iMaster NCE-Campus Installation

Question

How do I verify downloaded software packages using the PGPVerify software?

Answer

Prerequisites

• Software packages and signature files correspond to each other and are stored in the same directory. A software package corresponds to a signature file. Signature files are released with products and their software packages.
• The extension of signature files is .asc. Generally, the names of signature files are the same as the names of software packages. That is, when the software package name is V100R020C00.zip, the corresponding signature file name is V100R020C00.zip.asc.

  Click to download .asc files.

• Obtain the PGPVerify tool that is used to verify the integrity of downloaded software packages and its public key file KEYS or KEYS.txt.
  1. Download the PGPVerify tool and its public key file KEYS or KEYS.txt.
     • For carriers: visit https://support.huawei.com/carrier/digitalSignatureAction to download the OpenPGP Signature Verification Guide package and decompress it. Obtain the PGPVerify tool and its public key file KEYS.
     • For enterprises: visit https://support.huawei.com/enterprise/en/tool/software-digital-signature-validation-tool--pgp-verify--TL1000000054, choose the latest version, and download the VerificationTools.rar package and its public key file KEYS.txt.
  2. For carriers, decompress the VerificationTools.zip package. For enterprises, decompress the VerificationTools.rar package. Obtain different versions of PGPVerify software for different OSs.
     • Windows: PGPVerify.exe (in the Windows\x86\PGPVerify TOOL directory)
     • Linux: PGPVerify-x86_64.tar.gz (in the linux\X86\bit64\PGPVerify TOOL directory)
  3. On Linux OS, use SFTP as the root user to upload the obtained PGPverify software and public key file KEYS or KEYS.txt to the server. For details about the SFTP transfer method, see Transferring Files Using FileZilla.
  4. Windows OS supports GUI-based verification and CLI-based verification. Linux OS supports CLI-based verification only.
• PGPVerify is a digital signature verification tool released by Huawei. Users can select third-party openPGP verification tools as needed.

  Tool	OS	Tool Description
  PGPVerify	Windows/Linux	It is a simple PGP verification tool released by Huawei.
  GNU Privacy Guard for Windows (Gpg4Win)	Windows	It is an official version of GnuPG for Windows OSs. Official website: https://www.gpg4win.org/ Recommended version: 2.2.1
  The GNU Privacy Guard (GnuPG)	Linux	It is a free and source-open GNU tool that implements the OpenPGP standard defined by the RFC4880 protocol. This tool is pre-installed on most Linux OSs. Official website: https://www.gnupg.org/ Recommended version: 2.0.9

GUI-based Verification on Windows OS

Procedure

1. Double-click PGPVerify.exe to start the PGPVerify tool.
2. Click Select Public Key, select the obtained public key file KEYS or KEYS.txt, and load it.
3. Click Multiple Verify and select the D:\oss\ directory to verify all files in it.
   • D:\oss\ indicates the directory that stores the signature file. Change it based on site requirements. The signature file and software package must be stored in the same directory.
   • To verify a single file, click Single Verify and select the file to be verified.
   • The green item indicates passed verification, that is, [PASS].
   • The yellow item indicates unsupported verification, that is, [WARN]. For example, the signature file or software version does not exist.
   • The red item indicates failed verification, that is, [FAIL].

     If no "WARN" or "FAIL" character is displayed, the signature file is valid. All items are displayed in green.

   If a version has multiple signature files to be verified, the version is secure only when the verification results of all files are "PASS". If the verification results contain "WARN" or "FAIL", the verification is not passed and security risks exist. In this case, re-download the software package.

CLI-based Verification on Windows OS

Open the CLI. For carriers, run the following command to verify the signature file:

> "C:\PGPVerify.exe" -k "C:\KEYS" -d "D:\oss"

Open the CLI. For enterprises, run the following command to verify the signature file:

> "C:\PGPVerify.exe" -k "C:\KEYS.txt" -d "D:\oss"

• Assume that the signature file and software package are stored in the D:\oss\ directory, and the PGPVerify tool and public key file are stored in the C:\ directory.
• Verify a single file as follows: For carriers, run the C:\PGPVerify.exe" -k "C:\KEYS" -f "D:\oss\V100R020C00.zip.asc command. For enterprises, run the C:\PGPVerify.exe" -k "C:\KEYS.txt" -f "D:\oss\V100R020C00.zip.asc command.

