Configuration Items for HAF Deployment
Before the deployment, you can modify the default configuration items based on your requirements. The configuration file is stored in haf-tool-1.0.1.tar.gz. During the installation, the decompressed configuration file is stored in /opt/haf-software/install-config. The following table describes the configuration items. (During the installation, the following configuration files are copied to the corresponding installation directory, for example, /opt/haf-target/.)
You are advised to set the items that cannot be configured by haf-tool during deployment and installation. For details, see Deploying OmniData.
Classification |
Configuration Item |
Default Value |
Description |
Configurable by haf-tool |
|---|---|---|---|---|
Configuration file for installation on an offload node haf_target_install.conf (only for installation and deployment) |
log_directory |
/var/log |
Root directory of HAF system logs |
x |
service_ip |
"192.168.118.0/24", "192.168.119.0/24" |
IP address segment that HAF listens to. During the installation, the system automatically matches the IP address that meets the requirements based on the value of this parameter. Example: ["10.10.0.0/24", "192.168.1.0/24"]. NOTE:
You are advised to set this parameter based on the actual application scenario. Otherwise, the IP address to be listened cannot be found based on the default value. |
√ |
|
java_home |
/usr/lib/jvm/java-1.8.0-openjdk |
JAVA_HOME configuration item |
√ |
|
resource |
"daemon": { "cpu": 2, "mem": 2048 }, "haf_user": { "cpu": 8, "mem": 16384 } |
HAF system resource configuration: Configure as many resources as possible for HAF on the premise of not affecting user services. |
√ |
|
target_tls_switch |
1 |
Whether to enable TLS identity authentication and data encryption/decryption on an offload node. The value of this parameter must be the same as that of host_tls_switch for the host node. Otherwise, the communication fails. 1: enable (default); 0: disable. NOTICE:
If TLS identity authentication is disabled, data leakage may occur and communication links may be attacked. Currently, TLS 1.3 is used. |
x |
|
cert_check_period_time |
7 |
Alarm interval for certificate expiration on an offload node, in days |
x |
|
cert_warning_time |
30 |
Number of days in advance for generating an alarm for certificate expiration on an offload node |
x |
|
Configuration file for installation on a host node haf_host_install.conf (only for installation and deployment) |
cert_check_period_time |
7 |
Alarm interval for certificate expiration on a host node, in days |
x |
cert_warning_time |
30 |
Number of days in advance for generating an alarm for certificate expiration on a host node |
x |
|
cert_path |
/opt/haf-host/omnidata |
Path that is generated after a certificate is installed and deployed on a host node |
x |
|
channel_timeout |
120 |
Timeout interval for a host node to deliver tasks, in minutes. The value ranges from 0 to 43,200. |
x |
|
host_tls_switch |
1 |
Whether to enable TLS identity authentication and data encryption/decryption on a host node. The value of this parameter must be the same as that of target_tls_switch for the offload node. Otherwise, the communication fails. 1: enable (default); 0: disable. NOTICE:
If the switch is disabled, data leakage may occur and communication links may be attacked. Currently, TLS 1.3 is used. |
x |
|
offload_iplist |
- |
Used to preset the IP address list of the offload nodes |
x |
|
service_name |
omnidata |
Service name of a host node |
x |