Initializing the Feature
Before using OmniAdvisor 2.0, initiate the feature by setting the PostgreSQL database password and history server password as well as creating related database tables.
Command Function
Initializes or updates the PostgreSQL database password and history server password.
Syntax
python ./crypto.pyc [-h] (-i | -d | -s )
Parameter Description
|
Option |
Description |
|---|---|
|
-h or --help |
Optional. It displays help information about a command. The help information contains the command usage, parameter definition, and additional description. |
|
-i or --initialize |
Initializes the database password and history server password. |
|
-d or --update database-password |
Updates the database password. |
|
-s or --update-history-server-password |
Updates the history server password. |
Example
Display the command usage, parameter definition, and additional description.
cd $OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/src python ./crypto.pyc --help
Initialize and update the database password and history server password.
- Add the dependency path of the key encryption component to LD_LIBRARY_PATH.
export LD_LIBRARY_PATH=$OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/kmc_env/lib/:$LD_LIBRARY_PATH
- Deploy the PostgreSQL database. For details, see PostgreSQL Installation Guide.
TLS encryption is enabled by default for OmniAdvisor. When deploying PostgreSQL, TLS encryption must also be enabled. If TLS encryption is disabled, information security risks such as data breaches or spoofing may occur. For details about how to enable TLS encryption for PostgreSQL, see the official document.
- Modify the OmniAdvisor configuration file common_config.ini based on your requirements.
- Open the file.
cd $OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/config vi common_config.ini
- Press i to enter the insert mode and modify the configuration file as required.
Configure the backend database in the OmniAdvisor configuration file based on OmniAdvisor Configuration File. To enhance security, you are advised to enable PostgreSQL storage encryption.
- Press Esc, type :wq!, and press Enter to save the file and exit.
- Open the file.
- Initialize the PostgreSQL database password and history server password.
cd $OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/src python ./crypto.pyc -i
Enter the database password and history server password as prompted. If you do not want to set the history server password, press Enter when prompted.
Major Risk: Disabling password complexity verification compromises account and system security. Password complexity verification requires passwords to include uppercase letters, lowercase letters, digits, and special characters, and restricts the use of common weak passwords. This is a key measure to prevent security threats such as brute-force attacks, dictionary attacks, and credential stuffing attacks. If Password complexity verification is disabled, users may set simple passwords (such as 123456, password, or consecutive digits). Attackers can use automation tools to quickly guess or traverse passwords, which may cause account theft, sensitive data leakage, and unauthorized permission acquisition, and even cause chain security incidents (such as horizontal intranet penetration and service system breakdown). Password complexity verification can be temporarily disabled only after the service necessity is fully evaluated (for example, compatibility with old systems and other compensatory security measures have been taken), risks are clearly known, and authorization is obtained. In addition, other security protection measures (such as multi-factor authentication and login behavior monitoring) need to be enhanced to reduce risks.
Check that the password meets the following requirements:
- Contains at least eight characters.
- Contains at least two types of the following characters:
- Lowercase letters
- Uppercase letters
- Digits
- Spaces or the following special characters:`~!@#$%^&*()-_=+\|[{}];:'",<.>/?
- Differs from the account name.
If the following information is displayed after you run the python ./crypto.pyc -i command, the password has been initialized.
If you need to initialize the password again, delete the ~/.local/share/python_keyring/keyring_pass.cfg file and try again.
- Perform this step if you need to update the database password and history server password. If not required, skip this step.
cd $OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/src python ./crypto.pyc -d python ./crypto.pyc -s
When the crypto.pyc script is executed:
- The input parameter -d indicates changing the database password.
- The input parameter -s indicates changing the history server password.
- Initialize the database tables.
cd $OMNIADVISOR_HOME/omniruntime-omniadvisor-2.0.0/src python ./init.pyc
