To install the NSP
Purpose
Perform this procedure to deploy a new standalone or DR NSP system.
Note: To create a DR deployment, you must perform the procedure on the NSP cluster in each data center. The NSP cluster on which you first perform the procedure initializes as the primary cluster.
Note: You require root user privileges on the NSP deployer host, and on each VM that you create.
Note: release-ID in a file path has the following format:
R.r.p-rel.version
where
R.r.p is the NSP release, in the form MAJOR.minor.patch
version is a numeric value
Note: Command lines use the # symbol to represent the RHEL CLI prompt for the root user. Do not type the leading # symbol when you enter a command.
Steps
Create NSP deployer host VM | |
1 |
Download the following from the NSP downloads page on the Nokia Support portal: Note: You must also download the .cksum file associated with each. Note: This step applies only when using an NSP OEM disk image.
where R_r is the NSP release ID, in the form Major_minor yy_mm represents the year and month of issue |
2 |
It is strongly recommended that you verify the message digest of each NSP image file or software bundle that you download from the Nokia Support portal. The download page includes checksums for comparison with the output of the RHEL md5sum, sha256sum, or sha512sum command. To verify a file checksum, perform the following steps.
|
3 |
Log in as the root user on the station designated for the NSP deployer host VM. |
4 |
Open a console window. |
5 |
If the downloaded NSP_DEPLOYER_R_r.tar.gz file has multiple parts, enter the following to create one NSP_DEPLOYER_R_r.tar.gz file from the partial image files: # cat filename.part* >filename.tar.gz ↵ where filename is the image file name A filename.qcow2 file is created in the current directory. |
6 |
Perform one of the following to create the NSP deployer host VM. Note: The NSP deployer host VM requires a hostname; you must change the default of ‘localhost’ to an actual hostname.
|
Configure NSP deployer host networking | |
7 |
Enter the following to open a console session on the NSP deployer host: # virsh console deployer_host ↵ You are prompted for credentials. |
8 |
Enter the following credentials: A virtual serial console session opens on the deployer host VM. |
9 |
Enter the following: # ip a ↵ The available network interfaces are listed; information like the following is displayed for each: if_n: if_name: LESSTHANBROADCAST,MULTICAST,UP,LOWER_UPGTRTHAN mtu 1500 qdisc mq state UP group default qlen 1000 link/ether MAC_address inet IPv4_address/v4_netmask brd broadcast_address scope global noprefixroute if_name valid_lft forever preferred_lft forever inet6 IPv6_address/v6_netmask scope link valid_lft forever preferred_lft forever |
10 |
Record the if_name and MAC_address values of the interface that you intend to use. |
11 |
Enter the following: # nmcli con add con-name con_name ifname if_name type ethernet mac MAC_address ↵ where con_name is a connection name that you assign to the interface for ease of identification if_name is the interface name recorded in Step 10 MAC_address is the MAC address recorded in Step 10 |
12 |
Enter the following: # nmcli con mod con_name ipv4.addresses IP_address/netmask ↵ where con_name is the connection name assigned in Step 11 IP_address is the IP address to assign to the interface netmask is the subnet mask to assign |
13 |
Enter the following: # nmcli con mod con_name ipv4.method static ↵ |
14 |
Enter the following: # nmcli con mod con_name ipv4.gateway gateway_IP ↵ gateway_IP is the gateway IP address to assign |
15 |
Enter the following: Note: You must specify a DNS name server. If DNS is not deployed, you must use a non-routable IP address as a nameserver entry. Note: Any hostnames used in an NSP deployment must be resolved by a DNS server. Note: An NSP deployment that uses IPv6 networking for client communication must use a hostname configuration. # nmcli con mod con_name ipv4.dns nameserver_1,nameserver_2...nameserver_n ↵ where nameserver_1 to nameserver_n are the available DNS name servers |
16 |
To optionally specify one or more DNS search domains, enter the following: # nmcli con mod con_name ipv4.dns-search search_domains ↵ where search_domains is a comma-separated list of DNS search domains |
17 |
Enter the following to reboot the VM: # systemctl reboot ↵ |
Install NSP Kubernetes registry | |
18 |
Enter the following on the deployer host VM: # mkdir /opt/nsp ↵ |
19 |
Copy the downloaded NSP_K8S_DEPLOYER_R_r.tar.gz bundle file to the following directory: /opt/nsp |
20 |
Enter the following: # cd /opt/nsp ↵ |
21 |
Enter the following: # tar xvf NSP_K8S_DEPLOYER_R_r.tar.gz ↵ where R_r is the NSP release ID, in the form Major_minor The bundle file is expanded, and the following directories are created: |
22 |
Remove the bundle file to save disk space; enter the following: # rm -f NSP_K8S_DEPLOYER_R_r.tar.gz ↵ The file is deleted. |
23 |
Enter the following: # cd nsp-registry-release-ID/bin ↵ |
24 |
Enter the following: # ./nspregistryctl install ↵ The following prompt is displayed. Enter a registry admin password: |
25 |
Create a registry administrator password, and enter the password. The following prompt is displayed. Confirm the registry admin password: |
