No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Changing Cluster Domain Name

Changing Cluster Domain Name

Scenario

The usage range of users in each FusionInsight HD cluster is called a domain. Each cluster must have a unique domain name. System Administrators need to modify the current cluster domain name in FusionInsight Manager based on cluster deployment plan, when clusters with the same domain name exist or cross-cluster mutual trust is configured.

Impact on the System

  • During the configuration, the two clusters need to be restarted and are unavailable during restart.
  • During the configuration, the domain names will be changed, and the passwords of Kerberos administrator and OMS Kerberos administrator will be initialized. You need to use the default passwords and change the password. For details, see User Information Overview. If a component running user whose password is generated randomly by the system is used for identity authentication, see Exporting an Authentication Credential File to download the keytab file again.
  • After the cluster domain name is changed, passwords of the admin user, component running user, and the Human-machine user added by the system administrator before the domain name is changed will be reset to the same. Change the passwords. The reset password consists of two parts: one part is generated by the system and the other is set by the user. The system generating part is Admin@123 ,which is the default password. For details about the user-defined part, see descriptions of passwd_suffix in Table 11-2.
  • The new password must meet the password policies. To obtain the new Human-machine user password, log in to the active OMS as user omm and run the following script:

    sh ${BIGDATA_HOME}/om-server/om/sbin/get_reset_pwd.sh passwd_suffix [user_name]

    NOTE:
    1. In this script, passwd_suffix indicates the user setting part (Admin@123 by default), and user_name is optional (admin by default).

      For Example:

      sh ${BIGDATA_HOME}/om-server/om/sbin/get_reset_pwd.sh Admin@123
      To get the reset password after changing cluster domain name.
        pwd_min_len      : 8
        pwd_char_types   : 4
      The password reset after changing cluster domain name is: "Admin@123Admin@123"

      The password reset after changing cluster domain name is: "Admin@123Admin@123".

      In this example, pwd_min_len and pwd_char_types indicate the minimum password length and number of password character types respectively defined in the password policies. Admin@123Admin@123 indicates the Human-Machine user password after the cluster domain name is changed.

    2. The reset password after the inter-cluster domain name is changed consists of two parts: one part is generated by the system and the other is set by the user. The reset password must meet the password policy. In case of insufficient length, add one or multiple at-signs (@) between Admin@123 and user setting part. If there are five character types, add a space on the right of Admin@123.

      For example, when the default user setting part and the default user password policy are used, and the password must contain at least eight characters of four types, the new password is Admin@123Admin@123. When the user setting part is Test@123 and default user password policy is used, the new password is Admin@123Test@123. The password contains 17 characters of four types. If the current password policy must be met, process the password according to Table 11-1.

    Table 11-1 Password processing

    Minimum Password Length

    Number of Character Types

    Password Policy Satisfaction

    New Password

    8 to 17 characters

    4

    Password policies are met.

    Admin@123Test@123

    18 characters

    4

    Add an at sign (@).

    Admin@123@Test@123

    19 characters

    4

    Add two at signs (@).

    Admin@123@@Test@123

    8 to 18 characters

    5

    Add a space.

    Admin@123 Test@123

    19 characters

    5

    Add a space and an at sign (@).

    Admin@123 @Test@123

    20 characters

    5

    Add a space and two at signs (@).

    Admin@123 @@Test@123

  • After the cluster domain name is changed, download the keytab file for the Machine-Machine user added by the system administrator before the domain name is changed.
  • After the cluster domain name is changed, the "component name/hadoop.hadoop.com"component running user will change to "component name/hadoop.local cluster domain name".
  • After the cluster domain name is changed, the krbtgt/HADOOP.COM username will change to "krbtgt/local cluster domain name".
  • After the cluster domain name is changed, download and install the client again.

Prerequisites

  • The system administrator has specified service requirements and planned domain names for the clusters. A domain name can contain only uppercase letters, digits, dots (.), and underscores (_), and must start with a letter or a digit. For example, DOMAINA.HW and DOMAINB.HW.

Procedure

  1. Log in to FusionInsight Manager of a cluster.
  2. Choose Cluster > Service to check whether Running Status of all components is Normal.

    • If yes, go to Step 3
    • If no, the task is complete. See the FusionInsight HD Fault Management.

  3. Choose Cluster > Service > ZooKeeper > Configuration, click All configurations and choose ZooKeeper > System in the navigation tree. Set acl.compare.shortName to true, click Save and click OK in the confirmation dialog box that is displayed.Then choose More > Restart in the upper right corner to restart ZooKeeper, and go to Step 4.

    If acl.compare.shortName is set to true, go to Step 4.

  4. Choose Cluster > Service > KrbServer > Configuration and click All Configurations.
  5. In the navigation tree, choose KerberosServer > Realm.
  6. Change parameters.

    Table 11-2 Related Parameters

    Parameters

    Description

    default_realm

    Set the value to the domain name of the cluster. The default value is HADOOP.COM.

    passwd_suffix

    The user sets part of the Human-Machine user after password reset.The default value is Admin@123.

    NOTE:

    This parameter is only changed default_realm parameters to take effect. The following conditions must be met:

    • The password ranges from 8 to 16 characters.
    • The password must contain at least three types of the following: uppercase letters, lowercase letters, and digits, and the following special characters: `~!@#$%^&*()-_=+|[{}];:',<.>/? and space.

  7. Click Save. Click OK in the displayed window.
  8. Use PuTTY to log in to the active management node using the active management IP address as user omm.
  9. Run the following command to restart the domain update configuration:

    sh ${BIGDATA_HOME}/om-server/om/sbin/restart-RealmConfig.sh

    The command is run successfully if the following information is displayed.

    Modify realm successfully. Use the new password to log into FusionInsight again. 
    NOTE:

    After restart, some hosts and services cannot be accessed and an alarm is generated. This problem can be automatically resolved in about 1 minute after restart-RealmConfig.sh is run.

  1. Log in to FusionInsight Manager, choose Homepage > More > Restart, in the displayed dialog box, enter the password of the current login user and click OK.
  2. In the displayed confirmation dialog box, click OK.

    After the system displays Operation succeeded., click Finish.

  3. Log out from FusionInsight Manager and then log in to it again. If the login is successful, the configuration is successful.
Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 6252

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next