No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Single-Node System Software Installation Guide (SUSE Linux) 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Commissioning the Driver

(Optional) Commissioning the Driver

To report the resource, alarm, and performance information of the devices managed by eSight to CloudOpera, you need to commission and enable the Driver component and connect eSight to the CloudOpera.

Enabling the Driver Component

The Driver component is installed but is disabled by default during eSight installation. To report the resource, alarm, and performance information of the devices managed by eSight to the CloudOpera, you need to enable the Driver component so that after eSight connected to the CloudOpera, the Driver component can collect the infrastructure information, report the information to other services, and receives and delivers the requests from other services.

Procedure
  1. Use PuTTY to log in to the eSight server as the ossuser user.
  2. Run the following commands to enable the Driver component.

    cd /opt/eSight/AppBase/tools

    sh driver_start.sh

    The following information indicates that the Driver component is enabled successfully.

    start driver success!

  3. Restart the eSight system.

    1. Stop the eSight service through commands.
      1. Use PuTTY to log in to the eSight server as the ossuser user.
      2. Run the following command to stop the eSight progress:

        cd eSight installation directory/bin

        ./shutdown.sh

        The following information is displayed:

        Are you sure you want to stop the system? (Please enter y or n):

        Enter Y and press Enter.

        When the status of every process is STOPPED and "stopping eSight system succeeded." is displayed, the eSight service has been stopped.

    2. Start the eSight service through commands.
      1. Use PuTTY to log in to the eSight server as the ossuser user.
      2. Run the following command to start the eSight progress:

        cd eSight installation directory/bin

        ./startup.sh

        When the status of every process is RUNNING and "starting eSight system succeeded." is displayed, the eSight service has been started.

Related Tasks

To disable the Driver component, you can perform the following operations:

  1. Use PuTTY to log in to the eSight server as the ossuser user.
  2. Run the following commands to disable the Driver component.

    cd /opt/eSight/AppBase/tools

    sh driver_stop.sh

    The following information indicates that the Driver component is disabled successfully.

    stop driver success!

  3. Restart the eSight system.

    1. Stop the eSight service through commands.
      1. Use PuTTY to log in to the eSight server as the ossuser user.
      2. Run the following command to stop the eSight progress:

        cd eSight installation directory/bin

        ./shutdown.sh

        The following information is displayed:

        Are you sure you want to stop the system? (Please enter y or n):

        Enter Y and press Enter.

        When the status of every process is STOPPED and "stopping eSight system succeeded." is displayed, the eSight service has been stopped.

    2. Start the eSight service through commands.
      1. Use PuTTY to log in to the eSight server as the ossuser user.
      2. Run the following command to start the eSight progress:

        cd eSight installation directory/bin

        ./startup.sh

        When the status of every process is RUNNING and "starting eSight system succeeded." is displayed, the eSight service has been started.

Interconnecting with eSight (Obtaining the BER Certificate to Interconnect with eSight)

This section describes how to interconnect eSight with the CloudOpera system when eSight is installed in traditional installation mode or image installation mode, and eSight is deployed in the same security region with CloudOpera. After the interconnection, you can use CloudOpera to manage devices connected to eSight.

Setting Interconnection Parameters on eSight

Describes the configuration operations for interconnecting eSight with CloudOpera, including synchronizing the certificate for interconnecting, modifying the configuration file, and configuring an IP address whitelist.

Prerequisites
  • Information listed in Table 9-3 has been collected.
    Table 9-3 Information to be collected of eSight

    Item

    Sub-Item

    eSight

    System IP address of the eSight server.

    Password of ossuser on the eSight server. The default password of the ossuser user is Changeme_123.

  • Information listed in Table 9-4 has been collected.
    Table 9-4 Information to be collected of the third-party system

    Item

    Sub-Item

    Example

    BackendERService microservice on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect the BackendERService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, you need to collect the BackendERService microservice information of the O&M plane in the Global region.
    • The BackendERService microservice belongs to the HRS service. The process of the service is backenderservice.

    IP address

    NOTE:
    • If BackendERService is deployed in a cluster (multiple nodes), collect the BackendERService floating IP address.
    • If BackendERService is deployed in single-node mode, collect the IP address of the BackendERService server.

    192.168.10.12

    Port number. The default value is 26330.

    26330

    RESTConnectorService microservice on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect the RESTConnectorService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, collect the RESTConnectorService microservice information of the O&M plane in the Global region.
    • The RESTConnectorService microservice belongs to the DrvFrm service. The process of the service is restconnectorservice.

