No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 11

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Commissioning the Driver

(Optional) Commissioning the Driver

Enabling the Driver Component

The Driver component is installed but is disabled by default during eSight installation. To report the resource, alarm, and performance information of the devices managed by eSight to the CloudOpera, you need to enable the Driver component so that after eSight connected to the CloudOpera, the Driver component can collect the infrastructure information, report the information to other services, and receives and delivers the requests from other services.

Prerequisites

  • You have obtained the system IP addresses of the active and standby eSight servers.
  • You have obtained the ossuser password of the active and standby eSight servers. The initial password of the ossuser user is Changeme_123. To improve system security, you are advised to change the initial password immediately, and change the password periodically (such as six months) to prevent security risks such as password violent cracking.

Procedure

  1. Use PuTTY to log in to the active eSight server as the ossuser user.
  2. Run the command to enable the Driver component function based on the application scenarios of the eSight Driver.

    • eSight Driver for network flow management:

      cd /opt/eSight/AppBase/tools

      sh driver_start.sh netflow

    • eSight Driver not for network flow management:

      cd /opt/eSight/AppBase/tools

      sh driver_start.sh esight

    The following information indicates that the Driver component is enabled successfully.

    start driver success!

  3. Restart the eSight system.

    1. Stop the eSight system through commands.
      1. Use PuTTY to log in to the standby eSight server as the ossuser user.
      2. Run the following commands to stop the eSight system:

        cd /opt/ommha/ha/bin

        ./stop.sh

        The following information indicates that the standby eSight server is stopped successfully:

        stop HA successfully.
      3. Use PuTTY to log in to the active eSight server as the ossuser user.
      4. Run the following commands to stop the eSight system:

        cd /opt/ommha/ha/bin

        ./stop.sh

        The following information indicates that the active eSight server is stopped successfully:

        stop HA successfully.
    2. Start the eSight system through commands.
      1. Use PuTTY to log in to the active eSight server as the ossuser user.
      2. Run the following commands to start the eSight system:

        cd /opt/ommha/ha/bin

        ./start.sh

        The following information indicates that the active eSight server is started successfully:

        start HA successfully.
      3. Use PuTTY to log in to the standby eSight server as the ossuser user.
      4. Run the following commands to start the eSight system:

        cd /opt/ommha/ha/bin

        ./start.sh

        The following information indicates that the standby eSight server is started successfully:

        start HA successfully.

Related Tasks

To disable the Driver component, you can perform the following operations:

  1. Use PuTTY to log in to the active eSight server as the ossuser user.
  2. Run the following commands to disable the Driver component.

    cd /opt/eSight/AppBase/tools

    sh driver_stop.sh

    The following information indicates that the Driver component is disabled successfully.

    stop driver success!

  3. Restart the eSight system.

    1. Stop the eSight system through commands.
      1. Use PuTTY to log in to the standby eSight server as the ossuser user.
      2. Run the following commands to stop the eSight system:

        cd /opt/ommha/ha/bin

        ./stop.sh

        The following information indicates that the standby eSight server is stopped successfully:

        stop HA successfully.
      3. Use PuTTY to log in to the active eSight server as the ossuser user.
      4. Run the following commands to stop the eSight system:

        cd /opt/ommha/ha/bin

        ./stop.sh

        The following information indicates that the active eSight server is stopped successfully:

        stop HA successfully.
    2. Start the eSight system through commands.
      1. Use PuTTY to log in to the active eSight server as the ossuser user.
      2. Run the following commands to start the eSight system:

        cd /opt/ommha/ha/bin

        ./start.sh

        The following information indicates that the active eSight server is started successfully:

        start HA successfully.
      3. Use PuTTY to log in to the standby eSight server as the ossuser user.
      4. Run the following commands to start the eSight system:

        cd /opt/ommha/ha/bin

        ./start.sh

        The following information indicates that the standby eSight server is started successfully:

        start HA successfully.

Interconnecting with eSight (Obtaining the BER Certificate to Interconnect with eSight)

This section describes how to interconnect eSight with the CloudOpera system when eSight is installed in traditional installation mode or image installation mode, and eSight is deployed in the same security region with CloudOpera. After the interconnection, you can use CloudOpera to manage devices connected to eSight.

Setting Interconnection Parameters on eSight

Describes the configuration operations for interconnecting eSight with CloudOpera, including synchronizing the certificate for interconnecting, modifying the configuration file, and configuring an IP address whitelist.

Prerequisites

  • Information listed in Table 7-3 has been collected.
    Table 7-3 Information to be collected of eSight

    Item

    Sub-Item

    eSight

    System IP address of the active eSight server.

    Password of ossuser on the active eSight server. The initial password of the ossuser user is Changeme_123. For system security, you are advised to change the initial password immediately, and change the password periodically (for example, every six months) to prevent security risks such as password violent cracking.

    System IP address of the standby eSight server.

    Password of ossuser on the standby eSight server. The initial password of the ossuser user is Changeme_123. For system security, you are advised to change the initial password immediately, and change the password periodically (for example, every six months) to prevent security risks such as password violent cracking.

    If the eSight is deployed in local OMMHA two-node cluster, collect the floating IP address of active and standby eSight servers.

