This tip represents a list of suggested hardware installation, configuration options, and redundancy tests for UCS. This simple includes a of items you should always do when settings up a Cisco UCS environment that includes fabric interconnects. Note this is NOT a comprehensive list, just a list of things I suggest that you absolutely do in your environment. This list was compiled from looking at many environments installed by many people.
Since the steps below detail how to intentionally "break" your system I feel like to need to remind you that this is NOT an official cisco web site or resource. This page as with all information found on this site, http://ciscoquicklinks.com does NOT take any legal responsibility for the results of performing any of these tests in your environment. The content of this page and site including may include errors and inaccuracies and are provided for informational purposes only and should be considered "use at your own risk". Please refer to http://cisco.com/go/ucs and it's related support web sites for "official" and "legally responsible" types of information.
Most key UCS documentation is found on the documentation roadmap pages on the Cisco web site. These links are also found on the Data Center page on http://ciscoqucklinks.com page.
- Cisco UCS B-Series Servers Documentation Roadmap - Links to most of the documentation associated with the B-Series platform
- Cisco UCS C-Series Servers Documentation Roadmap - Links to most of the documentation associated with the C-Series rack server platform.
There are several reasons why you'd want to create a new keyring certificate. Occasionally your certificate will expire and you will be forced to create a new certificate. The following image shows what types of errors that might be observed driving you to create new certificate.
Example of certificate keyring error
Bold text is text entered by the Administrator at the command line. Note when the commit-buffer command is issued all GUI sessions will be terminated. It may take several minutes before the new key is valid. Incorrect time settings may cause it to take a bit longer for the new certificate to be valid.
- Using Putty or equivalent, login to the UCS Manager cluster as an administrator user
FI-A # scope security
FI-A/security # scope keyring default
FI-A/security/keyring # set regenerate yes
FI-A/security/keyring # commit-buffer
Bold text is text entered by the Administrator at the command line.
FI-A/security/keyring # scope security
FI-A/security # show keyring detail - Towards the top of the details it will tell you whether the certificate is valid or expired. It may take several minutes and several tries before the certificate is shown as valid. If it does not after 10 minutes try logging into the GUI and comparing the valid times of the certificate to the system time displayed at the bottom right of the GUI.