Information similar to the following is displayed:

[INFO]:Filter file in directory, please wait... 
 [WARN]:Can't find signature file, signed file position: D:\oss\.zip. 
 [WARN]:Can't find signed file, signature file position: D:\oss\.zip.asc. 
 [FAIL]:Invalid Signature. File path: D:\oss\.zip. 
 [PASS]:Good Signature. File path: D:\oss\.zip, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824
 [INFO]: Verify Complete. 

In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a certain file, if no "WARN" or "FAIL" character is contained in other information, the signature file is valid.

If a version has multiple signature files to be verified, the version is secure only when the verification results of all files are "PASS". If the verification results contain "WARN" or "FAIL", the verification is not passed and security risks exist. In this case, re-download the software package.

CLI-based Verification on Linux OS

Prepare the following files before verification:

• PGPVerify software: PGPVerify-x86_64.tar.gz
• Public key file corresponding to the PGPVerify software: KEYS or KEYS.txt
• Software package
• Signature file corresponding to the software package

Procedure

1. Log in to the OS as the root user.
2. Run the following commands to decompress the PGPVerify software package.

   Assume that the PGPVerify tool and public key file are stored in the /opt directory and the signature file and software package are stored in the /opt/install directory.

   # cd /opt
   # tar xvfz PGPVerify-x86_64.tar.gz

3. Run the following command to verify the signature file:

   For carriers:

   # ./PGPVerify -k KEYS -d install

   For enterprises:

   # ./PGPVerify -k KEYS.txt -d install

   To verify a single file, for carriers, run the following commands:

   # cd /opt
   # ./PGPVerify -k KEYS -f install/plugins-cloudtask-C01.zip.asc

   To verify a single file, for enterprises, run the following commands:

   # cd /opt
   # ./PGPVerify -k KEYS.txt -f install/plugins-cloudtask-C01.zip.asc

   Information similar to the following is displayed:

   [INFO]:Filter file in directory, please wait... 
    [PASS]:Good Signature. File path: install/plugins-cloudtask-C01.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/twain.dll.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/buildcloud-proxy.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/buildcloud_pvmtrans.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/plugins-cicloud-C01.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/ConfigCenter.war.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/watcher-wrapper.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/watcher.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/rpm.war.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [PASS]:Good Signature. File path: install/buildcloud-rpm.zip.asc, Public key fingerprint: B1000AC3 8C41525A 19BDC087 99AD81DF 27A74824. 
    [INFO]: Verify Complete. 

   In the preceding characters in bold, the RSA key ID is consistent with the public key ID. For a certain file, if no "WARN" or "FAIL" character is contained in other information, the signature file is valid.

   If a version has multiple signature files to be verified, the version is secure only when the verification results of all files are "PASS". If the verification results contain "WARN" or "FAIL", the verification is not passed and security risks exist. In this case, re-download the software package.

Question

The following uses PuTTY as an example to describe how to remotely log in to a host using the command line tool.

• You have downloaded PuTTY to the operation maintenance terminal running on a Windows operating system.
• The operation maintenance terminal can ping the target host.

Answer

1. (For the first login only) Configure the SSH service on the host.
   1. Log in to the host as the root user and open the GUI.
   2. Right-click a blank area on the GUI and select Open in Terminal to open the CLI.
   3. Run the vi /etc/ssh/sshd_config command and press I to enter editing mode.
   4. Change parameters PermitRootLogin and PasswordAuthentication to the following values.

      PermitRootLogin yes
      PasswordAuthentication yes

      If the parameter line starts with a number sign #, delete#.

   5. Press Esc to exit editing mode, enter :wq!, and press Enter.
   6. Run the service sshd restart command to restart the SSH service.
   7. Run the chkconfig sshd on command to enable the SSH service at system startup.

2. Use PuTTY to log in to the target host.
   1. Start PuTTY on the operation maintenance terminal.
   2. Enter the IP address and port ID 22, select SSH and click Open.

      If a window is displayed, click Yes.

3. Enter the user name root and the password as prompted on the page.

   If the following information is displayed, you have successfully logged in to the CLI on the host.

Prerequisites

You have obtained PuTTY of the latest version from https://www.chiark.greenend.org.uk/~sgtatham/putty/ and have installed it on your local PC.

Obtain PuTTY 0.70 or later.

