Avamar 19.3+:Goav Security 密钥库显示并检查密钥库和密码箱运行状况,并自动修复
Resumen: 使用 Goav 工具显示密钥库内容或检查 Avamar 系统上所有密钥库的运行状况。
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Instrucciones
支持的最新 Avamar 版本:19.10
命令集支持的 Avamar 版本:19.3+
Goav 所需版本:1.39+,推荐版本最低 1.50
下载/安装 Goav 工具
000192151 |Avamar:Goav 工具
笔记
- 在 Avamar 的每个后续版本中,必须再次验证该功能。
- 所有 goav 安全命令都必须以 root 身份运行。
特征
显示密钥库内容
此命令提供一个下拉选择提示,以选择要打印的密钥库
使用可选的自动修复
检查密钥库和密码箱配置此命令会针对 Avamar 系统上的所有密钥库执行多项运行状况检查。
- 检查每个密钥库是否存在。
- 检查密钥库权限和所有权。
- 检查密码箱密钥库密码的运行状况。
- 检查密码箱和密钥库密码是否匹配。
- 检查每个密钥库的格式是否正确 (PKCS12)。
- 检查每个密钥库中是否存在每个必需的别名(证书)。
- 打印包含详细问题消息的通过/失败摘要。
例子
显示密钥库
在被动模式下检查密钥库配置
在主动/自动修复模式下检查密钥库配置
命令集支持的 Avamar 版本:19.3+
Goav 所需版本:1.39+,推荐版本最低 1.50
下载/安装 Goav 工具
000192151 |Avamar:Goav 工具
笔记
- 在 Avamar 的每个后续版本中,必须再次验证该功能。
- 所有 goav 安全命令都必须以 root 身份运行。
特征
显示密钥库内容
此命令提供一个下拉选择提示,以选择要打印的密钥库
./goav security keystore show
此命令会将所有密钥库打印到屏幕上。
./goav security keystore show --all
使用可选的自动修复
检查密钥库和密码箱配置此命令会针对 Avamar 系统上的所有密钥库执行多项运行状况检查。
- 检查每个密钥库是否存在。
- 检查密钥库权限和所有权。
- 检查密码箱密钥库密码的运行状况。
- 检查密码箱和密钥库密码是否匹配。
- 检查每个密钥库的格式是否正确 (PKCS12)。
- 检查每个密钥库中是否存在每个必需的别名(证书)。
- 打印包含详细问题消息的通过/失败摘要。
./goav security keystore check-config
此命令会针对所有密钥库执行多项运行状况检查,并自动修复它们。
- 检查每个密钥库是否存在。
- 检查密钥库权限和所有权
- 检查密码箱密钥库密码短语的运行状况。
- 检查密码箱/密钥库密码是否匹配。
- 检查每个密钥库的格式是否正确 (PKCS12)。
- 检查每个密钥库中是否存在每个必需的别名(证书)。
- 打印包含详细问题消息的通过/失败摘要。
- 自动重新生成缺少的密钥库。
- 自动修复权限和所有权。
- 如果密码箱密码与密钥库密码不匹配,则自动重新生成密钥库。
- 在重新生成
之前备份现有密钥库 - 如有必要,自动重新生成密钥库或特定别名。
- 从 Java RMI 密钥库更新 MCSSL 私钥条目,以与 avi 和 tomcat 密钥库同步。
- 重新启动适当的服务
./goav security keystore check-config --fix
例子
显示密钥库
root@ser-ave03:/home/admin/#: ./goav security keystore show
===========================================================
GoAv : 1.39
Avamar : 19.7
Date : 19 Oct 2022 10:28 MDT
===========================================================
NOTE: This is not an official tool
===========================================================
Use the arrow keys to navigate: ↓ ↑ → ←
Select Keystore to Print:
RMI_SSL_KEYSTORE
AVAMAR_KEYSTORE
→ AVINSTALLER_KEYSTORE
TOMCAT_KEYSTORE
在被动模式下检查密钥库配置
root@avmr-4400-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:31 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE
在主动/自动修复模式下检查密钥库配置
root@avamar-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config --fix =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:32 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config --fix NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE ************************ Task: Auto-Fix Keystores ************************ INFO: Begin fixing any keystore issues... INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate... INFO: Renamed /usr/local/avamar/lib/rmi_ssl_keystore to /usr/local/avamar/lib/x-rmi_ssl_keystore.bak INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate succeeded INFO: Regenerating RMI_SSL_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/rmi_ssl_keystore] Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US Enter key password for <mcjwt> (RETURN if same as keystore password): [Storing /usr/local/avamar/lib/rmi_ssl_keystore] INFO: RMI_SSL_KEYSTORE Successfully Regenerated INFO: Please re-import any vcenter certificate if vcenter certificate authentication is used INFO: RMI_SSL_KEYSTORE Permissions & Ownership Updated INFO: Regenerating AVINSTALLER_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/avi/avi_keystore] INFO: AVINSTALLER_KEYSTORE Successfully Regenerated INFO: AVINSTALLER_KEYSTORE Permissions & Ownership Updated INFO: Renaming /home/admin/.keystore in order to regenerate... INFO: Renamed /home/admin/.keystore to /home/admin/x-.keystore.bak INFO: Renaming /home/admin/.keystore in order to regenerate succeeded INFO: Regenerating TOMCAT_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /home/admin/.keystore] INFO: TOMCAT_KEYSTORE Successfully Regenerated INFO: TOMCAT_KEYSTORE Permissions & Ownership Updated INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore... INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore succeeded INFO: Restarting MCS [======> ] INFO: Restarting MCS succeeded INFO: Restarting avinstaller service [==========> ] INFO: Restarting avinstaller service succeeded INFO: Restarting tomcat service [ ] INFO: Restarting tomcat service succeeded DONE
Productos afectados
AvamarPropiedades del artículo
Número del artículo: 000204386
Tipo de artículo: How To
Última modificación: 30 oct. 2025
Versión: 15
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.