NSX Advanced Load Balancer 允许用户自定义何时触发 SSL 证书过期通知。系统预计最少提供 3 天通知。默认情况下,在过期前 30 天、7 天和 1 天触发警示。

示例

在该示例中,先查看控制器的属性。将配置更新为两个通知周期(45 天和 14 天)并保存。查看修订的控制器属性以进行确认。

注:

将自动插入这两个日期并按顺序显示。

[admin:10-10-26-52]: > configure controller properties
Updating an existing object. Currently, the object is:

+-----------------------------------------+---------+
| Field                                   | Value   |
+-----------------------------------------+---------+
| uuid                                    | global  |
| unresponsive_se_reboot                  | 300     |
| crashed_se_reboot                       | 900     |
| se_offline_del                          | 172000  |
| vs_se_create_fail                       | 1500    |
| vs_se_vnic_fail                         | 300     |
| vs_se_bootup_fail                       | 300     |
| se_vnic_cooldown                        | 120     |
| vs_se_vnic_ip_fail                      | 120     |
| fatal_error_lease_time                  | 120     |
| upgrade_lease_time                      | 360     |
| query_host_fail                         | 180     |
| vnic_op_fail_time                       | 180     |
| dns_refresh_period                      | 60      |
| se_create_timeout                       | 900     |
| max_dead_se_in_grp                      | 1       |
| dead_se_detection_timer                 | 360     |
| api_idle_timeout                        | 15      |
| allow_unauthenticated_nodes             | False   |
| cluster_ip_gratuitous_arp_period        | 60      |
| vs_key_rotate_period                    | 60      |
| secure_channel_controller_token_timeout | 60      |
| secure_channel_se_token_timeout         | 60      |
| max_seq_vnic_failures                   | 3       |
| vs_awaiting_se_timeout                  | 60      |
| vs_apic_scaleout_timeout                | 360     |
| secure_channel_cleanup_timeout          | 60      |
| attach_ip_retry_interval                | 360     |
| attach_ip_retry_limit                   | 4       |
| persistence_key_rotate_period           | 60      |
| allow_unauthenticated_apis              | False   |
| warmstart_se_reconnect_wait_time        | 300     |
| vs_se_ping_fail                         | 60      |
| se_failover_attempt_interval            | 300     |
| max_pcap_per_tenant                     | 4       |
| ssl_certificate_expiry_warning_days[1]  | 30 days |
| ssl_certificate_expiry_warning_days[2]  | 7 days  |
| ssl_certificate_expiry_warning_days[3]  | 1 days  |
| seupgrade_fabric_pool_size              | 20      |
| seupgrade_segroup_min_dead_timeout      | 360     |
+-----------------------------------------+---------+
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 45
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 14
[admin:10-10-26-52]: controllerproperties> save

+-----------------------------------------+---------+
| Field                                   | Value   |
+-----------------------------------------+---------+
| uuid                                    | global  |
| unresponsive_se_reboot                  | 300     |
| crashed_se_reboot                       | 900     |
| se_offline_del                          | 172000  |
| vs_se_create_fail                       | 1500    |
| vs_se_vnic_fail                         | 300     |
| vs_se_bootup_fail                       | 300     |
| se_vnic_cooldown                        | 120     |
| vs_se_vnic_ip_fail                      | 120     |
| fatal_error_lease_time                  | 120     |
| upgrade_lease_time                      | 360     |
| query_host_fail                         | 180     |
| vnic_op_fail_time                       | 180     |
| dns_refresh_period                      | 60      |
| se_create_timeout                       | 900     |
| max_dead_se_in_grp                      | 1       |
| dead_se_detection_timer                 | 360     |
| api_idle_timeout                        | 15      |
| allow_unauthenticated_nodes             | False   |
| cluster_ip_gratuitous_arp_period        | 60      |
| vs_key_rotate_period                    | 60      |
| secure_channel_controller_token_timeout | 60      |
| secure_channel_se_token_timeout         | 60      |
| max_seq_vnic_failures                   | 3       |
| vs_awaiting_se_timeout                  | 60      |
| vs_apic_scaleout_timeout                | 360     |
| secure_channel_cleanup_timeout          | 60      |
| attach_ip_retry_interval                | 360     |
| attach_ip_retry_limit                   | 4       |
| persistence_key_rotate_period           | 60      |
| allow_unauthenticated_apis              | False   |
| warmstart_se_reconnect_wait_time        | 300     |
| vs_se_ping_fail                         | 60      |
| se_failover_attempt_interval            | 300     |
| max_pcap_per_tenant                     | 4       |
| ssl_certificate_expiry_warning_days[1]  | 45 days |
| ssl_certificate_expiry_warning_days[2]  | 30 days |
| ssl_certificate_expiry_warning_days[3]  | 14 days |
| ssl_certificate_expiry_warning_days[4]  | 7 days  |
| ssl_certificate_expiry_warning_days[5]  | 1 days  |
| seupgrade_fabric_pool_size              | 20      |
| seupgrade_segroup_min_dead_timeout      | 360     |

要移除任何 warning_days 条目,请在 configure 命令中执行一个序列,如下所示。

[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 14
[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 1
[admin:10-10-26-52]: controllerproperties> save
注:

添加所需数量的 warning_days 条目。不过,在移除这些条目时,NSX Advanced Load Balancer 拒绝将条目数减少到低于三个的任何尝试。