clustergroup fetchchainca

Displays location of the CA certificate chain on the specified cluster or all clusters in the cluster group.

When it comes to a cluster group, there are multiple clusters in the cluster group. One or more external S3 servers could be a part of the cluster group if they are imported into Data Fabric.

A CA certificate is the means for a S3 client will to connect to a cluster or to an external S3 server in a cluster group.

Every cluster or fabric has a CA certificate that is signed by HPE.

You could have generated a combined CA certificate or a CA certificate chain for multiple fabrics/ clusters that are part of the global namespace or cluster group. The CA certificate chain is retrieved from cldb of the primary cluster.

If you wish to add an external s3 server to cluster group, you would require the certificate of external s3 server to be stored on the cldb of the primary server.

Use the clustergroup fetchchainca CLI command to display the location of the CA certificate chain for the specified cluster in a cluster group or all clusters in the cluster group.

By default, the CA certificate chain is saved in /tmp/chain-ca.pem.

Once you have the location of the CA certificate chain, you can copy it to the desired location.

Syntax

CLI
maprcli clustergroup fetchchainca
   [ - clustername name of the cluster]
   [ - allclusters all clusters <true|false> ]
Request Type POST
Request URL
http[s]://<host>:<port>/rest/clustergroup/fetchchainca?<parameter>

Options

Option Description

clustername

(Required if allclusters option is not specified) The name of the cluster for which the CA certificate chain path is to be displayed.

allcluster

(Required if clustername option is not specified) Permissible values for this option are true and false. Use true to display the CA certificate chain path for all clusters in the cluster group.

Example

Display CA certificate chain path for cluster-one in a clustergroup

CLI
maprcli clustergroup fetchchainca -clustername cluster-one
REST
curl -u <username> -X GET https://server.sj.us:8443/rest/clustergroup/fetchchainca?clustername=cluster-one

Display CA certificate chain path for all clusters in the cluster group

CLI
maprcli clustergroup fetchchainca -allclusters true
REST
curl -u <username> -X GET https://server.sj.us:8443/rest/clustergroup/fetchchainca?allclusters=true