No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 on FusionCloud V100R006C10 Software Installation Guide 11 (Microsoft AD)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Installing Cascaded ITA/GaussDB/HDC/WI/vAG/vLB/AUS

Installing Cascaded ITA/GaussDB/HDC/WI/vAG/vLB/AUS

Recording Tenant Data

Scenarios

This task instructs software installation engineers to record tenant data to generate the tenant information file that is used for FusionAccess automated deployment.

Prerequisites
  • You have obtained the zone and project information that needs to be managed by the desktop, including tenant names, regions, project names, and username and password of the resource tenant associated with the project.
  • You have obtained the password for account gandalf and password for account root of the license server.
Procedure
  1. Use PuTTY to log in to the license server as account gandalf.
  2. Run the following command switch to user root.

    su root

  3. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  4. Run the following command to copy a copy from the default user template and start editing.

    cp /opt/fusionaccess_deploy/users/default_user.yml /opt/fusionaccess_deploy/users/Tenant information file name

    The recommended file name format is Tenant name_STD_RegionID_ProjectName.yml. If the tenant name is Tenant_vdc_test, and the region ID is sa-fb-1 and project name is FusionAccess, run the following command:

    cp /opt/fusionaccess_deploy/users/default_user.yml /opt/fusionaccess_deploy/users/Tenant_vdc_test_STD_sa-fb-1_FusionAccess.yml

  5. Use the vi command to modify the parameters of the base_info part in the newly created template file by referring to Table 5-11 as needed. After the modification is complete, save the settings and exit.

    Table 5-11 Tenant template parameters

    Parameter

    Configuration Description

    Example

    iam

    user_name

    Resource administrator username

    test

    tenant_name

    Tenant name

    Tenant_vdc_test

    project_name

    Project. The tenant needs to manage the area and project information of the desktop. The format is STD_RegionID_ProjectName.

    For example, if the Region ID is sa-fb-1 and the project name is FusionAccess, set STD_sa-fb-1_FusionAccess.

    STD_sa-fb-1_FusionAccess

    vpc_info

    vpc_name

    VPC name.

    Use the actual value set in Configuring the VPC or the actual name of the existing VPC.

    vpc-VDI

    desktop_subnet_name

    Name of the service subnet.

    Use the actual value set in Configuring the VPC or the actual name of the existing VPC.

    subnet-Desktop

    manager_subnet_name

    Name of the management subnet.

    Use the actual value set in Configuring the VPC or the actual name of the management subnet in the existing VPC.

    subnet-Manager

    ecs_info

    availabiity_zone_id

    AZ ID specified when you create the infrastructure VM.

    Obtain the AZ ID as follows:

    1. Select an operating platform based on the Region Type scenario.
      • In the Region Type I scenario, log in to cascading Service OM.
      • In the Region Type II scenario, log in to Service OM.
    2. Choose Management and Deployment > CCS > Cloud System Parameters and click Availability Zone.
    3. Find default name:ID corresponding to the AZ, which is the ID of the AZ.

    az1.dc1

    eip_info

    external_network

    External network name.

    Perform the following steps to get an available value of this parameter, and then set the parameter as needed.

    1. Use a VDC administrator or VDC operator to the ServiceCenter tenant portal.
    2. Choose Network > Elastic IP Address and click Apply for EIP.
    3. Select the corresponding AZ. You can find names of all available external networks from the External Network drop-down list.

    external_relay_network

    access_type

    Desktop access method.

    The Internet access mode means that the desktop is accessed through the ELB, and the private line access to the desktop mode means that the desktop is directly connected to the desktop through a VPN or a dedicated line.

    • 0: Both Internet access and private line access are allowed.
    • 1: The private line access is supported only.

    0

    domain_info

    domain_type

    User domain type. 0 indicates Microsoft AD.

