Authenticating gRPC Client

To authenticate a gRPC client, set up a host and/or a port for the connection, and replace a TLS/SSL public key certificate if necessary. For gRPC connections, only server needs to provide its certificate to client (the server-side TLS connection type).

To set up client-server connection settings, run the command

Warning:

When you change any parameter of the settings auth modify command, the xiraid.target service restarts.

Tip:

The command neither requires acceptance of the EULA nor running xiraid.target service.

# xicli settings auth modify <args>
Table 1. Arguments for the auth modify subcommand

At least one argument is required

--host

The host name or IP address that will be used for the connection.

After changing the host, you must re-generate and replace the certificate.

The default: localhost.

--port

The port that will be used for the connection.

The default: 6066.

To view client-server connection settings, run the command

# xicli settings auth show
Table 2. Argument for the auth show subcommand

Optional argument
-f --format

Output format:

  • table;
  • json;
  • prettyjson – human-readable json.

The default: table.

To replace the certificate:

Warning:

The certificates require that the system time is not earlier than June 24, 2019.

  1. copy the files to /etc/xraid/crt/ that are strictly named

    • server-key.key (or server-key.pem);
    • server-cert.crt (or server-cert.pem);
    • ca-cert.crt (or ca-cert.pem);

    If there are .pem and .key/.crt files in /etc/xraid/crt/ at the same time, the system will use .key/.crt files.

  2. restart the xiraid service:

    # systemctl restart xiraid.target