Installation Guide
Environment Requirements
OS Requirements
Table 1 describes the x2openEuler WebUI deployment requirements.
Deployment Environment Description - CentOS 7.6
- openEuler 20.03-LTS-SPx
- openEuler 22.03-LTS-SPx
- openEuler 24.03-LTS-SPx
- The node must be connected to the internal network where the node to be upgraded is located.
- The OS software packages must be updated to the latest version.
- Security policies must be set on the OS firewall.
- It is recommended that the deployment environment be a non-production environment.
- The OS password must comply with the password complexity requirements and be updated periodically.
Table 2 describes the OS requirements of the node to be upgraded.
OS to Be Upgraded Target OS - CentOS 6.x
- CentOS 7.x
- CentOS 8.x
- Ubuntu 18.04
- openEuler 20.03-LTS-SPx
- openEuler 22.03-LTS-SPx
- openEuler 20.03-LTS-SPx
- openEuler 22.03-LTS-SPx
- openEuler 24.03-LTS-SPx
(Currently, upgrade from Ubuntu 18.04 to openEuler 24.03 LTS SPx is not supported.)
Hardware Requirements
Table 3 lists the hardware requirements for deploying the x2openEuler WebUI.
Item | Description |
---|---|
Server |
|
CPU | 4 cores, 2.5 GHz or higher (8 cores recommended) |
More than 16 GB available memory | |
Drive space | 20 GB or more free space |
NOTE
There are no special hardware requirements for the node to be upgraded. However, the available memory of the node must be greater than or equal to 2 GB. Otherwise, the upgrade will fail due to insufficient memory.
Obtaining the Software Package
Table 4 lists the required software package.
Software Package | Description | How to Obtain |
---|---|---|
| x2openEuler software package | oepkgs of the openEuler community |
NOTE
- 软件包名称中的“x.x.x”表示版本号。
- 软件包中包含有针对待升级节点的分析工具接口。
Verifying the Digital Signature
To prevent a software package from being maliciously tampered with during transfer or storage, download also the corresponding digital signature file for integrity verification while downloading the software package.
After the software package is downloaded from the community website, verify its PGP digital signature. For details, see the OpenPGP Signature Verification Guide. If the verification fails, do not use the software package. Obtain the software package from the community website again.
The verification is also required before the installation or update of the software package.
For carrier customers, visit PGP Verify.
For enterprise customers, visit PGP Verify.
Installing x2openEuler
Prerequisites
- You have obtained the x2openEuler software package.
- An SSH remote login tool, such as Xshell, MobaXterm, or PuTTY, has been installed.
- The sftp tool has been installed.
- The environment to be upgraded can access the locally configured CentOS Yum repository through the network.
- The port used by x2openEuler has been enabled in the x2openEuler installation environment.
Procedure
The following describes how to install x2openEuler in the x86 environment. Use the sftp tool to upload the x2openEuler software package x2openEuler-core-x.x.x-xx.x86_64.rpm to the /root directory on the remote server.
Use the SSH remote management tool to log in to the CLI of the remote server.
Install x2openEuler.
yum install -y /root/x2openEuler-core-x.x.x-xx.x86_64.rpm
After the software package is successfully installed, run the following commands to start the web service:
NOTE
- If the web service cannot run properly due to the SELinux policy, modify the SELinux policy or perform Disabling SELinux.
- For details about how to stop or restart the web service, see Starting, Stopping, or Restarting the x2openEuler Service.
- When starting the service for the first time, you need to configure the password of the MariaDB user. The password must meet the following complexity requirements:
- Contain 8 to 32 characters.
- Contain at least two types of the uppercase letters, lowercase letters, digits, and special characters (`~!@#$%^&*()-_=+|[{}];:'",<.>/?).
- Cannot contain any space.
- Cannot be the same as the user name.
- Cannot be a password in the weak password dictionary.
- You are advised to periodically change the password of the database user x2openEuler to ensure secure service running.
