To integrate a containerized Release 21.12, 22.6, 22.12, 23.6, or 23.12 WS-NOC and the NSP

Purpose

Perform this procedure to add the NSP clusters to a containerized Release 21.12, 22.6, 22.12, 23.6, or 23.12 WS-NOC system, or to add a containerized Release 21.12, 22.6, 22.12, 23.6, or 23.12 WS-NOC system to an existing NSP deployment.

Integrated NSP and WS-NOC systems must be at compatible releases. NSP release compatibility with other systems varies; see the NSP compatibility matrix in the NSP Release Notice for the supported release combinations in shared-mode deployments.

Note: The WS-NOC supports only IPv4, so can be integrated only with an NSP system that uses IPv4 in the client and internal networks.

Note: For a shared-mode deployment, Nokia recommends that you use a common root CA in order to ensure trust among the components.

Note: release-ID in a file path has the following format:

R.r.p-rel.version

where

R.r.p is the NSP release, in the form MAJOR.minor.patch

version is a numeric value

CAUTION 

CAUTION

Service Disruption

Performing the procedure requires stopping and starting the WS-NOC, which is service-affecting.

Perform the procedure only during a maintenance period of low network activity.

CAUTION 

CAUTION

Data loss

Adding an WS-NOC system to an existing deployment that includes an NSP cluster does not restore the Neo4j or PostgreSQL databases from the WS-NOC system. The WS-NOC system is synchronized with the NSP, after which manual actions are required to recreate the data.

When the integration is complete, you must recreate the WS-NOC system and user settings in the NSP.

Note: You require root and nsp user privileges on each WS-NOC server station and each NSP cluster host station.

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

Note: Ensure that the “IPCalc” package is installed on all VMs that will host any WS-NOC software.

Before you begin

If the containerized WS-NOC 21.12, 22.6, or 22.12 system was deployed in HA mode, Step 13 through Step 23 must be performed on both the primary and standby servers in the following order:

  • Integrate standby WS-NOC server (for example, Site2)

  • Perform WS-NOC switchover (Site1 -> Site2)

  • Integrate Site1 (which is now standby)

Steps
 

Perform one of the following:

  1. If integrating a WS-NOC system at Release 22.6, 22.12, 23.6, or 23.12 continue to Step 2.

  2. If integrating a WS-NOC system at a release earlier than 22.6, go to Step 13.

Integrate WS-NOC Release 22.6, 22.12, 23.6, or 23.12 with the NSP
 

Ensure that the WS-NOC Release 22.6, 22.12, 23.6, or 23.12 system is running and operational.

Log in to the WS-NOC server as the root user.

Perform the following steps.

  1. Open the following file with a plain-text editor such as vi:

    install_dir/config/bench/configuration.json

  2. Set the remoteAuthentication.active parameter to "nsp".

  3. Set the remoteAuthentication.nsp.noc.ipv4 or remoteAuthentication.noc.ipv6 parameter using the NSP client network IP address, depending on the WS-NOC IP version in use.

  4. Set the remoteAuthentication.nsp.noc.alias parameter to the NSP alias.

  5. If the NSP is a DR deployment, configure the parameters in the remoteAuthentication.drc section.

Note: When NSP is set as the authentication server for WS-NOC, a corresponding user with the required permissions must be created on WS-NOC application for each user created on NSP. See the WS-NOC Administration Guide for information about user management on WS-NOC.

Perform one of the following:

  1. If you are using customer-provided certificates, perform the following on WS-NOC server:

    1. Verify that the customer-provided certificate is usable. Execute:

      cd /<installroot>/setup/config/httpscertificates/data ↵

      openssl req -noout -text -in nfmt-CSR-certificate.pem ↵

    2. Verify that the customer-provided certificate is properly signed by CustomerCACertificate. Execute:

      cd /<installroot>/setup/config/httpscertificates ↵

      openssl verify -CAfile CustomerCACertificate CustomerCertificate ↵

      The returned result should be 'OK'.

    3. cp /<installroot>/setup/config/httpscertificates/CustomerC* /tmp ↵

    4. scp root@<NSP_DEPLOYER_IP>: /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca_internal* /tmp ↵

    5. cd /tmp ↵

    6. tar cvf nspca.tar CustomerCACertificate CustomerCertificate ca_internal.key ca_internal.pem ↵

    7. cp nspca.tar /nokia ↵

  2. If you are using NSP-generated TLS certificates, transfer the certificates to the WS-NOC server:

    1. Log in as the root user on the NSP deployer node.

    2. Enter the following:

      cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca ↵

    3. Enter the following:

      tar cvf nspca.tar ca* ↵

    4. Enter the following:

      scp nspca.tar root@<WS-NOC IP>:/install_dir/config/bench/ ↵

Delete the nspca.tar file. Execute:

rm -rf /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca/nspca.tar

Enter the following:

/install_dir/setup/config.sh ↵

The WS-NOC configuration is updated.

