华为FusionCube 500-8.2.0SPC100 实施部署文档

环境：

• 产品：FusionCube 500
• 版本：8.2.0.SPC100
• 场景：虚拟化基础设施
• 平台：FusionCompute
• 两节点 MCNA * 2
• 硬件部署（塔式交付场景）
• 免交换组网（配置AR卡）

前置准备

组网规划

节点说明

连接信号线缆（GPU模组场景）

软件清单

地址规划

默认参数

AR卡配置

两张AR卡除管理地址外，其他相同配置

sysname AR-10
#drop illegal-mac alarm
#
ipv6
#
vlan batch 4050
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm defaultcertificate-check none
#
ssl policy default_policy type server     pki-realm defaultversion tls1.2 ciphersuite rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384 
#
acl name firewall 3001  rule 99 permit icmp rule 100 permit ip 
#
ike proposal defaultencryption-algorithm aes-256 aes-192 aes-128 dh group14 authentication-algorithm sha2-512 sha2-384 sha2-256 authentication-method pre-shareintegrity-algorithm hmac-sha2-256 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaaauthentication-scheme defaultauthentication-mode localauthentication-scheme radius             authentication-mode radiusauthorization-scheme defaultauthorization-mode localaccounting-scheme defaultaccounting-mode nonelocal-aaa-user password policy administratorpassword history record number 0password alert before-expire 90password expire 365domain defaultauthentication-scheme defaultaccounting-scheme defaultradius-server defaultdomain default_adminauthentication-scheme defaultaccounting-scheme defaultlocal-user admin password irreversible-cipher $1a$Lu<k"V],m@$3WD#6hoY{/F<|%GG:}M0x\uVUripT!J0PjIf&kr&$local-user admin privilege level 15local-user admin ftp-directory flash:local-user admin service-type terminal ssh ftp httplocal-user administrator password irreversible-cipher $1a$gPNq!<&#%,${\=7'vc"bX`O_nHhsO{V+oqnVNK.-AWK%kTqh07>$local-user administrator privilege level 15local-user administrator ftp-directory flash:local-user administrator service-type terminal ssh ftp http
#
webset fast-configuration state disable
#
firewall zone untrustpriority 1
#
firewall zone trustpriority 15
#
firewall zone Local
#
firewall interzone trust untrustfirewall enablepacket-filter 3001 inbound
#
mi-server
#
interface Vlanif1ipv6 enableip address 192.168.40.25 255.255.254.0ipv6 address auto link-localipv6 address auto globalzone trust                               
#
interface Eth-Trunk1port hybrid tagged vlan 1 to 4094
#
interface GigabitEthernet0/0/0port hybrid tagged vlan 4050
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2combo-port fibereth-trunk 1
#
interface GigabitEthernet0/0/3combo-port fibereth-trunk 1
#
interface GigabitEthernet0/0/4description WANzone untrust
#
interface GigabitEthernet0/0/5shutdown
#                                         
interface GigabitEthernet0/0/6stp edged-port enableundo negotiation auto
#
interface GigabitEthernet0/0/7stp edged-port enableundo negotiation auto
#
interface GigabitEthernet0/0/8stp edged-port enableundo negotiation auto
#
interface GigabitEthernet0/0/9stp edged-port enableundo negotiation auto
#
interface GigabitEthernet0/0/10description VirtualPortipv6 enableipv6 address auto link-localipv6 address auto global defaultip address dhcp-allocipv6 address auto dhcp
#                                         
interface XGigabitEthernet0/0/0port hybrid tagged vlan 4050stp edged-port enable
#
interface XGigabitEthernet0/0/1port hybrid tagged vlan 4050stp edged-port enable
#
interface XGigabitEthernet0/0/2port hybrid tagged vlan 4050stp edged-port enable
#
interface XGigabitEthernet0/0/3port hybrid tagged vlan 4050stp edged-port enable
#
interface NULL0
#
cellular profile defaultmodem auto-recovery dial action modem-reboot fail-times 128modem auto-recovery icmp-unreachable action modem-rebootmodem auto-recovery services-unavailable action modem-reboot test-times 0 interval 3600
#
undo icmp name timestamp-request receive  
#snmp-agent local-engineid 800007DB03509A887F2262snmp-agent group v3 huawei_group privacy write-view Huawei_view notify-view Huawei_viewsnmp-agent target-host trap-hostname aaa address 192.168.40.10 udp-port 10162 trap-paramsname abcsnmp-agent target-host trap-paramsname abc v3 securityname %^%#,UVE+tGAE0pDz+;[6c>0"e8k*}_4BS<H3MIpdAz4%^%# privacysnmp-agent mib-view Huawei_view include iso snmp-agent usm-user v3 fc2mgmtsnmp-agent usm-user v3 fc2mgmt group huawei_groupsnmp-agent usm-user v3 fc2mgmt authentication-mode sha2-256 %^%#Q#%}.1YsO57/0U"IZ,PKiTUD17H^AP82TcSxtjjC%^%#snmp-agent usm-user v3 fc2mgmt privacy-mode aes128 %^%#z[0uH3DW;:0DhMLY!xo<fc\"(mbR,AT;p5Sy>t&A%^%#snmp-agent trap source Vlanif1snmp-agent trap enablesnmp-agent extend error-code enablesnmp-agent permit interface allsnmp-agent 
#ssh user admin authentication-type passwordssh user administrator authentication-type passwordssh server compatible-ssh1x enablesftp server enable 
Nov 18 2024 09:44:55+00:00 AR-10 IFNET/1/IF_LINKUP:OID 1.3.6.1.6.3.1.1.5.4 Interface 15 turned into UP state.(AdminStatus=1,OperStatus=1,InterfaceName=XGigabitEthernet0/0/2) stelnet server enable ssh server permit interface all
#                                         
ip route-static 0.0.0.0 0.0.0.0 192.168.40.7
#
fib regularly-refresh disable
#
user-interface con 0authentication-mode aaa
user-interface vty 0 4authentication-mode aaauser privilege level 15
#
wlan actraffic-profile name defaultsecurity-profile name defaultsecurity-profile name default-wdssecurity wpa2 psk pass-phrase %^%#Nc-s~'BUv6\PFy58UJ!G5#MJ1^iY.OKSC)ZhF@HD%^%# aesssid-profile name defaultvap-profile name defaultwds-profile name defaultregulatory-domain-profile name defaultair-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-profile name default                ap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
voice #enterprise default#diagnose
#
ops
#
autostart
#
secelog
#ms-channel #                                         
return