26 |
Re-enter the password. The registry installation begins, and messages like the following are displayed. ✔ New installation detected. ✔ Initialize system. date time Copy container images ... date time Install/update package [container-selinux] ... ✔ Installation of container-selinux has completed. date time Install/update package [k3s-selinux] ... ✔ Installation of k3s-selinux has completed. date time Setup required tools ... ✔ Initialization has completed. date time Install k3s ... date time Waiting for up to 10 minutes for k3s initialization ... .............................................. ✔ Installation of k3s has completed. ➜ Generate self-signed key and cert. date time Registry TLS key file: /opt/nsp/nsp-registry/tls/nokia-nsp-registry.key date time Registry TLS cert file: /opt/nsp/nsp-registry/tls/nokia-nsp-registry.crt date time Install registry apps ... date time Waiting for up to 10 minutes for registry services to be ready ... .......... ✔ Registry apps installation is completed. date time Generate artifacts ... date time Apply artifacts ... date time Setup registry.nsp.nokia.local certs ... date time Setup a default project [nsp] ... date time Setup a cron to regenerate the k3s certificate [nsp] ... ✔ Post configuration is completed. ✔ Installation has completed. |
27 |
Enter the following periodically to display the status of the Kubernetes system pods: Note: You must not proceed to the next step until each pod STATUS reads Running or Completed. # kubectl get pods -A ↵ The pods are listed. |
Create NSP cluster VMs | |
28 |
For each required NSP cluster VM, perform one of the following to create the VM. Note: Each NSP cluster VM requires a hostname; you must change the default of ‘localhost’ to an actual hostname.
|
29 |
Record the MAC address of each interface on each VM. |
30 |
Perform Step 31 to Step 49 for each NSP cluster VM to configure the required interfaces. |
Configure NSP cluster networking | |
31 |
Enter the following to open a console session on the VM: # virsh console NSP_cluster_VM ↵ where NSP_cluster_VM is the VM name You are prompted for credentials. |
32 |
Enter the following credentials: A virtual serial console session opens on the NSP cluster VM. |
33 |
Enter the following: # ip a ↵ The available network interfaces are listed; information like the following is displayed for each: if_n: if_name: LESSTHANBROADCAST,MULTICAST,UP,LOWER_UPGTRTHAN mtu 1500 qdisc mq state UP group default qlen 1000 link/ether MAC_address inet IPv4_address/v4_netmask brd broadcast_address scope global noprefixroute if_name valid_lft forever preferred_lft forever inet6 IPv6_address/v6_netmask scope link valid_lft forever preferred_lft forever |
34 |
Record the if_name and MAC_address values of the interfaces that you intend to use. |
35 |
Enter the following for each interface: # nmcli con add con-name con_name ifname if_name type ethernet mac MAC_address ↵ where con_name is a connection name that you assign to the interface for ease of identification; for example, ClientInterface or MediationInterface if_name is the interface name recorded in Step 34 MAC_address is the MAC address recorded in Step 34 |
36 |
Enter the following for each interface: # nmcli con mod con_name ipv4.addresses IP_address/netmask ↵ where con_name is the connection name assigned in Step 35 IP_address is the IP address to assign to the interface netmask is the subnet mask to assign |
37 |
Enter the following for each interface: # nmcli con mod con_name ipv4.method static ↵ |
38 |
Enter the following for each interface: # nmcli con mod con_name ipv4.gateway gateway_IP ↵ gateway_IP is the gateway IP address to assign Note: This command sets the default gateway on the primary interface and the gateways for all secondary interfaces. |
39 |
Enter the following for all secondary interfaces: # nmcli con mod con_name ipv4.never-default yes ↵ |
40 |
Enter the following for each interface: Note: You must specify a DNS name server. If DNS is not deployed, you must use a non-routable IP address as a nameserver entry. Note: Any hostnames used in an NSP deployment must be resolved by a DNS server. Note: An NSP deployment that uses IPv6 networking for client communication must use a hostname configuration. # nmcli con mod con_name ipv4.dns nameserver_1,nameserver_2...nameserver_n ↵ where nameserver_1 to nameserver_n are the available DNS name servers |
41 |
To optionally specify one or more DNS search domains, enter the following for each interface: # nmcli con mod con_name ipv4.dns-search search_domains ↵ where search_domains is a comma-separated list of DNS search domains |
42 |
Open the following file with a plain-text editor such as vi: /etc/sysctl.conf |
43 |
Locate the following line: vm.max_map_count=value |
44 |
Edit the line to read as follows; if the line is not present, add the line to the end of the file: vm.max_map_count=262144 |
45 |
Save and close the file. |
46 |
If you are installing in a KVM environment, enter the following: # mkdir /opt/nsp ↵ |
47 |
