No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Backup and Restoration Guide 03

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verifying the Integrity of ES Backup Files

Verifying the Integrity of ES Backup Files

Procedure

  1. Query the Service01 node where the MODataSetService microservice resides based on Querying the IP Address of the Node Where MODataSetService Is Deployed.
  2. Log in to the Service01 node as the sopuser user.

    The default password of the sopuser user is D4I$awOD7k.

  3. Run the following command to switch to the ossadm user:

    su - ossadm

    The default password of the ossadm user is Changeme_123.

  4. Check ES backup files.

    1. Run the following command to connect to the SFTP backup server:
      sftp sftpuserIP address of the SFTP backup server
      NOTE:
      • The user name and password of the SFTP backup server must be the same as those set when the SFTP backup server is created for ManageOne.
      • If "Are you sure you want to continue connecting (yes/no)?" is displayed during the command execution, enter yes and then press Enter.
    2. Run the following command to view the file list:

      cd /opt/oss/ManageOne/es

      NOTE:

      The directory of the SFTP backup server must be the same as the directory set when the SFTP backup server is created for ManageOne.

      ls -l

      Information similar to the following is displayed:

      -rw-r----- 1 3007 1000 3469175 Mar 26 16:44 snapshot-20190327111929-threshold_0
      -rw-r----- 1 3007 1000    1280 Mar 26 16:44 snapshot-20190327111929-threshold_0_cert
      -rw-r----- 1 3007 1000     344 Mar 26 16:44 snapshot-20190327111929-threshold_0_remark
      -rw-r----- 1 3007 1000  517265 Mar 26 16:44 snapshot-20190327111929-threshold_1
      -rw-r----- 1 3007 1000    1280 Mar 26 16:44 snapshot-20190327111929-threshold_1_cert
      -rw-r----- 1 3007 1000     344 Mar 26 16:44 snapshot-20190327111929-threshold_1_remark
      -rw-r----- 1 3007 1000    2915 Mar 26 16:44 snapshot-20190327111929-travel
      -rw-r----- 1 3007 1000    1280 Mar 26 16:44 snapshot-20190327111929-travel_cert
      -rw-r----- 1 3007 1000     344 Mar 26 16:44 snapshot-20190327111929-travel_remark
      NOTE:

      snapshot-20190327111929-threshold_0 and snapshot-20190327111929-threshold_1 are the threshold backup files, and snapshot-20190327111929-travel is the periodic report backup file. The file whose name ends with cert is the certificate of the corresponding backup file. The file whose name ends with remark is the certificate summary of the corresponding backup file.

  5. Perform the following operations to verify the integrity of backup files. You can verify only one file at a time. This step uses the snapshot-20190326164413-threshold_0 backup file as an example.

    1. Use FileZilla to download the backup file snapshot-20190327111929-threshold_0, certificate snapshot-20190327111929-threshold_0_cert, and summary snapshot-20190327111929-threshold_0_remark to the local client.
      NOTE:

      The username and password used for downloading files must be the same as those created when the SFTP backup server is created for ManageOne.

    2. Run the following command to create a temporary directory estmp in the /home/ossadm directory:

      cd /home/ossadm

      mkdir estmp

    3. Use FileZilla to upload the backup file, certificate, and summary to the /home/ossadm/estmp directory as the ossadm user.
    4. Run the following command to grant permission on the file:

      cd /home/ossadm/estmp

      chmod 660 /home/ossadm/estmp/*

    5. Run the following command to obtain the summary of the backup file:

      sha256sum snapshot-20190327111929-threshold_0

      NOTE:

      snapshot-20190327111929-threshold_0 is the threshold backup file. Replace it based on the site requirements.

      The command output consists of summary and file name, as shown in the following example:

      6dab3cdef98c0f988e98505cd6548c843cd64367a81b2c5863d6dc266c19f61b  snapshot-20190327111929-threshold_0

      6dab3cdef98c0f988e98505cd6548c843cd64367a81b2c5863d6dc266c19f61b indicates the summary of the certificate.

    6. Perform the following operations to construct the parameters required for calling the interface.

      Run the following command to obtain the certificate content:

      awk 'BEGIN{ORS="\\n"}{print $0}' snapshot-20190327111929-threshold_0_cert

      Run the following command to obtain the encrypted summary:

      cat snapshot-20190327111929-threshold_0_remark

    7. Run the following commands to verify the integrity of the backup file:

      . /opt/oss/manager/bin/engr_profile.sh

      python

      import util.httpclient

      client=util.httpclient.CommonHttpClient("IP address of the Service01 node",32018,True,False)

