Dell Networking OS10: How to Run Certificate Update from Linux
摘要: How to use Live Linux ISO to update OS10 certificate.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
說明
Table of Contents
Requirements to be Met
- Must have Linux ISO downloaded (In this case, it is CentOS 7 KDE live ISO.)
- Must have internet access on Linux VM
- The switch is reachable from VM
- Switch Sysadmin role user
- Must not have “system-cli disable” configured
Steps to Run Script from Live Linux ISO
- Boot to the ISO from VMware (or another hypervisor)
Link for CentOS 7 KDE live ISO download:
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-73D0598A-2F3E-4BBE-88C2-A4EEE6097784.html
https://buildlogs.centos.org/centos/7/isos/x86_64/
https://buildlogs.centos.org/centos/7/isos/x86_64/
Created VM settings with mounted ISO:
Boot into the CentOS disk:
- Right click to open Konsole.
- Run yum, install, expect, and unzip.
sudo yum install expect unzip -y
- Save file to Linux system (can transfer directly to host or download for DDL using Firefox).
scp <user>@<hostip>:</filelocation/filename> <filename>
- Unzip the file and run chmod to make the file executable.
unzip cert_upgrade_script-3.zip
chmod 777 cert_upgrade_script/*
- Run file to each switch IP or with host file per readme to confirm vulnerable and applied.
cd cert_upgrade_script
./cert.sh -u admin -p admin -h <IP> -c
./cert.sh -u admin -p admin -h <IP>
./cert.sh -u admin -p admin -h <IP> -c
- After executing the script, check KB article 184027: Dell Networking OS10 Certificate Expiration and Solution. for the next steps.
ALERT: Flap the VLTi or reload switch based upon KB steps for cert to take effect.
Command Summary
| Command | Explanation |
| sudo yum install expect unzip -y | Install needed packages |
| cd Desktop | Move the desktop directory |
| scp <user>@<hostip>:</filelocation/filename> <filename> | Download the script to the Desktop |
| unzip cert_upgrade_script-3.zip | Unzip the script file |
| chmod 777 cert_upgrade_script/* | chmod to allow the .sh and folder to be read/write/execute |
| cd cert_upgrade_script | Change to the cert directory |
| ./cert.sh -u admin -p admin -h <IP> -c | check the switch is vulnerable. |
| ./cert.sh -u admin -p admin -h <IP> | Run script to change cert |
| ./cert.sh -u admin -p admin -h <IP> -c | Check to see if switch was updated |
Items to Take Note
- The script does version checks for if running at a version earlier than 10.4.3.x.
- If running earlier than this version, it creates the message “running a version less than 10.4.3.x, please upgrade to newer version”
- The script does version checks for if funning at a version later than 10.5.1.0. (in script version v4).
- The system is not vulnerable if other switches in the cluster are also running 10.5.1.0 or later.
- Newer firmware may have affected cert however, it is not in use, and as such, can be ignored or upgraded without concern.
- Ensure to use ‘ (single quotes) if special characters are in username or password on Linux.
- If existing Linux OS, ensure version is 5.45 or later.
受影響的產品
PowerSwitch S3048-ON, PowerSwitch S4048-ON, Dell EMC Networking MX5108n, Dell EMC Networking MX9116n, Dell EMC Networking N3200-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON
, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON, PowerSwitch S5148F-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S6010-ON, PowerSwitch S6100-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON
...
文章屬性
文章編號: 000188438
文章類型: How To
上次修改時間: 07 10月 2021
版本: 4
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。