It is essential that the disk I/O on each VM in the NSP cluster meets the NSP specifications. On each NSP cluster VM, perform the tests described in “Disk performance tests” in the NSP Troubleshooting Guide. If any test fails, contact technical support for assistance. |
48 |
Enter the following to reboot the NSP cluster VM: # systemctl reboot ↵ |
49 |
Close the console session by pressing Ctrl+] (right bracket). |
Deploy Kubernetes environment | |
50 |
Enter the following on the NSP deployer host # cd /opt/nsp/nsp-k8s-deployer-release-ID/config ↵ |
51 |
Open the following file using a plain-text editor such as vi: k8s-deployer.yml |
52 |
Configure the parameters shown below for each NSP cluster VM; see the descriptive text at the head of the file for parameter information, and Hostname configuration requirements for general configuration information. Note: The nodeName value: - nodeName: node1 nodeIp: 192.168.98.196 accessIp: 135.228.8.196 |
53 |
Configure the following parameter, which specifies whether dual-stack NE management is enabled: Note: Dual-stack NE management can function only when the network environment is appropriately configured, for example:
enable_dual_stack_networks: value where value must be set to true if the cluster VMs support both IPv4 and IPv6 addressing |
54 |
Save and close the file. |
55 |
Create a backup copy of the updated k8s-deployer.yml file, and transfer the backup copy to a station that is separate from the NSP system, and preferably in a remote facility. Note: The backup file is crucial in the event of an NSP deployer host failure, and must be copied to a separate station. |
56 |
Enter the following: # cd /opt/nsp/nsp-k8s-deployer-release-ID/bin ↵ |
57 |
Enter the following to create the cluster configuration: # ./nspk8sctl config -c ↵ The following is displayed when the creation is complete: ✔ Cluster hosts configuration is created at: /opt/nsp/nsp-k8s-deployer-release-ID/config/hosts.yml |
58 |
Enter the following to import the Kubenetes container images to the registry: # ./nspk8sctl import ↵ Messages like the following are displayed as the import proceeds: ✔ Pushing artifacts to registry (it takes a while) ... date time Load container image from [/opt/nsp/nsp-k8s-deployer-release-ID/artifact/nsp-k8s-R.r.0-rel.tar.gz] ... date time Push image [image_name] to registry.nsp.nokia.local/library ... date time Push image [image_name] to registry.nsp.nokia.local/library ... . . . date time Push image [image_name] to registry.nsp.nokia.local/library ... |
59 |
You must generate an SSH key for password-free NSP deployer host access to each NSP cluster VM. Enter the following: # ssh-keygen -N "" -f path -t rsa ↵ where path is the SSH key file path, for example, /home/user/.ssh/id_rsa An SSH key is generated. |
60 |
Enter the following for each NSP cluster VM to distribute the key to the VM. # ssh-copy-id -i key_file root@address ↵ where key_file is the SSH key file, for example, /home/user/.ssh/id_rsa.pub address is the NSP cluster VM IP address |
61 |
Enter the following: Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following examples, and are subsequently prompted for the root password of each cluster member: nspk8sctl --ask-pass install .# ./nspk8sctl install ↵ The NSP Kubernetes environment is deployed. |
62 |
The NSP cluster member named node1 is designated the NSP cluster host for future configuration activities; record the NSP cluster host IP address for future reference. |
Check NSP cluster status | |
63 |
Open a console window on the NSP cluster host. |
64 |
Enter the following periodically to display the status of the Kubernetes system pods: Note: You must not proceed to the next step until each pod STATUS reads Running or Completed. # kubectl get pods -A ↵ The pods are listed. |
65 |
Enter the following periodically to display the status of the NSP cluster nodes: Note: You must not proceed to the next step until each node STATUS reads Ready. # kubectl get nodes -o wide ↵ The NSP cluster nodes are listed, as shown in the following three-node cluster example: NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP node1 Ready master nd version int_IP ext_IP node2 Ready master nd version int_IP ext_IP node3 Ready <none> nd version int_IP ext_IP |
Configure NSP software | |
66 |
Open a console window on the NSP deployer host. |
67 |
Enter the following: # cd /opt/nsp ↵ |
68 |
Enter the following: # tar xvf NSP_DEPLOYER_R_r.tar.gz ↵ where R_r is the NSP release ID, in the form Major_minor The bundle file is expanded, and the following directory is created: /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID |
69 |
Enter the following: # rm -f NSP_DEPLOYER_R_r.tar.gz ↵ The bundle file is deleted. |
70 |
Open the following file using a plain-text editor such as vi to specify the system parameters and enable the required installation options: /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml Note: See nsp-config.yml file format for configuration information. Note: You must preserve the lead spacing of each line. Note: The following REST-session parameters in the nsp section of the nsp-config.yml file apply only to an NSP system that uses CAS authentication, and are not to be configured otherwise: |
71 |