Procedure

1. Start PuTTY.
2. In the Host Name (or IP address) text box, enter the IP address of the server that you want to log in to.

   Log in to the server using its fixed IP address to prevent floating IP address abnormalities from interrupting the SSH connection.

3. In the Connection type area, select SSH
4. In the Close window on exit area, select Only on clean exit.
5. Choose Window > Translation from the navigation tree.
6. Set Remote character set to UTF-8.

   Set Remote character set to UTF-8 every time you open PuTTY.

7. Click Open.

   If this is the first time you are using PuTTY, the PuTTY Security Alert dialog box may be displayed. Click Yes.

8. When the following information is displayed, enter a username and press Enter:

   login as:

   After the OS security is hardened, only users with the SSH permission (for example, sopuser) are allowed to log in to the server.

9. When the following information is displayed, enter the user password and press Enter:

   Username@IP address's password:

   For security purposes, change the password periodically and keep the new password secure.

Prerequisites

You have obtained latest FileZilla from https://filezilla-project.org and have installed it on your PC.

Procedure

1. Install and run FileZilla.
2. In the FileZilla window, choose File > Site Manager from the main menu.
3. In the lower left area of the Site Manager dialog box, click New Site.
4. On the General tab page, set site parameters by following the description provided in Table 6-6.
   Table 6-6 Parameters in the Site Manager dialog box

   Parameter	Description
   Host	IP address of the server.
   Port	Set this parameter to 22.
   Protocol	Set this parameter to SFTP.
   Logon Type	Set this parameter to Normal.
   User	Enter the username and password of the server. The user has permission to access the destination directory. NOTE: If security hardening is in effect, you cannot directly log in to the server as the root user in SFTP mode. Instead, you can log in to the server as a user with SFTP access permission, for example, the sopuser user.
   Password

5. Click Connect.

   If the connection fails, perform the following operations in sequence:

   1. Check whether the entered IP address, username, password, and port number are correct.
   2. Check whether FileZilla of the latest version is used.

6. In the Unknown host key dialog box, select Always trust this host, add this key to the cache and click OK.
7. In the Remote site area, set the destination directory for uploading or downloading files.

   After you set the directory, the Remote site area displays all files stored in this directory.

8. In the Local site area, set the source directory on the PC for uploading or downloading files.

   After you set the directory, the Local site area displays all files stored in this directory.

9. Perform the following operations as required.

   If You Need to...	Then...
   Upload files	In the Local site area, right-click the file to be uploaded on the PC and choose Upload from the shortcut menu.
   Download files	In the Remote site area, right-click the file to be downloaded to the PC and choose Download from the shortcut menu.

   You can click the Successful transfers or Failed transfers tab to view the operation process. If the upload or download fails, click the Failed transfers tab in the lower left area of the FileZilla window. Then right-click the file that fails to be transferred and choose Reset and requeue selected files from the shortcut menu to resume the file transfer.

10. (Optional) If you do not have the upload permission, upload the file to the /opt/backup/sopuserboot directory through SFTP and run the cp command on the OS to copy the file from the earlier mentioned directory to the target user directory. The following describes the procedure by using the ossuser user as an example:

    If the OS is not hardened, skip this step. If the OS security hardening is performed, you cannot connect to the server in SFTP mode as some users, such as the root and ossuser users. Instead, you only can connect to the server as a user with the SFTP access permission, such as the sopuser user. In this case, perform this step.

    1. Use PuTTY to remotely log in to the OS as the sopuser user in SSH mode.
    2. Run the following command to switch to the ossuser user:

       > su - ossuser

       Password:

    3. Run the following commands to switch to the directory that contains the file uploaded by the sopuser user and check whether the file is uploaded (for example, the file name is file.txt):

       > cd /opt/backup/sopuserboot

       > ls

    4. Run the following command to copy the file that has been uploaded to the ossuser user directory (for example, the /home/ossuser directory):

       > cp file.txt /home/ossuser

    5. Run the following commands to check whether the file is successfully copied to the ossuser user directory:

       > cd /home/ossuser

       > ls

    6. Run the following command to switch to the sopuser user:

       > exit

    7. Delete the file.txt file in the /opt/backup/sopuserboot directory.

       > cd /opt/backup/sopuserboot

       > rm file.txt

Question

How do I log in to the OS of a node?

