In the event that the FlashArray is running Purity/FA 5.0.x, 5.1.x or 5.2.x, then the storage providers will need to be removed and re-registered.
If the re-register is failing, then you may need to open up a support case to have support reset the certificates on the VASA service for each controller.
Once the certificate is reset by Pure Support, then re-register the storage providers with the new IP addresses.
Support, please run the following from the both controllers in the event that the customer is unable to re-register the storage providers after changing the IP address of the controller.
Essentially, the customer is going to be in a state that the certificates currently loaded for vasa-ct0 and vasa-ct1 will have the old IP addresses in them. For the most part, the customer should be able to just remove the old storage providers and re-register them again with the updated IP addresses. However, in the event that they are unable to register the storage providers, then support can reset the certificates and restart the vasa service.
Please note that on 5.3.0+ these actions are not necessary. Do not run these steps on a 5.3.0+ array.
|
Here are the commands that will need to be followed to reset the certificate in Purity 5.1.6+ and 5.2.0+ |
|
Once the Certificate is reset, have the customer register the storage providers.
There could be a chance that if the array is on 5.1.6 or 5.1.7 and the customer is using intermediate certificates. If that is the case, make sure you follow the steps to update the vasa nginx; look at Correcting the Problem.
If the customer is running Purity 5.1.0-5.1.5 or Purity 5.0, the process for resetting the certificates is a bit easier. You'll remove the keystore and truststore and then restart vasa. This will need to be done for both controllers.
|
|
Support: do not run these commands on a FlashArray that is running Purity 5.3.0 or higher. It is very important to run neither the openssl method or keystore method on a Purity 5.3 array.