  • Information listed in Table 7-4 has been collected.
    Table 7-4 Information to be collected of CloudOpera

    Item

    Sub-Item

    Example

    BackendERService microservice on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect the BackendERService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, collect the BackendERService microservice information of the O&M plane in the Global region.
    • The BackendERService microservice belongs to the HRS service. The process of the service is backenderservice.

    Management IP address

    NOTE:
    • If BackendERService is deployed in a cluster (multiple nodes), collect the BackendERService floating IP address.
    • If BackendERService is deployed in single-node mode, collect the management IP address of the BackendERService server.

    192.168.10.12

    Port number. The default value is 26330.

    26330

    RESTConnectorService microservice on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect the RESTConnectorService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, collect the RESTConnectorService microservice information of the O&M plane in the Global region.
    • The RESTConnectorService microservice belongs to the DrvFrm service. The process of the service is restconnectorservice.

    Management IP address

    192.168.10.13

    192.168.10.14

    Floating IP address

    NOTE:

    If the RESTConnectorService is deployed in single-node mode, no need to collect the floating IP address.

    10.10.10.13

  • You have obtained the server.p12 and trust.jks of the BackendERService on the O&M plane.
  • You have disabled the CN Check Function of the BackendERService on the O&M plane.

Procedure

  1. Copy the files server.p12 and trust.jks to the active eSight server, and change the file permission.

    1. Use the FileZilla tool to log in to the active eSight server as ossuser.
    2. Upload the files server.p12 and trust.jks to /opt/eSight/AppBase/etc/ies.
    3. Use PuTTY to log in to the active eSight server as the ossuser user.
    4. Run the following commands to change the file permission:

      cd /opt/eSight/AppBase/etc/ies

      chmod 600 *

  2. Run the following operations to modify the parameters in the configuration file related to interconnection with CloudOpera.

    1. Run the following commands to modify the configuration parameters:

      cd /opt/eSight/AppBase/tools

      ./modifyConfig.sh

      The following information is displayed:

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      
      7     ApiGateway_Host_Port    
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  
      11    eSight_Token_Name       
      12    eSight_Token_Value      
      13    ApiGateway_Token_Time   
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      Please input the number of key(q to quit):
    2. Repeat the following operations to set the parameters in Table 7-5 one by one.
      1. Enter the sequence number of a parameter and press Enter. For example, enter 1 and press Enter, the following information is displayed:
        Please input the value of ER_IP(q to cancel):
      2. Enter the value of the parameter and press Enter.

        The entered value for the parameter is displayed under Value, indicating that the configuration is successful.

      Table 7-5 Configuration Parameter Description

      Parameter

      Description

      Example

      ER_IP

      Mandatory.

      The floating IP address of the BackendERService microservice on the O&M plane obtained in Table 7-4.

      192.168.10.12

      ER_port

      Mandatory.

      The port of the BackendERService microservice on the O&M plane obtained in Table 7-4.

      26330

      PmdataNotToDB

      Optional.

      Configure whether to save the performance data collected by eSight to the eSight database. After the performance data is saved to the eSight database, you can view historical performance data on the eSight client. Otherwise, you can only view real-time performance data on the eSight client.

      false (default): Performance data will be saved to the eSight database.

      true: Performance data will not be saved to the eSight database.

      false

      Performance_Select

      Optional.

      Configure whether to report eSight performance data to the O&M plane of CloudOpera. After the performance data is reported, the services on the O&M plane of CloudOpera can obtain the performance data.

      true (default): eSight performance data will be reported.

      false: eSight performance data will not be reported.

      true

      Alarm_Select

      Optional.

      Configure whether to report eSight alarm data to the O&M plane of CloudOpera. If alarms are reported, administrators can view the alarms reported by eSight on the O&M plane of CloudOpera.

      true (default): Alarms data will be reported.

      false: Alarms data will not be reported.

      true

    3. Enter q to save the modification and exit.

  3. Modify the configuration file to remove the restriction on the number of times for invoking open APIs.

    1. Run the following commands to open the roa.properties file.

      cd /opt/eSight/AppBase/etc/iemp.framework

      vi roa.properties

    2. Press i to enter the editing mode.
    3. Add the iemp.roa.access.rate.limit.enable parameter, and set the parameter value to false.
      iemp.roa.access.rate.limit.enable=false
    4. Press Esc to exit the editing mode and run the :wq command to save and exit the file.

  4. Restart eSight to make the configuration take effect. For details, see How Do I Restart the eSight System.

    If this is the first eSight system interconnected to CloudOpera, eSight is displayed on the System Type under System Access of CloudOpera after the configuration is complete.

  5. Configure the CloudOpera system information on eSight.

    1. Log in to the eSight client as the admin user. Access eSight at https://eSight system IP address:31943.

      eSight system IP address: If eSight is deployed in a local OMMHA two-node cluster, this parameter indicates the floating IP address of the eSight system. If eSight is deployed in a remote OMMHA two-node cluster, this parameter indicates the system IP address of the active server.

    2. On the main menu, choose System > System Settings > Northbound Integration.
    3. In the left navigation pane, choose Third-party System Settings.
    4. Click Create, and set parameters in the Third-party System area.
      • IP address: Management IP addresses of the active and standby nodes where the RESTConnectorService microservice of the CloudOpera O&M plane resides, as well as the floating IP address.
        Each time you can configure only one IP address. Therefore, you need to create information about the third-party system for each IP address.

