Installing the Media
How to Download
Use a tenant account to access the platform to download the installation package and related documents, or contact the service manager. For details, see https://www.alauda.io/.
Verifying the Media
Check whether the installation package is secure and reliable and has not been tampered with. This operation is optional.
Background
Before delving into GNU Privacy Guard (GnuPG or GPG), it is important to have a grasp of Pretty Good Privacy (PGP). In 1991, programmer Phil Zimmermann created PGP, an encryption software designed to evade government surveillance. PGP quickly gained popularity due to its user-friendly interface and has since become an essential tool for many programmers. However, PGP is commercial software and cannot be used freely. To address this, the Free Software Foundation (FSF) developed an open-source alternative called GnuPG or GPG. Nowadays, there is an open-source product available to everyone. Unlike PGP, GPG does not include patented algorithms and can be used without restrictions for commercial applications. For details, see HOWTO https://www.gnupg.org/howtos/en/GPGMiniHowto.html.
- Install the GPG.
You can install it in either of the following ways:
Download the source code and compile and install it.
./configure make make install
Install the software from a standard software repository.
Ubuntu: sudo apt-get install gnupg Centos: yum install gnupg -y Mac: brew install gpg
- Import a public key.
- The public key is a trusted method to verify that the installation media has not been tampered with. It can be downloaded from https://www.alauda.io/.
- After downloading, verify that the public key MD5 is 2eaddfab97d2951a8915f327acb53562 and ensure that it has not been tampered with.
- Once you import the public key, run gpg --list-keys and verify that the public key ID is BB097AE6. Make sure that the public key ID has not been tampered with.
curl https://www.alauda.cn/download/verify-key.pub | gpg --import # Run the preceding command. The information similar to the following is displayed: gpg: key BB097AE6: public key "cpaas (Special for packing) <wht@126.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
- Check the public key.
gpg --list-keys # Run the preceding command. The public key information is displayed. /root/.gnupg/pubring.gpg ------------------------ pub 4096R/BB097AE6 2020-08-11 uid cpaas (Special for packing) <wht@126.com> sub 4096R/3750351A 2020-08-11
- Verify the public key signature.
gpg --fingerprint BB097AE6 # Run the preceding command. The public key information is displayed. pub 4096R/BB097AE6 2020-08-11 Key fingerprint = 09EE E7B9 A30C F4B3 5E31 A91B 2704 1C16 BB09 7AE6 uid cpaas (Special for packing) <wht@126.com> sub 4096R/3750351A 2020-08-11
- Verify the signature.
Download the signature file and get the signature file by referring to the installation media.
gpg --verify <Signature file> <Installation package> # If the verification is successful, the information similar to the following is displayed: gpg: Signature made Thu 03 Sep 2020 03:51:35 PM CST using RSA key ID BB097AE6 gpg: Good signature from "cpaas (Special for packing) <wht@126.com>" gpg --verify finger/cpaas-devops-2.14.0-20200901.tgz.sig 42.50s user 3.08s system 68% cpu 1:06.76 total # If the warning message similar to the following is displayed, check the public key. If the public key is the same as that provided in the download link, ignore the warning. gpg: WARNING: This key is not certified with a trusted signature!
- Perform quick configurations.
On each node, run the init.sh script in the res directory as the user root after decompressing the installation package to quickly configure the OS.
- The quick configuration commands do not include modifying /etc/hosts, upgrading the kernel version, or configuring the NTP service.
- These commands may not fulfill all software requirements, and running quick configuration scripts does not guarantee successful deployment. To avoid deployment failures due to unqualified software configurations, it is essential to verify that all required items are correctly configured according to "Software Requirements" in Alauda Cloud Native Success Platform Installation Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
