2.1.x requirements on page 30.
2. Connect to the ESXi server using vSphere or the web client.
3. If using vSphere:
a. In the IP address / Name menu, select the IP address or name of the ESXi server.
b. Select File, and then select Deploy OVF Template....
The Deploy OVF Template window displays.
c. In the Deploy OVF Template window, enter the following information:
•
In the Deploy from a file or URL field, enter the path and name of the .ovf file as the source location. Or,
click Browse to locate and select the file.
•
The OVF Template Details screen appears, indicating the download size and size on disk. At least 20 GB disk
space is recommended for the Quorum Witness VM.
•
In the Name field, enter a name for the Quorum Witness. The name you assign does not affect Quorum Witness
operation.
•
In the Disk Format field, select the Thin Provision option.
d. In the Network Mapping pane, select the virtual switch for the deployed template. This network must be
accessible from the storage systems.
e. When the virtual machine is ready for completion, a pane showing deployment settings displays.
f. Click Finish.
The deployment process starts.
4. If using the web client:
a. Click Create/Register VM.
b. For Select creation type, select Deploy a virtual machine from an OVF or OVA file and click Next.
c. In the Enter a name for the virtual machine field, enter the IP address or name of the ESXi server.
d. From the downloaded ISO, copy the OVA file and click Next.
e. For Select storage, select the datastore where the configuration and disk files will be stored and click Next.
f. For Deployment options, enter the following information and then click Next.
HPE Quorum Witness version 2.1.x
31
•
In the Network mappings, select the virtual switch for the deployed template. This network must be accessible
from the storage systems.
•
For Disk provisioning, select Thin.
g. Click Finish.
The deployment process starts.
Deploying Quorum Witness version 2.1.x on Windows Hyper-V
Prerequisites
•
The QW server is not part of the host configuration.
•
The ISO has been downloaded to a location accessible by the QW server.
Procedure
1.
Review Quorum Witness version 2.1.x requirements on page 30.
2.
On the Windows server, open the Server Manager, click the Tools menu, and select Hyper-V Manager.
The Hyper-V Manager window displays.
3.
Select the host, and then, in the Action menu, select Import Virtual Machine.
4.
In Locate Folder, click Browse to locate and select the DVD drive that contains the virtual machine to import.
5.
In Select Virtual Machine, select the name of the virtual machine to import.
6.
In Choose Import Type, select Copy the virtual machine (create a new unique ID).
7.
In Choose folders for virtual machine files, either accept the default path or choose another location in which to
store the virtual machine files.
8.
In Locate virtual hard disks, select the DVD drive or the parent folder of the virtual hard disks that you want to
import.
9.
In Choose folders to store virtual hard disks, either accept the default path or choose another location in which to
store the imported virtual hard disks.
The import wizard might find a configuration error: Could not find Ethernet switch “Common
Virtual Switch”. This message is expected; you must select the appropriate virtual switch on the Hyper-V
host system and enable or disable the VLAN ID, based on your particular network configuration. On the Quorum
Witness virtual machine, perform these steps:
a. Click Settings, and then click Network Adapter.
b. Select the virtual switch, and then clear the Enable virtual LAN identification check box.
When the virtual machine is ready to be imported, a summary of the import settings appears, indicating:
32
•
Virtual machine name
•
Import file
HPE Quorum Witness version 2.1.x
•
Import type
•
Folders where the virtual machine files will be stored
•
Virtual hard disk source folder
•
Virtual hard disk destination folder
10. Click Finish. The import process starts.
When the import is complete, the new virtual machine appears in the Off state in the Hyper-V Manager window.
Configuring Quorum Witness version 2.1.x
To communicate over Ethernet with IPv6, the storage systems must be running HPE 3PAR OS version 3.3.1 MU1 or later.
Procedure
1. Configure the Quorum Witness server for the first time.
2. Configure the IPv4 or IPv6 ethernet interface for the Quorum Witness server.
3. Update Quorum Witness firewall settings for IPv4.
Configuring the Quorum Witness server for the first time
The installed Quorum Witness must be configured before it can be used. When you turn on a new Quorum Witness virtual
machine for the first time, you are automatically prompted to configure the VM network settings. The procedure is the
same whether the Quorum Witness server is installed on VMware ESXi or on Windows Hyper-V.
Prerequisites
Obtain the following information from the system administrator:
•
Host name
•
Gateway IP address
•
Netmask
•
Primary and secondary DNS server
Procedure
1.