        If RESTConnectorService is deployed in single-node mode, only set the management IP address of the node where the RESTConnectorService microservice resides.

      • Protocol type: Select HTTPS.
      • System ID: Use the default value.
    5. Click OK.

Setting Interconnection Parameters on CloudOpera

This section describes how to connect eSight to CloudOpera.

Prerequisites

  • You have obtained the system IP address of the active eSight server.
  • You have obtained the ossuser password of the active eSight server.
  • If the eSight is deployed in local OMMHA two-node cluster, you have to obtain the floating IP address of eSight servers.

Procedure

  1. (Optional) Export the eSight certificate. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to export the eSight certificate.

    eSight provides a temporary certificate. It is recommended that you replace the temporary certificate with a certificate from the Certificate Authority (CA). To replace the temporary certificate, follow the instructions in Operation and Maintenance > Maintenance Guide > Security Maintenance > Security Certificates > Replacing the business Certificate > Updating the Preset PKI Certificate of eSight in the eSight Product Documentation. Then export the CA certificate matching the new certificate and import into CloudOpera for interconnecting with eSight.

    1. Use the FileZilla tool to log in to the active eSight server as ossuser.
    2. Download the eSight certificate file huaweica.der to local from the directory /opt/eSight/mttools/etc/certificate/pki, and rename to huaweica.crt.

  2. (Optional) Import the eSight certificate to CloudOpera. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to import eSight certificate into CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Services > Monitor and Fault Handling > Cloud Monitor Alarm from the main menu.

    2. In the left navigation tree, choose Certificate Management > Trust Certificate.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Alarm Data Source Settings > Trust Certificate in the left navigation tree.

    3. Click Upload on the displayed page.
    4. Service name selects Driver, click the File Name input box, and select the eSight certificate file obtained in 1.

      For different products of CloudOpera, the interface may show different. For example, in the Public Cloud scenario, there is no Service name. Please click the File Name input box, and select the file.

    5. Click Submit to import the eSight certificate file to the system.

      You do not need to import the eSight certificate when the system prompts that the certificate already exists when importing the eSight certificate.

  3. Create a eSight system in CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Services > Monitor and Fault Handling > Cloud Monitor Alarm from the main menu.

    2. Click eSight, and click Create. Set the related parameters based on the descriptions in Table 7-6.
      • For different products of CloudOpera, the interface may show different. For example, in the Public Cloud scenario, Click Create an instance, and choose eSight in Systerm type, then set the related parameters based on the descriptions in Table 7-6.
      • Table 7-6 only describes the basic information parameters that need to be set.
      Table 7-6 Basic parameters

      Parameter

      Description

      Example

      System name

      Indicates the system name of the eSight that interconnects with CloudOpera.

      eSight

      Version

      Indicates the version of the eSight that interconnects with CloudOpera. Set it to v1.

      v1

      IP address/Domain name

      • If the eSight is deployed in local OMMHA two-node cluster, set it to the floating IP address of the eSight system.
      • If the eSight is deployed in remote OMMHA two-node cluster, set it to the IP address of the active eSight server.

      192.168.8.9

      Driver name

      Indicates the driver type of eSight that interconnects with CloudOpera. Set it to plugin_driver_hw_esight.

      plugin_driver_hw_esight

      Deploy zone

      Indicates the region of eSight that interconnects with CloudOpera.

      Global

      Logical position

      If CloudOpera has planed the logical position for eSight nodes, set it based on the plan. Otherwise, no configuration is required.

      NOTE:

      One logical position can interconnect with only one eSight system. If multiple eSight systems interconnect to the same logical position, services will become abnormal.

      North of China

      Standby IP address

      • If two DCs are deployed in cold standby mode, and the eSight is deployed in remote OMMHA two-node cluster, set it to the IP address of the standby eSight server.
      • You do not need to set this parameter in other scenarios.

      192.168.8.12

      Active/Standby switchover policy

      Whether to enable the Active/Standby switchover policy.

      • If two DCs are deployed in cold standby mode, and the eSight is deployed in remote OMMHA two-node cluster, set it to Enable.
      • You do not need to set this parameter in other scenarios.

      Enable

    3. Click Next. On the Create Interconnected Systems page, enter related information based on descriptions in Table 7-7.
      Table 7-7 Protocol parameters

      Parameter

      Description

      User Name

      Indicates the eSight user name for interacting with the DriverFramework service of CloudOpera. Set it to eSight.

      Encryption Algorithm

      Indicates the abstract encryption algorithm of eSight. Set it to SHA-256.

      Password

      Indicates the password of eSight user for interacting with the DriverFramework service of CloudOpera. Set it to Changeme_123.

    4. Click OK to connect eSight to CloudOpera.
      • If eSight is connected successfully, the connection status is displayed as .
      • If eSight fails to be connected, check the parameter settings as prompted. Click

        to modify the interconnection parameters. After the modification, click to test the connectivity.

        If the test succeeds, the interconnection is successful.

        If the test fails, perform the following operations to delete the eSight system, and reconfigure eSight. If the interconnection fails again, contact Huawei technical support engineers.
        1. Click to delete eSight.

          If eSight fails to be deleted, contact Huawei technical support engineers.

