No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage 8.0.0 Block Storage Security Configuration Guide 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Default Accounts

Default Accounts

Table 4-1 lists the commonly used accounts.
Table 4-1 Commonly used accounts

Type

Account

Default Password

Description

Password Change Methoda

Operating system

root

Huawei@123

Account used to log in to the operating system for system maintenance.

  1. Use a KVM tool to log in to a node as user root.
  2. Run Linux command passwd, enter a new password, and confirm the new password as prompted.

dsware

IaaS@OS-CLOUD9!

Log in to the OS of a management node as user dsware to perform operations such as DSwareTool.

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run Linux command passwd, enter the old password and a new password, and confirm the new password as prompted.

fsadmin

IaaS@OS-CLOUD9!

After security of the operating system is hardened, you can log in to the operating system as user fsadmin to perform maintenance operations.

  1. Use an SSH tool to log in to a node as user fsadmin.
  2. Run Linux command passwd, enter the old password and a new password, and confirm the new password as prompted.

DeviceManager and CLI

admin

N/A

  • Account used to log in to DeviceManager.
  • Account used to log in to the CLI.
  • Account used for DSwareTool authentication.
NOTE:

The initial password is set by users during software installation.

  1. Log in to DeviceManager.
  2. Choose Settings > User and Security > Users and Roles > User Management, locate the row that contains admin, and click Modify.

REST

fc2Rest

IaaS@PORTAL-CLOUD9!

Default account used to interconnect with the solution.

Reset a password as follows:

  1. Use an SSH tool to log in to a management node as user fsadmin.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the /opt/dfv/oam/oam-u/ismcli/ismcli -u admin command and enter the password of user admin as prompted to log in to the CLI.
  4. Run the change user user_name=fc2Rest action=reset_password command and enter the old password, a new password, and confirm the new password as prompted.

FusionStorage Manager (FSM)

cmdadmin

IaaS@PORTAL-CLOUD9!

Account used for DSwareTool authentication.

Change a password as follows:

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op modpwd command, enter user name cmdadmin, the old password, and a new password, and confirm the new password as prompted.

Reset a password as follows:

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op resetpwd -id cmdadmin command, enter the new password of user cmdadmin, confirm the new password, and the password of user admin, as prompted. To run this command, you need to enter the user name and password of CLI super administrator account admin.

metadata_backup

IaaS@SERVICE-CLOUD9!

FTP account used to back up metadata.

Reset a password as follows:

1. Use an SSH tool to log in to a management node as user dsware.

2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op resetFtpsPassword -id metadata_backup command and enter the password of the CLI super administrator, the new password of user metadata_backup, and confirm the new password as prompted.

pmi

IaaS@SERVICE-CLOUD9!

Account used by FusionCare to collect information.

Reset a password as follows:

1. Use an SSH tool to log in to a management node as user dsware.

2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op resetFtpsPassword -id pmi command and enter the password of the CLI super administrator, the new password of user pmi, and confirm the new password as prompted.

ops_tool

IaaS@SERVICE-CLOUD9!

FTP account used to collect information using scripts.

Reset a password as follows:

1. Use an SSH tool to log in to a management node as user dsware.

2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op resetFtpsPassword -id ops_tool command and enter the password of the CLI super administrator, the new password of user ops_tool, and confirm the new password as prompted.

install

IaaS@SERVICE-CLOUD9!

FTP account used to install the micro services.

Reset a password as follows:

1. Use an SSH tool to log in to a management node as user dsware.

2. Run the sh /opt/dsware/client/bin/dswareTool.sh --op resetFtpsPassword -id install command and enter the password of the CLI super administrator, the new password of user install, and confirm the new password as prompted.

OAM-U

ibc_os_hs

Storage@21st

Account used for the OAM-U component to synchronize files between management nodes.

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the sh /opt/dfv/oam/oam-u/oam-gaussdb/bin/ibc_change_pwd.sh ibc_os_hs command, enter a new password, and confirm the new password as prompted.

Database

omm

IaaS@DATABASE-PublicCLOUD9!

Account used for services to access the OAM-U GaussDB database.

  1. Use a SSH tool to log in to a management node as user root.
  2. Run the sh /opt/dfv/oam/oam-u/oam-gaussdb/bin/gaussdb_change_pwd.sh omm command, enter the old password and a new password, and confirm the new password as prompted.

ommdba

IaaS@DATABASE-CLOUD8!

Account used to manage the OAM-U GaussDB database.

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the sh /opt/dfv/oam/oam-u/oam-gaussdb/bin/gaussdb_change_pwd.sh ommdba command, enter the old password and a new password, and confirm the new password as prompted.

nodemanager

huawei@123

nms database management account used to create tables and update data.

  1. Use an SSH tool to log in to a management node as user dsware.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the sh /opt/dfv/oam/oam-u/oam-gaussdb/bin/gaussdb_change_pwd.sh nodemanager command, enter the old password and a new password, and confirm the new password as prompted.

admin

Huawei12#$

Common account used by DeployManager to access the GaussDB database.

  1. Use an SSH tool to log in to the primary management node as user dsware.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the sh /opt/fusionstorage/deploymanager/servicetool/bin/modify_pwd/modify_pw.sh admin command and enter the old password, new password, password of user root of the secondary management node, and password of user dsware of the secondary management node as prompted.

dmdbadmin

Huawei12#$

Administrator account used by DeployManager to access the GaussDB database.