Configure the cluster addressing parameters in the platform section as shown below; you must specify the client_address value, which is used as the default for any optional address parameter that you do not configure: Note: If the client network uses IPv6, you must specify the NSP cluster hostname as the client_address value. advertisedAddress: "client_address" mediationAdvertisedAddress: "IPv4_mediation_address" mediationAdvertisedAddressIpv6: "IPv6_mediation_address" internalAdvertisedAddress: "internal_cluster_address" clusterHost: "cluster_host_address" where client_address is the public IPv4 address or hostname that is advertised to clients IPv4_mediation_address is the optional address for IPv4 NE management traffic IPv6_mediation_address is the optional address for IPv6 NE management traffic internal_cluster_address is the optional IPv4 or IPv6 address for internal NSP communication cluster_host_address is the address of NSP cluster member node1, which is subsequently used for cluster management operations |
72 |
Configure the remaining parameters in the platform section as shown below: platform section, docker subsection: repo: "registry.nsp.nokia.local/nsp/images" pullPolicy: "IfNotPresent" platform section, helm subsection: repo: "oci://registry.nsp.nokia.local/nsp/charts" timeout: "300" |
73 |
If you are creating a multi-node cluster, perform the following steps.
where client_IP is the address of the VM interface to the client network IPv4_mediation_IP is the address of the VM interface to the IPv4 mediation network IPv6_mediation_IP is the address of the VM interface to the IPv6 mediation network internal_IP is the address of the VM interface to the internal network Note: The deployer host requires access to the client network. |
74 |
Configure the type parameter in the deployment section as shown below: deployment: type: "deployment_type" where deployment_type is one of the parameter options listed in the section |
75 |
Configure the tls parameters in the deployment section as shown below: Note: The customKey, customCert, and customCaCert parameters are required only if you are using custom TLS certificates. See To generate custom TLS certificate files for the NSP for information about configuring custom TLS certificates. tls: truststorePass: "truststore_password" keystorePass: "keystore_password" customKey: private_server_key_location customCert: public_server_key_location customCaCert: public_CA_key_location |
76 |
If the NSP deployment includes an auxiliary database and you are enabling TLS, set the secure parameter in the auxdb section to true. |
77 |
If the NSP system is a DR deployment, configure the parameters in the dr section as shown below: Note: The peer_address value that you specify must match the advertisedAddress value in the configuration of the peer cluster and have the same format; if one value is a hostname, the other must also be a hostname. dr: dcName: "data_center" mode: "deployment_mode" peer: "peer_address" internalPeer: "peer_internal_address" peerDCName: "peer_data_center" where data_center is the unique alphanumeric name to assign to the cluster deployment_mode is the case-sensitive deployment type, dr or standalone peer_address is the address at which the peer data center is reachable over the client network peer_internal_address is the address at which the peer data center is reachable over the internal network peer_data_center is the unique alphanumeric name of the peer cluster |
78 |
If you are integrating one or more existing systems or components with the NSP, configure the required parameters in the integrations section. For example: To integrate a standalone NFM-P system, you must configure the nfmp parameters in the section as shown below: Note: When the section includes an NFM-P IP address, the NSP UI is accessible only when the NFM-P is operational. Note: In the client section of samconfig on the NFM-P main servers, if the address for client access is set using the hostname parameter, the primaryIp and standbyIp values in the nfmp section of the NSP configuration file, nsp-config.yml, must be set to hostnames. Likewise, if the public-ip parameter in the client section is configured on the main servefr, the primaryIp and standbyIp values in the nsp-config.yml file must be set to IP addresses. integrations: nfmp: primaryIp: "main_server_address" standbyIp: tlsEnabled: true | false |
79 |
If all of the following are true, configure the following parameters in the integrations section:
nfmpDB: primaryIp: "" standbyIp: "" |
80 |
If both of the following are true, configure the following parameters in the integrations section: auxServer: primaryIpList: "" standbyIpList: "" |
81 |
If the NSP deployment includes one or more Release 22.11 or earlier analytics servers that are to remain at the earlier release, you must enable NSP and analytics compatibility; otherwise, you can skip this step. Set the legacyPortEnabled parameter in the analyticsServer subsection of the integrations section to true as shown below: analyticsServer: legacyPortEnabled: true |
82 |
If the NSP deployment includes an auxiliary database, configure the required parameters. Note: If the deployment includes the NFM-P, you must record the following values for addition to the local NFM-P main server configuration.