Answer

According to the differences of IP address configured for the node, you can log in to the OS of a node in either of the following ways.

• Log in to the OS of the node using the service network IP address of the node.

  The service network IP address refers to the IP address connected to the external network, such as the Client Login IP Address.

  If a service network IP address is configured for the node, you can use PuTTY to log in to the OS of the node as the sopuser user using the service network IP address of the node.

  The following procedure uses logging in to the OMP node using the Client Login IP Address 10.185.173.170 as an example:

  1. Use PuTTY to log in to the Client Login IP Address 10.185.173.170 of the OMP node as the sopuser user.
  2. If information similar to the following is displayed, you have logged in to the OMP node successfully:

     Last login: Wed Apr 25 06:42:53 2018 from 10.40.16.157 
     sopuser@OMP:~>

• Log in to the OS of the node using the Inter-node Communication IP Address of the node.

  The Inter-node Communication IP Address is a private IP address (192.168.xx.xx), which is not directly connected to the external network.

  You can use PuTTY to log in to the OS of the node as the sopuser user using the Client Login IP Address of the OMP node, and then run the command to switch to the Inter-node Communication IP Address of the current node.

  The following procedure uses logging in to the OMP_02 node using the Inter-node Communication IP Address 192.168.33.8 as an example:

  1. Use PuTTY to log in to the Client Login IP Address of the OMP node as the sopuser user.

     Log in to the OMP node using its fixed IP address to prevent floating IP address abnormalities from interrupting the SSH connection.

  2. Run the following command to switch the OMP_02 node:

     > ssh sopuser@192.168.33.8

     If information similar to the following is displayed, you have logged in to the OMP_02 node successfully:

     You are trying to access a restricted zone. Only Authorized Users allowed.  
     Last login: Wed Apr 25 05:30:57 2018 from 192.168.33.6  
     sopuser@OMP_02:~>

Question

If you need to adjust the sequence of processing iMaster NCE-Campus packets, you can call a script to configure the packet priority. How do I configure the packet priority?

Answer

All iMaster NCE-Campus packets are transmitted through the same physical channel. In normal cases, packets for iMaster NCE-Campus inter-node communication and other packets (such as geographic redundancy packets and external request packets) are processed according to the arrival sequence. If you want the iMaster NCE-Campus internal packets to be processed first, you can call a script to configure the packet priority.

1. Log in to the OS of each iMaster NCE-Campus node as the sopuser user.
2. Run the following command to switch to the root user:

   > su - root

3. Run the following commands to configure the packet priority as the root user:

   # cd /opt/tools/

   # ./set_dscp.sh

   Please input a integer number 0~63, default 48:        //Enter the packet priority. The value 0 indicates the highest priority and the value 63 indicates the lowest priority. If no value is specified, the priority is defaulted to 48.
   DSCP set successfully! DSCP value is 0x30

4. Call a script as the root user to query the current inter-node communication packet priority:

   # cd /opt/tools/

   # ./get_dscp.sh

   56       //Indicates the current packet priority.

   If the command output is the same as the configured packet priority, the packet priority configuration takes effect.

Question

How do I change the Maximum Transmission Unit (MTU) value of a NIC after iMaster NCE-Campus is installed?

Answer

After iMaster NCE-Campus is installed, it will communicate with other devices on the network or iMaster NCE-Campus nodes will communicate with each other. The size of packets transmitted during communication is limited by the MTU on the network. The MTU value of the packets sent by iMaster NCE-Campus must be consistent with that defined on the network (1400). Otherwise, communication between nodes and network devices or between nodes will be abnormal.

The default MTU value for iMaster NCE-Campus to send data packets is 1500. If the MTU value is different from the MTU value defined on the network, change the MTU value of the NIC of each node to be the same as the MTU value defined on the network, to ensure that nodes communicate with each other properly on the network.

1. Use PuTTY to log in to the node to be modified of iMaster NCE-Campus as the sopuser user in SSH mode.
2. Run the following commands to switch to the root user.