检查iBMC的fc2mgm用户

检查节点BMC管理是否存在用户“fc2mgmt”,如果没有需要给节点BMC添加用户“fc2mgmt”

升级节点固件

升级节点固件，包括但不限于BIOS、CPLD、iBMC到指定版本

安装

FCB 需配置和iBMC同网段地址

修改FCB WebUI超时时间

使用浏览器登录https://<fusioncube_builder_IP>:8443，输入用户admin和密码，登录部署工具界面。
选择安装场景和虚拟化平台类型，使用默认“FusionSphere”，点击下一步

选择自动发现，并输入fc2mgmt用户密码

开始扫描发现节点

配置网络：（使用管理平面和BMC平面合并部署）

检验参数配置

上传软件并校验


校验通过后开始安装

安装软件环境
上一步校验完成后，提示是否开始安装，点击“确定”开始安装

2节点同时安装

软件安装完成，点击“完成”按钮

显示安装成功

安装完成后，此时FusionCompute平台已经可以登录管理。

初始化FusionCube Vision

使用浏览器登录FusionCube Vision管理浮动IP，输入用户名密码admin\公共密码(即fc2mgmt密码)

点击“初始化”按钮

输入公共密码

添加证书 (安装手册下载证书并上传)

信任主机

网络初始化


设置数据冗余策略2副本

校验配置参数

校验配置参数，完成后点击“初始化”按钮

初始化完成，点击“确定”按钮

修改密码

勾选“使用相同的密码”

点击“确定”完成初始化。