Updated on 2024-10-25 GMT+08:00

Pre-Installation Check

Disabling Automatic Software Updates and Upgrades

Disable automatic software updates on nodes. Do not install Docker or upgrade containerd. For details about how to disable automatic software updates in Ubuntu, see Ubuntu Enable Automatic Updates Unattended Upgrades.

Checking the OS Language

Ensure the OS language is English.

Checking APT Repositories on Nodes Running Ubuntu

APT repositories can be checked only on nodes running Ubuntu. If your node runs Huawei Cloud EulerOS or Red Hat, check Yum repositories by referring to Checking Yum Repositories on Nodes Running Huawei Cloud EulerOS and Red Hat.

APT repositories provide dependency packages required for installing components such as ntpdate on nodes (servers) added to on-premises clusters. Make sure the APT repositories are available on nodes. If there are any APT repositories unavailable, take the following steps:

  1. Log in to the management node as the installation user (root by default).
  2. Edit /etc/apt/sources.list.

    Use the actual IP address of the Apt server.

  3. Save the file and run the following command:

    sudo apt-get update

  4. Log in to each planned node and perform the preceding operations.

Checking Yum Repositories on Nodes Running Huawei Cloud EulerOS and Red Hat

Yum repositories provide dependency packages required for installing components such as ntpdate on nodes (servers) added to on-premises clusters. Make sure the yum repositories are available on nodes. If there are any yum repositories unavailable, take the following steps:

  1. Log in to the management node as the installation user (root by default).
  2. Modify the software source configuration file in /etc/yum.repos.d/.

    Use the actual IP address of the yum server.

  3. Save the file and run the following command:

    sudo yum clean all

    sudo yum makecache

  4. Log in to each planned node and perform the preceding operations.

Minimum Installation Requirements

  • Do not install unnecessary software packages in the OS.

    To reduce system vulnerabilities and prevent system attacks, install only the necessary software packages and service components.

  • Do not retain development and compilation tools in the production environment.
    For example:
    'cpp' (/usr/bin/cpp)
    'gcc' (/usr/bin/gcc)
    'ld' (/usr/bin/ld)
    'lex' (/usr/bin/lex)
    'rpcgen' (/usr/bin/rpcgen)
    If interpreters such as Lua and Python are required for product deployment and execution in the production environment, these interpreters can be kept.
    'python' (/usr/bin/python)
    'lua' (/usr/bin/lua)
    Some management programs in SUSE Linux rely on the Perl interpreter. In this case, the Perl interpreter can be kept.
    perl (/usr/bin/perl)
  • Do not install security policy tools in the OS.

    To prevent security information disclosure, ensure that user root is the file owner of the preinstalled security hardening tools, and only root has the execution permission.

  • Do not install network sniffing tools in the OS.

    To prevent malicious use, ensure there are no sniffing tools such as Tcpdump and Ethereal in the OS.

  • Do not install modem software in the OS unless necessary.

    To adhere to the principle of minimal installation, do not install modem software unless necessary.

Pre-Installation Check Items

Before installing the on-premises cluster, you need to check the nodes.

The commands in the following table apply to Huawei Cloud EulerOS and Red Hat. If you use Ubuntu, change yum in the commands to apt.

Category

Item

Description

Criteria

Cluster check

Architecture check

Architecture check for all master nodes

The architectures of all master nodes must be the same.

Host name check

Host name check for all master nodes

The host names of all master nodes must be unique.

Time synchronization check

Time synchronization check for all master nodes

The time differences among all master nodes must be less than 10 seconds.

VIP usage check

Whether the VIP is occupied by other nodes

The VIP must be idle. The method is to check whether port 22 can be accessed.

Node check

Language check

Whether the node language meets the criteria

The node language can be en_US.UTF-8 or en_GB.UTF-8.

OS check

Whether the node OS meets the criteria

The node OS must be Ubuntu 22.04, Red Hat 8.6, or Huawei Cloud EulerOS 2.0.

System command check

Whether basic command line tools are available

The OS must have the following command line tools: ifconfig, netstat, curl, systemctl, nohup, pidof, mount, uname, lsmod, swapoff, hwclock, ip, and ntpdate (for NTP servers).

Idle port check

Whether the ports of mandatory services are idle

The following ports must be idle:

4001, 4002, 4003, 2380, 2381, 2382, 4011, 4012, 4013, 4005, 4006, 4007, 5444, 8080, 10257, 10259, 4133, 20100, 9444, 20102, 9443, 5443, 4134, 4194, 10255, 10248, 10250, 80, 443, 10256, 10249, and 20101

Keepalived installation check

Whether Keepalived is installed

Keeplived must not be installed. You can run the yum list --installed keepalived command to check that.

HAProxy installation check

Whether HAProxy is installed

HAProxy must not be installed. You can run the yum list --installed haproxy command to check that.

Runit installation check

Whether runit is installed

Runit must not be installed. You can run the yum list --installed runit command to check that.

paas user check

Whether the paas user can be created on the node

The paas user whose ID is 10000 can be created.

NTP service check

Whether the NTP service is available

The NTP server must be configured for chrony. You can run the chronyc sources -v command on the node to check the NTP server status.

NOTE:

The NTP service uses chrony by default. The chrony command is used for check by default.