  1. Use an SSH tool to log in to the primary management node as user dsware.
  2. Run the su - root command and enter the password of user root to switch to user root.
  3. Run the sh /opt/fusionstorage/deploymanager/servicetool/bin/modify_pwd/modify_pw.sh dmdbadmin command and enter the old password, new password, password of user root of the secondary management node, and password of user dsware of the secondary management node as prompted.

iBMC

Administrator

Admin@9000

Account used for storage device management and maintenance.

NOTE:

This account is applicable to the 2288H V5 node with 24 NVMe SSDs, 2288H V5 node with 12 NVMe SSDs, 2288H V5 12-slot node, 2288H V5 25-slot node, 5288 V5 36-slot node, TaiShan 2280 V2 12-slot node, TaiShan 2280 V2 25-slot node, and TaiShan 5280 V2 36-slot node.

  1. Log in to the iBMC WebUI.
  2. Choose Configuration > Local Users.
  3. Locate the row that contains Administrator and click .

BIOS

-

Admin@9000

Account used to manage the BIOS of a single node as well as configure and control underlying hardware.

NOTE:

This account is applicable to the 2288H V5 node with 24 NVMe SSDs, 2288H V5 node with 12 NVMe SSDs, 2288H V5 12-slot node, 2288H V5 25-slot node, 5288 V5 36-slot node, TaiShan 2280 V2 12-slot node, TaiShan 2280 V2 25-slot node, and TaiShan 5280 V2 36-slot node.

  1. When starting a node, press Delete to enter the BIOS utility.
  2. Enter the BIOS password as prompted.
  3. On the Security page, select Set Supervisor password to change the password.

GRUB2

root

Huawei#12

Manager for starting multiple operating systems.

NOTE:

This account is applicable to the 2288H V5 node with 24 NVMe SSDs, 2288H V5 node with 12 NVMe SSDs, 2288H V5 12-slot node, 2288H V5 25-slot node, and 5288 V5 36-slot node.

  1. Use a KVM tool to log in to a storage node as user root.
  2. Run the grub2-mkpasswd-pbkdf2 command to generate an encrypted password.
  3. Use the password generated in 2 to replace the old password in /etc/grub.d/00_header.
  4. Run the following command for the modification to take effect:
    • Legacy mode: grub2-mkconfig -o /boot/grub2/grub.cfg
    • UEFI mode: grub2-mkconfig -o /boot/efi/EFI/euleros/grub.cfg

Huawei#12

Manager for starting multiple operating systems.

NOTE:

This account is applicable to the TaiShan 2280 V2 12-slot node, TaiShan 2280 V2 25-slot node, and TaiShan 5280 V2 36-slot node.

  1. Use a KVM tool to log in to a node as user root.
  2. Run the grub2-mkpasswd-pbkdf2 command to generate an encrypted password.
  3. Use the password generated in 2 to replace the old password in /boot/efi/EFI/euleros/grub.cfg.

a: You are advised to change the default password immediately after you log in to the storage system for the first time. You can periodically change your login password for security purposes.

To facilitate fault location and system maintenance, the bash history file of user root is backed up to the following directories. Delete the file as required:

  • FSA nodes: /var/log/oam/fsa/data/sys-root_history.log.*
  • FSM nodes: /var/log/oam/fsm/manager/run/root_bash_history

FusionStorage block storage also provides internal accounts listed in Table 4-2. These accounts can only be used to manage the system but cannot be used to log in to the system.

You can delete an internal system account by logging in to the Linux operating system and running the userdel command. However, if an internal account is deleted, some system functions will be affected. Do not perform this operation.

Table 4-2 Internal system accounts

Account

Description

bin

bin account

daemon

System account for controlling background processes

adm

adm account

lp

Printing service account

sync

Synchronization service account

shutdown

Shutdown service account

halt

Halt service account

mail

Email service account

operator

Operator account

games

games account

ftp

FTP account

nobody

Anonymous account

systemd-bus-proxy

systemd-bus-proxyd account, which is used by the systemd-bus-proxyd process to connect standard I/Os or sockets to a specified bus address

systemd-network

systemd-networkd account. systemd-networkd is a system service for managing networks. It detects and configures network devices and creates virtual network devices.

dbus

System message bus account

polkitd

polkitd service account

tss

tcsd daemon account

libstoragemgmt

libStorageMgmt daemon account

setroubleshoot

setroubleshoot service account, which is used to diagnose SELinux related problems.

systemd-coredump

systemd-coredump service account.

systemd-resolve

This account is used for the network name resolution service provided by the local application.

unbound

This account is needed by the libvirt virtual component.

systemd-timesync

systemd-timesync service account.

rpc

rpcbind service account

postfix

postfix daemon account

ntp

NTP account

sshd

SSHD account

chrony

chronyd service account

abrt

abrt service account

omm

Internal operating system account used to run the OAM-U process

ommdba

Internal operating system account used to run the OAM-U GaussDB database

oam

Account used to run the Flow Tracing & Diagnosing System (FTDS) and Fault management agent (FMA) processes

fdadmin

Account used to run the DeployManager process

replication

Account used to run the replication cluster process

eds

Account used to run the EDS process

persistence

Account used to run the MDC process

Table 4-3 lists the internal account on the quorum server.

Table 4-3 Internal account on the quorum server

Account

Description

quorumsvr

If you do not enter the management account when installing quorum server software on a quorum server, account quorumsvr is used as the default management account of the software. The password is user-defined. You can use this account to log in to the quorum server to configure and manage the quorum server software as well as start and manage the processes related to the software.

Translation
Download
Updated: 2019-11-14

Document ID: EDOC1100081422

Views: 1753

Downloads: 3

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next