none
Correct syntax for Un-Attended install of HPC Pack 2016 RRS feed

  • Question

  • Hi

    Trying to automate the installations of the both the head node and compute nodes of HPC pack.

    On the head node, trying with .\setup.exe -unattend -ClusterName:"C1" -HeadNode -HeadNodeList:"HeadNode" -SSLPfxPath:"path of an existing HpcCnCommunication.pfx" -SSLPfxFilePassword:"password"

    It's throwing an error "Import-Module :Could not load file or assembly 'file://C:\somepath\HPC Pack 2016\ServiceFabric\Deployments\Microsoft.ServiceFabric.Powershell.dll' or one of its dependencies.Operation is not supported. (Exception from HRESULT:0x80131515) "

    I checked the cluster I installed with GUI installer and it would also throw a similar error if executing the same import command. I tried to check the GUI installed cluster's head file c:\windows\temp\hpcsetup\HPCSetupLogs-xxxxx\chainer.txt, but 'Command arguments :'is empty there, too.

    This post https://social.microsoft.com/Forums/en-US/bb4d586f-8ac2-4265-a55b-7ad561610039/correct-syntax-for-unattended-install-of-hpc-pack-2016-client?forum=windowshpcitpros  for the compute node seems working but as the head node is not, can't verify.

    One more question is that could I reuse a current cert to be used in the new cluster or a new one from the head node has to be generated every time?

    Thursday, July 2, 2020 8:58 PM

Answers

  • Hi Bingyu,

    First of all, we have released HPC Pack 2019, we recommend that you directly install HPC Pack 2019.

    Secondly, i guess you are installing an old version of HPC Pack 2016, if you want to stick to HPC Pack 2016 for some reason, please directly install the latest version of HPC Pack 2016, i.e. HPC Pack 2016 Update 3 (hpcpack2016update3-full-refresh-v6450.zip).


    For the single head node, you don't need to specify ClusterName and HeadNodeList, the syntax is:

    .\setup.exe -unattend -HeadNode -SSLPfxPath:"path of an existing HpcHn.pfx" -SSLPfxFilePassword:"password"


    • Edited by Sunbin Zhu Tuesday, July 14, 2020 3:02 AM Fix a typo
    • Marked as answer by Bingyu_Huang Wednesday, July 15, 2020 10:23 PM
    Wednesday, July 8, 2020 9:33 AM

All replies

  • Hi Bingyu,

    First of all, we have released HPC Pack 2019, we recommend that you directly install HPC Pack 2019.

    Secondly, i guess you are installing an old version of HPC Pack 2016, if you want to stick to HPC Pack 2016 for some reason, please directly install the latest version of HPC Pack 2016, i.e. HPC Pack 2016 Update 3 (hpcpack2016update3-full-refresh-v6450.zip).


    For the single head node, you don't need to specify ClusterName and HeadNodeList, the syntax is:

    .\setup.exe -unattend -HeadNode -SSLPfxPath:"path of an existing HpcHn.pfx" -SSLPfxFilePassword:"password"


    • Edited by Sunbin Zhu Tuesday, July 14, 2020 3:02 AM Fix a typo
    • Marked as answer by Bingyu_Huang Wednesday, July 15, 2020 10:23 PM
    Wednesday, July 8, 2020 9:33 AM
  • Hi Sunbin,

    Thanks for replying! I wasn't sure when did HPC Pack 2019 officially published, as I started my project, it was only a preview version available in the store and that's the reason I am use the 2016 version. In fact, I am using the Update 3, it's just renamed to HPC2016 there in the path.

    I am confused by the SSLPfx files. What is the best practice for have the .pfx for a single head node cluster? Let's say if I don't have any existing CA.

    What I tried so far

    1. Create a new self-signed .pfx on the single head node and go to the 'HPC Cluster Manager -Import a certificate for deployment' then I could get a HpcCnCommunication.pfx and a .cert. I transferred the HpcCnCommunication.pfx and public .cert to a new compute node and import/install there.--This worked, but I don't understand why a .pfx file which including a private key would need to be shared.

    2. A new Cluster, both head node and compute nodes get the HpcCnCommunication.pfx from the previous cluster and import/install the HpcCnCommunication.pfx and doesn't have the public .cert at all. -- This worked, too. But I suppose this is a very wrong way to make it work, pretty much I are sharing the same private/public key pair everywhere.

    3. I used the CreateHpcCertificate.ps1 in the /setup folder from the installation package to independently created two hpccomm.pfx on each head node and a compute node. So they are not shared at all.  I will go to the 'HPC Cluster Manager -Import a certificate for deployment' on the head node and only get the public .cert which passed to the compute nodes. -- This one sounds the best to me as it's not sharing any .pfx crossing the nodes, but it's not working. The result would be the compute node could even login the HPC Cluster Manager locally but without seeing itself in either unapproved/approved tab.

    Please let me know the correct way to do this steps and I wish to see an example with the powershell instead of the GUI app.Starting from a single head node and 2 compute nodes would be great. Cause I am wondering how the computes node communicating with each other without similar steps for installing a public certificate from each other, too.

    Wednesday, July 8, 2020 3:30 PM
  • Hi Bingyu,

    You can use two self-signed certificates, one for head node, the other for the compute nodes.

    1. Use CreateHpcCertificate.ps1 to create these two certificates and export them to PFX files, say HpcHn.pfx, HpcCn.pfx.

    2. Install the head node with HpcHn.pfx

    .\setup.exe -unattend -HeadNode -SSLPfxPath:"path of an existing HpcHn.pfx" -SSLPfxFilePassword:"password"

    3. Use PowerShell command to import the HpcCn.pfx:

    $secPsw = ConvertTo-SecureString "<protection password for HpcCn.pfx>" -AsPlainText -Force;

    Set-HpcInstallCertificate -PfxFilePath <path of HpcCn.pfx> -Password $secPsw

    4. After that, you install the compute nodes from \\<headnode>\REMINST, and the certificates you needed to install is at \\<headnode>\REMINST\Certificates

    setup.exe -ComputeNode:<headnode> -SSLPfxPath:"\\<headnode>\REMINST\Certificates\HpcCnCommunication.pfx" -SSLPfxFilePassword:"password" -CACertificate:"\\<headnode>\REMINST\Certificates\HpcHnPublicCert.cer"

    Tuesday, July 14, 2020 3:02 AM
  • Thanks Sunbin, it worked like a charm.

    While I am still not getting the idea of using one Hpc.pfx for all compute nodes instead of creating one for each of them, is that based on the complexity to create and install on each of them?

    Thursday, July 16, 2020 9:24 PM
  • Thanks Sunbin, it worked like a charm.

    While I am still not getting the idea of using one Hpc.pfx for all compute nodes instead of creating one for each of them, is that based on the complexity to create and install on each of them?

    Yes, a computer doesn't trust a self-signed certificate unless you add the certificate in its Trusted Root CA store, that is why you have to choose HpcHnPublicCert.cer (which is the private-key-stripped self-signed certificate for the head node) when installing compute node to make the compute node trusts the head node's certificate.

    On the head node side, when you import the certificate for the compute node into the cluster, it will automatically add the certificate into its Trusted Root CA store, so the head node can trust the compute nodes' certificate. 

    If you want to create a different self-signed certificate for every single compute node, you will have to add all these certificates into the Trusted Root CA store on the head node, that is not practical for a large cluster.




    • Edited by Sunbin Zhu Friday, July 17, 2020 2:36 AM
    Friday, July 17, 2020 2:34 AM