To convert a redundant NFM-P system to IPv6
Description
The following steps describe how to change the communication between components in a redundant NFM-P system from IPv4 to IPv6. Ensure that you record the information that you specify, for example, directory names, passwords, and IP addresses.
Note: You require the following user privileges:
Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:
Steps
Disable automatic startup, standby main server | |||||||||||||||||||
1 |
Prevent the standby main server from starting in the event of a power disruption during the conversion.
| ||||||||||||||||||
Stop standby main server | |||||||||||||||||||
2 |
Stop the standby main server.
| ||||||||||||||||||
Stop reserved auxiliary servers | |||||||||||||||||||
3 |
If the NFM-P system includes auxiliary servers, perform the following steps on each reserved auxiliary server station.
| ||||||||||||||||||
Stop standby main database | |||||||||||||||||||
4 |
Stop the standby database and proxy services.
| ||||||||||||||||||
Disable automatic startup, primary main server | |||||||||||||||||||
5 |
Prevent the primary main server from starting in the event of a power disruption during the conversion.
| ||||||||||||||||||
Stop primary main server | |||||||||||||||||||
6 |
Stop the primary main server. Note: This step marks the beginning of the network management outage.
| ||||||||||||||||||
Stop preferred auxiliary servers | |||||||||||||||||||
7 |
If the NFM-P system includes auxiliary servers, perform the following steps on each preferred auxiliary server station.
| ||||||||||||||||||
Stop primary main database | |||||||||||||||||||
8 |
Stop the primary database and proxy services.
| ||||||||||||||||||
Update auxiliary database IP addresses | |||||||||||||||||||
9 |
If the NFM-P includes an auxiliary database, perform the NSP System Administrator Guide procedure that describes changing the auxiliary database external IP addresses. | ||||||||||||||||||
Configure primary main database | |||||||||||||||||||
10 |
Enter the following: # samconfig -m db ↵ The following is displayed: Start processing command line inputs... <db> | ||||||||||||||||||
11 |
Enter the following: <db> configure ip address ↵ where address is the IPv6 address of this database The prompt changes to <db configure>. | ||||||||||||||||||
12 |
Enter the following, and then enter back ↵: <db configure> redundant ip address ↵ where address is the IPv6 address of the peer database | ||||||||||||||||||
13 |
To enable IP validation, which restricts the server components that have access to the main database; configure the parameters in the following table, and then enter back ↵. Note: For security reasons, it is strongly recommended that you enable IP validation. Note: When you enable IP validation on an NFM-P system that includes auxiliary servers, NSP Flow Collectors, or analytics servers, you must configure the remote-servers parameter; otherwise, the servers cannot reach the database. Table 17-9: Primary database parameters —
| ||||||||||||||||||
14 |
To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵. Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated. Table 17-10: Primary database parameters —
|
Parameter |
Description |
---|---|
keystore-pass |
The TLS keystore password Default: available from technical support |
pki-server |
The PKI server IP address or hostname You must configure the parameter. Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
Verify the database configuration.
-
<db configure> show-detail ↵
The database configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<db configure> back ↵
The prompt changes to <db>.
Enter the following to apply the configuration changes:
<db> apply ↵
The changes are applied.
Enter the following:
<db> exit ↵
The samconfig utility closes.
Enter the following:
# ssh-keyscan -t rsa standby_database_IPv6_address >>/opt/nsp/nfmp/oracle19/.ssh/known_hosts
where standby_database_IPv6_address is the IPv6 address that you are assigning to the standby main database
Configure primary main server
Log in as the root user on the primary main server station.
Open a console window.
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> configure ip address ↵
where address is the main server IPv6 address that each database must use to reach the main server
The prompt changes to <main configure>.
As required, configure the client parameters as described in the following table, and then enter back ↵.