Open a console window for the Quorum Witness virtual machine. To turn on the virtual machine, click the green
power on button.
A prompt appears to configure the keyboard based on your country/region.
2.
Select the country/region and then click OK.
A prompt appears for configuring your password.
3.
Type your new password, and then retype the password to confirm.
In the screens that appear during the bootup process, use the Tab key and up/down arrow keys to move the cursor.
Use the Enter key to select an item.
4.
To configure the device, select Device Configuration, and then select the device to configure (typically eth0).
5.
In the Network Configuration screen, the following settings are required and must be entered in the blank fields:
HPE Quorum Witness version 2.1.x
33
Static IP
Netmask
Default Gateway IP
Primary DNS Server
Secondary DNS Server
6.
Select OK, and then select Save.
7.
Select DNS Configuration.
8.
In the DNS Configuration screen, the following settings are required and must be entered in the blank fields:
Primary DNS
Secondary DNS
DNS search path
9.
Select OK, and then select Save & Quit.
The Authentication Configuration screen appears.
10. Select Cancel.
The Services screen appears.
11. Select Cancel.
12. When the virtual machine boots up, log in:
•
Login: root
•
Password: Enter the password you created.
13. To verify IP information, enter the following in the command line:
ifconfig
14. To verify that the Quorum Witness server is responding as expected, ping couchdb and the Quorum Witness
server.
a. To ping couchdb:
curl http://localhost:8080
The expected return is:
{"couchdb":"Welcome","version":"<couchdb version>"}
b. To ping the Quorum Witness server:
curl http://localhost:8080/witness
The values in the output may vary, but doc_count should be at least 1, and the not_found error should
not occur.
For example:
{"db_name":"witness","doc_count":1,"doc_del_count":0,"update_seq":1,
"purge_seq":0,"compact_running":false,"disk_size":4185,
"instance_start_time":"1407454201619825","disk_format_version":5,
"committed_update_seq":1}
Primary storage system
15. Access the primary storage system (System1 in this example).
34
HPE Quorum Witness version 2.1.x
16. Verify connectivity from the storage system to the Quorum Witness server.
System
Command
System1
cli% setrcopytarget witness check <new_witness_ip>
Where: <new_witness_ip>—The IP address of the Quorum Witness server
The result of the quorum witness check indicates connectivity between the QW server and the storage system.
Connectivity check passed
Secondary storage system
17. Verify connectivity from the target system to the Quorum Witness server.
cli% setrcopytarget witness check <new_witness_ip>
The result of the Quorum Witness check indicates connectivity between the QW server and the storage system.
Connectivity check passed
Configuring the IPv4 or IPv6 ethernet interface for the Quorum Witness server
If the Quorum Witness server was configured correctly during first time setup, the IPv4 settings are set up. Use this
procedure to confirm the IPv4 settings. IPv6 settings are not configured during the QW first time set up. If you are using
IPv6, use this procedure to configure the IPv6 settings.
NOTE: In the following procedure, the IP addresses are only examples, not the actual required IP addresses. Use the IP
address information for your network.
Procedure
1.
Log into the Quorum Witness server as the root user.
2.
To stop the network manager, issue the following command:
service network stop
3.
To ensure correct service boot behavior, issue the following commands:
chkconfig network off
chkconfig network on
4.
To change or confirm the network configuration, issue the following command:
/etc/sysconfig/network
IPv4 example:
NETWORKING=yes
HOSTNAME=server.domain.com
GATEWAY=192.168.1.1
IPv6 example:
HOSTNAME=server.domain.com
NETWORKING=yes
NETWORKING_IPv6=yes
5.
To change or confirm Ethernet interface settings, issue the following command:
/etc/sysconfig/network-scripts/ifcfg-eth0
HPE Quorum Witness version 2.1.x
35
IPv4 example:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
IPv6 example:
DEVICE=eth0
TYPE=Ethernet
NM_CONTROLLED=no
BOOTPROTO=static
ONBOOT=yes
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
NAME="System eth0"
USERCTL=no
IPV6ADDR=2620:0:a04:1120:15:252:204:92
NETWORK=192.168.1.0
6.
To change or confirm the DNS resolver, issue the following command:
/etc/resolv.conf
IPv4 example:
search domain.com
nameserver 192.168.1.2
nameserver 192.168.1.3
IPv6 example:
nameserver 2620:0:a04:1128:15:250:70:91
nameserver 2620:0:a04:1128:15:250:70:92
search domain.com
7.
