NSX Advanced Load Balancer 允许用户自定义何时触发 SSL 证书过期通知。系统预计最少提供 3 天通知。默认情况下,在过期前 30 天、7 天和 1 天触发警示。
示例
在该示例中,先查看控制器的属性。将配置更新为两个通知周期(45 天和 14 天)并保存。查看修订的控制器属性以进行确认。
注:
将自动插入这两个日期并按顺序显示。
[admin:10-10-26-52]: > configure controller properties Updating an existing object. Currently, the object is: +-----------------------------------------+---------+ | Field | Value | +-----------------------------------------+---------+ | uuid | global | | unresponsive_se_reboot | 300 | | crashed_se_reboot | 900 | | se_offline_del | 172000 | | vs_se_create_fail | 1500 | | vs_se_vnic_fail | 300 | | vs_se_bootup_fail | 300 | | se_vnic_cooldown | 120 | | vs_se_vnic_ip_fail | 120 | | fatal_error_lease_time | 120 | | upgrade_lease_time | 360 | | query_host_fail | 180 | | vnic_op_fail_time | 180 | | dns_refresh_period | 60 | | se_create_timeout | 900 | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 | | api_idle_timeout | 15 | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 | | vs_key_rotate_period | 60 | | secure_channel_controller_token_timeout | 60 | | secure_channel_se_token_timeout | 60 | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 | | vs_apic_scaleout_timeout | 360 | | secure_channel_cleanup_timeout | 60 | | attach_ip_retry_interval | 360 | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 60 | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 300 | | vs_se_ping_fail | 60 | | se_failover_attempt_interval | 300 | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 30 days | | ssl_certificate_expiry_warning_days[2] | 7 days | | ssl_certificate_expiry_warning_days[3] | 1 days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 | +-----------------------------------------+---------+
[admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 45 [admin:10-10-26-52]: controllerproperties> ssl_certificate_expiry_warning_days 14 [admin:10-10-26-52]: controllerproperties> save +-----------------------------------------+---------+ | Field | Value | +-----------------------------------------+---------+ | uuid | global | | unresponsive_se_reboot | 300 | | crashed_se_reboot | 900 | | se_offline_del | 172000 | | vs_se_create_fail | 1500 | | vs_se_vnic_fail | 300 | | vs_se_bootup_fail | 300 | | se_vnic_cooldown | 120 | | vs_se_vnic_ip_fail | 120 | | fatal_error_lease_time | 120 | | upgrade_lease_time | 360 | | query_host_fail | 180 | | vnic_op_fail_time | 180 | | dns_refresh_period | 60 | | se_create_timeout | 900 | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 | | api_idle_timeout | 15 | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 | | vs_key_rotate_period | 60 | | secure_channel_controller_token_timeout | 60 | | secure_channel_se_token_timeout | 60 | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 | | vs_apic_scaleout_timeout | 360 | | secure_channel_cleanup_timeout | 60 | | attach_ip_retry_interval | 360 | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 60 | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 300 | | vs_se_ping_fail | 60 | | se_failover_attempt_interval | 300 | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 45 days | | ssl_certificate_expiry_warning_days[2] | 30 days | | ssl_certificate_expiry_warning_days[3] | 14 days | | ssl_certificate_expiry_warning_days[4] | 7 days | | ssl_certificate_expiry_warning_days[5] | 1 days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 |
要移除任何 warning_days 条目,请在 configure 命令中执行一个序列,如下所示。
[admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 14 [admin:10-10-26-52]: controllerproperties> no ssl_certificate_expiry_warning_days 1 [admin:10-10-26-52]: controllerproperties> save
注:
添加所需数量的 warning_days 条目。不过,在移除这些条目时,NSX Advanced Load Balancer 拒绝将条目数减少到低于三个的任何尝试。