Table 17-11: Primary main server parameters — client
Parameter |
Description |
---|---|
nat |
Not applicable to IPv6 If the parameter is enabled, disable the parameter. |
hostname |
The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server Modify the value if the hostname changes as part of the conversion to IPv6. If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter. |
public-ip |
The IPv6 address that the GUI and XML API clients must use to reach the main server The parameter is configurable and mandatory when the hostname parameter is unconfigured. |
delegates |
A list of the client delegate servers, in the following format: address1;path1,address2;path2...addressN;pathN where an address value is a client delegate server IP address a path value is the absolute file path of the client delegate server installation location Replace each IPv4 address with the appropriate IPv6 address. |
Enter the following, and then enter back ↵:
<main configure> database ip address ↵
where address is the IPv6 address of the primary database
To enable IPv6 for communication with the managed network, enter the following, and then enter back ↵:
<main configure> mediation snmp-ipv6 address ↵
where address is the main server IPv6 address that the managed NEs must use to reach the main server
To disable IPv4 for communication with the managed network, perform the following steps.
-
<main configure> mediation no snmp-ipv4 ↵
-
<main configure mediation> no nat ↵
-
<main configure mediation> back ↵
The prompt changes to <main configure>.
Perform one of the following.
-
If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:
<main configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the main server
-
If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.
Table 17-12: Primary main server parameters —
aux
Parameter
Description
ip-to-auxes
The primary main server IPv6 address that the auxiliary servers must use to reach the main server
Default: —
preferred-list
Comma-separated list of Preferred auxiliary server IPv6 addresses
Default: —
reserved-list
Comma-separated list of Reserved auxiliary server IPv6 addresses
Default: —
peer-list
Comma-separated list of Remote auxiliary server IPv6 addresses
Default: —
If required, configure the tls parameters in the following table, and then enter back ↵.
Table 17-13: Primary main server parameters — tls
Parameter |
Description |
---|---|
keystore-file |
The absolute path of the TLS keystore file To enable automated TLS deployment, enter no keystore-file. Default: — |
keystore-pass |
The TLS keystore password Default: available from technical support |
truststore-file |
The absolute path of the TLS truststore file To enable automated TLS deployment, enter no truststore-file. Default: — |
truststore-pass |
The TLS truststore password Default: available from technical support |
alias |
The alias specified during keystore generation You must configure the parameter. Default: — |
pki-server |
The PKI server IP address or hostname Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
hsts-enabled |
Whether HSTS browser security is enabled Default: false |
If the NFM-P includes an auxiliary database, enter the following, and then enter back ↵:
Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.
<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn ↵
where
cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster
cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database
Enter the following:
<main configure> redundancy enabled ↵
The prompt changes to <main configure redundancy>.
Enter the following:
<main configure redundancy> ip-to-peer address ↵
where address is the IPv6 address that the peer main server must use to reach this main server for general communication
Enter the following:
<main configure redundancy> rsync-ip address ↵
where address is the IPv6 address that the peer main server must use to reach this main server for data synchronization
Enter the following, and then enter back ↵:
<main configure redundancy> database ip address ↵
where address is the IPv6 address of the standby database
Configure the peer-server redundancy parameters in the following table, and then enter back ↵.
Table 17-14: Primary main server parameters — redundancy, peer-server
Parameter |
Description |
---|---|
ip |
The IPv6 address that this main server must use to reach the peer main server for general communication Default: — |
rsync-ip |
The IPv6 address that this main server must use to reach the peer main server for data synchronization Default: — |
public-ip |
The IPv6 address that the GUI and XML API clients must use to reach the peer main server The parameter is configurable if the public-ip parameter is configured in Step 23. Default: — |
hostname |
The hostname that the GUI and XML API clients must use to reach the peer main server The parameter is configurable if the hostname parameter is configured in Step 23. Default: — |
ip-to-auxes |
The IPv6 address that the auxiliary servers must use to reach the peer main server You must configure the parameter If the NFM-P system includes one or more auxiliary servers. Default: — |
snmp-ipv6 |
The IPv6 address that the managed NEs must use to reach the peer main server Configure the parameter only if you need to enable IPv6 for communication with managed NEs |
Enter the following:
<main configure redundancy> back ↵
The prompt changes to <main configure>.
Configure the nspos parameters in the following table, and then enter back ↵.
Table 17-15: Primary main server parameters — nspos
Configure the remote-syslog parameters in the following table, and then enter back ↵.
Table 17-16: Standalone main server parameters — remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.
Table 17-17: Standalone main server parameters — server-logs-to-remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P server logs in syslog format to a remote server Default: disabled |
secured |
Whether the communication with the remote server is TLS-secured Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Verify the main server configuration.
