vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/cce_bestpractice_10020.html
Dong, Qiu Jian f7b9a88535 CCE UMN update -20240625 version 
Reviewed-by: Kovács, Zoltán <zkovacs@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-09-04 11:43:54 +00:00

5.1 KiB
Raw Permalink Blame History

Executing the Pre- or Post-installation Commands During Node Creation

Background

When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts.

Precautions

  • Do not use pre- or post-installation scripts that take a long time to execute.

    The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.

  • Do not directly use reboot in the script.

    CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.

    If you need to restart a node, perform the following operations:

    • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
    • After the node is available, manually restart it.

Procedure

  1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
  2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
  3. In the Advanced Settings area, enter pre- or post-installation commands.

    For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.

    iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

    The command example here is for reference only.

  4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
  5. Click Submit.
Parent topic: Cluster