Got it

Emergency Restoration Upon a FusionInsight Manager Login Failure

Latest reply: Dec 26, 2021 11:33:02 312 2 2 0 0


Hello, everyone!

Today I'm going to introduce you FI Manager. It helps beginners learn about FI faster.

Applicable Versions

6.5.x

Symptom

1. A user fails to log in to FusionInsight Manager after entering the username and password, and the following error message is displayed:

The credentials you provided cannot be determined to be authentic.

On any node in the cluster, the user can successfully run the following command as user omm:

kinit admin

2. After the username and password are entered for login, the password change page is displayed indicating that the password has expired. After a new password is successfully set, login using the new password fails and the following error message is displayed:

The credentials you provided cannot be determined to be authentic.

If the old password is used for login, the password change page is displayed.

Impact and Severity

Login to FusionInsight Manager fails.

Estimated Restoration Time

30 minutes

Prerequisites

Prepare the following items before the restoration.

Items to be prepared before the restoration

No.

Item

Operation

1

Cluster account information

Apply for the password of cluster user admin.

2

Node account information

Apply for the passwords of users omm and root of cluster nodes.

3

SSH remote login tool

Prepare tools such as PuTTY or SecureCRT.

Log in to the nodes running LdapServer and run the following command to check whether the LDAP process exists:

ps -ef | grep slapd | grep -v grep
omm       48719      1  0  2016 ?        01:31:14 /usr/lib/openldap/slapd -h ldaps://xx.xx.10.10:21780 -f /opt/huawei/Bigdata/FusionInsight-ldapserver-2.5.0/ldapserver/local/script/../conf/slapd.conf -o slp=off

Fault Handling

Use LDAP data to restore OLDAP data.

Solution

1. Log in to the active OMS node as user omm and run the following command to disable the active/standby switchover:

C50: /opt/huawei/Bigdata/OMSV100R001C00x8664/workspace0/ha/module/hacom/tools/ha_client_tool --forbidswitch --name=product --time=60

C60: /opt/huawei/Bigdata/OMSV100R001C00x8664/workspace0/ha/module/hacom/tools/ha_client_tool --forbidswitch --name=product --time=60

C70SPC20*: /opt/huawei/Bigdata/FusionInsight_BASE_V100R002C70SPC200/install/FusionInsight-dbservice-2.7.0/ha/module/hacom/tools/ha_client_tool --forbidswitch --name=product --time=60

C80SPC20*: /opt/huawei/Bigdata/om-server_V100R002C80SPC200/OMSV100R001C00x8664/workspace0/ha/module/hacom/tools/ha_client_tool --forbidswitch --name=product --time=60

6.5.*: /opt/huawei/Bigdata/om-server/OMS/workspace0/ha/module/hacom/tools/ha_client_tool --forbidswitch --name=product --time=60

You can change the path to CX0SPC20X in the patch version.

If the following information is displayed, the command execution is successful:

execute command forbidswitch successfully.

2. Log in to the standby OMS node as user omm and execute the following script to stop the standby OMS:


C50, C60: sh /opt/huawei/Bigdata/om-0.0.1/sbin/stop-oms.sh

C70, C80: sh /opt/huawei/Bigdata/om-server/om/sbin/stop-oms.sh


3. Go to the following directory, delete the OLDAP data of the standby OMS node, and perform the following operations:

The LDAP data of C50 and C60 is stored in the following path:

cd /opt/huawei/Bigdata/om-0.0.1/ldapserver/ldapserver/local/

cp data data_bak

cd data

rm -f *

cp ../data_bak/DB_CONFIG .

The LDAP data of C70 and C80 is stored in the following path:

LDAP data location of the cluster: /srv/BigData/ldapData/ldapserver

OMSldap data location: /srv/BigData/ldapData/oldap/

cp data data_bak

cd data

rm -f *

cp ../data_bak/DB_CONFIG

4. Run the following command to start the standby OMS node:

Versions earlier than C70: sh /opt/huawei/Bigdata/om-0.0.1/sbin/start-oms.sh

C70 or later versions: sh /opt/huawei/Bigdata/om-server/om/sbin/start-oms.sh

5. Log in to the active OMS node as user omm and repeat Step 2 to Step 4.

Verification

1. Clear the browser cache.

2. Log in to FusionInsight Manager. If the login is successful, OLDAP data has been restored.

That's all, thanks!

  • x
  • convention:

olive.zhao
Admin Created Dec 22, 2021 12:49:20

Thanks for your sharing!
View more
  • x
  • convention:

user_4411447
Created Dec 26, 2021 11:33:02

good
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.