    Management IP address

    192.168.10.13

    192.168.10.14

    Floating IP address

    NOTE:

    If RESTConnectorService is deployed in single-node mode, no need to collect the floating IP address.

    10.10.10.13

  • You have obtained the server.p12 and trust.jks of the BackendERService on the O&M plane.
  • You have disabled the CN Check Function of the BackendERService on the O&M plane.
Procedure
  1. Copy the files server.p12 and trust.jks to the eSight server, and change the file permission.

    1. Use the FileZilla tool to log in to the eSight server as ossuser.
    2. Upload the files server.p12 and trust.jks to /opt/eSight/AppBase/etc/ies.
    3. Use PuTTY to log in to the eSight server as the root user.
    4. Run the following commands to change the file permission:

      cd /opt/eSight/AppBase/etc/ies

      chmod 600 *

  2. Run the following operations to modify the parameters in the configuration file related to interconnection with CloudOpera.

    1. Run the following commands to modify the configuration parameters:

      cd /opt/eSight/AppBase/tools

      ./modifyConfig.sh

      The following information is displayed:

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      
      7     ApiGateway_Host_Port    
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  
      11    eSight_Token_Name       
      12    eSight_Token_Value      
      13    ApiGateway_Token_Time   
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      Please input the number of key(q to quit):
    2. Repeat the following operations to set the parameters in Table 9-5 one by one.
      1. Enter the sequence number of a parameter and press Enter. For example, enter 1 and press Enter, the following information is displayed:
        Please input the value of ER_IP(q to cancel):
      2. Enter the value of the parameter and press Enter.

        The entered value for the parameter is displayed under Value, indicating that the configuration is successful.

      Table 9-5 Configuration Parameter Description

      Parameter

      Description

      Example

      ER_IP

      Mandatory.

      The floating IP address of the BackendERService microservice on the O&M plane obtained in Table 9-4.

      192.168.10.12

      ER_port

      Mandatory.

      The port of the BackendERService microservice on the O&M plane obtained in Table 9-4.

      26330

      PmdataNotToDB

      Optional.

      Configure whether to save the performance data collected by eSight to the eSight database. After the performance data is saved to the eSight database, you can view historical performance data on the eSight client. Otherwise, you can only view real-time performance data on the eSight client.

      false (default): Performance data will be saved to the eSight database.

      true: Performance data will not be saved to the eSight database.

      false

      Performance_Select

      Optional.

      Configure whether to report eSight performance data to the O&M plane of CloudOpera. After the performance data is reported, the services on the O&M plane of CloudOpera can obtain the performance data.

      true (default): eSight performance data will be reported.

      false: eSight performance data will not be reported.

      true

      Alarm_Select

      Optional.

      Configure whether to report eSight alarm data to the O&M plane of CloudOpera. If alarms are reported, administrators can view the alarms reported by eSight on the O&M plane of CloudOpera.

      true (default): Alarms data will be reported.

      false: Alarms data will not be reported.

      true

    3. Enter q to save the modification and exit.

  3. Modify the configuration file to remove the restriction on the number of times for invoking open APIs.

    1. Run the following commands to open the roa.properties file.

      cd /opt/eSight/AppBase/etc/iemp.framework

      vi roa.properties

    2. Press i to enter the editing mode.
    3. Add the iemp.roa.access.rate.limit.enable parameter, and set the parameter value to false.
      iemp.roa.access.rate.limit.enable=false
    4. Press Esc to exit the editing mode and run the :wq command to save and exit the file.

  4. Restart eSight to make the configuration take effect. For details, seeHow Do I Restart the eSight System.

    If this is the first eSight system interconnected to CloudOpera, eSight is displayed on the System Type under System Access of CloudOpera after the configuration is complete.

  5. Configure the CloudOpera system information on eSight.

    1. Log in to the eSight client as the admin user. Access eSight at https://eSight system IP address:31943.
    2. On the main menu, choose System > System Settings > Northbound Integration.
    3. In the left navigation pane, choose Third-party System Settings.
    4. Click Create, and set parameters in the Third-party System area.
      • IP address: Management IP addresses of the active and standby nodes where the RESTConnectorService microservice of the CloudOpera O&M plane resides, as well as the floating IP address. Each time you can configure only one IP address. Therefore, you need to create information about the third-party system for each IP address.
        NOTE:

        If RESTConnectorService is deployed in single-node mode, set the management IP address of the node where the RESTConnectorService microservice of the CloudOpera O&M plane resides.