        2. (Optional) Delete the trust certificates related to eSight. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to delete the trust certificates related to eSight.
          1. Choose Certificate Management > Trust Certificate to view the trust certificate list.
          2. Delete the trust certificates that contain eSight in the Issued By column.

Interconnecting with eSight (Configuring the APIGateway to Interconnect with eSight)

This section describes how to interconnect with eSight when the eSight is installed in the traditional installation mode or image installation mode, and the eSight is deployed in different security regions with CloudOpera. After the interconnection, you can use CloudOpera to manage devices connected to eSight.

Creating User for Interacting with the ApiGateway in CloudOpera

Before interconnecting CloudOpera with eSight, create the user for interacting with the ApiGateway on the CloudOpera O&M plane. If multiple eSight systems interconnect to CloudOpera, you need to create the user for each eSight system.

Prerequisites

Log in to the CloudOpera O&M plane as the admin user.

Procedure

  1. Create the drivermgr role.

    1. Choose Security > User Management from the main menu.
    2. Select Roles in the navigation tree on the left and click Create.
    3. Set the role name to drivermgr, and click Next.
    4. Click Next.
    5. Click to expand the application-level operation permissions panel, and find the System Access and Driver Management permissions, select the following permissions:
      • Select System Access Query permission in the System Access.
      • Select Configuration Management and DriverInstance Management permissions in the Driver Management.

        For different versions of CloudOpera, the Driver Management name may not be consistent. If the Driver Management does not exist, select Driver LifeCycle Management.

    6. Use default values for other parameters, and click Finish.

      If the created role is displayed in the role list, the role is created successfully.

  2. Create the eSight user for interacting with the ApiGateway.

    1. Select Users in the navigation tree on the left and click Create.
    2. Configure basic information about the user and click Next.

      Configuration item

      Configuration Description

      User name

      Set the user name as prompted, but cannot be eSight.

      Password

      Set the password as prompted, for example, Changeme_123.

      Type

      Set the type to Third-party system access.

      Advanced Settings

      If the option Change the password at the first login is in the advanced settings, ensure that this option is not selected.

    3. Select the following roles and click Next:
      • NBI User Group/APIManager
      • The role to invoke southbound APIs
      • drivermgr

      For different versions of CloudOpera, the role name may not be consistent.

      • NBI User Group/APIManager: If NBI User Group and APIManager both exist, select APIManager.
      • The role to invoke southbound APIs: If The role to invoke southbound APIs does not exist, select southapis.roles.operation.
    4. Click Finish.

Setting Interconnection Parameters on eSight

Describes the configuration operations for interconnecting eSight with CloudOpera, including synchronizing the certificate for interconnecting, modifying the configuration file, and configuring an IP address whitelist.

Prerequisites

  • Information listed in Table 7-8 has been collected.
    Table 7-8 Information to be collected of eSight

    Item

    Subitem

    eSight

    System IP address of the active server.

    Password of the ossuser user on the active server. The initial password of the ossuser user is Changeme_123. For system security, you are advised to change the initial password immediately, and change the password periodically (for example, every six months) to prevent security risks such as password violent cracking.

    System IP address of the standby eSight server

    Password of ossuser on the standby eSight server. The initial password of the ossuser user is Changeme_123. For system security, you are advised to change the initial password immediately, and change the password periodically (for example, every six months) to prevent security risks such as password violent cracking.

    If the eSight is deployed in local OMMHA two-node cluster, collect the floating IP address of eSight servers.

  • Information listed in Table 7-9 has been collected.
    Table 7-9 Information to be collected of CloudOpera

    Item

    Subitem

    Example

    Microservice APIMLBService on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect information about the APIMLBService microservice in the region where eSight is interconnected. In other scenarios, collect information about the APIMLBService microservice in the global region.
    • If two DCs are deployed in cold standby mode, collect the floating IP address and port information of the APIMLBService microservice in the active and standby DCs.
    • The APIMLBService microservice belongs to the ApiMgr or MinApiMgr service. The process of the service is apimlb.

    Floating IP address

    192.168.10.12

    Port number, which has a fixed value of 26335.

    26335

    Microservice RESTConnectorService on the O&M plane

    NOTE:
    • In the CloudOpera Orchestrator CloudVPN scenario, collect the information about the nodes where the DriverFrameworkService microservice resides.
    • In the multi-region deployment scenario, collect the RESTConnectorService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, collect the RESTConnectorService microservice information of the O&M plane in the Global region.
    • If two DCs are deployed in cold standby mode, collect the management IP addresses and floating IP address of the RESTConnectorService microservice in the active and standby DCs.
    • The RESTConnectorService microservice belongs to the DrvFrm service. The process of the service is restconnectorservice.

    Management IP address

    192.168.10.13

    192.168.10.14

    Floating IP address

    NOTE:

    If RESTConnectorService is deployed in single-node mode, no need to collect the floating IP address.

    10.10.10.13

  • You have obtained the trust certificate trust.jks of APIMLBService and the password for trust.jks on the CloudOpera O&M plane.

Procedure

  1. Upload the trust certificate trust.jks of APIMLBService to the active eSight server.

    1. Use the FileZilla tool to log in to the active eSight server as ossuser.
    2. Upload the trust.jks certificate to /opt/eSight/AppBase/etc/ies of the active eSight server.
    3. Use PuTTY to log in to the active eSight server as ossuser.
    4. Run the following commands to change the file permission.

      cd /opt/opt/eSight/AppBase/etc/ies

      chmod 600 *

  2. Run the following operations to modify the parameters in the configuration file related to interconnection with CloudOpera.

