DNAC: Signing a certificaate with internal CA

pennyyeung · ‎11-23-2022

Hi,

I'm going to replace the default certificate.

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html

My DNAC version is 2.2.2.9. I followed DNAC security best practices and can't find the field to input and change my current empte field - cluster_hostname. Anyone know how to update my field cluster_hostname before I can proceed to generate a new certificate?

Input
$ maglev cluster network display
Output
cluster_network:
	cluster_dns: 169.254.20.10
	cluster_hostname:

If the cluster_hostname output field is empty or is not what you want, add or change the Cisco DNA Center hostname (FQDN) by entering the sudo maglev-config update command, as shown in the following example. You must have root privileges to run this command.

Input
$ sudo maglev-config update
Output
Maglev config wizard GUI

Click Next until you see the step I can't the title MAGLEV CLUSTER DETAILS containing the input prompt Cluster's hostname.

Also, I typed $etcdctl get /maglev/config/cluster/cluster_network
{"cluster_vip": ["172.16.255.180", "172.16.240.1", "172.16.1.195"], "cluster_subnet": "169.254.48.0/20", "cluster_dns": "169.254.20.10", "cluster_hostname": "", "container_subnet": "169.254.32.0/20"}

cluster_hostname: "" <== empty

pennyyeung · ‎11-30-2022

Hello,

May I know how to update cluster name?

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html

There is no step "titled MAGLEV CLUSTER DETAILS containing the input prompt Cluster's hostname" after "sudo maglev-config update"

Anyone know the reason why or changed other way to update cluster name in 2.2.2.9?