      • Protocol type: Select HTTPS.
      • System ID: Use the default value.
    5. Click OK.

Setting Interconnection Parameters on CloudOpera

This section describes how to connect eSight to CloudOpera.

Prerequisites
  • You have obtained the system IP address of the eSight server.
  • You have obtained the ossuser password of the eSight server.
Procedure
  1. (Optional) Export the eSight certificate. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to export the eSight certificate.

    NOTE:

    If the user-provided certificate is used, follow instructions in Operation and Maintenance > Maintenance Guide > Security Maintenance > Security Certificates > Replacing the business Certificate > Updating the Preset PKI Certificate of eSight in the eSight Product Documentation to replace the default eSight certificate. Then export the CA certificate matching the new certificate and import into CloudOpera for interconnecting with eSight.

    1. Use the FileZilla tool to log in to the eSight server as ossuser.
    2. Download the eSight certificate file huaweica.der to local from the directory /opt/eSight/mttools/etc/certificate/pki, and rename to huaweica.crt.

  2. (Optional) Import the eSight certificate to CloudOpera. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to import eSight certificate into CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.
    2. In the left navigation tree, choose Certificate Management > Trust Certificate.
    3. Click Upload on the displayed page.
    4. Service name selects Driver, click the File Name input box, and select the eSight certificate file obtained in 1.

    5. Click Submit to import the eSight certificate file to the system.

      You do not need to import the eSight certificate when the system prompts that the certificate already exists when importing the eSight certificate.

  3. Create a eSight system in CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.
    2. Click eSight.
    3. Click Create. On the Create Interconnected Systems page, enter related information based on descriptions in Table 9-6.
      NOTE:

      Table 9-6 only describes the basic information parameters that need to be set.

      Table 9-6 Basic parameters

      Parameter

      Description

      Example

      System name

      Indicates the system name of the eSight that interconnects with CloudOpera.

      eSight

      Version

      Indicates the version of the eSight that interconnects with CloudOpera. Set it to v1.

      v1

      IP address/Domain name

      Set it to the eSight server IP address.

      192.168.8.9

      Driver name

      Indicates the drive type of eSight that interconnects with CloudOpera. Set it to plugin_driver_hw_esight.

      plugin_driver_hw_esight

      Deploy zone

      Indicates the region of eSight that interconnects with CloudOpera.

      Global

      Logical position

      Indicates the logical position type of eSight, set it based on the logical locations plan of CloudOpera.

      North of China

    4. Click Next. On the Create Interconnected Systems page, enter related information based on descriptions in Table 9-7.
      Table 9-7 Protocol parameters

      Parameter

      Description

      User Name

      Indicates the eSight user name for interacting with the DriverFramework service of CloudOpera. Set it to eSight.

      Encryption Algorithm

      Indicates the abstract encryption algorithm of eSight. Set it to SHA-256.

      Password

      Indicates the password of eSight user for interacting with the DriverFramework service of CloudOpera. Set it to Changeme_123.

    5. Click OK to connect eSight to CloudOpera.
      • If eSight is connected successfully, the connection status is displayed as .
      • If eSight fails to be connected, check the parameter settings as prompted. Click

        to modify the interconnection parameters. After the modification, click to test the connectivity.

        If the test succeeds, the interconnection is successful.

        If the test fails, perform the following operations to delete the eSight system, and reconfigure eSight. If the interconnection fails again, contact Huawei technical support engineers.
        1. Click to delete eSight.

          If eSight fails to be deleted, contact Huawei technical support engineers.

        2. (Optional) Delete the trust certificates related to eSight. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to delete the trust certificates related to eSight.
          1. Choose Certificate Management > Trust Certificate to view the trust certificate list.
          2. Delete the trust certificates that contain eSight in the Issued By column.

Interconnecting with eSight (Configuring the APIGateway to Interconnect with eSight)

This section describes how to interconnect with eSight when the eSight is installed in the traditional installation mode or image installation mode, and the eSight is deployed in different security regions with CloudOpera. After the interconnection, you can use CloudOpera to manage devices connected to eSight.

Creating User for Interacting with the ApiGateway in CloudOpera

Before interconnecting CloudOpera with eSight, create the user for interacting with the ApiGateway on the CloudOpera O&M plane. If multiple eSight systems interconnect to CloudOpera, you need to create the user for each eSight system.

Prerequisites

Log in to the CloudOpera O&M plane as the admin user.