   > su - root

   Password:root user password

3. Run the following commands to configure the MTU value as the root user:

   # cd /opt/tools/

   # bash mtu_modify.sh

   Current configured nics are as followed:             //After the script is executed, NICs are listed numbering from 1.
   1: eth0           
   2: eth1
   Please select nic to change MTU value, like 1,2
   : 1                        //Enter the serial number of the NIC whose MTU value needs to be modified. If multiple NICs need to be modified at the same time, separate their NIC seriel numbers with commas (,), for example, 1,2. If the serial number of the NIC is incorrect or the input format is incorrect, the CLI exits.
   Input the MTU value of eth0 [68-65535]
   : 1400                    //Enter the MTU value.
   Start to modify MTU,it will cost about several seconds, Please don't interrupt!
   ******************************<STEP 1: CHANGE CONFIGRATIONS>*******************
   Modifying MTU...
   INFO Modify MTU of netcard "eth0" successfully.
   Modifying MTU successfully.
   ******************************<STEP 1: CHANGE CONFIGRATIONS FINISH>************
   MTU has modified successfully

   The maximum MTU value varies depending on the kernel settings in different environments. If the entered MTU value exceeds the maximum MTU value, an error message is displayed. In this case, decrease the MTU value as prompted.

4. Run the ifconfig command as the root user to check whether the MTU value configuration takes effect:
   ifconfig

   eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400        
           inet 10.118.188.77  netmask 255.255.252.0  broadcast 10.118.191.255        
           inet6 fe80::9e7d:a3ff:fe18:b906  prefixlen 64  scopeid 0x20<link>        
           ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)        
           RX packets 20605186  bytes 4234258976 (3.9 GiB)        
           RX errors 0  dropped 194  overruns 0  frame 0        
           TX packets 26247756  bytes 31748104092 (29.5 GiB)        
           TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0        
           device memory 0xb0000000-b00fffff

   If the displayed MTU value is the same as the configured MTU value, the MTU value configuration takes effect.

Question

What do I do if the error message "api-ms-win-crt-runtime-l1-1-0.dll Lost", "0xc000007b", or "api-ms-win-crt-process-l1-1-0.dll Lost" is displayed when EasySuite is started?

Answer

(Recommended) Method 1

1. Check the Python version.
   1. Go to the EasySuite decompression directory\easysuite\3rdparty\Python38\ directory.
   2. Open the NEWS.txt file and check the Python version. For example, the version is Python 3.8.2.

2. Visit https://www.python.org/ftp/python and select the download path based on the Python version. For example, if the version is Python 3.8.2, select 3.8.2/ and click python-3.8.2.exe to download the installation package to the local computer and install it.
   If the installation fails and "please update your machine and then restart the installation" is displayed, perform the following operations:

   • For Windows Server 2008 R2 SP1 and later versions, download windows6.1-KB976932-X86.exe (32-bit) or windows6.1-KB976932-X64.exe (64-bit) from the Microsoft official website and install it.
   • For Windows Server 2012 R2 and later versions:
     1. Download the KB2919442 patch. Specifically, log in to https://www.microsoft.com/en-us/download/details.aspx?id=42153 and click Download. Download the KB2919355 patch. Specifically, log in to https://www.microsoft.com/en-us/download/details.aspx?id=42334 and click Download.
     2. Install the KB2919442 and KB2919355 patches in sequence.

3. Go to the EasySuite decompression directory ../easysuite/3rdparty/Python38/Lib/site-packages. Copy all files in the site-packages directory to the Python installation directory ../Lib/site-packages.
4. Copy all files in the Python installation directory to ../easysuite/3rdparty/Python38/ in the EasySuite decompression directory.
5. Restart EasySuite.

Context

Users can change their passwords on FusionInsight Manager.

Procedure

1. Log in to FusionInsight Manager.
2. Click the user name in the upper right corner of the page and select Change Password.

3. Enter the old password and new password, enter the new password again, and click OK.

4. Log in to the iMaster NCE-Campus management plane using the admin account. Open a browser. Enter https://IP address of the management plane:18102 in the address bar, and press Enter.
5. Choose Product > Software Management > Deploy Product Software from the main menu, and the management software page is displayed. Click More, and the iMaster NCE-Campus deployment details page is displayed.
6. Choose More > Modify Configurations.
7. In Configuration Item List, reset FIMANAGER_PASSWD. The password is then synchronized to the iMaster NCE-Campus.

Question

How do I view the IP addresses of the active and standby HDFS NameNode nodes in a FusionInsight cluster on the FusionInsight Manager GUI?

Answer

1. Log in to the FusionInsight Manager.
2. Choose Cluster > Service > HDFS > Instance.

   The value of Business IP of NameNode(hacluster,Active) indicates the IP address of the active NameNode node.