    1. Run the following commands to modify the configuration parameters:

      cd /opt/eSight/AppBase/tools

      ./modifyConfig.sh

      The following information is displayed: (The displayed parameter values are default values. For details about setting the parameters, see 2.b.)

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      
      7     ApiGateway_Host_Port    
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  
      11    eSight_Token_Name       
      12    eSight_Token_Value      
      13    ApiGateway_Token_Time   
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           @0102000000007a3aa5a805cca36a1690214a343276bc78bfb8782f7b965bc36f0ac4583ebd89
      Please input the number of key(q to quit):
    2. Repeat the following operations to set the parameters in Table 7-10 one by one.
      1. Enter the sequence number of a parameter and press Enter. For example, enter 17 and press Enter, the following information is displayed:
        Please input the value of TrustStorePwd(q to cancel):
      2. Set the parameters based on Table 7-10 and press Enter.

        The entered value for the parameter is displayed under Value, indicating that the configuration is successful.

      Table 7-10 Configuration Parameter Description

      Parameter

      Description

      Example

      TrustStorePwd

      Mandatory.

      The keystore password for the trust certificate trust.jks of APIMLBService. After the configuration, the encrypted password is displayed in the configuration file.

      -

      ApiGateway_Host_IP

      Mandatory.

      Floating IP address of the APIMLBService microservice. For details, see Table 7-9.

      NOTE:

      If two DCs are deployed in cold standby mode, set this parameter to the floating IP address of the APIMLBService microservice of the active DC.

      192.168.10.12

      ApiGateway_Host_Port

      Mandatory.

      Port number of the APIMLBService microservice. For details, see Table 7-9. The default port number is 26335.

      NOTE:

      If two DCs are deployed in cold standby mode, set this parameter to the port number of the APIMLBService microservice of the active DC.

      26335

      ApiGateway_StandBy_IP

      Optional.

      • If two DCs are deployed in cold standby mode, set this parameter to the floating IP address of the APIMLBService microservice of the standby DC.
      • You do not need to set this parameter in other scenarios.

      192.168.10.13

      ApiGateway_StandBy_Port

      Optional.

      • If two DCs are deployed in cold standby mode, set this parameter to the port number of the APIMLBService microservice of the standby DC. The default port number is 26335.
      • You do not need to set this parameter in other scenarios.

      26335

      ApiGateway_Retry_Times

      Mandatory.

      Set it to 3.

      3

      eSight_Token_Name

      Mandatory.

      Set it to the user name (eSightAPI) created in Creating User for Interacting with the ApiGateway in CloudOpera.

      eSightAPI

      eSight_Token_Value

      Mandatory.

      Set it to the password of the user created in Creating User for Interacting with the ApiGateway in CloudOpera. After the configuration, the encrypted password is displayed in the configuration file.

      -

      ApiGateway_Token_Time

      Optional.

      indicates the request timeout interval, in minutes. The value is an integer greater than 0 and less than or equal to 600. The default value is 10 minutes.

      10

      PmdataNotToDB

      Optional.

      Configure whether to save the performance data collected by eSight to the eSight database. After the performance data is saved to the eSight database, you can view historical performance data on the eSight client. Otherwise, you can only view real-time performance data on the eSight client.

      false (default): Performance data will be saved to the eSight database.

      true: Performance data will not be saved to the eSight database.

      false

      Performance_Select

      Optional.

      Configure whether to report eSight performance data to the O&M plane of CloudOpera. After the performance data is reported, the services on the O&M plane of CloudOpera can obtain the performance data.

      true (default): eSight performance data will be reported.

      false: eSight performance data will not be reported.

      true

      Alarm_Select

      Optional.

      Configure whether to report eSight alarm data to the O&M plane of CloudOpera. If alarms are reported, administrators can view the alarms reported by eSight on the O&M plane of CloudOpera.

      true (default): Alarms data will be reported.

      false: Alarms data will not be reported.

      true

    1. Enter q to save the modification and exit.

  3. Modify the configuration file to remove the restriction on the number of times for invoking open APIs.

    1. Run the following commands to open the roa.properties file.

      cd /opt/eSight/AppBase/etc/iemp.framework

      vi roa.properties

    2. Press i to enter the editing mode.
    3. Add the iemp.roa.access.rate.limit.enable parameter, and set the parameter value to false.
      iemp.roa.access.rate.limit.enable=false
    4. Press Esc to exit the editing mode and run the :wq command to save and exit the file.

  4. Restart eSight to make the configuration take effect, see How Do I Restart the eSight System.

    If this is the first eSight system interconnected to CloudOpera, eSight is displayed on the System Type under System Access of CloudOpera after the configuration is complete.

  5. Configure the CloudOpera system information on eSight.

    1. Log in to the eSight client as the admin user. Access eSight at https://eSight system IP address:31943.

      eSight system IP address: If eSight is deployed in a local OMMHA two-node cluster, this parameter indicates the floating IP address of the eSight system. If eSight is deployed in a remote OMMHA two-node cluster, this parameter indicates the system IP address of the active server.