Procedure
  1. Create the drivermgr role.

    1. Choose Security > User Management from the main menu.
    2. Select Roles in the navigation tree on the left and click Create.
    3. Set the role name to drivermgr, and click Next.
    4. Click Next.
    5. Click to expand the application-level operation permissions panel, and find the System Access and Driver Management permissions, select the following permissions:
      • Select System Access Query permission in the System Access.
      • Select Configuration Management and DriverInstance Management permissions in the Driver Management.
        NOTE:

        For different versions of CloudOpera, the Driver Management name may not be consistent. If the Driver Management does not exist, select Driver LifeCycle Management.

    6. Use default values for other parameters, and click Finish.

      If the created role is displayed in the role list, the role is created successfully.

  2. Create the eSight user for interacting with the ApiGateway.

    1. Select Users in the navigation tree on the left and click Create.
    2. Configure basic information about the user and click Next.

      Configuration item

      Configuration Description

      User name

      Set the user name as prompted, but cannot be eSight.

      Password

      Set the password as prompted, for example, Changeme_123.

      Type

      Set the type to Third-party system access.

      Advanced Settings

      If the option Change the password at the first login is in the advanced settings, ensure that this option is not selected.

    3. Select the following roles and click Next:
      • NBI User Group/APIManager
      • The role to invoke southbound APIs
      • drivermgr
      NOTE:

      For different versions of CloudOpera, the role name may not be consistent.

      • NBI User Group/APIManager: If NBI User Group and APIManager both exist, select APIManager.
        In the HKT scenario, select the following roles:
        • gateway.apis.deleteOperation
        • gateway.apis.getOperation
        • gateway.apis.postOperation
        • gateway.apis.putOperation
      • The role to invoke southbound APIs: If The role to invoke southbound APIs does not exist, select southapis.roles.operation.
    4. Click Finish.

Setting Interconnection Parameters on eSight

Describes the configuration operations for interconnecting eSight with CloudOpera, including synchronizing the certificate for interconnecting, modifying the configuration file, and configuring an IP address whitelist.

Prerequisites
  • Information in Table 9-8.
    Table 9-8 Information to be collected on eSight

    Item

    Subitem

    eSight

    System IP address of the eSight server.

    Password of the ossuser user on the server. The default password of the ossuser user is Changeme_123.

  • Information in Table 9-9 has been collected.
    Table 9-9 Information to be collected of CloudOpera

    Item

    Subitem

    Example

    Microservice APIMLBService on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect information about the APIMLBService microservice in the region where eSight is interconnected. In other scenarios, collect information about the APIMLBService microservice in the global region.
    • If two DCs are deployed in cold standby mode, collect the floating IP address and port information of the APIMLBService microservice in the active and standby DCs.
    • The APIMLBService microservice belongs to the ApiMgr or MinApiMgr service. The process of the service is apimlb.

    Floating IP address

    192.168.10.12

    Port number, which has a fixed value of 26335.

    26335

    Microservice RESTConnectorService on the O&M plane

    NOTE:
    • In the multi-region deployment scenario, collect the RESTConnectorService microservice information of the O&M plane in the region where eSight is interconnected. In other scenarios, collect the RESTConnectorService microservice information of the O&M plane in the Global region.
    • If two DCs are deployed in cold standby mode, collect the management IP addresses and floating IP address of the RESTConnectorService microservice in the active and standby DCs.
    • The RESTConnectorService microservice belongs to the DrvFrm service. The process of the service is restconnectorservice.

    Management IP address

    192.168.10.13

    192.168.10.14

    Floating IP address

    NOTE:

    If RESTConnectorService is deployed in single-node mode, no need to collect the floating IP address.

    10.10.10.13

  • You have obtained the trust.jks certificate of APIMLBService on the O&M plane.
Procedure
  1. Upload the trust.jks certificate to /opt/eSight/AppBase/etc/ies of the eSight server.

    1. Use the FileZilla tool to log in to the eSight server as ossuser.
    2. Upload the trust.jks certificate to /opt/eSight/AppBase/etc/ies of the eSight server.
    3. Use the PuTTY tool to log in to the eSight server as ossuser.
    4. Run the following commands to change the file permission in the eSight server.

      cd /opt/eSight/AppBase/etc/ies

      chmod 600 *

  2. Run the following operations to modify the parameters in the configuration file related to interconnection with CloudOpera.