      client.post("/rest/mobackupservice/v1/sign/decrypt",

      {"enpryRemark":"UZpSV4fvLJepIhO7UITZ2eGJtUabuq0F8E8O9EBxcSnEiV8Qkbe+zjf0vkHGj1PnC802i1J3XtTfTv789exfwhdwisVEcPg8ZDyIDNdMRSxDtu6mrfzSJOACCiMdTBzXrz3aBbkR2Hu/JsZ5AqAQrmqxtd5uKoR3TT3DwwMADSEPE46oesQhCnH8AD+kxpLL7gbniqYKPtJ/cafq+ZPKn2x+a49k8/D8zP+h14BJ9Hso3FPWQxRYdtyv0ynUZwx99D5hLfsSMq5wks2rMs5fJEWhCTSGXXYmHQ2fSzWTMYCSXfpPbJ24MiqsjUy6jq2Jo02ZeWYdd6JJYoyZQimkzg==","cert":"-----BEGIN CERTIFICATE-----\nMIIDkzCCAnugAwIBAgIJAMc2+DBuj6hPMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAmNuMQ8wDQYDVQQKDAZIdWF3ZWkxFzAVBgNVBAsMDkh1YXdlaVNvZnR3YXJl\nMRYwFAYDVQQDDA1zZWNvbmRBZ2VudENBMB4XDTE5MDMyNjE0NTk0MFoXDTIyMDMy\nNjA2NTkzM1owNjELMAkGA1UEBhMCQ04xDzANBgNVBAoMBkh1YXdlaTEWMBQGA1UE\nAwwNd3d3Lmh1YXdlaS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALbKx3jyL4eJNcoWU05gS3EaI49IucXAz+NoBuA7mK4f5YiI8Dt6maxpb+QCD/rP\nWNlqABwWWaD7Bhiuy13M2McR6ZF3amY740c5e0CHn6nBVYfIksGd5xmfO6Fb4QpH\nqMv8iFNoQMCQB/Vt8t25ikdO7BMfPnQWXfHImUgfPrOLR94jN+3zKm0bMhw6tL/v\nh3AnuEo1aPSTjBQgIHl4l3iHNFtEfHaN18wO7dW4KnW/rGUdcIgRYFeLIGLHjivc\nvgvYPKnNsgyhAA7CtMrRfaT+gbvD0fQ/gS1wSR/IySHKIXxZD0L5rF8vlyK/qd9X\nyxruAqyKN3MwOFlP7o9HrfkCAwEAAaOBijCBhzAMBgNVHRMBAf8EAjAAMB8GA1Ud\nIwQYMBaAFF9fuwjvD46/u5R9fUbDOtRMAYRcMB0GA1UdDgQWBBRYIxPHfGG6IgwC\nMkVSzlV5Zh5F+zAOBgNVHQ8BAf8EBAMCA+gwJwYDVR0lBCAwHgYIKwYBBQUHAwEG\nCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAbGcwmf7Hfs+p\nBLjeH45Aj4fCRS0GiuaRtu0Pow2UmZR/m4SeV9qIwkbQNbmZ6RCypc9sA6GzavVv\ntgL2b158vCE7+AWPmR5T0Yx3V5oFNXkV3jIfW1JoUy2Rou6QT+a0IPY0LnaTaXK8\nVaI1Sv0X9nyMM1o8yUgpQlUWzViXxP/gpGOXf4hUlN1P3zSI0200VOMUyMXv5KRX\ngBMzhnF0VjhLPOhuPFOXmJ593eftfmICAJa0d+jYsTGsAoDb/CD2keeomNZ18YA3\nDFjJfM1FpgMODelyj1K4nJABtv8iEeNSEeKTbqKRbKi1w+DC9d7+ESn3u0aO4AFs\nEe4kOJ1Nnw==\n-----END CERTIFICATE-----\n"})

      NOTE:
      • To construct the parameter {"enpryRemark": "Encrypted summary", "cert": "Certificate content"}, you need to replace the encrypted summary and certificate content based on the site requirements.
      • The interface calling parameters behind client.post("/rest/mobackupservice/v1/sign/decrypt",{"enpryRemark": "Encrypted summary", "cert": "Certificate content"}) can be obtained in 5.f.
      • In the command output, if the value of decryptRemark is the same as the value of summary in 5.e and the value of isValidCert is true, the verification is successful.
      (200, '{"decryptRemark":"6dab3cdef98cf988e98505cd6548c843cd64367a81b2c5863d6dc266c19f61b","isValidCert":"true"}')
      • If isValidCert is true but the value of the summary is different from the value in 5.e, the certificate is normal. The backup file may be tampered with and the verification fails.
      • If other information is displayed, the certificate is invalid and the verification fails. For example:
      (200, '{"decryptRemark":null,"isValidCert":"false"}')
    8. Run the following command to roll back to the ossadm user:

      exit()

  6. Delete the process file and delete the entire temporary folder.

    rm -rf /home/ossadm/estmp

Translation
Download
Updated: 2019-06-14

Document ID: EDOC1100062366

Views: 774

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next