Tutorial
FAQ
-
How to solve the problem when the database in Oracle could not connect with SuperMap iDesktop?
Answer: Please create a new database in Oracle, and use the new one. Follow the steps below to create a new database:
(1) Click Database > Oracle > Name(The name of your database) > oracle > Command Pad on the iManager to enter Oracle comnmand pad.
(2) Create a folder named ‘supermapshapefile’ under the ‘u01/app/oracle/oradata’ directory(If you already have a folder, skip this step). Execute:
mkdir -p /u01/app/oracle/oradata/supermapshapefile(3) Change the folder owner to oracle. Execute:
chown oracle /u01/app/oracle/oradata/supermapshapefile(4) Enter Oracle. Execute:
sqlplus / as sysdba(5) Fill in the username and password of Oracle. You can view account information by clicking Database > Oracle > Name > Account on the iManager page.
(6) Create a tablespace, the size is 200M(you can set the size of tablespace according to your requirement). Execute:
create tablespace supermaptbs datafile '/u01/app/oracle/oradata/supermapshapefile/data.dbf' size 200M;(7) Create a new user of the tablespace. For example, username: supermapuser; password: supermap123. Execute:
create user supermapuser identified by supermap123 default tablespace supermaptbs;(8) Grant new user permission. Execute:
grant connect,resource to supermapuser; grant dba to supermapuser; -
If you redeploy or adjust spec immediately after deploying or adjusting spec, the license assign failed, how to solve the problem?
Answer: After redeploying or adjusting spec, please make sure the services have been assigned the license successfully, then do others operations like redeploy or adjust spec.
-
When viewing monitoring statistic charts, the charts do not display data or the time of data can not match the real time, how to solve the problem?
Answer: Please make sure the time settings of local machine and Kubernetes node machines are same.
-
How to use the https protocol?
Answer: Both of Keycloak and iManager support https protocol, please do the following operations to achieve https protocol:
(1) Go to the iManager installation directory(the directory in which you executed ./startup or ./start command to start iManager) and find out the file named values.yml, execute the following command:
sudo vi values.yml(2) Modify the value of “deploy_keycloak_service_protocol” to “https” when you want to use Keycloak https protocol; Modify the value of “deploy_imanager_service_protocol” to “https” when you want to use iManager https protocol.
(3) Save the setting and restart iManager:
sudo ./startup.sh -
How to replace the security certificate in iManager for K8s?
Answer: There are two kinds of security certificates in iManager for K8s, one is for security center(Keycloak), another one is for access entrance. Please follow the steps below to replace two security certificates separately:
Replace the Security Certificate for Keycloak
(1) Executes the following command on Kubernetes Master machine to find the volume of the security certificate(
<namespace>in the command is the namespace of iManager, it is ‘supermap’ by default. Please replace to the actual namespace if you have any change):kubectl -n <namespace> describe pvc pvc-keycloak | grep Volume: | awk -F ' ' '{print $2}' | xargs kubectl describe pv(2) Stores your new security certificate to the volume in step (1);
Notes:
The security certificate includes certificate and private key, the certificate should be renamed to tls.crt, the private key should be renamed to tsl.key.(3) Logs in to iManager and redeploys the Keycloak service in Basic Services.
Replace the Security Certificate for Access Entrance
(1) Executes the following command on Kubernetes Master machine to find the volume of the security certificate(
<namespace>in the command is the namespace of iManager, it is ‘supermap’ by default. Please replace to the actual namespace if you have any change):kubectl -n <namespace> describe pvc pvc-imanager-dashboard-ui | grep Volume: | awk -F ' ' '{print $2}' | xargs kubectl describe pv(2) Stores your new security certificate to the volume in step (1);
Notes:
The security certificate includes certificate and private key, the certificate should be renamed to ‘certificate.crt’, the private key should be renamed to ‘private.key’.(3) Logs in to iManager and redeploys the imanager-dashboard-ui service in Basic Services.
-
How to create the resource with the same name as the Secret when configuring the image pull secret?
Answer: When configuring the Secret, you need to create a resource with the same name as the Secret in iManager namespace of Kubernetes. You also need to create a resource with the same name as the secret value in namespace ‘istio-system’ when enabling Service Mesh(Istio). And create a resource with the same name as the secret value in namespace ‘kube-system’ when enabling metrics server. Please enter the following command in Kubernetes Master machine to create the resource:
kubectl create secret docker-registry <image-pull-secret> --docker-server="<172.16.17.11:5002>" --docker-username=<admin> --docker-password=<adminpassword> -n <supermap>Notes:
- The contents in the command with symbol ”<>” need to be replaced according to your actual environment(Delete the symbol ”<>” after replacing).