    1. Run the following commands to modify the configuration parameters:

      cd /opt/eSight/AppBase/tools

      ./modifyConfig.sh

      The following information is displayed:

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      
      7     ApiGateway_Host_Port    
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  
      11    eSight_Token_Name       
      12    eSight_Token_Value      
      13    ApiGateway_Token_Time   
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           @0102000000007a3aa5a805cca36a1690214a343276bc78bfb8782f7b965bc36f0ac4583ebd89
      Please input the number of key(q to quit):
    2. Repeat the following operations to set the parameters in Table 9-10 one by one.
      1. Enter the sequence number of a parameter and press Enter. For example, enter 17 and press Enter, the following information is displayed:
        Please input the value of TrustStorePwd(q to cancel):
      2. Enter the value of the parameter and press Enter.
        The entered value for the parameter is displayed under Value, indicating that the configuration is successful.
        Table 9-10 Configuration Parameter Description

        Parameter

        Description

        Example

        TrustStorePwd

        Mandatory.

        The password of trust.jks certificate. After the configuration, the encrypted password is displayed in the configuration file.

        -

        ApiGateway_Host_IP

        Mandatory.

        Floating IP address of the APIMLBService microservice. For details, see Table 9-9.

        NOTE:

        If two DCs are deployed in cold standby mode, set this parameter to the floating IP address of the APIMLBService microservice of the active DC.

        192.168.10.12

        ApiGateway_Host_Port

        Mandatory.

        Port number of the APIMLBService microservice. For details, see Table 9-9. The default port number is 26335.

        NOTE:

        If two DCs are deployed in cold standby mode, set this parameter to the port number of the APIMLBService microservice of the active DC.

        26335

        ApiGateway_StandBy_IP

        Optional.

        • If two DCs are deployed in cold standby mode, set this parameter to the floating IP address of the APIMLBService microservice of the standby DC.
        • You do not need to set this parameter in other scenarios.

        192.168.10.13

        ApiGateway_StandBy_Port

        Optional.

        • If two DCs are deployed in cold standby mode, set this parameter to the port number of the APIMLBService microservice of the standby DC. The default port number is 26335.
        • You do not need to set this parameter in other scenarios.

        26335

        ApiGateway_Retry_Times

        Mandatory.

        Set it to 3.

        3

        eSight_Token_Name

        Mandatory.

        Set it to the user name (eSightAPI) created in Creating User for Interacting with the ApiGateway in CloudOpera.

        eSightAPI

        eSight_Token_Value

        Mandatory.

        Set it to the password of the user created in Creating User for Interacting with the ApiGateway in CloudOpera. After the configuration, the encrypted password is displayed in the configuration file.

        -

        ApiGateway_Token_Time

        Optional.

        indicates the request timeout interval, in minutes. The value is an integer greater than 0 and less than or equal to 600. The default value is 10 minutes.

        10

        PmdataNotToDB

        Optional.

        Configure whether to save the performance data collected by eSight to the eSight database. After the performance data is saved to the eSight database, you can view historical performance data on the eSight client. Otherwise, you can only view real-time performance data on the eSight client.

        false (default): Performance data will be saved to the eSight database.

        true: Performance data will not be saved to the eSight database.

        false

        Performance_Select

        Optional.

        Configure whether to report eSight performance data to the O&M plane of CloudOpera. After the performance data is reported, the services on the O&M plane of CloudOpera can obtain the performance data.

        true (default): eSight performance data will be reported.

        false: eSight performance data will not be reported.

        true

        Alarm_Select

        Optional.

        Configure whether to report eSight alarm data to the O&M plane of CloudOpera. If alarms are reported, administrators can view the alarms reported by eSight on the O&M plane of CloudOpera.

        true (default): Alarms data will be reported.

        false: Alarms data will not be reported.

        true.

    3. Enter q to save the modification and exit.

  3. Modify the configuration file to remove the restriction on the number of times for invoking open APIs.

    1. Run the following commands to open the roa.properties file.

      cd /opt/eSight/AppBase/etc/iemp.framework

      vi roa.properties

    2. Press i to enter the editing mode.
    3. Add the iemp.roa.access.rate.limit.enable parameter, and set the parameter value to false.
      iemp.roa.access.rate.limit.enable=false
    4. Press Esc to exit the editing mode and run the :wq command to save and exit the file.

  4. Restart eSight to make the configuration take effect, see How Do I Restart the eSight System.

    If this is the first eSight system interconnected to CloudOpera, eSight is displayed on the System Type under System Access of CloudOpera after the configuration is complete.

