Prepare for migration

As required, edit NFM-P user accounts to prepare for importing to the NSP local user database; for example, remove duplicate user IDs, or enter e-mail addresses.

Note: For users whose user account includes an e-mail address, the import operation sends a new randomly generated temporary password. Users who lack an e-mail address are assigned a global temporary password.

Undeploy standby NSP cluster

Log in as the root user on the NSP deployer host in the standby data center.

Open a console window.

Perform the following steps to preserve the existing cluster data.

1. Open the following file using a plain-text editor such as vi:

   /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

2. Edit the following line in the platform section, kubernetes subsection to read:

     deleteOnUndeploy:false

3. Save and close the file.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

Enter the following:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass uninstall --undeploy

# ./nspdeployerctl uninstall --undeploy ↵

Undeploy and configure primary NSP cluster

Log in as the root user on the NSP deployer host in the primary data center.

Open a console window.

Perform the following steps to preserve the existing cluster data.

1. Open the following file using a plain-text editor such as vi:

   /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

2. Edit the following line in the platform section, kubernetes subsection to read:

     deleteOnUndeploy:false

3. Save and close the file.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

Enter the following:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass uninstall --undeploy

# ./nspdeployerctl uninstall --undeploy ↵

Open the following file using a plain-text editor such as vi:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

Configure the authMode parameter in the sso section, as shown below.

  sso:

    authMode: "oauth2"

Configure other OAUTH2 parameters, as required, such as the following:

• session timeout or account lockout settings

• any NFM-P remote authentication sources that are migrating to the OAUTH2 configuration

Disable the CAS configuration; use a leading # symbol to comment out each CAS-specific SSO parameter line in the file.

Save and close the nsp-config.yml file.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

Enter the following:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass install --config --deploy

# ./nspdeployerctl install --config --deploy ↵

The NSP configuration change is put into effect, and OAUTH2 authentication is enabled.

Configure standby NSP cluster

Log in as the root user on the NSP deployer host in the standby data center.

Copy the secret files for OAUTH2 deployment from the NSP deployer host in the primary data center.

1. Enter the following:

   # mkdir -p /opt/nsp/nsp-configurator/generated ↵

2. Enter the following:

   # scp address:/opt/nsp/nsp-configurator/generated/nsp-keycloak-*-secret /opt/nsp/nsp-configurator/generated/ ↵

   where address is the address of the primary NSP deployer host

On the standby NSP deployer host, open the following file using a plain-text editor such as vi:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

Configure the authMode parameter in the sso section, as shown below.

  sso:

    authMode: "oauth2"

Specify the same values for the OAUTH2 parameters that you configured in Step 14.

Note: The primary and standby OAUTH2 configurations must match.

Disable the CAS configuration; use a leading # symbol to comment out each CAS-specific SSO parameter line in the file.

Save and close the nsp-config.yml file.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

Enter the following:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass install --config --deploy

# ./nspdeployerctl install --config --deploy ↵

The NSP configuration change is put into effect, and OAUTH2 authentication is enabled.

Close the open console windows.

Set OAUTH2 mode on NFM-P main servers

If the NSP deployment includes the NFM-P, you must configure each NFM-P main server to align with the NSP authentication mode. Otherwise, go to Step 42.

If the NFM-P system is redundant, perform Step 33 to Step 35 on the standby main server.

Perform Step 33 to Step 35 on the standalone or primary main server.

Go to Step 36.

Log in as the root user on the main server station.

Stop the main server.

1. Enter the following to switch to the nsp user:

   # su - nsp ↵

2. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

3. Enter the following to stop the main server:

   bash$ ./nmsserver.bash stop ↵

4. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully stopped if the status is the following:

   Application Server is stopped

   If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

5. Enter the following to switch back to the root user:

   bash$ su - ↵

Update the main server configuration.

1. Enter the following:

   # samconfig -m main ↵

   The following is displayed:

   Start processing command line inputs...

   <main> 

2. Enter the following:

   <main> configure nspos authMode oauth2 ↵

   The prompt changes to <main configure nspos>.

3. Enter the following:

   <main configure nspos> exit ↵

   The prompt changes to <main>.

4. Enter the following:

   <main> apply ↵

   The configuration is applied.

5. Enter the following:

   <main> exit ↵

   The samconfig utility closes.

Start NFM-P main servers

Perform the following steps on each main server to start the main server.

Note: You must perform the steps first on the standalone or primary main server.

1. Enter the following to switch to the nsp user:

   bash$ su - nsp ↵

2. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

3. Enter the following to start the main server:

   bash$ ./nmsserver.bash start ↵

4. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully initialized if the status is the following:

   Application Server process is running.  See nms_status for more detail.

   If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

5. Close the console window.

Import NFM-P users and groups

Sign in to the NSP as the admin user.

You are prompted to change your password.

Enter a new password.

The NSP UI opens.

Open Users and Security.

Perform the NFM-P user import procedure in the NSP System Administrator Guide.

Inform each imported NFM-P user of the new password sent to their e-mail address, or of the global temporary password assigned to the user account, if an e-mail address is not assigned.

Close the open console windows.

End of steps