To restart the network service, issue the following command:
service network restart
8.
Determine your next step:
9.
•
For IPv4, proceed to Update Quorum Witness firewall settings for IPv4.
•
For IPv6, continue to the next step.
Set the IPv6 address and firewall settings.
sed -i -e 's/bind_address.*0.0.0.0/bind_address = ::/' /etc/couchdb/
local.ini
36
HPE Quorum Witness version 2.1.x
/etc/init.d/couchdb restart
ip6tables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
/etc/init.d/ip6tables save
10. Wait for a couple of minutes for couchdb to start, and then confirm IPv6 settings have been applied:
curl http://localhost:8080
The expected return is:
{"couchdb":"Welcome","version":"<couchdb version>"}
Updating Quorum Witness firewall settings for IPv4
To prevent http access from unauthorized IP addresses on the Quorum Witness server, security settings (iptables) must
be set on port 8080.
Prerequisites
Obtain the cluster IP address of each array that will have access to the Quorum Witness server. The CLI command
shownet issued on the storage systems provides the IP addresses.
Procedure
1. Log into the new QW virtual machine using root account and password.
2. List all current firewall rules.
iptables -L -n --line-numbers
3. Remove any undesired firewall rule. For example, any rule that enables dport 8080 access from other 3PAR arrays
must be removed.
iptables -D INPUT <rule number to delete>
The rule is removed and the rule numbers are changed.
4. Repeat steps 2-3 until all undesired firewall rules are removed.
5. To allow access to port 8080 for each 3PAR array that has access to Quorum Witness, add firewall rules.
iptables -I INPUT 1 -p tcp --dport 8080 -s <ipv4-addr-array1> -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 8080 -s <ipv4-addr-array2> -j ACCEPT
NOTE: If there are more than two arrays that share access to Quorum Witness, add rules for those arrays. Add the
following rules after the list of the 3PAR arrays that share access to the Quorum Witness.
iptables -I INPUT <3+n> -p tcp --dport 8080 -s 127.0.0.1 -j ACCEPT
iptables -I INPUT <4+n> -p tcp --dport 8080 -j DROP
6. Save the firewall rules.
/etc/init.d/iptables save
HPE Quorum Witness version 2.1.x
37
7. Restart the firewall rules using the saved configuration.
/etc/init.d/iptables restart
8. Verify that the firewall rules contain your changes.
iptables –L -n
38
HPE Quorum Witness version 2.1.x
HPE Quorum Witness update
Updating existing Quorum Witness server software
If you already have a Quorum Witness (QW) server installed and you want the existing Peer Persistence configuration to
use a newer version of the server software, follow these instructions. Installation and configuration tasks are performed on
the QW server. Tasks involving the Quorum Witness client are performed on the source storage system.
Procedure
Quorum Witness server
1. Install the new Quorum Witness server software:
•
For QW version 4.0.x, prepare to install Quorum Witness version 4.0.x, and then install Quorum Witness
version 4.0.x.
•
For QW version 3.0.x, install Quorum Witness version 3.0.x.
•
For QW version 2.1.x, deploy Quorum Witness version 2.1.x.
Source storage system
2. Remove the old Quorum Witness client configuration.
3. Configure the new Quorum Witness client:
•
For QW version 4.0.x, configure the Quorum Witness 4.0.x client.
•
For QW version 3.0.x, configure the Quorum Witness 3.0.x client.
•
For QW version 2.1.x, configure Quorum Witness version 2.1.x.
Quorum Witness server
4. Uninstall the old version of Quorum Witness and repurpose the original VM:
•
For QW version 4.0.x and 3.0.x: yum remove <packagename>
NOTE: Uninstalling QW 3.0.x may produce an error indicating a segfault in libc. The message can be
ignored.
•
For QW version 2.1.x,the VM is no longer needed and can be decommissioned.
5. If you are upgrading from an existing QW version 4.0.x or later, remove the existing certificate bundles.
rm -f /root/*.pem
Removing the Quorum Witness client configuration
Removing the Quorum Witness client configuration stops connectivity and removes the IP address of the Quorum Witness
server. Therefore, the storage systems no longer communicate with the QW server. Remove the Quorum Witness client
configuration when you want to:
HPE Quorum Witness update
39
•
Stop using a Peer Persistence ATF Remote Copy configuration.