  5. Configure the CloudOpera system information on eSight.

    1. Log in to the eSight client as the admin user. Access eSight at https://eSight system IP address:31943.
    2. On the main menu, choose System > System Settings > Northbound Integration.
    3. In the left navigation pane, choose Third-party System Settings.
    4. Click Create, and set parameters in the Third-party System area.
      • IP address: Management IP addresses of the active and standby nodes where the RESTConnectorService microservice of the CloudOpera O&M plane resides, as well as the floating IP address. Each time you can configure only one IP address. Therefore, you need to create information about the third-party system for each IP address.
        NOTE:

        If RESTConnectorService is deployed in single-node mode, set the management IP address of the node where the RESTConnectorService microservice of the CloudOpera O&M plane resides.

      • Protocol type: Select HTTPS.
      • System ID: Use the default value.
    5. Click OK.

Setting Interconnection Parameters on CloudOpera

This section describes how to connect eSight to CloudOpera.

Prerequisites
  • You have obtained the system IP address of the eSight server.
  • You have obtained the ossuser password of the eSight server.
Procedure
  1. (Optional) Export the eSight certificate. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to export the eSight certificate.

    NOTE:

    If the user-provided certificate is used, follow instructions in Operation and Maintenance > Maintenance Guide > Security Maintenance > Security Certificates > Replacing the business Certificate > Updating the Preset PKI Certificate of eSight in the eSight Product Documentation to replace the default eSight certificate. Then export the CA certificate matching the new certificate and import into CloudOpera for interconnecting with eSight.

    1. Use the FileZilla tool to log in to the eSight server as ossuser.
    2. Download the eSight certificate file huaweica.der to local from the directory /opt/eSight/mttools/etc/certificate/pki, and rename to huaweica.crt.

  2. (Optional) Import the eSight certificate to CloudOpera. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to import eSight certificate into CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.
    2. In the left navigation tree, choose Certificate Management > Trust Certificate.
    3. Click Upload on the displayed page.
    4. Service name selects Driver, click the File Name input box, and select the eSight certificate file obtained in 1.

    5. Click Submit to import the eSight certificate file to the system.

      You do not need to import the eSight certificate when the system prompts that the certificate already exists when importing the eSight certificate.

  3. Create a eSight system in CloudOpera.

    1. Choose System > System Settings > System Access from the main menu.
    2. Click eSight.
    3. Click Create. On the Create Interconnected Systems page, enter related information based on descriptions in Table 9-11.
      NOTE:

      Table 9-11 only describes the basic information parameters that need to be set.

      Table 9-11 Basic parameters

      Parameter

      Description

      Example

      System name

      Indicates the system name of the eSight that interconnects with CloudOpera.

      eSight

      Version

      Indicates the version of the eSight that interconnects with CloudOpera. Set it to v1.

      v1

      IP address/Domain name

      Set it to the eSight server IP address.

      192.168.8.9

      Driver name

      Indicates the drive type of eSight that interconnects with CloudOpera. Set it to plugin_driver_hw_esight.

      plugin_driver_hw_esight

      Deploy zone

      Indicates the region of eSight that interconnects with CloudOpera.

      Global

      Logical position

      Indicates the logical position type of eSight, set it based on the logical locations plan of CloudOpera.

      North of China

    4. Click Next. On the Create Interconnected Systems page, enter related information based on descriptions in Table 9-12.
      Table 9-12 Protocol parameters

      Parameter

      Description

      User Name

      Indicates the eSight user name for interacting with the DriverFramework service of CloudOpera. Set it to eSight.

      Encryption Algorithm

      Indicates the abstract encryption algorithm of eSight. Set it to SHA-256.

      Password

      Indicates the password of eSight user for interacting with the DriverFramework service of CloudOpera. Set it to Changeme_123.

    5. Click OK to connect eSight to CloudOpera.
      • If eSight is connected successfully, the connection status is displayed as .
      • If eSight fails to be connected, check the parameter settings as prompted. Click

        to modify the interconnection parameters. After the modification, click to test the connectivity.

        If the test succeeds, the interconnection is successful.

        If the test fails, perform the following operations to delete the eSight system, and reconfigure eSight. If the interconnection fails again, contact Huawei technical support engineers.
        1. Click to delete eSight.

          If eSight fails to be deleted, contact Huawei technical support engineers.

        2. (Optional) Delete the trust certificates related to eSight. If the CloudOpera is configured with the Huawei default trust certificate, you do not need to delete the trust certificates related to eSight.
          1. Choose Certificate Management > Trust Certificate to view the trust certificate list.
          2. Delete the trust certificates that contain eSight in the Issued By column.

