No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Troubleshooting Guide 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Common Faults

Common Faults

This section describes how to troubleshoot routine faults.

Failed to Access the Login Page of ManageOne

Symptom

Users cannot access ManageOne Maintenance Portal, Deployment Portal, or Operation Portal.

Possible Causes

The loss of working directories required for the running of ManageOne services causes the startup failure of background services.

Procedure
  1. Use PuTTY to log in to the regionAlias-ManageOne-Deploy01 node as the sopuser user.

    The default password is D4I$awOD7k.

  2. Run the following command to switch to the ossadm user:

    su - ossadm

    The default password is Changeme_123.

  3. Perform the following commands to restore the working directories required for the services:

    . /opt/oss/manager/bin/engr_profile.sh

    cd /opt/oss/manager/agent/rtsp/mccommon/tools/shscript

    sh ossrunpy.sh TroubleRecoveryMgmt recreateDirectories

    If "End to create tmp dir for Services." is displayed, the task is complete. Check whether the command output contains failed.

    • If it does not, the task execution is successful.
    • If it does, contact technical support for assistance.

  4. Run the following commands to start the services:

    ipmc_adm -cmd startbus

    ipmc_adm -cmd startapp

    Check whether the command output contains failed.

    • If it does not, the task execution is successful.
    • If it does, contact technical support for assistance.

  5. Repeat 1 through 4 to log in to the regionAlias-ManageOne-Deploy02 node to complete the fault rectification.
  6. Check whether you can log in to ManageOne web client again.

    • If yes, no further action is required.
    • If no, contact technical support for assistance.

Operation Portal Login Failure Caused by PKI Certificate Expiration

The PKI certificate has expired, causing the failure in logging in to Operation Portal. To prevent system security risks caused by certificate expiration, you are advised to periodically update certificates.

Procedure

For details about how to update a PKI certificate, see "Manually Updating the PKI Certificate" in HUAWEI CLOUD Stack 6.5.0 Security Management Guide.

Maintenance Portal and Operation Portal Login Failures Caused by ER Certificate Expiration

The ER certificate has expired, causing the failure in logging in to Maintenance Portal and Operation Portal. To prevent system security risks caused by certificate expiration, you are advised to periodically update certificates.

Prerequisites
  • You have obtained and saved the following certificates to a PC, and obtained the password of the identity certificate private key:
    • server.cer: identity certificate file
    • server_key.pem: private key to the identity certificate file
    • trust.cer: trust certificate file
Context
  • The ER certificates are stored in the /opt/oss/Product/etc/ssl/er directory on all product nodes.
  • Files related to the ER certificates are as follows:
    • cert_pwd: file used to store the encrypted passwords of the identity certificates
    • manifest.json: certificate configuration file
    • server.cer: identity certificate file
    • server_key_crypto.pem: private key to the identity certificate file
    • server.p12: certificate in .p12 format
    • server_key.pem: private key to the identity certificate file
    • trust.cer: trust certificate file
    • trust.jks: trust certificate file in .jks format

    When the ER certificates are updated, ManageOne automatically generates the manifest.json, server.p12, and trust.jks files.

Precautions
  • When the ER certificate is updated, the system automatically backs up the old ER certificate to the /opt/oss/manager/var/tmp/er_Random code directory on the Deploy node.

    For example: /opt/oss/manager/var/tmp/er_202022222

  • Services are automatically stopped and restarted so that the certificates can take effect after the update. You are advised to perform this operation in off-peak hours.
  • Restart processes of active and standby nodes in the following sequence to prevent an active/standby switchover:
    1. Stop processes on the standby node.
    2. Update certificates on the standby node.
    3. Stop processes on the active node.
    4. Update certificates on the active node.
    5. Start processes on the active node.
    6. Start processes on the standby node.
  • For details about how to determine the active and standby Deploy nodes, see Determining the Active and Standby Nodes of the Deployment System.
Procedure
  1. Use PuTTY to log in to a Deploy node as the sopuser user.

    The default password is D4I$awOD7k.

  2. Run the following command to switch to the ossadm user:

    su - ossadm

    The default password is Changeme_123.

  3. Run the following command to create a directory for storing the certificates:

    mkdir -p /tmp/cer/service

  4. Use WinSCP to upload the ER certificates to the temporary directory /tmp/cer/service on the Deploy node as the ossadm user.
  5. Run the following commands on PuTTY to set the certificate owner group and permission as the ossadm user:

    chown ossadm:ossgroup -R /tmp/cer/service

    chmod 700 /tmp/cer/service

    find /tmp/cer/service -type f | xargs chmod 600

  6. Run the following commands to update the ER certificates:

    cd /opt/oss/manager/apps/UniEPService/tools/common

    bash updatecertificate.sh -certtype er -certpath /tmp/cer/service

    Information similar to the following is displayed:

    Replacing the er certificates...please  waiting.
    1.management
    2.product name
    Please select the number of the product information:

  7. Input the number for the product and press Enter.

    The following information is displayed:

    Replacing the certificate will interrupt services. Are you sure you want to continue? (y/n)

  8. Enter y and press Enter.

    If the following information is displayed, enter the passwords for the new certificates and set new passwords for the new certificates:

    Please input the old password of new certificate:
    Password: 
    Please input the new password of new certificate:
    Password: 
    Please confirm the new password of new certificate:
    Password: 
    The new passwords must meet the following complexity requirements:
    • Contain 10 to 32 characters.
    • Be a combination of the following four types of characters:
      • At least one uppercase letter
      • At least one lowercase letter
      • At least one digit
      • At least one special character like ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ ` { _ | } ~
    • The password cannot contain double quotation marks (") and single quotation marks (') at the same time.
    • Contain no more than three identical consecutive characters.
    • Contain no more than four identical characters.
    The system automatically stops the service of the product node, and updates the ER certificate, and then starts the service of the product node.
    • If the following information is displayed, the ER certificates have been updated. Perform 9 to 10.
      Certificates replaced successfully.

  9. Use a browser to log in to ManageOne Maintenance Portal or Operation Portal. If the login is successful, the certificate has been updated successfully. Otherwise, contact technical support for assistance.
  10. Delete the ER certificate uploaded to the temporary directory on the Deploy node.

    1. Use PuTTY to log in to the Deploy node as the sopuser user.

      The default password is D4I$awOD7k.

    2. Run the following command to switch to the ossadm user:

      su - ossadm

      The default password is Changeme_123.

    3. Run the following command to delete the ER certificates from the /tmp/cer/service directory:

      rm -rf /tmp/cer/service/*

Follow-up Procedure

If you log in to ManageOne Maintenance Portal or Operation Portal using a browser, and the browser displays a message similar to "This Connection is Untrusted", you need to add the server certificate to the browser's certificates. For details, see Configuring Trust Certificates of Browsers.

Translation
Download
Updated: 2019-06-01

Document ID: EDOC1100062375

Views: 1471

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next