Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Updating the IP Address Trustlist or Listening IP Address Segment

On an offload node, run the haf-tool config command to configure the IP address trustlist and listening IP address segment. Go to the installation directory and run the following command:

  • Set the IP address trustlist.

    ./tools/haf-tool config --set ip_white_list <value>

  • Set the listening IP address segment, for example, to 192.168.119.0/24.

    ./tools/haf-tool config --set listen_ip <value>

haf-tool uses the internal software kmc_tool_bin to encrypt the trustlist entered by the user. This tool is stored in bin in the installation directory and is invoked internally as follows:

LD_LIBRARY_PATH=<haf_dir>/lib/ <haf_dir>/bin/kmc_tool_bin --ksfa <service_ksfa_path> --ksfb <service_ksfb_path> --encrypt_passwd <ip_list> --output_passwd_file <ip_list_path>

Table 1 Parameter description

Option

Description

Mandatory

--ksfa <service_ksfa_path>

Path for storing the KMC primary key file. The <cert_path>/service.ksfa parameter is specified when haf-tool invokes the encryption command.

Yes

--ksfb <service_ksfb_path>

Path for storing the KMC backup key file. The <cert_path>/service.ksfb parameter is specified when haf-tool invokes the encryption command.

Yes

--encrypt_passwd <ip_list>

Trustlist, which is entered by the user and transferred by haf-tool.

Yes

--output_passwd_file <ip_list_path>

Path for storing the encrypted trustlist file. The <cert_path>/ip_white_list parameter is specified when haf-tool invokes the encryption command.

Yes
  • haf_dir indicates the directory where HAF is installed.
  • When invoking kmc_tool_bin, use LD_LIBRARY_PATH to specify the path of the dependency dynamic library.
  • kmc_tool_bin is an internal tool of the software. You are not advised to invoke it independently.

The following steps use the HAF service on offload nodes as an example. For the HAF library on offload nodes, perform similar steps.

  1. Use SmartKit to resend the IP address trustlist. The command is as follows:

    Parameter

    Description

    Task Name

    Updating the IP address trustlist

    Task Description

    Updating the IP address trustlist of offload nodes

    Run Directory

    /home/omm/haf-install/haf-target

    Run Command

    /home/omm/haf-install/haf-target/tools/haf-tool config --set ip_white_list ip_list

    Whether to Check Return Code

    Yes

    Expected Return Code

    0
  2. Use SmartKit to update a listening IP address segment. The command is as follows:

    Parameter

    Description

    Task Name

    Updating the IP address trustlist

    Task Description

    Updating the IP address trustlist of offload nodes

    Run Directory

    /home/omm/haf-install/haf-target

    Run Command

    /home/omm/haf-install/haf-target/tools/haf-tool config --set listen_ip sevice_ip_value

    Whether to Check Return Code

    Yes

    Expected Return Code

    0