- If a local MariaDB database exists, you are advised to update MariaDB to the latest version and disable remote access to the database.
Manual Installation
cd /usr/local/x2openEuler/portal/service bash service_init.sh
Complete the service startup configuration based on the command output.
Configure the database.
Start the MariaDB custom configuration for the use of the x2openEuler tool. Has MariaDB been installed on the server and can be used properly? [Y/n] (default: n) Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. MariaDB is active. NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Configure the x2openEuler service.
- Set the password for the database user x2openEuler.
- Configure whether to enable SSH authentication.
- Set the web server IP address.
- Set the HTTPS port number, which is 18082 by default.
- Set the Gunicorn port number, which is 18080 by default
Enter the password of the root user of the MariaDB again: Set the password of the x2openEuler user for MariaDB: If the selected database already exists, it will be overwritten. Use default x2openEulerDb database? [Y/n] (default: Y) MariaDB is configured successfully. If authentication is enabled, the SSH connection fails after the fingerprint of the machine changes. Please confirm whether public key authentication is not required for SSH connection(y/n default: n): Start Nginx service and Gunicorn service Ip address list: sequence_number ip_address device [1] x.x.x.x enp1s0 Set the web server IP address x.x.x.x Set the HTTPS port 18082 Set the GUNICORN port 18080 To ensure successful running of the tool, enable the web service port and reload the configuration as follows: 1.Enable the web service port: firewall-cmd --add-port=18082/tcp --permanent 2.Reload the configuration: firewall-cmd --reload 3.Check whether the port is enabled: firewall-cmd --query-port=18082/tcp Port 18082 is enabled successfully. The Nginx and Gunicorn ports are set up successfully. Installing the django dependent environment. The django dependency environment is installed successfully. Generating the Django secret key. Generate the Django secret key successfully. Migrations for 'certificatemanager': /usr/local/x2openEuler/portal/src/certificatemanager/migrations/0001_initial.py - Create model CertificateInfo - Create model CertPathConfig - Create model ScheduleTask Migrations for 'config': /usr/local/x2openEuler/portal/src/config/migrations/0001_initial.py - Create model RollbackFilterConfig - Create model UserConfig ... Running migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK ... Installed 1 object(s) from 1 fixture(s) Installed 1 object(s) from 1 fixture(s) Installed 13 object(s) from 1 fixture(s) Installed 52 object(s) from 1 fixture(s) Installed 2 object(s) from 1 fixture(s) Encrypting phase successfully. It may take a few minutes to generate the certificate, please wait... Certificate generated successfully. You can import the root certificate to the browser to mask security alarms when you access the tool. The root certificate is stored in /usr/local/x2openEuler/portal/thirdapp/nginx-install/webui/ca.crt. Desktop icon created successfully. Web console is now running, go to: <https://x.x.x.x:18082/x2openEuler/#/login>
Silent Installation
x2openEuler also supports one-click service startup using the default configuration. Before executing silent installation, you need to modify the configuration file
/usr/local/x2openEuler/portal/service/silent_installation.conf
. The contents of the configuration file are as follows:root_password = x2openEuler_password =
root_password
andx2openEuler_password
are the passwords for database users root and x2openEuler respectively.Then, run the following commands to start the service:
cd /usr/local/x2openEuler/portal/service bash service_init.sh true
NOTE When reinstalling x2openEuler on an environment where x2openEuler-core has been previously installed, root_password and x2openEuler_password should be filled with the previously set passwords.
Verifying x2openEuler
Verifying the Installation Through the WebUI
Log in to the x2openEuler WebUI. For details, see Logging In to the x2openEuler WebUI. If the login is successful, x2openEuler is installed successfully.
Verifying the Installation Through the CLI
Use an SSH tool to remotely log in to the CLI of the node to be upgraded.