   The value of Business IP of NameNode(hacluster,Standby) indicates the IP address of the standby NameNode node.

Question

How do I view the internal IP addresses during iMaster NCE-Campus running?

Answer

Log in to the iMaster NCE-Campus as the root user and run the following command to view the internal IP addresses.

netstat -anp |grep port

Question

How do I change the timeout period of EasySuite?

Answer

1. Log in to EasySuite. For details, see en-us_topic_0160517905.xml.
2. Set the system timeout period.
   1. Click System Settings.
   2. On the Time Setting tab page, set Time out setting(min.) and click Save.

      The value range of Time out setting(min.) is from 10 to 1440. For security purposes, do not change the default logout time of the system. If the logout time needs to be changed during the installation, change it as required and change it back to the default 10 minutes after the installation is complete.

Question

When the controller and FusionInsight are deployed on the same physical machine, the controller fails to be installed. After the user logs in to the FusionInsight management plane, it is found that a fault alarm is generated on it and services become unavailable.

Answer

When the FusionInsight is powered off abnormally, there is a low probability that the FusionInsight cannot be restarted. As a result, the controller fails to be installed. Before installing the controller again, perform the following operations:

1. Replace the system software package.

   1. Decompress the install_Controller_distribute.zip file in the EasySuite installation directory /var/software.

   2. Obtain the config_ICMR.sh and config_ICMR_check.sh files.

      For 2288H V5 servers, obtain the files from the Config_ICMR > X86 directory.

      For TaiShan servers, obtain the files the Config_ICMR > ARM directory.

   3. Replace the config_ICMR.sh and config_ICMR_check.sh files in the install_Controller_distribute.zip and install_SDWAN_common.zip root files with the obtained config_ICMR.sh and config_ICMR_check.sh files.

2. Reinstall the FusionInsight and controller.
3. Stop the FusionInsight service.

   1. Log in to FusionInsight Manager as the admin user.

   2. On the FusionInsight Manager home page, click next to the name of the cluster to be operated and select Stop.

   3. In the displayed window, enter the password of the current login administrator user and click OK.

   4. In the displayed dialog box, click OK.

      After the system displays "Operation succeeded", click Finish. The cluster is successfully stopped.

   5. Use PuTTY to log in to the active management node as user omm.

      After security hardening is performed on the FusionInsight server, log in to the server as the sopuser user and run the su - omm command to switch to the omm user.

   6. Run the following command to stop the active OMS:

      sh ${BIGDATA_HOME}/om-server/om/sbin/stop-oms.sh

      If the following information is displayed, the OMS is successfully stopped:

      stop HA successfully.

      The active/standby management node failover takes about three minutes.

   7. Use PuTTY to log in to the standby management node as user omm.

      After FusionInsight and controller are co-deployed or the FusionInsight server is security-hardened, log in to the FusionInsight server as the sopuser user and run the su - omm command to switch to the omm user.

      The default username and password are available in iMaster NCE-Campus Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

   8. Run the following command to stop the standby OMS:

      sh ${BIGDATA_HOME}/Bigdata/om-server/om/sbin/stop-oms.sh

      If the following information is displayed, the OMS is successfully stopped:

      stop HA successfully.

   9. Restart the server.

      su - root

      reboot

4. Start the FusionInsight service.

   1. Use PuTTY to log in to the management node as user omm.

      After FusionInsight and controller are co-deployed or the FusionInsight server is security-hardened, log in to the FusionInsight server as the sopuser user and run the su - omm command to switch to the omm user.

      The default username and password are available in iMaster NCE-Campus Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

   2. Run the following command to start the OMS:

      sh ${BIGDATA_HOME}/om-server/om/sbin/start-oms.sh

      If the following information is displayed, the OMS is successfully started:

      start HA successfully.

   3. Use PuTTY to log in to the other management node as user omm.

      After FusionInsight and controller are co-deployed or the FusionInsight server is security-hardened, log in to the FusionInsight server as the sopuser user and run the su - omm command to switch to the omm user.

      The default username and password are available in iMaster NCE-Campus Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

   4. Run the following command to start the OMS:

      sh ${BIGDATA_HOME}/om-server/om/sbin/start-oms.sh

      If the following information is displayed, the OMS is successfully started:

      start HA successfully.