    2. On the main menu, choose System > System Settings > Northbound Integration.
    3. In the left navigation pane, choose Third-party System Settings.
    4. Click Create, and set parameters in the Third-party System area.
      • IP address: Management IP addresses of the active and standby nodes where the RESTConnectorService microservice of the CloudOpera O&M plane resides, as well as the floating IP address.
        Each time you can configure only one IP address. Therefore, you need to create information about the third-party system for each IP address.
        • In the CloudOpera Orchestrator CloudVPN scenario, set the IP addresses of the nodes where the DriverFrameworkService microservice resides.
        • If RESTConnectorService is deployed in single-node mode, only set the management IP address of the node where the RESTConnectorService microservice resides.
        • If two DCs are deployed in cold standby mode, set the IP addresses of the RESTConnectorService microservice in the active and standby DCs.
      • Protocol type: Select HTTPS.
      • System ID: Use the default value.
    5. Click OK.

Setting Interconnection Parameters on CloudOpera

This section describes how to connect eSight to CloudOpera.

Prerequisites

  • You have obtained the system IP address of the active eSight server.
  • You have obtained the ossuser password of the active eSight server.
  • If the eSight is deployed in local OMMHA two-node cluster, you have to obtain the floating IP address of eSight servers.

Procedure

  1. (Optional) Export the eSight certificate. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to export the eSight certificate.

    eSight provides a temporary certificate. It is recommended that you replace the temporary certificate with a certificate from the Certificate Authority (CA). To replace the temporary certificate, follow the instructions in Operation and Maintenance > Maintenance Guide > Security Maintenance > Security Certificates > Replacing the business Certificate > Updating the Preset PKI Certificate of eSight in the eSight Product Documentation. Then export the CA certificate matching the new certificate and import into CloudOpera for interconnecting with eSight.

    1. Use the FileZilla tool to log in to the active eSight server as ossuser.
    2. Download the eSight certificate file huaweica.der to local from the directory /opt/eSight/mttools/etc/certificate/pki, and rename to huaweica.crt.

  2. (Optional) Import the eSight certificate to CloudOpera. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to import eSight certificate into CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Services > Monitor and Fault Handling > Cloud Monitor Alarm from the main menu.

    2. In the left navigation tree, choose Certificate Management > Trust Certificate.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Alarm Data Source Settings > Trust Certificate in the left navigation tree.

    3. Click Upload on the displayed page.
    4. Service name selects Driver, click the File Name input box, and select the eSight certificate file obtained in 1.

      For different products of CloudOpera, the interface may show different. For example, in the Public Cloud scenario, there is no Service name. Please click the File Name input box, and select the file.

    5. Click Submit to import the eSight certificate file to the system.

      You do not need to import the eSight certificate when the system prompts that the certificate already exists when importing the eSight certificate.

  3. Create a eSight system in CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.

      For different products of CloudOpera, the menu may show different. For example, in the Public Cloud scenario, choose Services > Monitor and Fault Handling > Cloud Monitor Alarm from the main menu.

    2. Click eSight, and click Create. Set the related parameters based on the descriptions in Table 7-11.
      • For different products of CloudOpera, the interface may show different. For example, in the Public Cloud scenario, Click Create an instance, and choose eSight in Systerm type, then set the related parameters based on the descriptions in Table 7-11.
      • Table 7-11 only describes the basic information parameters that need to be set.
      Table 7-11 Basic parameters

      Parameter

      Description

      Example

      System name

      Indicates the system name of the eSight that interconnects with CloudOpera.

      eSight

      Version

      Indicates the version of the eSight that interconnects with CloudOpera. Set it to v1.

      v1

      IP address/Domain name

      • If the eSight is deployed in local OMMHA two-node cluster, set it to the floating IP address of the eSight system.
      • If the eSight is deployed in remote OMMHA two-node cluster, set it to the IP address of the active eSight server.

      192.168.8.9

      Driver name

      Indicates the driver type of eSight that interconnects with CloudOpera. Set it to plugin_driver_hw_esight.

      plugin_driver_hw_esight

      Deploy zone

      Indicates the region of eSight that interconnects with CloudOpera.

      Global

      Logical position

      If CloudOpera has planed the logical position for eSight nodes, set it based on the plan. Otherwise, no configuration is required.

      NOTE:

      One logical position can interconnect with only one eSight system. If multiple eSight systems interconnect to the same logical position, services will become abnormal.

      North of China

      Standby IP address

      • If two DCs are deployed in cold standby mode, and the eSight is deployed in remote OMMHA two-node cluster, set it to the IP address of the standby eSight server.
      • You do not need to set this parameter in other scenarios.

      192.168.8.12

      Active/Standby switchover policy

      Whether to enable the Active/Standby switchover policy.

      • If two DCs are deployed in cold standby mode, and the eSight is deployed in remote OMMHA two-node cluster, set it to Enable.
      • You do not need to set this parameter in other scenarios.

      Enable

    3. Click Next. On the Create Interconnected Systems page, enter related information based on descriptions in Table 7-12.
      Table 7-12 Protocol parameters

      Parameter

      Description

      User Name

      Indicates the eSight user name for interacting with the DriverFramework service of CloudOpera. Set it to eSight.

      Encryption Algorithm

      Indicates the abstract encryption algorithm of eSight. Set it to SHA-256.