•
Connect to a new Quorum Witness server.
•
Upgrade to a new software version of the Quorum Witness server.
IMPORTANT: Removing the Quorum Witness client configuration stops the auto-failover processes for all
applicable Remote Copy groups.
Procedure
1. On the HPE 3PAR SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
2. In the list pane, select the Peer Persistence Remote Copy configuration.
3. From the Actions menu, select Remove Quorum Witness.
4. To start the removal process, click Remove.
5. Select the check box that you understand the implications and then click Yes, remove.
After a few minutes, the Quorum Witness client configuration is removed from the Peer Persistence configuration. The
storage systems are no longer connected to the Quorum Witness server.
6. To verify that the Quorum Witness client configuration is removed, select the Targets view.
The QW fields are blank.
40
HPE Quorum Witness update
Support and other resources
Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
http://www.hpe.com/info/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website:
http://www.hpe.com/support/hpesc
Information to collect
•
Technical support registration number (if applicable)
•
Product name, model or version, and serial number
•
Operating system name and version
•
Firmware version
•
Error messages
•
Product-specific reports and logs
•
Add-on products or components
•
Third-party products or components
Accessing updates
•
Some software products provide a mechanism for accessing software updates through the product interface. Review
your product documentation to identify the recommended software update method.
•
To download product updates:
Hewlett Packard Enterprise Support Center
www.hpe.com/support/hpesc
Hewlett Packard Enterprise Support Center: Software downloads
www.hpe.com/support/downloads
Software Depot
www.hpe.com/support/softwaredepot
•
To subscribe to eNewsletters and alerts:
www.hpe.com/support/e-updates
•
To view and update your entitlements, and to link your contracts and warranties with your profile, go to the Hewlett
Packard Enterprise Support Center More Information on Access to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials
IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett
Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements.
Support and other resources
41
Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to
be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for
CSR. Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by
CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
http://www.hpe.com/support/selfrepair
Remote support
Remote support is available with supported devices as part of your warranty or contractual support agreement. It
provides intelligent event diagnosis, and automatic, secure submission of hardware event notifications to Hewlett Packard
Enterprise, which will initiate a fast and accurate resolution based on your product's service level. Hewlett Packard
Enterprise strongly recommends that you register your device for remote support.
If your product includes additional remote support details, use search to locate that information.
Remote support and Proactive Care information
HPE Get Connected
www.hpe.com/services/getconnected
HPE Proactive Care services
www.hpe.com/services/proactivecare
HPE Datacenter Care services
www.hpe.com/services/datacentercare
HPE Proactive Care service: Supported products list
www.hpe.com/services/proactivecaresupportedproducts
HPE Proactive Care advanced service: Supported products list
www.hpe.com/services/proactivecareadvancedsupportedproducts
Proactive Care customer information
Proactive Care central
www.hpe.com/services/proactivecarecentral
Proactive Care service activation
www.hpe.com/services/proactivecarecentralgetstarted
Warranty information
To view the warranty information for your product, see the links provided below:
HPE ProLiant and IA-32 Servers and Options
www.hpe.com/support/ProLiantServers-Warranties
HPE Enterprise and Cloudline Servers
www.hpe.com/support/EnterpriseServers-Warranties
HPE Storage Products
www.hpe.com/support/Storage-Warranties
HPE Networking Products
www.hpe.com/support/Networking-Warranties
42
Support and other resources
Regulatory information
To view the regulatory information for your product, view the Safety and Compliance Information for Server, Storage,
Power, Networking, and Rack Products, available at the Hewlett Packard Enterprise Support Center:
www.hpe.com/support/Safety-Compliance-EnterpriseProducts
Additional regulatory information
Hewlett Packard Enterprise is committed to providing our customers with information about the chemical substances in
our products as needed to comply with legal requirements such as REACH (Regulation EC No 1907/2006 of the European
Parliament and the Council). A chemical information report for this product can be found at:
www.hpe.com/info/reach
For Hewlett Packard Enterprise product environmental and safety information and compliance data, including RoHS and
REACH, see:
www.hpe.com/info/ecodata
For Hewlett Packard Enterprise environmental information, including company programs, product recycling, and energy
efficiency, see:
www.hpe.com/info/environment
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the
documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When
submitting your feedback, include the document title, part number, edition, and publication date located on the front
cover of the document. For online help content, include the product name, product version, help edition, and publication
date located on the legal notices page.
Support and other resources
43
