文档

Registering with the NMS

Prerequisites

  • Configure the system time and ensure that the system time of the device is the same as that of FusionDirector. Otherwise, the device may fail to connect to FusionDirector.
  • Configure the manufacturer information and product model. For details, see Configuring the Vendor Information and Product Model. (This configuration is required only for the Atlas 200 AI accelerator module (RC) and Atlas 300I inference card (model 3010).)
  • If the AtlasEdge 2.0.4 or a later version is installed on the device, FusionDirector 1.7.2 or a later version must be used. Otherwise, the reported dynamic and static information may be incomplete after the device is managed by FusionDirector.
  • If the NMS mode is changed from IEF to another mode, delete the managed edge nodes from IEF.
  • For details about how to delete an edge node, see the Intelligent EdgeFabric document.
  • Before configuring NMS registration for FusionDirector, check whether the device has been managed by FusionDirector. If the device has been managed by FusionDirector, delete the device from FusionDirector, set the interconnection account to the IP address of FusionDirector on the device, and use the password configured on FusionDirector to manage the device again.
  • If multiple IP addresses are configured on the same NIC or multiple NICs, a random IP address is displayed on FusionDirector. As a result, the device cannot be identified. You can specify the IP address to be managed by FusionDirector by binding the IP address to an egress route. For example, if the IP address of FusionDirector is 192.168.100.15 and the NIC on the device has two IP addresses 192.168.1.100 and 192.168.1.101, you can run the ip route add 192.168.100.15 via 192.168.1.1 src 192.168.1.100 command to enable FusionDirector to manage 192.168.1.100.
  • To prevent conflicts, do not modify the following configurations during the running of the AtlasEdge program. If you need to modify the configurations, run the ./run.sh stop command to stop the AtlasEdge program before the modification and restart it after the modification is complete.
  • For parameter configuration, the unique prefix matching mechanism is supported. That is, if a unique parameter can be matched based on the prefix, the parameter is automatically matched. For example, --fd_us=xxx is automatically matched as --fd_user=xxx.

Procedure

  1. Run the following command to go to the AtlasEdge installation path/AtlasEdge directory:
    cd AtlasEdge installation path/AtlasEdge
  2. Run the following command to configure the NMS registration:
    ./run.sh  config --netmanager=FD --fd_test=true --fd_user=xxx --fd_ip=x.x.x.x --fd_cert_import=Path of the FusionDirector root certificate --port=xxx --fd_ibmc=xxx

    Table 1 describes the parameters in the command.

    Table 1 Parameter description

    Parameter

    Description

    --netmanager

    NMS mode. The value is FD.

    (Optional) --fd_test

    Whether to test the connectivity between the device and FusionDirector. This parameter is optional.

    • If this parameter is set to true, the node ID and the connectivity between the device and FusionDirector are tested. If the test fails, the NMS mode switchover fails.
    • If this parameter is set to false or is not set, the node ID and the connectivity between the device and FusionDirector will not be tested. The NMS mode switchover is successful, but the FusionDirector management may fail to be enabled.

    In the offline centralized configuration where FusionDirector cannot be connected, you can skip the interconnection test. However, the FusionDirector parameters must be valid. That is, the node ID of each device must be unique on FusionDirector, and the IP address, user name, and password are valid. The interconnection test is recommended in other scenarios to prevent management failures caused by incorrect input.

    --fd_user

    Account for accessing FusionDirector. The default value is EdgeAccount.

    --fd_ip

    IP address for accessing FusionDirector.

    (Optional) --fd_cert_import

    Path of the FusionDirector root certificate to be imported.

    The certificate must be imported after the AtlasEdge is uninstalled and then reinstalled. For security purposes, you are advised to use your own certificates and public and private key pairs and periodically update them to ensure certificate validity and security. If the device fails to connect to FusionDirector because the certificate has expired or is revoked, import the root certificate file again. For security purposes, the root certificate must meet the following requirements:
    • Use RSA with a key of 3072 bits or more if an asymmetrical encryption algorithm is used.
    • Use SHA2 with a key of 256 bits or more if a hash algorithm is used.

