No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Alarm and Event Reference 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ALM-34996 Node User Password Is About to Expire

ALM-34996 Node User Password Is About to Expire

Description

This alarm is reported when the ICAgent detects that the password of a node user will expire in no more than seven days.

Attribute

Alarm ID

Alarm Severity

Alarm Type

34996

Critical

Environment alarm

Parameters

Parameter Name

Parameter Description

hostName

Indicates the host name.

hostIP

Indicates the host IP address.

userName

Indicates the username for logging in to the node.

passwordExpiredTime

Indicates the password expiration date.

Impact on the System

  • The password of the user on the faulty node is invalid.
  • After the password expires, services logged in to by the user password cannot be provided.

System Actions

None

Possible Causes

The password of the user on the faulty node is about to expire. You need to change the password.

Procedure

  1. Check the location information of the alarm.

    1. Use a browser to log in to the FusionStage OM zone console.
      1. Log in to ManageOne Maintenance Portal.
        • Login address: https://Address for accessing the homepage of ManageOne Maintenance Portal:31943, for example, https://oc.type.com:31943.
        • The default username is admin, and the default password is Huawei12#$.
      2. On the O&M Maps page, click the FusionStage link under Quick Links to go to the FusionStage OM zone console.
    2. Choose Application Operations > Application Operations from the main menu.
    3. In the navigation pane on the left, choose Alarm Center > Alarm List and query the alarm by setting query criteria.
    4. Click to expand the alarm information. Record the values of hostIP and hostName.

  2. Use PuTTY to log in to the manage_lb1_ip node. Run the following command to ping the IP address of the hostIP and check where the network is normal:

    The default username is paas, and the default password is QAZ2wsx@123!.

    ping hostIP

    • If the network is normal, go to 9.
    • If the network is abnormal, go to 3~8.

  3. Use PuTTY to log in to the manage_lb1_ip node.

    The default username is paas, and the default password is QAZ2wsx@123!.

  4. Run the following command and enter the password of the root user to switch to the root user:

    su - root

    Default password: QAZ2wsx@123!

  5. Run the following command to check whether the node corresponding to the queried hostIP is a management zone node:

    kubectl get node hostName -oyaml | grep 'com.huawei.project/name'

    labels:     
     com.huawei.project/name: fst-manage

    Check whether the value of com.huawei.project/name is fst-manage.

    • If yes, the node is a management zone node. Go to 6.a.
    • If no, the node is a data zone node. Go to 6.b

  6. Query the IP address for logging in to the node.

    1. Run the following command to query InternalIP of the node:

      kubectl get node hostName -oyaml | grep -B 2 InternalIP

    2. Run the following command to query ExternalIP of the node:

      kubectl get node hostName -oyaml | grep ExternalIP

  7. Run the following command switch to the paas user:

    su - paas

  8. Run the following command to go to the node using the IP address queried in 6:

    ssh IP

  9. Use PuTTY to log in to the faulty node based on the value of the hostIP parameter.

    Default username: paas. Default password: QAZ2wsx@123!

  10. Run the following command to change the password based on the value of userName in the alarm details displayed on the GUI, for example, userName: paas:

    passwd paas

    Information similar to the following is displayed:

    Enter the new password again for the new password to take effect.

  11. Wait for 10 minutes and check whether the alarm is cleared.

    • If yes, go to 12.
    • No. Contact technical support.

  12. Use PuTTY to log in to the manage_lb1_ip node.

    The default username is paas, and the default password is QAZ2wsx@123!.

  13. Run the following command and enter the password of the root user to switch to the root user:

    su - root

    Default password: QAZ2wsx@123!

  14. Check whether the node is statically managed.

    kubectl get node {nodename} -n fst-manage -o yaml

    {nodename} indicates the node name. You can obtain it from the alarm details page on the console.

    Check whether the image field exists under spec in the command output.
    • If no, the node is managed statically. Go to 15.
    • If yes, the node is managed dynamically. No further action is required.

    If you change the password of the management account, you are advised to change the password in the secret. Otherwise, the node managed statically may fail to be deleted.

  15. Modify the password contained in the secret.

    1. Run the following command to encode the new password (for example, qwe@123) to Base64 format:

      vim mysecret

      Enter the password to be encrypted and save the file.

      Encode the password to Base64 format.

      cat mysecret | tr -d '\n' |base64 > mysecretbase64

      vim mysecretbase64

      Make a note of the encrypted data, for example, Q2hhbmdlbWVfMTIz.

      Delete the mysecret and mysecretbase64 files.

      rm mysecret mysecretbase64

    2. Query the secret name.

      kubectl -n fst-manage get node manage-cluster5-8c33829c-drd4h -oyaml|grep -5 loginSecret

      NOTE:

      In the preceding command, fst-manage indicates the namespace, which can be obtained by running the kubectl get node --all-namespaces|grep manage-cluster5-8c33829c-drd4h command; and manage-cluster5-8c33829c-drd4h indicates the node name. Change them as required.

      In the command output, the value of name under loginSecret is the secret name.

      loginSecret:    
         name: manage-cluster5-8c33829c-drd4h
    3. Run the following command to change the password of the secret:

      kubectl edit secret -n fst-manage {Secret name queried in 15.b}

      Press i to enter the edit mode, and replace the value of pwd with the encoded password obtained in 15.a. After the modifications, Press Esc to switch to the command mode. Run the :wq! command to save the change and exit.

Alarm Clearing

  • This alarm is cleared when the ICAgent detects that the user password on a node will expire in more than seven days.
  • If the node is deleted, you need to manually clear the alarm.

Related Information

None

Translation
Download
Updated: 2019-08-30

Document ID: EDOC1100062365

Views: 34994

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next