Perform one of the following:

  1. Enter the following to restart the WS-NOC:

    sudo /install_dir/setup/mnc.sh restart apps ↵

    Note: If deployed in HA mode, this command needs to be executed on both the primary and standby WS-NOC servers.

  2. If you are using a customer-signed certificate, enter the following to restart the WS-NOC.

    /install_dir/setup/mnc.sh restart system ↵

On the WS-NOC server, enter the following:

/install_dir/setup/generateAndAlignCertificates.sh ↵

The WS-NOC aligns the TLS certificates.

10 

If the WS-NOC is being integrated in a shared NSP installation, remove the reference to the nspos container from zookeeper:

  1. Enter the following:

    docker exec -u otn -it mnc-admin bash ↵

  2. Enter the following:

    /nfmt/system-monitor/scripts/remove_oldref.sh nspos ↵

  3. Exit the mnc-admin container:

    exit

  4. Enter the following to restart the otntomcat container:

    Note: This step not required for WS-NOC Release 23.6 or later.

    sudo mnc.sh start containerName=otntomcat ↵

11 

If you are integrating a WS-NOC in HA mode, perform the following steps. These steps must be performed on both HA sites, first for the standby site and then for the primary site. Do not perform functional tests before this part of the procedure is completed.

  1. Stop HA data replication.

  2. Connect to the WS-NOC standby main VM as mncmaintuser.

  3. Edit the configuration.json file as described in Step 4.

  4. Stop the WS-NOC system:

    sudo /install_dir/setup/mnc.sh stop system ↵

  5. Store the nspca.tar file in the /install_dir/config/bench directory.

  6. Connect to the MncMain VM.

  7. Enter the following to perform a new configuration, specifying the HA site on which the procedure is being performed as the value for site:

    sudo /install_dir/setup/config.sh site=site

  8. Start the WS-NOC system by entering the following:

    sudo /install_dir/setup/mnc.sh start system ↵

  9. Align the certificates by entering the following:

    sudo /install_dir/setup/generateAndAlignCertificates.sh ↵

  10. Perform an activity switchover, then repeat steps 1 to 9 on the new active WS-NOC.

When these steps have been performed on both HA sites, first on standby and then on primary, the HA replica can be restarted.

12 

Go to Step 23.

Configure WS-NOC
 
13 

If using customer-provided certificates, perform the following:

  1. Verify that the customer-provided certificate is usable. Execute the following commands:

    cd /install_dir/setup/config/httpscertificates/data ↵

    openssl req -noout -text -in nfmt-CSR-certificate.pem ↵

  2. Verify that the customer-provided certificate is properly signed by CustomerCACertificate. Execute:

    cd /install_dir/setup/config/httpscertificates ↵

    openssl verify -CAfile CustomerCACertificate CustomerCertificate ↵

    The returned result should be 'OK'.

14 

Perform one of the following:

  1. If using customer-provided certificates, tar the CustomerCACertificate and CustomerCertificate files from install_dir/setup/config/httpscertificates into nspca.tar. Execute the following commands:

    cp /install_dir/setup/config/httpscertificates/CustomerC* /tmp ↵

    scp root@NSP_deployer_node_IP:/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca_internal* /tmp ↵

    cd /tmp ↵

    tar cvf nspca.tar CustomerCACertificate CustomerCertificate ca_internal.key ca_internal.pem ↵

    cp nspca.tar /nokia ↵

  2. If using NSP-generated TLS certificates, on the NSP deployer, tar the certificates and scp them to the /tmp directory on the WS-NOC server. Execute the following commands:

    cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/ca ↵

    tar cvf nspca.tar ca* ↵

    scp nspca.tar root@WS-NOC_IP:/tmp ↵

15 

Delete the nspos.tar file from the NSP. Execute:

rm -rf nspos.tar

16 

Open the following file on the WS-NOC server using a plain-text editor such as vi:

/nfmt/config/bench/parameters.cfg

17 

Set the NSP_OS_CONFIGURED parameter to “true”.

18 

Save and close the file.

19 

Execute:

mkdir /nokia ↵

cp /tmp/nspca.tar /nokia/ ↵

touch /nokia/nspOS.cfg

Note: If the NSP was deployed in a 1+1 redundancy configuration, both the primary and standby NSP server IP addresses must be specified, separated by a semicolon.

20 

Edit the nspOS.cfg file, adding the NSP_IP parameter.

Note: If the NSP system was deployed in a DR configuration, both the active and standby addresses should be added in the following format: NSP_IP1; NSP_IP2.

21 

Perform one of the following:

  1. If using customer-provided certificates, restart the WS-NOC

    sudo /setup/mnc.sh restart apps ↵

    sudo /install_dir/setup/generateAndAlignCertificates.sh ↵

    If deployed in HA mode, this command needs to be executed on both the primary and standby WS-NOC servers.