(Optional) Interconnecting eSight and SSO Server

This chapter describes how to configure the connection to the CloudOpera UNI SSO server when eSight functions as a CloudOpera UNI SSO client.

Prerequisites
  • The SSO server certificate, such as trust.cer, has been obtained.
  • The URLs for logging in and logging out the SSO server have been obtained.
  • You have added the system IP address of eSight server to the SSO server whitelist. For details, see related documents of the SSO server.
Procedure
  1. Stop the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to stop the eSight progress:

      cd /opt/eSight/bin

      ./shutdown.sh

      Are you sure you want to stop the system? (Please enter y or n):

      Enter Y and press Enter.

      When the status of every process is STOPPED and "stopping eSight system succeeded." is displayed, the eSight service has been stopped.

  2. On the eSight server, configure the information about the SSO server and eSight server.

    1. Perform the following steps to Execute the ssoConfig.sh file:

      cd /opt/eSight/AppBase/tools

      ./ssoConfig.sh

    2. When the following information is displayed, enter the IP address and port number for accessing the SSO server in the format IP address for accessing the SSO server:31943, and press Enter.
      Please input SSO Server url(eg. 10.10.10.10:31943): 
      NOTE:

      IP address for accessing the SSO server indicates the IP address for logging in to the CloudOpera O&M plane.

    3. When the following information is displayed, input the eSight server IP address and port number. The format is eSight server IP address:31942. Press Enter.
      Please input eSight url(eg. 10.10.10.14:31942): 

  3. Import the SSO server certificate.

    1. Export the /opt/oss/Product/etc/ssl/er/trust.cer certificate file from the SSO server as ossuser.
    2. Copy the certificate exported from the SSO server to a directory, for example, /opt/eSight, on the primary and secondary eSight servers.
    3. Go to the /opt/eSight/AppBase/jre/bin directory and run the certificate import command.

      cd /opt/eSight/AppBase/jre/bin

      ./keytool -import -keystore ../lib/security/cacerts -file /opt/eSight/trust.cer -alias dtssoserver

      NOTE:
      • /opt/eSight is the directory to which the eSight certificate is uploaded. Replace it with the actual directory.
      • If the certificate already exists, run the following command to delete it and import a new one:

        ./keytool -delete -keystore ../lib/security/cacerts -alias dtssoserver

    4. When the following information is displayed, enter the certificate password (default: Changeme_123), and press Enter.
      Enter keystore password:
    5. When the following information is displayed, input y and press Enter.
      Trust this certificate? [no]:  

      The certificate is imported successfully if the following information is displayed. Otherwise, contact Huawei technical support engineers.

      Certificate was added to keystore

  4. Start the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to start the eSight progress:

      cd /opt/eSight/bin

      ./startup.sh

      When the status of every process is RUNNING and "starting eSight system succeeded." is displayed, the eSight service has been started.

  5. After configuration, verify that a user can be redirected to the CloudOpera login page when visiting the URL of eSight and the eSight page can be displayed properly after the user logs in.

    1. Access eSight at https://system IP address of the eSight server:31943.
    2. On the login page that is displayed, enter the user name and password, and click Log In.

      If the eSight home page is displayed properly, SSO configuration is successful. Otherwise, check the SSO configuration or contact Huawei technical support for troubleshooting.

Subsequent Operations

If the SSO server does not need to be connected, perform the following operations to roll back configurations for the eSight server functioning as the SSO client:

  1. Stop the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to stop the eSight progress:

      cd /opt/eSight/bin

      ./shutdown.sh

      Are you sure you want to stop the system? (Please enter y or n):

      Enter Y and press Enter.

      When the status of every process is STOPPED and "stopping eSight system succeeded." is displayed, the eSight service has been stopped.

