forked from docs/doc-exports
Yang, Tong
3f5759eed2
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
35 lines
7.7 KiB
HTML
35 lines
7.7 KiB
HTML
<a name="mrs_01_2346"></a><a name="mrs_01_2346"></a>
|
|
|
|
<h1 class="topictitle1">Configuring SSL for the HA Module</h1>
|
|
<div id="body32001227"><div class="section" id="mrs_01_2346__en-us_topic_0000001173471440_section131885375395"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_2346__en-us_topic_0000001173471440_a5b1475a77f6e422cbb8bd651cdfccc87">This section describes how to manually configure SSL for the HA module of DBService in the cluster where DBService is installed.</p>
|
|
<div class="note" id="mrs_01_2346__en-us_topic_0000001173471440_note372014483509"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_2346__en-us_topic_0000001173471440_p10720164819505">After this operation is performed, if you need to restore the SSL configuration, go to <a href="mrs_01_2347.html">Restoring SSL for the HA Module</a>.</p>
|
|
</div></div>
|
|
</div>
|
|
<div class="section" id="mrs_01_2346__en-us_topic_0000001173471440_s120565aa57984781840ee117d1cc77fd"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_2346__en-us_topic_0000001173471440_u6c883429c31c43d0a09f18b6d73a84e1"><li id="mrs_01_2346__en-us_topic_0000001173471440_l525db973aa08457f82a0d6aa3b17ea5f">The cluster has been installed.</li><li id="mrs_01_2346__en-us_topic_0000001173471440_li87161115112711">The <strong id="mrs_01_2346__en-us_topic_0000001173471440_b1221141624318">root-ca.crt</strong> and <strong id="mrs_01_2346__en-us_topic_0000001173471440_b6785111864312">root-ca.pem</strong> files in the <strong id="mrs_01_2346__en-us_topic_0000001173471440_b1927372310433">$BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i175891258437">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b189931429124313">/install/FusionInsight-dbservice-2.7.0/security</strong> directory on the active and standby DBService nodes are the same.</li></ul>
|
|
</div>
|
|
<div class="section" id="mrs_01_2346__en-us_topic_0000001173471440_section136661112125213"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_2346__en-us_topic_0000001173471440_ol1671315121520"><li id="mrs_01_2346__en-us_topic_0000001173471440_li371391216521"><span>Log in to the DBService node where SSL needs to be configured as user <strong id="mrs_01_2346__en-us_topic_0000001173471440_b14131165284310">omm</strong>.</span></li><li id="mrs_01_2346__en-us_topic_0000001173471440_li1682110356353"><a name="mrs_01_2346__en-us_topic_0000001173471440_li1682110356353"></a><a name="en-us_topic_0000001173471440_li1682110356353"></a><span>Go to the <strong id="mrs_01_2346__en-us_topic_0000001173471440_b137141639446">$BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i024512617441">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b175495110448">/install/FusionInsight-dbservice-2.7.0/sbin/</strong> directory and run the following command:</span><p><p id="mrs_01_2346__en-us_topic_0000001173471440_p1446273712358"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b13713141295219">./proceed_ha_ssl_cert.sh </strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i2713181255215">DBService</em><em id="mrs_01_2346__en-us_topic_0000001173471440_i1471311255215"> installation directory</em><em id="mrs_01_2346__en-us_topic_0000001173471440_i20713212185218">Service IP address of the node</em></p>
|
|
<p id="mrs_01_2346__en-us_topic_0000001173471440_p117132120523">Example:</p>
|
|
<p id="mrs_01_2346__en-us_topic_0000001173471440_p771310125523"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b513975123512">cd $BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i10897245176">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b10140151173514">/install/FusionInsight-dbservice-2.7.0/sbin/</strong></p>
|
|
<p id="mrs_01_2346__en-us_topic_0000001173471440_p57131512135220"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b4884934141816">./proceed_ha_ssl_cert.sh $BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i18199335141813">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b3885234171810">/install/FusionInsight-dbservice-2.7.0<em id="mrs_01_2346__en-us_topic_0000001173471440_i1885334121818"> </em></strong><strong id="mrs_01_2346__en-us_topic_0000001173471440_b1669119171355">10.10.10.10</strong></p>
|
|
<div class="note" id="mrs_01_2346__en-us_topic_0000001173471440_note1521171012543"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_2346__en-us_topic_0000001173471440_p182191065416"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b58761516164511">$BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i19691747369">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b341519125456">/install/FusionInsight-dbservice-2.7.0</strong> is the installation directory of DBService. Modify it based on site requirements.</p>
|
|
</div></div>
|
|
</p></li><li id="mrs_01_2346__en-us_topic_0000001173471440_li9713111218529"><span>Go to the <strong id="mrs_01_2346__en-us_topic_0000001173471440_b193487248461">$BIGDATA_HOME/FusionInsight_BASE_</strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i55321828114615">x.x.x</em><strong id="mrs_01_2346__en-us_topic_0000001173471440_b65131933174616">/install/FusionInsight-dbservice-2.7.0/ha/module/hacom/script/</strong> directory and run the following command to restart the HA process:</span><p><p id="mrs_01_2346__en-us_topic_0000001173471440_p11603141193718"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b1254713599367">./stop_ha.sh</strong></p>
|
|
<p id="mrs_01_2346__en-us_topic_0000001173471440_p128681594371"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b122329663712">./start_ha.sh</strong></p>
|
|
</p></li><li id="mrs_01_2346__en-us_topic_0000001173471440_li9862191613388"><span>Run the following command on the preceding node to obtain the PID of the HA process:</span><p><p id="mrs_01_2346__en-us_topic_0000001173471440_p109174212385"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b1519974595110">ps -ef |grep "ha.bin" |grep DBSERVICE</strong></p>
|
|
</p></li><li id="mrs_01_2346__en-us_topic_0000001173471440_li2019910452513"><span>Run the following command to check whether the protocol is changed to TCP:</span><p><div class="p" id="mrs_01_2346__en-us_topic_0000001173471440_p19634758153815"><strong id="mrs_01_2346__en-us_topic_0000001173471440_b16199245135117">netstat -nap | grep </strong><em id="mrs_01_2346__en-us_topic_0000001173471440_i11991645145118">pid</em> <strong id="mrs_01_2346__en-us_topic_0000001173471440_b11179203985216">| </strong><strong id="mrs_01_2346__en-us_topic_0000001173471440_b171971452514">grep -v unix</strong><ul id="mrs_01_2346__en-us_topic_0000001173471440_ul9176125543816"><li id="mrs_01_2346__en-us_topic_0000001173471440_li417615550384">If yes, no further action is required.</li><li id="mrs_01_2346__en-us_topic_0000001173471440_li1417695523817">If no, go to <a href="#mrs_01_2346__en-us_topic_0000001173471440_li1682110356353">2</a>.</li></ul>
|
|
<pre class="screen" id="mrs_01_2346__en-us_topic_0000001173471440_screen20177165573810">(Not all processes could be identified, non-owned process info
|
|
will not be shown, you would have to be root to see it all.)
|
|
tcp 0 0 127.0.0.1:20054 0.0.0.0:* LISTEN 11896/ha.bin
|
|
tcp 0 0 10.10.10.10:20052 10.10.10.14:20052 ESTABLISHED 11896/ha.bin
|
|
tcp 0 0 10.10.10.10:20053 10.10.10.14:20053 ESTABLISHED 11896/ha.bin </pre>
|
|
</div>
|
|
</p></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_2356.html">Using DBService</a></div>
|
|
</div>
|
|
</div>
|
|
|