    You are advised to customize a root certificate. In addition, Huawei provides a root certificate on its official website. To obtain it, perform the following steps:

    Log in to FusionDirector, choose Menu > System Settings > Security > Certificates > Service Certificates from the main menu, and click Export to download the certificate package rootCerts.zip to the local PC. Decompress the downloaded certificate package to obtain the rootCertChain.crt certificate.

    After uploading the FusionDirector root certificate, import a CRL to check whether the FusionDirector root certificate is revoked. If yes, the device cannot communicate with FusionDirector. For details about how to import a CRL, see 4.

    NOTE:

    Before a connection is set up, FusionDirector verifies the domain name in the certificate. The default domain name is fd.fusiondirector.huawei.com. If the verification fails, FusionDirector will reject the connection request. You can change the domain name in AtlasEdge installation path/AtlasEdge/edge_work_dir/edge_site/config/default_config.json. The domain name can contain a maximum of 64 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.).

    (Optional) --port

    Port number of FusionDirector. The value ranges from 1 to 65535. This parameter is optional. If this parameter is not specified, the default port 443 is used. If the port number has been configured for multiple times, the latest configuration takes effect.

    NOTICE:

    FusionDirector blocks IP addresses of suspicious devices. When the proxy forwards IP addresses, misoperations (such as incorrect password and abnormal login) may cause faults of all devices with forwarding IP addresses.

    --fd_ibmc (optional)

    This parameter is valid only for the Atlas 500 Pro AI edge server (model 3000).

    Specifies the iBMC management ID. If this parameter is not specified, the original configuration mode is used. If this parameter is set, the value can only be true or false.
    • true: The iBMC is managed by FusionDirector, and it is managed as a server.
    • false: The iBMC is not managed by FusionDirector as a server, but it is managed as an edge device. In this case, only container management is supported.
    NOTE:
    • If the iBMC has been managed by FusionDirector, it is preferentially managed as a server even if it functions as an edge device.
    • If the iBMC has been managed as an edge device by FusionDirector, its managing status will not be changed even if it is set to function as a server. It can be managed as a server only after the managed edge device is deleted.
  3. Enter the password for accessing FusionDirector.
    • If the version of FusionDirector is 1.7 or later, obtain the password by referring to "Configuration Quick Start > Edge Device > Adding an Edge Device" in the FusionDirector Operation Guide.
    • If the FusionDirector version is earlier than 1.7, obtain the password by referring to "Configuration Quick Start > Edge Device > Registering FusionDirector NMS Information" in the FusionDirector Operation Guide.
  4. (Optional) Import the CRL.
    1. Obtain the CRL from the CA.
      Click PKI Download Management, select CRL from Type, and click Search. Download the CRL shown in Figure 1 to the local PC.
      Figure 1 Obtaining the CRL
    2. Upload the CRL (obtained in 4.a) to a directory (for example, /var).
    3. Run the following command to go to the AtlasEdge installation path/AtlasEdge/edge_work_dir/edge_om/bin directory:
      cd AtlasEdge installation path/AtlasEdge/edge_work_dir/edge_om/bin
    4. Import the CRL.
      ./updateCRL.sh --crlPath=/var/newCrl.crl --forceupdate=true --active=true
      Table 2 Parameter description

      Parameter

      Description

      --crlPath

      Path of the CRL, for example, /var/newCrl.crl.

      --forceupdate
      Whether to forcibly update the CRL if the CRL imported is earlier than the one that already exists:
      • true: updates the existing CRL forcibly.
      • false: leaves the existing CRL not updated.

      --active

      Whether the imported CRL takes effect immediately:

      • true: makes the imported CRL take effect immediately. The AtlasEdge will restart for the CRL to take effect immediately. You need to confirm the restart. If you enter yes, the CRL takes effect immediately after the AtlasEdge restarts. If you enter no, the CRL will take effect only after you manually restart the AtlasEdge, or when the AtlasEdge is started next time.
      • false: makes the imported CRL take effect only after you manually restart the AtlasEdge or when the AtlasEdge is started next time.
  5. Start the AtlasEdge.
    ./run.sh start
    • Run the ./run.sh stop command to stop the AtlasEdge.
    • Run the ./run.sh restart to restart the AtlasEdge.
    • If you need to restart the AtlasEdge, ensure that the edge node is ready on FusionDirector.