No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Modify the Configuration File

Modify the Configuration File

The administrators must set parameters in the <Installation directory>/AppBase/etc/oms.ros/ros_config_esight.xml file based on the following table.
Table 3-1 Configuration items in ros.xml

Parameter

Description

Mandatory/Optional

Setting

Effective Mode

webservers/rosOpenAPIROA/threadpool.thread.max

Indicates the maximum number of threadpool threads.

Optional

Data type: string

Value range: strings of digits

Default value: 100

Restart

webservers/rosOpenAPIROA/threadpool.queue.max

Indicates the maximum number of threadpool queues.

Optional

Data type: string

Value range: strings of digits

Default value: 2000

Restart

webservers/rosOpenAPIROA/roa.server.ip.white.list.enable

Specifies if the ip white enabled.

Optional

Data type: boolean

Values: true or false

Default value: true

Restart

webservers/rosOpenAPIROA/ip.white.type

Indicates type of ip white.

Optional

Data type: string

Value range: character string

Default value: jetty.openapi

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ip

Indicates the IP address of the server when the openapi interface is called.

NOTE:

In actual scenarios, third-parties can call the open API only after this IP address is replaced with the IP address of the eSight server (127.0.0.1 or 0.0.0.0 cannot be used). Otherwise, only the local host can call the open API.

Optional

Data type: string

Value range: IP addresses represented by character strings that consist of digits

Default value: 127.0.0.1

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/port

Indicates the port number when the openapi interface is called.

Optional

Data type: string

Values: Port number represented by character strings that consist of digits

Default value: 32102

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/

commonAgentHttpsPort.ssl.include.ciphers

The cipher suit list which supported in SSL communication.

NOTE:
  • eSight uses TLSv1, TLSv1.1, or TLSv1.2 to access the eSight client by default. The CBC encryption algorithm used by the TLSv1 protocol is vulnerable to attacks, especially the BEAST attack. You are advised to use TLSv1.1 and TLSv1.2 to access the eSight client.
  • This item is not configured by default, and the product will extend it. Separate cipher suits with a semicolon (;) . The priority of the cipher suite is in descending order.

Optional

Data type: string

Value range: encryption suites in character strings

Default value:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256;TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;TLS_RSA_WITH_AES_256_CBC_SHA256;TLS_RSA_WITH_AES_256_CBC_SHA;TLS_RSA_WITH_AES_128_CBC_SHA256;TLS_RSA_WITH_AES_128_CBC_SHA

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ssl.protocol

Indicates the protocol when the openapi interface is called.

NOTE:
  • This parameter is not provided by default and must be set by the user. (When this parameter is not provided, TLSv1.1 and TLSv1.2 are supported by default.)
  • As the TLSv1.2 protocol is not supported completely in jre1.7, jre1.8 is recommended when the TLSv1.2 protocol is used.

Optional

Data type: string

Values: The https protocol version supported

Default value: no default value

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ssl.keystore.path

Indicates the path for storing certificates of HTTPS connections.

Mandatory

Data type: string

Values: Paths represented by character strings

Default value: etc/certificate/application/node/nodeKeyStore.jks

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ssl.keystore.password

Indicates the certificate password for HTTPS connections.

NOTE:

The password is encrypted through the encrypt tool.

  • On Windows, the tool <Installation directory>/AppBase/tools/bmetool/encrypt/encrypt.bat must be used to encrypt the store password, and the command format is encrypt.bat 0.
  • On Linux, the tool <Installation directory>/AppBase/tools/bmetool/encrypt/encrypt.sh must be used to encrypt the store password, and the command format is ./encrypt.sh 0.

Mandatory

Data type: string

Values:

Certificate password represented by character strings that consist of digits

Default value: encrypted ciphertext in the configuration file (The password before encryption is Changeme_123.)

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/connector.class

Indicates the HTTP connection settings of the OpenAPI.

NOTE:

By default, this item is not provided and the products need to add it when it is required.

Optional

Data type: string

Values:

  • com.huawei.oms.framework.roa.server.jetty.ext.BaseSslSelectChannelConnector: SSL is used for encrypting connections.
  • com.huawei.oms.framework.roa.server.jetty.ext.SelectChannelConnectorExt: Connections are not encrypted.
NOTE:

SSL is recommended to encrypt connections.

Default value: com.huawei.oms.framework.roa.server.jetty.ext.BaseSslSelectChannelConnector

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/verify.client

Specifies whether to verify the client certificate.

NOTE:

By default, this item is not provided and the products need to add it when it is required.

Optional

Data type: string

Values: Specifies whether to verify the client certificate

Default value:"false"

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ssl.truststore.path

Indicates the path of the trust store certificate in the client. The item is mandatory if the value of item verify.client is true.

NOTE:

By default, this item is not provided and the products need to add it when it is required.

Optional

Data type: string

Values: the file path

Default value: etc/certificate/application/ca/caTrustStore.jks

Restart

webservers/rosOpenAPIROA/connectors/openapiROAConnector/ssl.truststore.password

Indicates the password of the trust store certificate in the client.

NOTE:

By default, this item is not provided and the products need to add it when it is required.

Optional

Data type: string

Values: the password of the trust store certificate

Default value: encrypted ciphertext in the configuration file (The password before encryption is Changeme_123.)

Restart

Configuration Example:

<?xml version="1.0" encoding="UTF-8"?>
<webservers>
   <webserver name="rosOpenAPIROA">
      <property name="threadpool.thread.max" value="100" />
      <property name="threadpool.queue.max" value="2000" />
      <property name="roa.server.ip.white.list.enable" value="true" />
      <property name="ip.white.type" value="jetty.openapi" />
      <connectors>
          <connector name="openapiROAConnector" type="https">
              <property name="ip" value="127.0.0.1" />
              <property name="port" value="32102" />
              <property name="ssl.keystore.path" value="etc/certificate/application/node/nodeKeyStore.jks" />
              <property name="ssl.keystore.password" value="9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d" />
          </connector>
       </connectors>
    </webserver>
</webservers>
Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044386

Views: 17155

Downloads: 84

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next