Top
PRIMECLUSTER Installation and Administration Guide4.7 Cloud Services
Part 5 Azure Environment > Chapter 27 Installation > 27.3 Presetting
PreviousNext

27.3 Presetting

Note

It is necessary to log in to all nodes using the az login command in the Azure CLI installation procedure.

If not logged in, perform it before the following procedure.

  1. Disable the firewall.

    Make sure that "firewalld" is disabled on all nodes.

    # systemctl is-enabled firewalld

    If it is enabled, disable it.

    # systemctl stop firewalld
# systemctl disable firewalld

  2. Set NTP.

    Make sure to set NTP when building the cluster to synchronize the time of each node in the cluster system.

    Set NTP before installing PRIMECLUSTER.

  3. Register service principals and set certificates.

    The service principal is a dedicated authentication method used to execute programs on Azure.

    Set it according to the following procedure.

    3-1) Log in with an Azure account on any one node in the cluster system.

    # az login -u account

    Register a service principal and create a certificate.

    # az ad sp create-for-rbac --create-cert
    {
  "appId": "d5b7dac1-718f-448b-8e11-4a8cca6d9004",
  "displayName": "azure-cli-2019-09-13-02-57-50",
  "fileWithCertAndPrivateKey": "/root/tmprjbQbI.pem",
  "name": "http://azure-cli-2019-09-13-02-57-50",
  "password": null,
  "tenant": "8ff7ddfd-fbcb-4700-ae52-6d071ac8d1b4"
}

    The application ID (appId) and the tenant ID (tenant) displayed here are used for "27.8.1.2 Setting up the Shutdown Facility" and "27.9.1.1 Creating the Definition File." Record them down.

    Log out from Azure.

    # az logout

    3-2) Store the certificate created in fileWithCertAndPrivateKey in any same location on all cluster nodes and set the permission to 600.
    Example) When the certificate path is "/root/examplecert.pem"

    # cp /root/tmprjbQbI.pem /root/examplecert.pem
# chmod 600 /root/examplecert.pem

    Delete the certificate created in fileWithCertAndPrivateKey using the rm command.

    The path for storing the certificate is used for "27.8.1.2 Setting up the Shutdown Facility" and "27.9.1.1 Creating the Definition File." Record it down.

    3-3) Make sure that you can log in with the registered service principal on all cluster nodes.

    # az login --service-principal --username appID --tenant tenant --password the path in 3-2) where the certificate is stored

    3-4) Log out from Azure on all cluster nodes.

    # az logout

    Note

    Service principal roles are created by Contributor.
    Therefore, when changing to another role, refer to "29.1.3 Changing the Role of the Service Principal."

    The service principal certificate has an expiration date.
    Before the certificate expires, renew the certificate in accordance with the certificate renewal for use by the "29.1.1 Updating the Certificate Used by the Service Principal". If the update is not performed, a forced stop cannot be performed and the cluster application may be stopped.

    See

    For details on setting up a service principal for the Azure CLI, refer to the official Azure documentation.

  4. Set Device Name Deviation Prevention

    In an Azure environment, the network device name immediately after virtual machine deployment is ethX.

    If you continue to use this device name, device name deviation may occur.

    If there is more than one network device, refer to the Linux User's Manual for the operating system and take steps to prevent device name deviation.

PreviousNext
Copyright Fujitsu Limited 2023