  1. Run the following commands to save the web.xml.backup file as the web.xml file.

    cd /opt/eSight/AppBase/app/sso.app/repository/ui/sso/WEB-INF

    mv web.xml.backup web.xml

  2. Delete the SSO server information and eSight server information from eSight server.

    Modify the configuration file ssoconfig.xml.

    cd /opt/eSight/AppBase/app/sso.app/repository/ui/sso/WEB-INF/classes

    vi ssoconfig.xml

    Delete the configuration between <ssoconfig> and </ssoconfig>, as follows:

    <sso.client.isActive>true</sso.client.isActive>
    <sso.client.filters>
    com.huawei.sso.client.filter.SingleSignOutFilter,
    com.huawei.sso.client.filter.AuthenticationFilter,
    com.huawei.sso.client.filter.Cas20ProxyReceivingTicketValidationFilter
    </sso.client.filters>
    <sso.client.actionExcludes>
    /bsf/login.do,/bsf/login.action,/index.action,/index.do,/index.jsp,
    /validate.jsp,/self.jsp,/test.jsp
    </sso.client.actionExcludes>
    <sso.ssoserver.url>https://10.67.180.236:31943/unisso</sso.ssoserver.url>   
    <sso.ssoserver.privateUrl>https://10.67.180.236:31943/unisso</sso.ssoserver.privateUrl>   
    <sso.ssoserver.logoutUrl>https://10.67.180.236:31943/unisso/logout</sso.ssoserver.logoutUrl>   
    <sso.ssoserver.serverName>10.137.62.71:31942</sso.ssoserver.serverName> 
    <sso.client.sessionInitServiceImpl>com.huawei.esight.solution.sso.opensso.OpenSSOSessionInitService</sso.client.sessionInitServiceImpl>

    Table 9-13 describes the configuration items.

    Table 9-13 Parameters in the ssoconfigx.xml file

    Configuration Item

    Description

    Example

    sso.ssoserver.url

    Indicates the URL for external systems to access the SSO server.

    https://10.67.180.236:31943/unisso

    sso.ssoserver.privateUrl

    Indicates the URL for internal SSO server communications.

    NOTE:

    If no URL for internal communications is available, the value of this parameter must be the same as the value of sso.ssoserver.url

    https://10.67.180.236:31943/unisso

    sso.ssoserver.logoutUrl

    Indicates the URL for logging out of the SSO server.

    https://10.67.180.236:31943/unisso/logout

    sso.ssoserver.serverName

    Indicates the eSight IP address and port number.

    10.137.62.71:31942

    Press Esc and run the :wq command to save and exit the configuration file.

  3. Delete the certificate of the SSO server.

    cd /opt/eSight/AppBase/jre/bin

    ./keytool -delete -keystore ../lib/security/cacerts -alias dtssoserver

    When the following information is displayed, type the password of the certificate, and press Enter. The default password of certificate is Changeme_123.

    Enter keystore password:

  4. Start the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to start the eSight progress:

      cd /opt/eSight/bin

      ./startup.sh

      When the status of every process is RUNNING and "starting eSight system succeeded." is displayed, the eSight service has been started.

FAQs

This topic describes the commission FAQs and operations.

What Can I Do If the eSight Resource Data Cannot Be Reported to the Third-party System After the IT Component is Incrementally Installed
Question

What can I do if the eSight resource data cannot be reported to the third-party system after the IT component is incrementally installed?

Answer

If the IT component is incrementally installed after eSight is installed, you need to execute the changeDriver4IT.sh script on the active eSight server. Otherwise, eSight resource data cannot be reported to the third-party system CloudOpera. The changeDriver4IT.sh script checks whether to delete the configuration file global.datasource.xml based on whether the eSight IT component is installed, ensuring that the eSight resource data can be properly reported to the CloudOpera.

  1. Use PuTTY tool to log in to the eSight server as the ossuser user.
  1. Execute the changeDriver4IT.sh script.

    > cd /opt/eSight/AppBase/tools

    > sh changeDriver4IT.sh

    If the following information is displayed when the changeDriver4IT.sh script is executed the first time, the execution is successful. If the script is not executed the first time, only the information "succeeded!" is displayed.

    deleting: META-INF/spring/global.datasource.xml 
    succeed!

How Do I Restart the eSight System
Symptom

How Do I restart the eSight System?

Solution
  1. Stop the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to stop the eSight progress:

      cd /opt/eSight/bin

      ./shutdown.sh

      Are you sure you want to stop the system? (Please enter y or n):

      Enter Y and press Enter.

      When the status of every process is STOPPED and "stopping eSight system succeeded." is displayed, the eSight service has been stopped.

  2. Start the eSight service through commands.

    1. Log in to the eSight server as the ossuser user.
    2. Run the following command to start the eSight progress:

      cd /opt/eSight/bin

      ./startup.sh

      When the status of every process is RUNNING and "starting eSight system succeeded." is displayed, the eSight service has been started.

Download
Updated: 2019-05-17

Document ID: EDOC1100011860

Views: 92592

Downloads: 138

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next