|
83 |
If you are including VMs to host MDM instances in addition to a standard or enhanced NSP cluster deployment, configure the following mdm parameters in the modules section: modules: mdm: clusterSize: members backupServers: n where members is the total number of VMs to host MDM instances n is the total number of VMs to allocate as backup instances |
84 |
Specify the user authorization mechanism in the sso section, as shown below. sso: authMode: "mode" where mode is one of the following:
|
85 |
If the authMode parameter is set to cas, special configuration is required; perform the following steps. Note: The parameters apply only to an NSP system that uses CAS authentication.
|
86 |
Save and close the nsp-config.yml file. |
87 |
Ensure that the location of your license.zip file, as indicated in the nsp-config.yml file, is in the correct location on the NSP deployer host. |
88 |
If you are integrating an existing NFM-P system with the NSP, and the NFM-P TLS certificate is self-signed or root-CA-signed, you must use the NFM-P TLS artifacts in the NSP system. Transfer the following TLS files from the NFM-P to the /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca directory: |
89 |
If you are configuring the standby NSP cluster in a DR deployment, obtain the TLS and telemetry artifacts from the NSP cluster in the primary data center.
where address is the address of the NSP deployer host in the primary cluster |
90 |
If you are not including any dedicated MDM nodes in addition to the number of member nodes in a standard or enhanced NSP cluster, go to Step 97. |
91 |
Log in as the root user on the NSP cluster host. |
92 |
Open a console window. |
93 |
Perform the following steps for each additional MDM node.
|
94 |
Enter the following: # kubectl get nodes -o wide ↵ A list of nodes like the following is displayed. NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP node1 Ready master nd version int_IP ext_IP node2 Ready master nd version int_IP ext_IP node3 Ready <none> nd version int_IP ext_IP |
95 |
Record the NAME value of each node whose INTERNAL-IP value is the IP address of a node that has been added to host an additional MDM instance. |
96 |
For each node, enter the following sequence of commands: # kubectl label node node mdm=true ↵ where node is the recorded NAME value of the MDM node |
Deploy NSP software | |
97 |
Log in as the root user on the NSP deployer host. |
98 |
Open the following file with a plain-text editor such as vi: /opt/nsp/NSP-CN-DEP-release-ID/config/nsp-deployer.yml Configure the following parameters: hosts: "hosts_file" labelProfile: "../ansible/roles/apps/nspos-labels/vars/labels_file" where hosts_file is the absolute path of the hosts.yml file created in Step 57, typically /opt/nsp/nsp-k8s-deployer-release-ID/config/hosts.yml labels_file is the file name below that corresponds to the cluster deployment type specified in Step 74: |
99 |
Save and close the file. |
100 |
Open a console window. |
101 |
Enter the following: # cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵ |
102 |
Enter the following to apply the node labels to the NSP cluster: # ./nspdeployerctl config ↵ |
103 |
Enter the following to import the NSP images and Helm charts to the NSP Kubernetes registry # ./nspdeployerctl import ↵ |
104 |
Enter the following to deploy the NSP software in the NSP cluster: Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following example, and are subsequently prompted for the root password of each cluster member: nspdeployerctl --ask-pass install --config --deploy # ./nspdeployerctl install --config --deploy ↵ The specified NSP functions are installed and initialized. |
Monitor NSP initialization | |
105 |
Monitor and validate the NSP cluster initialization. Note: You must not proceed to the next step until each NSP pod is operational.
|
106 |
Close the open console windows. End of steps |