  2. If using NSP-generated TLS certificates, stop data replication, then restart. Execute:

    /nfmt/setup/mnc.sh restart system ↵

    sudo /install_dir/setup/generateAndAlignCertificates.sh ↵

22 

If you are integrating an WS-NOC running Release 21.12, the nspos container on the WS-NOC will display as being down. To address this issue by removing the container reference, run the following commands:

docker exec -it mnc-admin bash ↵

su otn ↵

/nfmt/system-monitor/scripts/remove_oldref.sh nspos ↵

/nfmt/setup/mnc.sh restart containerName=otntomcat ↵

Roll back configuration, if required
 
23 

If required, rollback the integration by performing the following:

  1. For WS-NOC Release 21.12:

    1. Delete the nspOS.cfg file from the /nokia and /nfmt/config/bench directories.

    2. Execute:

      rm -rf /nokia/nspOS.cfg ↵

      rm -rf /nfmt/config/bench/nspOS.cfg ↵

      rm -rf /nokia/nspca.tar ↵

    3. Restart the system. Execute:

      /nfmt/setup/mnc.sh restart system ↵

  2. For WS-NOC Release 22.6 and later:

    1. Connect to the WS-NOC main VM as mncmaintuser.

    2. Edit the /install_dir/config/bench/configuration.json file using a plain-text editor such as vi.

    3. Remove the "nsp" property from the "remoteAuthentication" => "active" field.

    4. Save the changes and close the file.

    5. Enter the following command:

      rm -rf /install_dir/config/bench/activenspos.cfg ↵

    6. Enter the following command:

      cd/install_dir/app/templates/MW-INT

    7. Remove the following entries from the file:

      MWSVC-WEB_plat.properties.base

      plat.preserver.3.mwsvcport=5138

      plat.preserver.3.supporteddatatypes=Log

      plat.preserver.3.nativedatatypes=Log

      plat.preserver.3.hostname=nspos

      plat.preserver.3.mwsvcserviceport=5035

      plat.preserver.3.systype=OTNE

      plat.preserver.3.showcpu=false

    8. Run bench config. Execute:

      sudo /install_dir/app/common/bench_config.sh

    9. Remove ZooKeeper from system admin. Execute:

      sudo /install_dir/app/tools/sh mnc-admin

    10. Stop the WS-NOC. Execute:

      sudo /install_dir/setup/mnc.sh stop system ↵

    11. Delete the nspca.tar file and nspOS.cfg file from the /install_dir/config/bench directory.

    12. Run the WS-NOC configuration command:

      sudo /install_dir/setup/config.sh ↵

    13. Start the WS-NOC. Execute:

      sudo /install_dir/setup/mnc.sh start system ↵

Enable the Back to Launchpad option on the WS-NOC GUI
 
24 

Log in to the WS-NOC VM.

25 

Connect to the otntomcat container on WS-NOC. Execute the following commands:

  1. docker exec -ti otntomcat bash ↵

  2. cd /nokia/1350OMS/NMA/WDM_WEB/20.11.0/lib/otn/resources/common/menu/ ↵

    or

    cd /nokia/1350OMS/NMA/WDM_WEB/21.4.0/lib/otn/resources/common/menu/ ↵

26 

Modify the systemProperty.json and the systemProperty.json.VMs files so that the "nspIsConfigured" parameter is set to false.

27 

Exit the container and refresh the GUI page.

Note: The otntomcat container does not need to be restarted.

Post-integration steps required when using customer-provided certificates:
 
28 

If WS-NOC is deployed in HA mode, execute the following on the standby WS-NOC server to align HA status:

# sudo rm -rf /install_dir/setup/config/httpscertificates ↵

# su - root scp -r <active alias or IP>:/install_dir/setup/config/httpscertificates /install_dir/setup/config/ ↵

# sudo rm -rf /install_dir/app/common/.ssl ↵

# su -root scp -r active_alias_or_IP:/install_dir/app/common/.ssl install_dir/app/common/ ↵

# sudo docker start nfmt-setup ↵

# sudo mnc.sh restart apps ↵

29 

In the mnc-admin and nrct-tapi containers, execute:

chmod 644 /nfmt/instance/certificates/External/keystore.ks ↵

chmod 644 /nfmt/instance/certificates/External/key.pem ↵

mkdir -p /nfmt/config/tempcustom/nfmt/instance/certificates/External/ ↵

cp /nfmt/instance/certificates/External/keystore.ks /nfmt/config/tempcustom/nfmt/instance/certificates/External/ ↵

cp /nfmt/instance/certificates/External/key.pem /nfmt/config/tempcustom/nfmt/instance/certificates/External/ ↵

30 

In the mnc-fm, pm-components, pm-hadoop, pm-kafka, and pm-spark containers, execute:

chmod 644 /nfmt/instance/certificates/External/keystore.ks ↵

mkdir -p /nfmt/config/tempcustom/nfmt/instance/certificates/External/ ↵

cp /nfmt/instance/certificates/External/keystore.ks /nfmt/config/tempcustom/nfmt/instance/certificates/External/ ↵

31 

Navigate to System Control within WS-NOC. If any processes are 'down', login to their individual containers and start them by executing:

/umc/plat/script/mngApp startup process_name

32 

Close the open console windows.

End of steps