   5. In the address box of your browser, enter the FusionInsight Manager network address. The page can be displayed properly after the OMS automatically starts.

   6. On the FusionInsight Manager home page, click next to the name of the cluster to be operated and select Start.

      In the displayed dialog box, click OK to start the cluster. Operation succeeded is displayed. Click Finish. The service starts successfully.

Question

How do I change the time zone of the operating system after iMaster NCE-Campus is installed?

This is a high-risk operation. Exercise caution when performing this operation. Before performing this operation, communicate with technical support engineers.

Answer

1. Stop the FusionInsight cluster.
   1. Log in to FusionInsight Manager as the admin user.
   2. Choose Cluster, click Stop, enter the password in the dialog box that is displayed, and click OK. In the Stop Cluster dialog box, click OK to stop the FusionInsight cluster.

2. Change the time zone of the FusionInsight cluster.

   This operation must be performed on all FusionInsight nodes.

   1. Log in to FusionInsight nodes as the omm user and switch to the root user.

      After security hardening is performed on the FusionInsight server, log in to the server as the sopuser user.

   2. Run the tzselect command, select a country/region and a city, and click Yes to obtain the time zone in the selected city.

   3. Set the time zone that obtained in 2.

      cd /tmp

      bash set_os_timezone.sh Europe/Athens

   4. Modify the time zone link file.

      rm -f /etc/localtime

      ln -sf /usr/share/zoneinfo/Europe/Athens /etc/localtime

      Change Europe/Athens in the preceding command to the time zone obtained in 2.

3. Change the time zone of the Controller cluster.

   If Controller and FusionInsight are deployed jointly, skip this step.

   This operation must be performed on all Controller nodes.

   1. Log in to the management plane of Controller as the admin user.
   2. Choose Product > System Monitoring from the main menu.
   3. Select iMaster_NCE-Campus, and choose Stop > Stop ALL.
   4. Log in to Controller nodes as the sopuser user and switch to the root user.
   5. Run the tzselect command, select a country/region and a city, and click Yes to obtain the time zone in the selected city.

   6. Set the time zone that obtained in 2.

      cd /tmp

      bash set_os_timezone.sh Europe/Athens

   7. Modify the time zone link file.

      rm -f /etc/localtime

      ln -sf /usr/share/zoneinfo/Europe/Athens /etc/localtime

      Change Europe/Athens in the preceding command to the time zone obtained in 2.

4. Restart all FusionInsight and Controller nodes as the root user.

   reboot

5. Start the FusionInsight cluster.
   1. Log in to FusionInsight Manager as the admin user.
   2. Choose Cluster, click Start, enter the password in the dialog box that is displayed, and click OK. In the Start Cluster dialog box, click OK to start the FusionInsight cluster.

Question

The access switches connected to controller servers must be highly stable to prevent login failures. How do I connect the access switches to the servers?

Answer

• In the physical machine installation scenario

  • The controller server NICs are bonded in active/backup mode by default. When two access switches need to connect to the controller servers, the two network ports corresponding to the NICs in the bond need to be connected to access ports of the two access switches respectively to enhance stability.

    Run the following command to bond the server NICs (if the mode parameter is not specified, mode=1 takes effect by default):

    bash config_netcard.sh "bond0,192.168.1.2,255.255.255.0,eth0,eth4"

  • If Eth-Trunk interfaces with LACP disabled are used to connect the access switches to the controller servers, run the following command to bond the server NICs in load balancing mode (mode 0).

    bash config_netcard.sh "bond0,192.168.1.2,255.255.255.0,eth0,eth4" -mode 0

  • If Eth-Trunk interfaces with LACP configured are used to connect the access switches to the controller servers, run the following command to bind the server NICs in 802.3ad mode (mode 4).

    bash config_netcard.sh "bond0,192.168.1.2,255.255.255.0,eth0,eth4" -mode 4

• In the virtualization installation scenario

  • If the controller server NICs are bonded in Active-backup mode, the network ports corresponding to the NICs in the bond need to be connected to access ports of two access switches respectively to enhance stability.

  • If Eth-Trunk interfaces with LACP disabled are used to connect the access switches to the controller servers, bond the NICs in Round-robin mode (mode 0).
  • If Eth-Trunk interfaces with LACP configured are used to connect the access switches to the controller servers, bond the NICs in LACP mode (mode 4).