Configuring the Edge Node Environment

Specifications Requirements

An edge node can be a physical machine or a virtual machine (VM). Edge nodes must meet the specifications listed in Table 1.

Table 1 Edge node requirements

Item	Specifications
OS	The language of the operating system must be English. x86_64 architecture Ubuntu LTS (Xenial Xerus), Ubuntu LTS (Bionic Beaver), CentOS, EulerOS, RHEL, Kylin, NewStart CGS Linux, NeoKylin, openEuler, Unity Operating System (UOS), Oracle Linux (OL), Huawei Cloud Euler (HCE), openEuler 23.09 Edge Armv7i (Arm32) architecture Raspbian GNU/Linux (stretch) AArch64 (Arm64) architecture Ubuntu LTS (Xenial Xerus), Ubuntu LTS (Bionic Beaver), CentOS, EulerOS, RHEL, Kylin, NewStart CGS Linux, NeoKylin, openEuler, Unity Operating System (UOS), Oracle Linux (OL), Huawei Cloud Euler (HCE), openEuler 23.09 Edge NOTE: The openEuler 23.09 Edge operating system is recommended for edge computing scenarios.
Memory	More than 256 MB of memory is recommended as 128 MB of memory is required to run the edge software.
CPU	≥ 1 core
Hard disk	≥ 1 GB
GPU (optional)	The GPU models on the same edge node must be the same. NOTE: Currently, NVIDIA Tesla GPUs such as P4, P40, and T4 are supported. If an edge node is equipped with GPUs, you can choose not to enable its GPUs when registering it on IEF. If you choose to enable GPUs of an edge node, the GPU driver has to be installed on the edge node before you can manage it on IEF. Currently, only x86-based GPU nodes can be managed by IEF.
NPU (optional)	Ascend AI processors NOTE: Currently, edge nodes integrated with Ascend Processors are supported, such as Atlas 300 inference cards, and Atlas 800 inference servers. Supported NPU specifications include Ascend 310P, 310B, Ascend 310P-share, and virtualization partition NPUs.. If you choose to enable NPUs of an edge node, ensure that the NPU driver has been installed on it. Currently, Ascend 310 supports only firmware versions 1.3.x.x and 1.32.x.x, for example, 1.3.2.B893. You can run the npu-smi info command to view your firmware version.The NPU driver version must be 22.0.4 or later. You can go to the driver path, for example, /usr/local/Ascend/driver, and run the cat version.info command to view your driver version. If the driver is not installed, contact the device manufacturer for assistance.
Container engine	The Docker version must be later than 17.06. If Docker 1.23 or later is used, set the docker cgroupfs version to 1. Docker HTTP API v2 is not supported. (However, Docker 18.09.0 is not recommended as it has a serious bug. For details, see https://github.com/docker/for-linux/issues/543. If this version has been installed, upgrade it at the earliest possible opportunity. ) NOTICE: After Docker is installed, configure the Docker process to start at host startup. This configuration prevents system exceptions caused by Docker startup failures after the host is restarted. Docker Cgroup Driver must be set to cgroupfs. For details, see How Do I Set Docker Cgroup Driver After Installing Docker on an Edge Node?.
Glibc	The Glibc version must be later than 2.17.
Port	Edge nodes require port 8883, which is the listening port of the built-in MQTT broker on edge nodes. Ensure that this port works properly.
Time synchronization	The time on an edge node must be consistent with the UTC time. Otherwise, the monitoring data and logs of the edge node may be inaccurate. You can select an NTP server for time synchronization. For details, see How Do I Synchronize Time with the NTP Server?

Configuring the Edge Node Environment

1. Log in to an edge node as a user with sudo permissions.
2. Configure the GPU driver.

   If your edge node has been equipped with a GPU, install and configure the GPU driver on the edge node. For details, see Installing and Configuring a GPU Driver.

3. Configure the NPU driver.

   If your edge node uses Ascend AI processors, ensure that the corresponding driver has been installed.

4. Install Docker on the edge node and check the Docker status.

   The Docker version must be later than 17.06. Docker 18.06.3 is recommended. However, Docker 18.09.0 is not recommended as it has a serious bug. If you have used this version, upgrade it at the earliest possible opportunity.

   After Docker installation is complete, run docker -v to check whether Docker was installed properly. If the following information is displayed, Docker was installed properly.

   # docker -v
   Docker version 19.03.12, build 48a66213fee

5. Configure firewall rules for the edge node.
   Check the firewall status on the edge node.

   systemctl status firewalld
   firewall-cmd --state 

   In the command output, not running indicates that the firewall is disabled and running indicates that the firewall is enabled.

   If the firewall is enabled, enable port 8883 or disable the firewall.

   • To enable port 8883, run the following commands:

     firewall-cmd --add-port=8883/tcp --permanent   
     systemctl restart firewalld 
   • To disable the firewall, run the following commands:

     systemctl disable firewalld 
     systemctl stop firewalld

Caution

To improve host security, you are advised to harden the OS of the edge node by performing the following operations:

1. Set strong passwords for all OS accounts (including administrators and common users), database accounts, and application (web) system management accounts. Each password must contain at least 12 characters.
2. Do not run applications using the administrator account. Disallow applications (such as webs) to use the database administrator account to interact with databases. Configure security groups and open only necessary ports to the public network. Protect the service web console ports and LAN internal communication ports from being exposed to the public network. Disable high-risk ports (such as the SSH port), allow limited source IP addresses to access the ports, or use the O&M channel established based on VPNs or bastion hosts.
3. Periodically back up service data remotely to prevent data loss caused by intrusions.
4. Periodically detect security vulnerabilities in the system and software, update system security patches in a timely manner, and upgrade the software to the latest official version.
5. Download and install the software from official channels. For the software downloaded from non-official channels, use antivirus software to scan it before running.

If you use Huawei Cloud Elastic Cloud Server (ECS), perform the following operations:

1. Set the host login mode to key login.
2. Use Huawei Cloud Host Security Service (HSS) for in-depth defense.