Unsolved
10 Posts
0
693
March 21st, 2022 08:00
DataIQ adding PowerScale cluster fails with SSL enabled
Hi all, I am looking for advice on how to debug the joing operation for PowerScale on DataIQ. The process fails with the message: DataIQ was unable to add the cluster because SSL certificate validation failed.
We are using a DFN certificate based on T-TeleSec GlobalRoot Class 2 on the PowerScale system. This certificate as well as the DFN intermediate ones and the server certificate were added to DataIQ following the instructions in the DataIQ manual. But then still the joining operation fails. Were do I find the log files for the procedure or any other more detailed information that might allow me to identify and hopefully solve the issue?
Günther
No Events found!
DELL-Sam L
Moderator
•
7.7K Posts
0
March 21st, 2022 16:00
Hello GSchwarz,
What is your current version of DataIQ? Here are a few kb’s & guides that maybe of assistance.
https://dell.to/3JAzDLF
https://dell.to/3D38AGA
https://dell.to/3ttkB4T
https://dell.to/3ItHmKa
https://dell.to/3IoyVj7
GSchwarz
10 Posts
0
March 22nd, 2022 02:00
Dear Sam,
thank you very much indeed for the links. The version of DataIQ is 2.2.0.0 currently used just for evaluation and with a trial licence. I might upgrade to a more recent one.
From the linked documents I get two interesting points:
CA on the cluster: The CA for DFN and Telecom on which my SSL certificate is based on are imported and shown as valid on the cluster.
The document "Isilon OneFS: How to replace or renew the SSL certificate that is used for the Isilon web administration interface" states that on the cluster any certificate might also be configurated for apache on ports 8081 (VASA) and 8083 (Swift). Is this necessary? Will DataIQ communicate with the cluster over these ports? Currently I did not apply this configuration.
Günther
GSchwarz
10 Posts
0
March 22nd, 2022 07:00
Upgraded CentOS, openssl to version 1.1, and DataIQ to current version 2.2.1.0. The error message when trying to join the PowerScale cluster remains.
Günther
DELL-Sam L
Moderator
•
7.7K Posts
0
March 22nd, 2022 15:00
Hello GSchwarz,
You will need to have the ports open.
GSchwarz
10 Posts
0
March 23rd, 2022 08:00
Dear Sam,
port 8083 is open on the oneFS cluster and reachable for the DataIQ server. Port 8081 is not used by the cluster. It is mentioned as VASA in the security admin guide. What service uses this port and is it necessary for DataIQ?
Günther
DELL-Sam L
Moderator
•
7.7K Posts
0
March 23rd, 2022 11:00
Hello GSchwarz,
Port 8081 is not necessary for DataIQ.
GSchwarz
10 Posts
0
March 25th, 2022 07:00
Fine, so this looks like a dead end as far as the connection to PowerScale is concerned. I will check further on the local logs.