With the Release of Purity//FA 5.3.12 the issue with certificates not persisting hardware changes has been fixed. Should the FlashArray be running Purity 5.3.12+ , 6.0.3+ or 6.1.0+ then Pure Storage does not expect any issues with certificate authentication post hardware replacement or upgrade.
Pure Storage does strongly recommend vVols customers to upgrade to Purity 5.3.12 or higher if there is going to be a controller upgrade or replacement.
If running Purity 5.3+ and any changes need to be made to the VASA Provider Certificate, please refer to the KB on how to manage vasa certificates in Purity 5.3+ with purecert.
Should a new IP be used on the new controller, the certificate will likely need to be regenerated or re-imported, then the Storage Provider will need to be re-registered in vCenter.
Otherwise, if no changes were made to the IP or FQDN of the FlashArray, then only the process of re-registering the storage providers needs to be followed. The reason that the storage providers need to be reregistered on Purity 5.3 (VASA 1.1.0) is that the trusted root certs from VMCA that are stored with VASA are locally stored currently. Pure Engineering has identified a fix and has implemented the fix in Purity 5.3.12.
Re-Registering the New Controller's Storage Provider
Essentially the process is as follows.
- Remove the storage provider for the controller that's being replaced or upgraded.
- Wait for the controller to be upgraded or replaced and the new one is serving IO.
- Register the storage provider for the controller that was replaced.
- Check that both storage providers are Healthy and Online in vCenter.
Should the FlashArray be running Purity 5.1.6, 5.1.7 or 5.2.0, Support will need to regenerate the VASA certificate on the new Controller before the Storage Provider is re-registered in vCenter or with the Plugin. This problem has been resolved in Purity 5.2.1+ and 5.1.8+. Please note that on 5.3.0+ these actions are not necessary. The customer is able to manage the certificate with purecert command/api.
Here are some guide/examples of the process.
|Navigate to either the Host, VM or Datastore View.
Click on the vCenter you need to remove the Storage Provider.
Click on the Configure Tab and select Storage Providers.
HTML5 Web Client
Flash Web Client
In this example, we are going to say that CT0 is getting replaced.
|Confirm you are removing the correct controller's storage provider and proceed.
|Here we can see that CT0 is no longer registered.
The process of upgrading/replacing the controller can continue now.
|Once the new controller is in place, confirm with Support that everything is online and serving IO.
Then click on the button to add a Storage Provider.
Input the previous name and IP address with port 8084 and register with the needed credentials.
|All done, the Controller's Storage Provider is now Registered
If you are doing a Hardware NDU you will need to repeat this process for the next controller getting upgraded.
Using the Plugin to re-register the Storage Provider
|Instead of manually registering the Storage Provider for the new Controller, you can use the Pure Storage VMware Plugin.
You will follow the same steps to remove the controller.
The plugin will register the missing controllers storage provider. Here is an example:
Once the new controller is in place, confirm with Support that everything is online and serving IO.
Then click on the Menu button and then select the Pure Storage Plugin.
Select the FlashArray in the list on the right you need to register again.
Then click the button to register the storage provider.
Select the vCenter/s you need to re-register the Storage Provider/s.
Provide the Credentials and register.
Go back to the vCenter Storage Providers under the Configure Tab.
Confirm that both storage providers are Online.
All done. If you are doing a Hardware NDU you will need to repeat this process for the next controller getting upgraded.