Pre-Installation Check
Disabling Automatic Software Updates and Upgrades
Disable automatic software updates on nodes. Do not install Docker or upgrade containerd. For details about how to disable automatic software updates in Ubuntu, see Ubuntu Enable Automatic Updates Unattended Upgrades.
Checking the OS Language
Ensure the OS language is English.
Checking APT Repositories on Nodes Running Ubuntu
APT repositories can be checked only on nodes running Ubuntu. If your node runs Huawei Cloud EulerOS or Red Hat, check Yum repositories by referring to Checking Yum Repositories on Nodes Running Huawei Cloud EulerOS and Red Hat.
APT repositories provide dependency packages required for installing components such as ntpdate on nodes (servers) added to on-premises clusters. Make sure the APT repositories are available on nodes. If there are any APT repositories unavailable, take the following steps:
- Log in to the management node as the installation user (root by default).
- Edit /etc/apt/sources.list.
Use the actual IP address of the Apt server.
- Save the file and run the following command:
sudo apt-get update
- Log in to each planned node and perform the preceding operations.
Checking Yum Repositories on Nodes Running Huawei Cloud EulerOS and Red Hat
Yum repositories provide dependency packages required for installing components such as ntpdate on nodes (servers) added to on-premises clusters. Make sure the yum repositories are available on nodes. If there are any yum repositories unavailable, take the following steps:
- Log in to the management node as the installation user (root by default).
- Modify the software source configuration file in /etc/yum.repos.d/.
Use the actual IP address of the yum server.
- Save the file and run the following command:
sudo yum clean all
sudo yum makecache
- Log in to each planned node and perform the preceding operations.
Minimum Installation Requirements
- Do not install unnecessary software packages in the OS.
To reduce system vulnerabilities and prevent system attacks, install only the necessary software packages and service components.
- Do not retain development and compilation tools in the production environment.
For example:
'cpp' (/usr/bin/cpp) 'gcc' (/usr/bin/gcc) 'ld' (/usr/bin/ld) 'lex' (/usr/bin/lex) 'rpcgen' (/usr/bin/rpcgen)
If interpreters such as Lua and Python are required for product deployment and execution in the production environment, these interpreters can be kept.'python' (/usr/bin/python) 'lua' (/usr/bin/lua)
Some management programs in SUSE Linux rely on the Perl interpreter. In this case, the Perl interpreter can be kept.perl (/usr/bin/perl)
- Do not install security policy tools in the OS.
To prevent security information disclosure, ensure that user root is the file owner of the preinstalled security hardening tools, and only root has the execution permission.
- Do not install network sniffing tools in the OS.
To prevent malicious use, ensure there are no sniffing tools such as Tcpdump and Ethereal in the OS.
- Do not install modem software in the OS unless necessary.
To adhere to the principle of minimal installation, do not install modem software unless necessary.
Pre-Installation Check Items
Before installing the on-premises cluster, you need to check the nodes.
The commands in the following table apply to Huawei Cloud EulerOS and Red Hat. If you use Ubuntu, change yum in the commands to apt.
Category |
Item |
Description |
Criteria |
---|---|---|---|
Cluster check |
Architecture check |
Architecture check for all master nodes |
The architectures of all master nodes must be the same. |
Host name check |
Host name check for all master nodes |
The host names of all master nodes must be unique. |
|
Time synchronization check |
Time synchronization check for all master nodes |
The time differences among all master nodes must be less than 10 seconds. |
|
VIP usage check |
Whether the VIP is occupied by other nodes |
The VIP must be idle. The method is to check whether port 22 can be accessed. |
|
Node check |
Language check |
Whether the node language meets the criteria |
The node language can be en_US.UTF-8 or en_GB.UTF-8. |
OS check |
Whether the node OS meets the criteria |
The node OS must be Ubuntu 22.04, Red Hat 8.6, or Huawei Cloud EulerOS 2.0. |
|
System command check |
Whether basic command line tools are available |
The OS must have the following command line tools: ifconfig, netstat, curl, systemctl, nohup, pidof, mount, uname, lsmod, swapoff, hwclock, ip, and ntpdate (for NTP servers). |
|
Idle port check |
Whether the ports of mandatory services are idle |
The following ports must be idle: 4001, 4002, 4003, 2380, 2381, 2382, 4011, 4012, 4013, 4005, 4006, 4007, 5444, 8080, 10257, 10259, 4133, 20100, 9444, 20102, 9443, 5443, 4134, 4194, 10255, 10248, 10250, 80, 443, 10256, 10249, and 20101 |
|
Keepalived installation check |
Whether Keepalived is installed |
Keeplived must not be installed. You can run the yum list --installed keepalived command to check that. |
|
HAProxy installation check |
Whether HAProxy is installed |
HAProxy must not be installed. You can run the yum list --installed haproxy command to check that. |
|
Runit installation check |
Whether runit is installed |
Runit must not be installed. You can run the yum list --installed runit command to check that. |
|
paas user check |
Whether the paas user can be created on the node |
The paas user whose ID is 10000 can be created. |
|
NTP service check |
Whether the NTP service is available |
The NTP server must be configured for chrony. You can run the chronyc sources -v command on the node to check the NTP server status.
NOTE:
The NTP service uses chrony by default. The chrony command is used for check by default. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot