vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/cce_bestpractice_10020.html
Dong, Qiu Jian 86fb05065f CCE UMN for 24.2.0 version -20240428 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-10 08:19:07 +00:00

26 lines
5.0 KiB
HTML
Raw Blame History

<a name="cce_bestpractice_10020"></a><a name="cce_bestpractice_10020"></a>
<h1 class="topictitle1">Executing the Post-installation Command During Node Creation</h1>
<div id="body0000001664524661"><div class="section" id="cce_bestpractice_10020__section15188246201310"><h4 class="sectiontitle">Background</h4><p id="cce_bestpractice_10020__p18188587344">When creating a node, use the post-installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the post-installation scripts. </p>
</div>
<div class="section" id="cce_bestpractice_10020__section96603421411"><h4 class="sectiontitle">Precautions</h4><ul id="cce_bestpractice_10020__ul637602461419"><li id="cce_bestpractice_10020__li437792421413">Do not use the post-installation script that takes a long time to execute.<p id="cce_bestpractice_10020__p132751016151413"><a name="cce_bestpractice_10020__li437792421413"></a><a name="li437792421413"></a>The time limit to create a node in the CCE clusters is 30 minutes. If the node is not available within 30 minutes, it will be reclaimed. Therefore, do not run the post-installation script that takes a long time.</p>
</li><li id="cce_bestpractice_10020__li20533930201418">Do not directly use the <strong id="cce_bestpractice_10020__b1050960151417">reboot</strong> command in the script.<p id="cce_bestpractice_10020__p02751116201419">CCE executes the post-installation commands after installing mandatory components on the node. The node will be available only after the post-installation commands are executed. If you run <strong id="cce_bestpractice_10020__b578533219147">reboot</strong> directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not run the <strong id="cce_bestpractice_10020__b023253181514">reboot</strong> command.</p>
<p id="cce_bestpractice_10020__p627551612142">If you need to restart the node, perform the following operations:</p>
<ul id="cce_bestpractice_10020__ul9275171613142"><li id="cce_bestpractice_10020__li12757161149">Run the <strong id="cce_bestpractice_10020__b3882112141519">shutdown -r</strong> <em id="cce_bestpractice_10020__i498415258158">&lt;time &gt;</em> command in the script to delay the restart. For example, you can run <strong id="cce_bestpractice_10020__b1471337121514">shutdown -r 1</strong> to delay the restart for 1 minute.</li><li id="cce_bestpractice_10020__li22750167149">After the node is available, manually restart it.</li></ul>
</li></ul>
</div>
<div class="section" id="cce_bestpractice_10020__section670983681419"><h4 class="sectiontitle">Procedure</h4><ol id="cce_bestpractice_10020__ol17571357161417"><li id="cce_bestpractice_10020__li1353715161746"><span>Log in to the CCE console. In the navigation pane, choose <strong id="cce_bestpractice_10020__b71863434951647">Clusters</strong>. Click the target cluster name to access the cluster console.</span></li><li id="cce_bestpractice_10020__li178653514531"><span>Choose <strong id="cce_bestpractice_10020__b35307018173">Nodes</strong> in the navigation pane, click the <strong id="cce_bestpractice_10020__b5564541145219">Nodes</strong> tab, click <strong id="cce_bestpractice_10020__b48809691713">Create Node</strong> in the right corner, and configure the parameters.</span></li><li id="cce_bestpractice_10020__li107367323414"><span>In the <strong id="cce_bestpractice_10020__b828964516177">Advanced Settings</strong> area, enter the post-installation command.</span><p><p id="cce_bestpractice_10020__p134111657195916"><span><img id="cce_bestpractice_10020__image1081611819514" src="en-us_image_0000001851744500.png"></span></p>
<p id="cce_bestpractice_10020__p10879174413419">For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.</p>
<pre class="screen" id="cce_bestpractice_10020__screen3623182719377">iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT</pre>
<div class="note" id="cce_bestpractice_10020__note1857443913713"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_bestpractice_10020__p057519395376">The command example here is for reference only.</p>
</div></div>
</p></li><li id="cce_bestpractice_10020__li056614484375"><span>After the configuration, enter the number of nodes to be created and click <strong id="cce_bestpractice_10020__b26691316141911">Next: Confirm</strong>.</span></li><li id="cce_bestpractice_10020__li696764914381"><span>Click <strong id="cce_bestpractice_10020__b149773270051647">Submit</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bestpractice_0050.html">Cluster</a></div>
</div>
</div>
View Git Blame Copy Permalink