    0

    domain_name

    Domain name

    test.vdesktop.com

    domain_user

    Domain administrator

    vdsadmin

    domain_user_pwd

    Ciphertext of the domain administrator password. It is set to the corresponding ciphertext of Cloud12#$ in the configuration file by default.

    For details about the encryption method, see Encrypting Passwords.

    -

    ms_domain_active_ip

    Primary domain controller IP

    172.16.0.11

    ms_domain_standby_ip

    Standby domain controller IP

    172.16.0.12

    ms_domain_active_dns_ip

    Primary DNS IP

    172.16.0.11

    ms_domain_standby_dns_ip

    Standby DNS IP

    172.16.0.12

    license_type

    License type. It is set to 0 by default.

    • 0: number of users
    • 1: number of concurrences

    0

Performing an Automated Installation

Scenarios

This task instructs software installation engineers to use the AutoInstall tool for automated installation of FusionAccess after writing the tenant data.

Prerequisites
  • You have obtained the password for account gandalf and password for account root of the license server.
  • You have obtained the resource tenant user name and password of the FusionAccess project.
  • You have obtained the file name of the corresponding tenant information file (for example, Tenant_vdc_test_sa-fb-1_FusionAccess.yml).
Procedure
  1. Open PuTTY, select Connection, and change Seconds between keepalives (0 to turn off) to 60.

    During remote login, ensure that the SSH session is in the persistent connection state. Otherwise, the automatic installation process will be interrupted.

  2. Log in to the license server as account gandalf and run the following command and enter the password for user root to switch to user root.

    su root

  3. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  4. Run the following command to import environment variables.

    source /root/.bashrc

  5. Run the following command and enter the password for the resource tenant of the FusionAccess project to start an automated installation.

    autoinstall file name of the tenant information file

    Use the file name of the tenant information file Tenant_vdc_test_sa-fb-1_FusionAccess.yml as an example. Run the following command:

    autoinstall Tenant_vdc_test_sa-fb-1_FusionAccess.yml

    Waite for about 30 minutes. When the value of Installation Result in the command output is Success, the automated installation is successful.

    NOTE:

    If the message "[ERROR] error occur, error message: HTTPSConnectionPool(host='compute.az0.dc0.domainname.com', port=443)…" is displayed, run the following command to restart the network services, and perform Step 5 again:

    service network restart

  6. View and record the IP address, floating IP address, user desktop login address of each FusionAccess management node, and the FusionAccess management page address, as shown in Figure 5-20.

    Figure 5-20 Parameters

  7. Check ELB connectivity.

    If Internet access is enabled, you need to use a VDC administrator or VDC operator to ManageOne operation plane and add the rules of the IP address segment of the ELB downstream network plane (obtain the value of elb_down_start_addr~elb_down_end_addr from Information Collection) to the 9443, 8443, and 8448 ports in the sg-Manager security group and the created virtual firewall. The rules that need to be added are described in Table 5-12 and Table 5-13.

    Access Internet Access Address on the Internet. If the access fails, contact the O&M personnel.
    Table 5-12 Add inbound rules for the virtual firewall

    Action

    Protocol

    Source Address

    Source Port Range

    Destination Address

    Destination Port Range

    Allowed

    TCP

    IP address segment of the ELB downstream network plane

    0

    IP address of FA-MGR-01 and FA-MGR-02

    8448

    Allowed

    TCP

    IP address segment of the ELB downstream network plane

    0

    IP addresses of FA-MGR-01 and FA-MGR-02

    8443

    Allowed

    TCP

    IP address segment of the ELB downstream network plane

    0

    IP addresses of FA-MGR-01 and FA-MGR-02

    9443

    Table 5-13 Add inbound rules for the sg-Manager security group

    Protocol

    Port Range/ICMP Type

    Source Address

    TCP

    8448

    IP address segment of the ELB downstream network plane

    TCP

    8443

    IP address segment of the ELB downstream network plane

    TCP

    9443

    IP address segment of the ELB downstream network plane

Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100021785

Views: 50342

Downloads: 112

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next