<image-pull-secret>is the name of your Secret;<172.16.17.11:5002>is your registry address;<admin>is the namespace of your registry;<adminpassword>is the password of your namespace;<supermap>is the namespace of iManager(replace<supermap>to ‘istio-system’ or ‘kube-system’ when you create the resource in the namespace istio-system or kube-system). - If the namespace istio-system does not exist, execute ‘kubectl create ns istio-system’ in the machine of Kubernetes master node to create.
- The contents in the command with symbol ”<>” need to be replaced according to your actual environment(Delete the symbol ”<>” after replacing).
-
How to solve the error “Error: UPGRADE FAILED: cannot patch “pv-nfs-grafana” with kind StorageClass: StorageClass.storage.k8s.io “pv-nfs-grafana” is invalid …” when you restart iManager?
Answer: The error occurs because Kubernetes patch operation does not support to update the provider of storageClass. The error has no negative influence on iManager, please ignore the error.
-
How to refresh the certificate of Kubernetes?
Answer: The validity period of Kubernetes certificate is one year, you need to refresh the certificate when expired. Please follow the steps below to refresh the certificate of Kubernetes:
(1) Enter the /etc directory of the master machine of Kubernetes, backup the files in /kubernetes directory:
cd /etc cp -r kubernetes kubernetes.bak(2) Create a new configuration file ‘kubeadm.yaml’:
vi kubeadm.yaml(3) Configure kubeadm.yaml file(The IP ‘10.10.129.26’ below is the IP of Kubernetes Master node, please replace it by the IP of your Kubernetes Master node):
kind: MasterConfiguration apiVersion: kubeadm.k8s.io/v1beta1 kubernetesVersion: v1.14.0 api: advertiseAddress: 10.10.129.29(4) Issue a new certificate by the configuration file:
kubeadm init phase certs all --config=kubeadm.yaml(5) Regenerate the configuration file:
kubeadm init phase kubeconfig all --config kubeadm.yaml(6) Restart the containers kube-apiserver, kube-controller-manager, kube-scheduler, and etcd:
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart(7) Check the expiration date of the new certificate:
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '(8) Check the status of Work nodes(use the command
kubectl get nodes), if the status of Work nodes are ‘NotReady’, execute the following command to regenerate the configuration file of Work nodes:mv /var/lib/kubelet/pki /var/lib/kubelet/pki.bak systemctl daemon-reload && systemctl restart kubelet(9) Check the status of Work nodes again, if the status of Work nodes are still ‘NotReady’, copy the /etc/kubernetes/pki/ca.crt file from Master node and plaste to the same directory of Work nodes, then restart kubelet(use the command
systemctl restart kubeletto restart kubelet, you need to wait for 3 miniutes after restarting kubelet). -
How to configure local storage for built-in HBase environment?
Answer: The NFS volume will impact the write/read ability of HBase, you can optimize the ability by the following way:
(1) Modify the value of
deploy_disable_hbase_nfs_volumetotruein the configuration(values.yaml).deploy_disable_hbase_nfs_volume: true(2) Please refer to the hbase-datanode-local-volume.yaml file, and modify the file according to the actual situation:
apiVersion: v1 kind: PersistentVolume metadata: labels: type: icloud-native name: icloud-native-hbase-datanode-volume-0 #Point 1 spec: storageClassName: local-volume-storage-class capacity: storage: 10Ti accessModes: - ReadWriteMany local: path: /opt/imanager-data/datanode-data #Point 2 persistentVolumeReclaimPolicy: Delete nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - node1 #Point 3The places need to be modified are marked by ’#’ on the above:
- Point 1: Specify the name of the PV.
- Point 2: The actual path to store the HBase data, please create the directory first. If you want to create multiple PVs on one node, please create multiple directories and modify the paths to the different directories.
Use the command below to create directory on the node(replace the path by your actual setting):
mkdir -p /opt/imanager-data/datanode-data- Point 3: Fill in the name of the node of Kubernetes(the node should be available to scheduling).
(3) Execute the command on the Kubernetes master node after modifying:
kubectl apply -f hbase-datanode-local-volume.yamlNotes:
- The number of PVs should be the same as the number of dataNodes in HBase environment, the default is 3. If you scaled the node, please created the the same number of PVs.
- The PV could be created on any node of Kubernetes(specified by #Third), recommended to create on different nodes.
- The PV could be created before opening/scaling the HBase, or after opening/scaling the HBase.