-
<main configure> show-detail ↵
The main server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<main configure> back ↵
The prompt changes to <main>.
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Enable Windows Active Directory access
If you use Windows Active Directory for single-sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:
/opt/nsp/os/install/config.json
Otherwise, go to Step 48.
Change the IPv4 addresses to IPv6 addresses, as required.
Save and close the file.
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Configure preferred auxiliary servers
If the NFM-P system does not include auxiliary servers, go to Step 63. Otherwise, perform Step 49 to Step 61 on each preferred auxiliary server station.
Log in as the root user.
Open a console window.
Enter the following:
# samconfig -m aux ↵
The following is displayed:
Start processing command line inputs...
<aux>
Enter the following:
<aux> configure ip address ↵
where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server
The prompt changes to <aux configure>.
Enter the following:
<aux configure> main-server ip-one address ↵
where address is the IPv6 address that the auxiliary server must use to reach the primary main server
The prompt changes to <aux configure main-server>.
Enter the following, and then enter back ↵:
<aux configure main-server> ip-two address ↵
where address is the IPv6 address that the auxiliary server must use to reach the standby main server
Enter the following:
<aux configure> data-sync local-ip address ↵
where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server
The prompt changes to <aux configure data-sync>.
Enter the following, and then enter back ↵:
<aux configure data-sync> peer-ip address ↵
where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server
Configure the tls parameters in the following table, and then enter back ↵.
Table 17-18: Auxiliary server parameters — tls
Parameter |
Description |
---|---|
keystore-file |
The absolute path of the TLS keystore file To enable automated TLS deployment, enter no keystore-file. Default: — |
keystore-pass |
The TLS keystore password Default: available from technical support |
pki-server |
The PKI server IP address or hostname Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
If the XML API clients require IPv6 access, enter the following, and then enter back ↵:
<aux configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the auxiliary server
The prompt changes to <aux configure oss>.
Verify the auxiliary server configuration.
-
<aux configure> show-detail ↵
The auxiliary server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<aux configure> back ↵
The prompt changes to <aux>.
Enter the following:
<aux> apply ↵
The configuration is applied.
Enter the following:
<aux> exit ↵
The samconfig utility closes.
Start preferred auxiliary servers
If the NFM-P system includes auxiliary servers, perform the following steps on each preferred auxiliary server station.
-
bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵
The auxiliary server starts.
Enable automatic startup, primary main server
Enable the automatic startup of the primary main server.
Start primary main server
Start the primary main server.
Note: The primary main server startup marks the end of the network management outage.
-
Enter the following on the standby main server station:
# su - nsp ↵
-
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
bash$ ./nmsserver.bash start ↵
-
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Application Server process is running. See nms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
Configure standby main database
Log in as the root user on the standby main database station.
Open a console window.
Enter the following:
# samconfig -m db ↵
The following is displayed:
Start processing command line inputs...
<db>
Enter the following:
<db> configure ip address ↵
where address is the IPv6 address that the other NFM-P components must use to reach the standby main database
The prompt changes to <db configure>.
Enter the following:
<db configure> redundant ip address ↵
where address is the IPv6 address of the primary database
The prompt changes to <db configure redundant>.
Enter the following, and then enter back ↵:
<db configure redundant> instance instance_name ↵
where instance_name is the primary database instance name
To enable IP validation, which restricts the server components that have access to the main database; configure the parameters in the following table, and then enter back ↵.
Note: For security reasons, it is strongly recommended that you enable IP validation.
Note: When you enable IP validation on an NFM-P system that includes auxiliary servers, NSP Flow Collectors, or analytics servers, you must configure the remote-servers parameter; otherwise, the servers cannot reach the database.
Table 17-19: Standby database parameters — ip-validation
To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵.
Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated.
Table 17-20: Standby database parameters — tls
Parameter |
Description |
---|---|
keystore-pass |
The TLS keystore password Default: available from technical support |
pki-server |
The PKI server IP address or hostname You must configure the parameter. Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
Verify the database configuration.
-
<db configure> show-detail ↵
The database configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<db configure> back ↵
The prompt changes to <db>.
Enter the following to apply the configuration changes:
<db> apply ↵
The changes are applied.
Enter the following:
<db> exit ↵
The samconfig utility closes.
