Print Email PDF

Install VPN Keys on a Cluster

IN THIS ARTICLE

Outlines how to install VPN keys on a cluster over the network 

REQUIREMENTS

  • VPN keys have been generated and sent by a CSM for your customer account
  • Firewall rules have been modified to whitelist the following:
    • missionq.qumulo.com
    • ep1.qumulo.com
    • monitor.qumulo.com
  • Outbound HTTPS traffic over port 443 is permitted

NOTE: If the firewall performs Stateful Packet Inspection (sometimes called SPI or Deep Packet Inspection), the firewall admin must explicitly Allow OpenVPN (SSL VPN) rather than simply opening port 443.

PROCESS

MAC

  1. Download and unzip the zip file that CSM provided onto a computer running Mac OS X on the same network as the cluster.
  2. Bring up a terminal and copy the 3 files onto one of the nodes.
scp /<VPN Key file path>/* admin@<node ip address>:~/
  1. SSH to the same node where you’ve copied the VPN key files
ssh admin@<node ip address>
  1. Install VPN Keys to all the nodes on the cluster.
sudo qq install_vpn_keys /home/admin/

Proceed to FINAL STEPS below.

WINDOWS

  1. Download putty.exe and pscp.exe from here onto a Windows machine.
  2. Download and unzip the zip file that CSM provided onto the same Windows machine on the same network as the cluster.
  3. Bring up a command line window, browse to the folder that contains putty.exe and pscp.exe, and copy the three files onto one of the nodes.
cd \Users\<username>\Downloads\
pscp \<VPN Key file path>\* admin@<node ip address>:/home/admin
  1. Execute putty.exe and enter below in the Host Name field of the same node where you’ve copied the VPN key files.
admin@<node ip address>
  1. Install VPN Keys to all the nodes on the cluster.
sudo qq install_vpn_keys /home/admin/

FINAL STEPS

  1. Verify that the keys are installed.
sudo qq get_vpn_keys
  1. Clean up by removing VPN Key files from /home/admin: 
rm /home/admin/*.key
rm /home/admin/*.crt
  1.  Identify cluster ID using the following command:
sudo qq node_state_get
  1. Send the CSM the output and provide the name of the cluster.
  2. Enable the Qumulo Care Remote Support via WebUI.
  3. Notify CSM when complete so VPN connectivity can be tested and the cluster can be added to Cloud-Based Monitoring.

RESOLUTION

You should now be able to successfully install VPN keys on your cluster.

ADDITIONAL RESOURCES

QQ CLI: Monitoring and VPN

Qumulo's Remote Support

Qumulo Care Proactive Monitoring

 

Like what you see? Share this article with your network!

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.