      Password

      Indicates the password of eSight user for interacting with the DriverFramework service of CloudOpera. Set it to Changeme_123.

    4. Click OK to connect eSight to CloudOpera.
      • If eSight is connected successfully, the connection status is displayed as .
      • If eSight fails to be connected, check the parameter settings as prompted. Click

        to modify the interconnection parameters. After the modification, click to test the connectivity.

        If the test succeeds, the interconnection is successful.

        If the test fails, perform the following operations to delete the eSight system, and reconfigure eSight. If the interconnection fails again, contact Huawei technical support engineers.
        1. Click to delete eSight.

          If eSight fails to be deleted, contact Huawei technical support engineers.

        2. (Optional) Delete the trust certificates related to eSight. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to delete the trust certificates related to eSight.
          1. Choose Certificate Management > Trust Certificate to view the trust certificate list.
          2. Delete the trust certificates that contain eSight in the Issued By column.

(Optional) Interconnecting eSight and SSO Server

This chapter describes how to configure the connection to the CloudOpera UNI SSO server when eSight functions as a CloudOpera UNI SSO client.

Prerequisites

  • The SSO server certificate, such as trust.cer, has been obtained.
  • The URLs for logging in to and logging out of the SSO server have been obtained.
  • You have added the floating IP address of eSight system to the SSO server whitelist if eSight is deployed in local two-node cluster mode. You have added the system IP address of the active eSight server to the SSO server whitelist if eSight is deployed in remote two-node cluster mode. For details, see related documents of the SSO server.

Procedure

  1. Stop the eSight system through commands.

    1. Log in to the standby eSight server as the ossuser user.
    2. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that standby eSight server is stopped successfully:

      stop HA successfully.
    3. Log in to the active eSight server as the ossuser user.
    4. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that the active eSight server is stopped successfully:

      stop HA successfully.

  2. On the active eSight server, configure the information about the SSO server and eSight servers.

    1. Perform the following steps to execute the ssoConfig.sh file:

      cd /opt/eSight/AppBase/tools

      ./ssoConfig.sh

    2. When the following information is displayed, enter the IP address and port number for accessing the SSO server in the format IP address for accessing the SSO server:31943, and press Enter.
      Please input SSO Server url(eg. 10.10.10.10:31943): 

      IP address for accessing the SSO server indicates the IP address for logging in to the CloudOpera O&M plane.

    3. When the following information is displayed, input the eSight floating IP address and port number. The format is eSight floating IP address:31942. Press Enter.
      Please input eSight url(eg. 10.10.10.14:31942): 

  3. On the active eSight server, import the SSO server certificate.

    1. Export the /opt/oss/Product/etc/ssl/er/trust.cer certificate file from the SSO server as ossuser.

      Product indicates the file path. Replace it with the actual one, for example, ies, Product, Product_O, or SOP.

    2. Use the SFTP tool to copy the certificate exported from the SSO server to /opt/eSight directory as ossuser on the active eSight server.
    3. Go to the /opt/eSight/AppBase/jre/bin directory and run the certificate import command.

      cd /opt/eSight/AppBase/jre/bin

      ./keytool -import -keystore ../lib/security/cacerts -file /opt/eSight/trust.cer -alias dtssoserver

      • The command beginning with "./keytool" is an independent command. Copy the command to a Notepad, delete the line breaks, and copy the command to the environment for execution. There is a space before and after "-alias". Be careful when copying the command.
      • /opt/eSight is the directory to which the eSight certificate is uploaded. Replace it with the actual directory.
      • If the certificate already exists, run the following command to delete it and import a new one:

        ./keytool -delete -keystore ../lib/security/cacerts -alias dtssoserver

    4. When the following information is displayed, enter the certificate password (default password: Changeme_123), and press Enter.
      Enter keystore password:
    5. When the following information is displayed, input y and press Enter.
      Trust this certificate? [no]:  

      The certificate is imported successfully if the following information is displayed. Otherwise, contact Huawei technical support engineers.

      Certificate was added to keystore

  4. Start the eSight system through commands.

    1. Log in to the active eSight server as the ossuser user.
    2. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:

      start HA successfully.
    3. Log in to the standby eSight server as the ossuser user.
    4. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:

      start HA successfully.

  5. After configuration, verify that a user can be redirected to the CloudOpera login page when visiting the URL of eSight and the eSight page can be displayed properly after the user logs in.

    1. Access eSight at https://eSight system IP address:31943.

      eSight system IP address: If eSight is deployed in a local OMMHA two-node cluster, this parameter indicates the floating IP address of the eSight system. If eSight is deployed in a remote OMMHA two-node cluster, this parameter indicates the system IP address of the active server.

    2. On the login page that is displayed, enter the user name and password, and click Log In.

      If the eSight home page is displayed properly, SSO configuration is successful. Otherwise, check the SSO configuration or contact Huawei technical support for troubleshooting.

Subsequent Operations

If the SSO server does not need to be connected, perform the following operations to roll back configurations for the eSight server functioning as the SSO client:

  1. Stop the eSight system through commands.

    1. Log in to the standby eSight server as the ossuser user.
    2. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that standby eSight server is stopped successfully:

      stop HA successfully.
    3. Log in to the active eSight server as the ossuser user.
    4. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that the active eSight server is stopped successfully:

      stop HA successfully.