Enter the following:
# ssh-keyscan -t rsa primary_database_IPv6_address >>/opt/nsp/nfmp/oracle19/.ssh/known_hosts
where primary_database_IPv6_address is the IPv6 address of the primary main database
Configure standby main server
Log in to the standby main server station as the root user.
Open a console window.
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> configure ip address ↵
where address is the main server IPv6 address that each database must use to reach the main server
The prompt changes to <main configure>.
As required, configure the client parameters as described in the following table, and then enter back ↵.
Table 17-21: Standby main server parameters — client
Parameter |
Description |
---|---|
nat |
Not applicable to IPv6 If the parameter is enabled, disable the parameter. |
hostname |
The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server Modify the value if the hostname changes as part of the conversion to IPv6. If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter. |
public-ip |
The IPv6 address that the GUI and XML API clients must use to reach the main server The parameter is configurable and mandatory when the hostname parameter is unconfigured. |
delegates |
A list of the client delegate servers, in the following format: address1;path1,address2;path2...addressN;pathN where an address value is a client delegate server IP address a path value is the absolute file path of the client delegate server installation location Replace each IPv4 address with the appropriate IPv6 address. |
Enter the following, and then enter back ↵:
<main configure> database ip address ↵
where address is the IPv6 address of the standby database
If you need to enable IPv6 for communication with the managed network, enter the following, and then enter back ↵:
<main configure> mediation snmp-ipv6 address ↵
where address is the main server IPv6 address that the managed NEs must use to reach the main server
If you need to disable IPv4 for communication with the managed network, perform the following steps.
-
<main configure mediation> no snmp-ipv4 ↵
-
<main configure mediation> no nat ↵
-
<main configure mediation> back ↵
Perform one of the following.
-
If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:
<main configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the main server
-
If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.
Table 17-22: Standby main server parameters —
aux
Parameter
Description
ip-to-auxes
The primary main server IPv6 address that the auxiliary servers must use to reach the main server
Default: —
preferred-list
Comma-separated list of Preferred auxiliary server IPv6 addresses
Default: —
reserved-list
Comma-separated list of Reserved auxiliary server IPv6 addresses
Default: —
peer-list
Comma-separated list of Remote auxiliary server IPv6 addresses
Default: —
Configure the tls parameters in the following table, and then enter back ↵.
Table 17-23: Standby main server parameters — tls
Parameter |
Description |
---|---|
keystore-file |
The absolute path of the TLS keystore file To enable automated TLS deployment, enter no keystore-file. Default: — |
keystore-pass |
The TLS keystore password Default: available from technical support |
truststore-file |
The absolute path of the TLS truststore file To enable automated TLS deployment, enter no truststore-file. Default: — |
truststore-pass |
The TLS truststore password Default: available from technical support |
alias |
The alias specified during keystore generation You must configure the parameter. Default: — |
pki-server |
The PKI server IP address or hostname Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
hsts-enabled |
Whether HSTS browser security is enabled Default: false |
If the NFM-P includes an auxiliary database, enter the following, and then enter back ↵:
Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.
<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn ↵
where
cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster
cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database
Enter the following:
<main configure> redundancy enabled ↵
The prompt changes to <main configure redundancy>.
Enter the following:
<main configure redundancy> ip-to-peer address ↵
where address is the IPv6 address that the peer main server must use to reach this main server for general communication
Enter the following:
<main configure redundancy> rsync-ip address ↵
where address is the IPv6 address that the peer main server must use to reach this main server for data synchronization
Enter the following, and then enter back ↵:
<main configure redundancy> database ip address ↵
where address is the IPv6 address of the primary database
Configure the peer-server redundancy parameters in the following table, and then enter back ↵.
Table 17-24: Standby main server parameters — redundancy, peer-server
Parameter |
Description |
---|---|
ip |
The IPv6 address that this main server must use to reach the peer main server for general communication Default: — |
rsync-ip |
The IPv6 address that this main server must use to reach the peer main server for data synchronization Default: — |
public-ip |
The IPv6 address that the GUI and XML API clients must use to reach the peer main server The parameter is configurable if the public-ip parameter is configured in Step 81. Default: — |
hostname |
The hostname that the GUI and XML API clients must use to reach the peer main server The parameter is configurable if the hostname parameter is configured in Step 81. Default: — |
ip-to-auxes |
The IPv6 address that the auxiliary servers must use to reach the peer main server You must configure the parameter If the NFM-P system includes one or more auxiliary servers. Default: — |
snmp-ipv6 |
The IPv6 address that the managed NEs must use to reach the peer main server Configure the parameter only if you need to enable IPv6 for communication with managed NEs |
Enter the following:
<main configure redundancy> back ↵
The prompt changes to <main configure>.
