ECS: Sådan bruger du API til at deaktivere tjenester, og hvordan du deaktiverer usikre porte til tjenester på ECS

Summary: Sådan deaktiveres ubrugte tjenester.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Bemærk: Hvis du deaktiverer en tjeneste som NFS, Swift – anbefales det at opgradere til 3.4.x eller nyere og følge KB-000022052: (Kun registrerede Dell-kunder kan få adgang til indholdet på artikellinket via Dell.com/support)

Denne KB-artikel viser, hvordan du deaktiverer objektporte, der ikke bruges eller deaktiveres af sikkerhedsmæssige årsager. Du kan finde flere oplysninger i den nyeste ECS-sikkerhedsvejledning, der findes på Dells supportwebsted.

  1. Forespørg med en GET-anmodning for at hente de aktuelle konfigurationer:    
# curl -sk -X GET -H "$TOKEN" -H "ACCEPT:application/xml" -H "Content-Type: application/xml" https://<management_IP>:4443/service/
 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<services>
  <service>
    <name>atmos</name>
    <settings>http</settings>
    <settings>https</settings>
  </service>
  <service>
    <name>cas</name>
    <settings>enabled</settings>
  </service>
  <service>
    <name>hdfs</name>
    <settings>enabled</settings>
  </service>
  <service>
    <name>nfs</name>
    <settings>enabled</settings>
  </service>
  <service>
    <name>s3</name>
    <settings>http</settings>
    <settings>https</settings>
  </service>
  <service>
    <name>swift</name>
    <settings>http</settings>
    <settings>https</settings>
  </service>
</services>
  1. Opret en fil ved hjælp af VI, og rediger for at fjerne indstillinger, der ikke er nødvendige. Her er også hvor en tjeneste deaktiveres ved at erstatte aktiveret med deaktiveret.
Eksempel på deaktivering af NFS og fjernelse af HTTP fra alle tjenester:    
# cat /home/admin/service.conf
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<services>
  <service>
    <name>atmos</name>
    <settings>https</settings>
  </service>
  <service>
    <name>cas</name>
    <settings>enabled</settings>
  </service>
  <service>
    <name>hdfs</name>
    <settings>enabled</settings>
  </service>
  <service>
    <name>nfs</name>
    <settings>disabled</settings>
  </service>
  <service>
    <name>s3</name>
    <settings>https</settings>
  </service>
  <service>
    <name>swift</name>
    <settings>https</settings>
  </service>
</services>
  1. Upload ændringerne, så de kan anvendes.
Eksempel:      
# curl -kv -X PUT -H "$TOKEN" -H "Content-Type: application/xml" -H "ACCEPT:application/xml" -d @service.conf https://<managment_IP>:4443/service

admin@ecssh121:~> curl -kv -X PUT -H "$TOKEN" -H "Content-Type: application/xml" -H "ACCEPT:application/xml" -d @service.conf https://xx.xx.xx.xx1:4443/service*   Trying 1xxxx
* TCP_NODELAY set
* Connected to Mangement IP ) port 4443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=localhost
*  start date: Dec  3 09:36:45 2019 GMT
*  expire date: Nov 30 09:36:45 2029 GMT
*  issuer: CN=localhost
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> PUT /service/atmos HTTP/1.1
> Host: Mangement_IP:4443
> User-Agent: curl/7.60.0
> X-SDS-AUTH-TOKEN: BAAcOEhQVjhncGZrTk1oOCtmWTYzbEdkcndyNzUwPQMAjAQASHVybjpzdG9yYWdlb3M6VmlydHVhbERhdGFDZW50ZXJEYXRhOmM0NDE4MWRhLTliNjQtNDhiZi1iNDYwLWU3ZDYxYTA4ZDA0ZQIADTE1ODEwNjQ0NDA1MTYDAC51cm46VG9rZW46ZmVmM2E3YTctNzVjMi00YzdlLTg2MzQtMDc3ZGFjNTI3YjA2AgAC0A8=
> Content-Type: application/xml
> ACCEPT:application/xml
> Content-Length: 149
>
* upload completely sent off: 149 out of 149 bytes
< HTTP/1.1 200 OK
< Date: Fri, 07 Feb 2020 15:06:32 GMT
< Content-Type: application/xml
< Content-Length: 0
< Connection: keep-alive
<
* Connection #0 to host  IP left intact

Additional Information

Sådan opretter du et TOKEN til administrationsbrugeren:     
# TOKEN=$(curl -i -k https://Mangement-IP:4443/login -u <mangement user>:<PassWord> | grep X-SDS-AUTH-TOKEN);echo $TOKEN
Hvis dette gøres direkte på ECS, skal du bruge svc_rest_cmd: 
# svc_rest_cmd get /service/
Hvis du vil anvende ændringer med svc_rest_cmd, skal du definere administrationsbrugeren: 
# svc_rest_cmd PUT -u root -p ChangeMe -xml -file /home/admin/service.conf service/
Det er ikke nødvendigt at køre alle tjenester samtidigt; individuelle tjenester kan udføres (service/atmos eller service/nfs).

Affected Products

ECS Appliance

Products

ECS Appliance, ECS Appliance Gen 1, ECS Appliance Gen 2, ECS Appliance Gen 3, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, Elastic Cloud Storage
Article Properties
Article Number: 000021336
Article Type: How To
Last Modified: 23 Oct 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.