  1. On the active eSight server, run the following commands to save the web.xml.backup file as the web.xml file.

    cd /opt/eSight/AppBase/app/sso.app/repository/ui/sso/WEB-INF

    mv web.xml.backup web.xml

  2. On the active eSight server, delete the SSO server information and eSight server information.

    Run the following commands to modify the configuration file ssoconfig.xml.

    cd /opt/eSight/AppBase/app/sso.app/repository/ui/sso/WEB-INF/classes

    vi ssoconfig.xml

    Delete the configuration between <ssoconfig> and </ssoconfig> as follows:

    <sso.client.isActive>true</sso.client.isActive>
    <sso.client.filters>
    com.huawei.sso.client.filter.SingleSignOutFilter,
    com.huawei.sso.client.filter.AuthenticationFilter,
    com.huawei.sso.client.filter.Cas20ProxyReceivingTicketValidationFilter
    </sso.client.filters>
    <sso.client.actionExcludes>
    /bsf/login.do,/bsf/login.action,/index.action,/index.do,/index.jsp,
    /validate.jsp,/self.jsp,/test.jsp
    </sso.client.actionExcludes>
    <sso.ssoserver.url>https://10.67.180.236:31943/unisso</sso.ssoserver.url>   
    <sso.ssoserver.privateUrl>https://10.67.180.236:31943/unisso</sso.ssoserver.privateUrl>   
    <sso.ssoserver.logoutUrl>https://10.67.180.236:31943/unisso/logout</sso.ssoserver.logoutUrl>   
    <sso.ssoserver.serverName>10.137.62.71:31942</sso.ssoserver.serverName> 
    <sso.client.sessionInitServiceImpl>com.huawei.esight.solution.sso.opensso.OpenSSOSessionInitService</sso.client.sessionInitServiceImpl>

    Table 7-13 describes the configuration items.

    Table 7-13 Parameters in the ssoconfig.xml file

    Configuration Item

    Description

    Example

    sso.ssoserver.url

    Indicates the URL for external systems to access the SSO server.

    https://10.67.180.236:31943/unisso

    sso.ssoserver.privateUrl

    Indicates the URL for internal SSO server communications.

    NOTE:

    If no URL for internal communications is available, the value of this parameter must be the same as the value of sso.ssoserver.url

    https://10.67.180.236:31943/unisso

    sso.ssoserver.logoutUrl

    Indicates the URL for logging out of the SSO server.

    https://10.67.180.236:31943/unisso/logout

    sso.ssoserver.serverName

    Indicates the eSight IP address and port number. Set this configuration item in the format eSight floating IP address:31942.

    10.137.62.71:31942

    Press Esc and run the :wq command to save and exit the configuration file.

  3. On the active eSight server, delete the certificate of the SSO server.

    cd /opt/eSight/AppBase/jre/bin

    ./keytool -delete -keystore ../lib/security/cacerts -alias dtssoserver

    When the following information is displayed, type the password of the certificate, and press Enter. The default password of certificate is Changeme_123.

    Enter keystore password:

  4. Start the eSight system through commands.

    1. Log in to the active eSight server as the ossuser user.
    2. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:

      start HA successfully.
    3. Log in to the standby eSight server as the ossuser user.
    4. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:

      start HA successfully.

FAQs

This topic describes the commission FAQs and operations.

How Do I Restart the eSight System

Symptom

How do I restart the eSight system?

Solution

  1. Stop the eSight system.

    1. Log in to the standby eSight server as the ossuser user.
    2. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that the operation is performed successfully:
      stop HA successfully.
    3. Log in to the active eSight server as the ossuser user.
    4. Run the following commands to stop the eSight system:

      cd /opt/ommha/ha/bin

      ./stop.sh

      The following information indicates that the operation is performed successfully:
      stop HA successfully.

  2. Start the eSight system.

    1. Log in to the active eSight server as the ossuser user.
    2. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:
      start HA successfully.
    3. Log in to the standby eSight server as the ossuser user.
    4. Run the following commands to start the eSight system:

      cd /opt/ommha/ha/bin

      ./start.sh

      The following information indicates that the operation is performed successfully:
      start HA successfully.

What Can I Do If the eSight Resource Data Cannot Be Reported to the Third-party System After the IT Component is Incrementally Installed

Question

What can I do if the eSight resource data cannot be reported to the third-party system after the IT component is incrementally installed?

Answer

If the IT component is incrementally installed after eSight is installed, you need to execute the changeDriver4IT.sh script on the active eSight server. Otherwise, eSight resource data cannot be reported to the third-party system CloudOpera. The changeDriver4IT.sh script checks whether to delete the configuration file global.datasource.xml based on whether the eSight IT component is installed, ensuring that the eSight resource data can be properly reported to the CloudOpera.

  1. Use PuTTY to log in to the active eSight server as the ossuser user.
  1. Execute the changeDriver4IT.sh script.

    cd /opt/eSight/AppBase/tools

    sh changeDriver4IT.sh

    If the following information is displayed when the changeDriver4IT.sh script is executed the first time, the execution is successful. If the script is not executed the first time, only the information "succeeded!" is displayed.

    deleting: META-INF/spring/global.datasource.xml 
    succeed!

Download
Updated: 2019-11-22

Document ID: EDOC1100011856

Views: 101978

Downloads: 62

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next