Registering with the NMS on the Atlas 500 AI Edge Station
Prerequisites
The system time of the Atlas 500 AI edge station to be managed must be the same as the time of FusionDirector. Otherwise, the Atlas 500 AI edge station cannot be managed by FusionDirector.
Procedure
- Log in to the intelligent edge system (IES) WebUI of an Atlas 500 AI edge station. For details, see Logging In to the Atlas 500 AI Edge Station WebUI.
- Choose .
- In Select NMS Mode, select FusionDirector and set related parameters.
Before registering with the Atlas 500 AI edge station on FusionDirector, check whether the Atlas 500 AI edge station has been managed by FusionDirector. If yes, delete the Atlas 500 AI edge station from FusionDirector, set the interconnection account to the FusionDirector IP address, and use the default password to manage the Atlas 500 AI edge station again.
Parameter
Description
Node ID
ID of the device connected to FusionDirector. Retain the default value.
NOTE:If the Atlas 500 AI edge station is faulty and replaced, the node ID of the Atlas 500 AI edge station must be the same as the node ID of the original Atlas 500 AI edge station. Choose on the FusionDirector WebUI to query the node ID information of the faulty device.
Server Name
If you import a user-defined service certificate to FusionDirector, you need to import the root certificate of the corresponding CA to the edge device to verify the user-defined service certificate of FusionDirector. You can import the root certificate clicking FusionDirector Root Certificate File on the WebUI. In addition, you need to set the Server Name parameter to verify the domain name of the user-defined service certificate of FusionDirector. The value must be the same as the CN field of the user-defined service certificate of FusionDirector. (CN refers to Common Name.)
If the service certificate preconfigured by Huawei is used, you do not need to set this parameter.
NOTICE:The CN field of the user-defined service certificate cannot contain "huawei". Otherwise, the device fails to interconnect with FusionDirector.
If the server name is a domain name starting with "*.", after the configuration is saved, "*." will be replaced with "fd.".
IP Address
IP address for accessing FusionDirector.
Account
Account for accessing FusionDirector. The default account is EdgeAccount.
Password
Password for accessing FusionDirector. The default password is edgeAT5b#$FD.
FusionDirector Root Certificate File
Click
to upload the root certificate file.
This parameter is optional. You do not need to set this parameter if a preconfigured certificate is used. However, you are advised to use your own certificate and public-private key pair and periodically update them for security purposes. If the device fails to connect to FusionDirector because the certificate has expired or is revoked, import the root certificate file again. For security purposes, the root certificate must meet the following requirements:- Use RSA with a key of 2048 bits or more if an asymmetrical encryption algorithm is used.
- Use SHA2 with a secret of 256 bits or more if a hash algorithm is used.
After uploading the FusionDirector root certificate, import a CRL to check whether the FusionDirector root certificate is revoked. If yes, the device cannot communicate with FusionDirector. For details about how to import a CRL, see 5.
NOTICE:After the root certificate is replaced, Docker Engine will restart, which takes about 50s. After Docker Engine is restarted, your services will also restart. Exercise caution when performing this operation.
FusionDirector Interconnection Test
- If you select Test, the node ID and the connectivity between the device and FusionDirector are tested. If the test fails, the NMS mode switchover fails. The interconnection test is performed by default.
- If you select Do not test, the node ID and the connectivity between the device and FusionDirector will not be tested. The NMS mode switchover is successful, but the edge station may not be managed by FusionDirector.
In the offline centralized configuration where FusionDirector cannot be connected, you can skip the interconnection test. However, the FusionDirector parameters must be valid. That is, the node ID of each Atlas 500 AI edge station must be unique on FusionDirector, and the IP address, user name, and password are valid. The interconnection test is recommended in other scenarios to prevent management failures caused by incorrect input.
- Click Save.
- (Optional) Import the CRL.
- Obtain the certificate revocation list from the CA. Example:Click PKI Download Management, select CRL from Type, and click Search. Download the CRL shown in Figure 5-1 to the local PC.
- Log in to the Atlas 500 CLI using SSH.
- Run the develop command to enter the Atlas 500 development mode.
- Upload the CRL (obtained in 5.a) to a directory (for example, /tmp) on the Atlas 500.
- Switch to the /opt/middleware/AtlasEdge/software/edge_site/edge_manager/src/script directory.
cd /opt/middleware/AtlasEdge/software/edge_site/edge_manager/src/script
- Import the CRL.
./updateCRL.sh --crlPath=/tmp/newCrl.crl --forceupdate=true --active=true
Parameter
Description
--crlPath
Path of the CRL, for example, /tmp/newCrl.crl.
--forceupdate
Whether to forcibly update the CRL if the CRL imported is earlier than the one that already exists:- true: updates the existing CRL forcibly.
- false: leaves the existing CRL not updated.
--active
Whether the imported CRL takes effect immediately:
- true: makes the imported CRL take effect immediately. The AtlasEdge program will restart for the CRL to take effect immediately. You need to confirm the restart. If you enter yes, the CRL takes effect immediately after AtlasEdge is restarted. If you enter no, the CRL will take effect only after you manually restart AtlasEdge, or when AtlasEdge is started next time.
- false: makes the imported CRL take effect only after you manually restart AtlasEdge or when AtlasEdge is started next time.
If you do not want to use the CRL, go to the /opt/middleware/AtlasEdge/software/edge_site/edge_manager/src/script directory and run the ./deleteCRL.sh command to delete the CRL.
- Obtain the certificate revocation list from the CA. Example: