Introduction to ESLDoTrust.py

Supported Functions

Prerequisites

• The SSH service is enabled.
• The SSH port is not disabled by the firewall.
• The host names and IP addresses in the XML file are correct.
• The network between all nodes is normal.
• To establish mutual trust between regular users, it is necessary to create identical users with passwords on each host in advance.
• If the SELinux service is installed and running on each host, ensure that the /root and /home directories are secure and their context is set to the default value. Alternatively, you can disable the SELinux service. The default directories are as follows:

  Root directory: system_u:object_r:home_root_t:s0

  Home directory: system_u:object_r:admin_home_t:s0

  To check whether the SELinux OS has been installed and started, run the getenforce command. If the command output is Enforcing, the SELinux OS has been installed and started.

  Check the security contexts of the directories.

  ls -ldZ  /root | awk '{print $4}'
  ls -ldZ  /home | awk '{print $4}'

  Restore the security contexts of the directories.

  restorecon -r -vv /home/
  restorecon -r -vv /root/

Other Constraints

• Manually create a mutual trust file and list the IP addresses of all nodes in both clusters. Ensure each IP address is on a separate line without any spaces. For example, if each cluster has three nodes, the file contains six lines and each line contains an IP address.
• For dual-plane deployment, add the management IP address and service IP address of each node to the mutual trust file.
• In the trust file, first enter the IP address of the active cluster, followed by the IP address of the standby cluster.
• Before establishing mutual trust between cluster user accounts, obtain the password for the cluster user account and the root user. The root user's password is used to modify the mappings in the /etc/hosts file.