No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Software Installation 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Accessing FusionInsight Manager Using a Browser of an Earlier Version

Accessing FusionInsight Manager Using a Browser of an Earlier Version

Scenario

FusionInsight HDFusionInsight LibrA cluster supports the TLS 1.1 and TLS 1.2 protocols by default. However, some browsers of earlier versions, such as Mozilla Firefox 17.0.4, support the TLS 1.0 at most. If you need to use Mozilla Firefox 17.0.4 to access the cluster, you must modify the related cluster configuration files to enable the cluster to support the TLS 1.0 and cipher suites of earlier versions, and restart related services.

NOTE:

Security vulnerabilities exist when the TLS 1.0 and cipher suites of earlier versions are used, so use with caution. You are advised to upgrade the browser.

Procedure

  1. Use PuTTY to log in to the active management node as user omm.
  2. Run the following commands to modify the server.xml file:

    cd ${OM_TOMCAT_HOME}/conf

    vi server.xml

    In the opened file, locate sslEnabledProtocols at three places and change the TLSv1.1,TLSv1.2 parameter value to TLSv1,TLSv1.1,TLSv1.2.

    Then, find the ciphers (two in total) in this file and add "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SH" to the supported cipher suites.

    NOTE:

    For the Mozilla Firefox 17.0.4 of SUSE 11.3, delete sslEnabledProtocols = "TLSv1.1,TLSv1.2" and the encryption algorithm configuration of ciphers.

  3. After the modification, restart the Tomcat service. Then you can access FusionInsight Manager. If you need to access the WebUIs of components using the Firefox browser, perform Step 4.

    1. Run jps | grep Bootstrap to query the PID of Tomcat.
    2. Run a kill -9 command, such as kill -9 1203, to forcibly stop the queried Tomcat process.
    3. Run sh ${OM_TOMCAT_HOME}/bin/startup.sh.

  4. Run the following commands to modify the httpd.conf and httpd.conf.default files:

    vi ${OM_HTTPD_HOME}/conf/httpd.conf

    vi ${OM_HTTPD_HOME}/conf/httpd.conf.default

    Find the following content in the files opened (the content appears three times in each file):

    SSLProxyProtocol  All -SSLv2 -SSLv3 -TLSv1 
    SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1

    Change the found content to the following content:

    SSLProxyProtocol All -SSLv2 -SSLv3 
    SSLProtocol ALL -SSLv2 -SSLv3
    NOTE:

    For broswers of earlier versions, such as the Mozilla Firefox 17.0.4 of SUSE 11.3, deregister the encryption algorithm configuration of SSLCipherSuite (three locations in each file).

  5. After the modification, run killall -9 httpd to forcibly stop the httpd process, and wait for the cluster to recover automatically.
  6. Wait for a few minutes, and run ps -ef | grep $OM_HTTPD_HOME to check and confirm that the httpd process is restored.
  7. Use PuTTY to log in to the standby management node as user omm, and repeat Step 2to Step 6.
Download
Updated: 2019-05-17

Document ID: EDOC1100074555

Views: 6649

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next