Query the x2openEuler version.
rpm -qa x2openEuler-core
If the following information is displayed, the installation is successful. In the information, x.x.x-x indicates the version.
x2openEuler-core-x.x.x-x.x86_64
Upgrading x2openEuler
Prerequisites
You have downloaded the x2openEuler software package of the target version to the local PC and confirmed that the target version is compatible with the server hardware platform.
You have verified that the software package is consistent with that on the website. For details, see Verifying the Digital Signature.
x2openEuler can be used properly.
The x2openEuler installation directory (/usr/local/x2openEuler by default) has sufficient free space.
Procedure
Use an SSH tool to remotely log in to the Linux CLI.
Upload the x2openEuler software package to a custom directory on the server and run the following commands to perform the upgrade:
cd custom_directory rpm -Uvh x2openEuler-core-x.x.x-xx.x86_64.rpm
When prompted, go to the /usr/local/x2openEuler/portal/service directory and run the upgrade_migrate_data.sh script.
cd /usr/local/x2openEuler/portal/service bash upgrade_migrate_data.sh
If the following information is displayed, the upgrade is complete.
Starting the service is complete.
Rolling Back x2openEuler
Prerequisites
You have downloaded the x2openEuler software package of the target version to the local PC and confirmed that the target version is compatible with the server hardware platform.
You have verified that the software package is consistent with that on the website. For details, see Verifying the Digital Signature.
x2openEuler can be used properly.
The x2openEuler installation directory (/usr/local/x2openEuler by default) has sufficient free space.
Procedure
NOTE
If a passed environment check task exists before the rollback, uninstall the x2openEuler-upgrade package (for example, x2openEuler-upgrade-x.x.x.x86_64) on the node to be upgraded after the rollback.
Use an SSH tool to remotely log in to the Linux CLI.
Upload the x2openEuler software package to a custom directory on the server and run the following commands to perform the rollback:
cd custom_directory rpm -Uvh --oldpackage x2openEuler-core-x.x.x-xx.x86_64.rpm
When prompted, go to the /usr/local/x2openEuler/portal/service directory and run the upgrade_migrate_data.sh script.
cd /usr/local/x2openEuler/portal/service bash upgrade_migrate_data.sh
If the following information is displayed, the rollback is complete.
Starting the service is complete.
Uninstalling x2openEuler
Prerequisites
No tasks are running.
Procedure
Use an SSH tool to remotely log in to the Linux CLI.
Run the following command to uninstall x2openEuler:
yum -y remove x2openEuler-core-x.x.x-x.x86_64
NOTE
- Before you run the uninstallation command, terminate any task in progress or wait until the task is complete. Otherwise, the task in progress will be stopped.
- Before you run the uninstallation command, ensure that you are the only user who is operating x2openEuler on the remote server through a client. Otherwise, x2openEuler may fail to be uninstalled due to the failure to delete the x2openEuler user.
- After the uninstallation is complete, the x2openEuler user and related directories (/home/x2openEuler and /var/spool/mail/x2openEuler) are automatically removed to ensure system environment security.
Delete the x2openEuler database.
Run the following command to log in to the MariaDB database. Enter the password as prompted.
mysql -u root -p
Run the following SQL statement to delete the database of x2openEuler. The following describes how to delete the database named x2openEulerDb.
DROP DATABASE IF EXISTS x2openEulerDb;
Run the following SQL statements to delete the database user of x2openEuler.
DELETE FROM mysql.user WHERE User='x2openEuler'; DELETE FROM mysql.db WHERE User='x2openEuler';
Run the following SQL statements to check whether the database and user of x2openEuler have been deleted:
show databases; SELECT Host,User,Password FROM mysql.user;
(Optional) Uninstall MariaDB.
NOTICE
Before uninstalling MariaDB, ensure that MariaDB is not required in the service environment and the uninstallation does not affect the operating environment and services.Run the following commands to uninstall MariaDB:
rpm -qa | grep mariadb | xargs yum remove -y
Run the following commands to clear the configuration directory:
rm -rf /etc/my.cnf rm -rf /var/lib/mysql/