No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing the TLS Protocol Used By the LDAP Service

Replacing the TLS Protocol Used By the LDAP Service

Scenario

If OSs of the same type but different versions are installed on nodes in a FusionInsight cluster, the value of tls_protocol_min needs to be set to the TSL of the earliest version. FusionInsight Managergernager is installed, replace the TLS protocol used by the LDAP service.

Impact on the System

This operation is risky. oms ldap and Ldapserver need to be restarted, affecting cluster services.

Prerequisites

  • No alarm is reported in the cluster.
  • The active and standby management nodes can connect to the management plane gateway. To view the management plane gateway, run the cat ${BIGDATA_HOME}/om-server/OMS/workspace/conf/oms-config.ini | grep om_gateway command on the active management node as user omm.

Procedure

  1. Use PuTTY to log in to the active management node as user omm.
  2. Run the following command on the active management node to replace the TLS protocol:

    sh ${BIGDATA_HOME}/om-server/om/bin/tools/modifytls.sh --tls_protocol_min sslv3

    NOTE:

    sslv3 is a variable and you need to change it according to the actual OS version. The version of the TSL protocol is displayed by time from the earliest to the latest: sslv3 < tlsv1.0 < tlsv1.1.

    For example, if a cluster has both RedHat 6.4 and RedHat 6.8, you must set tls_protocol_min to sslv3. Otherwise, after the cluster is installed, the TSL protocol of RedHat 6.4 cannot be used and LdapClient cannot obtain data from LdapServer. As a result, the cluster is unavailable.

  3. Log in to FusionInsight Manager and choose Homepage > More > Synchronize Configurations.
  4. In the dialog box click OK.
  5. Choose Cluster > Service > LdapServer > More > Perform Rolling Restart.
  6. In the dialog box that is displayed, enter the password of the current administrator and click OK. After the Operation succeeded dialog box is displayed, click Finish. The service is restarted.
Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 5868

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next