Configure the nspos parameters in the following table, and then enter back ↵.
Table 17-25: Standby main server parameters — nspos
Configure the remote-syslog parameters in the following table, and then enter back ↵.
Table 17-26: Standby main server parameters — remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.
Table 17-27: Standby main server parameters — server-logs-to-remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P server logs in syslog format to a remote server Default: disabled |
secured |
Whether the communication with the remote server is TLS-secured Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Verify the main server configuration.
-
<main configure> show-detail ↵
The main server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<main configure> back ↵
The prompt changes to <main>.
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Enable Windows Active Directory access
If you use Windows Active Directory for single-sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:
/opt/nsp/os/install/config.json
Otherwise, go to Step 106.
Change the IPv4 addresses to IPv6 addresses, as required.
Save and close the file.
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Configure reserved auxiliary servers
If the NFM-P system does not include auxiliary servers, go to Step 120. Otherwise, perform Step 107 to Step 118 on each reserved auxiliary server station.
Log in as the root user.
Enter the following:
# samconfig -m aux ↵
The following is displayed:
Start processing command line inputs...
<aux>
Enter the following:
<aux> configure ip address ↵
where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server
The prompt changes to <aux configure>.
Enter the following:
<aux configure> main-server ip-one address ↵
where address is the standby main server IPv6 address that the auxiliary server must use to reach the main server
The prompt changes to <aux configure main-server>.
Enter the following, and then enter back ↵:
<aux configure main-server> ip-two address ↵
where address is the primary main server IPv6 address that the auxiliary server must use to reach the main server
Enter the following:
<aux configure> data-sync local-ip address ↵
where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server
The prompt changes to <aux configure data-sync>.
Enter the following and then enter back ↵:
<aux configure data-sync> peer-ip address ↵
where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server
Configure the tls parameters in the following table, and then enter back ↵.
Table 17-28: Auxiliary server parameters — tls
Parameter |
Description |
---|---|
keystore-file |
The absolute path of the TLS keystore file To enable automated TLS deployment, enter no keystore-file. Default: — |
keystore-pass |
The TLS keystore password Default: available from technical support |
pki-server |
The PKI server IP address or hostname Default: — |
pki-server-port |
The TCP port on which the PKI server listens for and services requests Default: 2391 |
If the XML API clients require IPv6 access, enter the following, and then enter back ↵:
<aux configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the auxiliary server
Verify the auxiliary server configuration.
-
<aux configure> show-detail ↵
The auxiliary server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<aux configure> back ↵
The prompt changes to <aux>.
Enter the following:
<aux> apply ↵
The configuration is applied.
Enter the following:
<aux> exit ↵
The samconfig utility closes.
Start reserved auxiliary servers
If the NFM-P system includes auxiliary servers, perform the following steps on each reserved auxiliary server station.
-
bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵
The auxiliary server starts.
Enable automatic startup, standby main server
Enable the automatic startup of the standby main server.
Start standby main server
Start the standby main server.
-
Enter the following to switch to the nsp user:
# su - nsp ↵
-
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
bash$ ./nmsserver.bash start ↵
-
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Application Server process is running. See nms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
If Windows Active Directory access is configured to use the AUTHENTICATED type of LDAP server, and the NFM-P is not part of a shared-mode NSP deployment, enter the following to restart the local nspos-tomcat service:
Note: The service restart may take a few minutes, during which NFM-P GUI and REST client access is degraded. General NFM-P operation is unaffected.
# systemctl restart nspos-tomcat ↵
Verify converted system using GUI client
Use an NFM-P GUI client to perform sanity testing of the converted system.
Note: If IP addresses are specified for NFM-P client access, ensure that you use the required IPv6 address, rather than the IPv4 address, for the client connection.
End of steps