Start PKI server

If the PKI server is not running, start the PKI server.

1. Log in as the root user on the NSP deployer host.

2. Open a console window.

3. Enter the following:

   # cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/pki ↵

4. Enter the following:

   # ./pki-server ↵

   The PKI server starts, and the following is displayed:

   date time Using Root CA from disk, and serving requests on port nnnn

Configure NFM-P

Perform Step 4 to Step 11 on each NFM-P main server station.

Note: If the NFM-P system is redundant, you must perform the steps on the standby main server station first.

Go to Step 16.

Configure main server

Log in as the nsp user on the NFM-P main server station.

Open a console window.

Stop the main server, if it is running.

1. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

2. Enter the following:

   bash$ ./nmsserver.bash stop ↵

3. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully stopped if the status is the following:

   Application Server is stopped

   If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

4. Enter the following to switch to the root user:

   bash$ su ↵

5. Enter the following to display the NSP service status:

   # nspdctl status ↵

   Information like the following is displayed.

   Mode:     redundancy_mode

   Role:     redundancy_role

   DC-Role:  dc_role

   DC-Name:  dc_name

   Registry: IP_address:port

   State:    stopped

   Uptime:   0s

   SERVICE           STATUS

   service_a         inactive

   service_b         inactive

   service_c         inactive

   You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.

Enter the following:

# samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 

Configure the NFM-P to use the NSP nspOs instance.

1. Enter the following:

   <main> configure nspos ip-list cluster1_advertised_address;cluster2_advertised_address ↵

   where

   cluster1_advertised_address and cluster2_advertised_address are the advertised addresses of the NSP clusters specified in the NSP configuration file

   For example, specify only one IP address for a standalone NSP system, or two, separated by a semicolon, for a DR deployment.

   The prompt changes to <main configure nspos>.

2. Enter the following:

   <main configure nspos> back ↵

   The prompt changes to <main configure>.

If you are using the PKI server, perform the following steps.

1. Enter the following:

   <main configure> tls pki-server server ↵

   where server is the PKI server IP address or hostname

   The prompt changes to <main configure tls>.

2. Enter the following sequence of commands by copying and pasting at the CLI:

   no keystore-file

   no keystore-pass

   no truststore-file

   no truststore-pass

   regenerate-certs

   back

3. Enter the following:

   <main configure tls> back ↵

   The prompt changes to <main configure>.

If the NSP deployment includes an auxiliary database, configure the auxdb parameters.

1. Enter the following:

   <main configure> auxdb enabled ↵

   The prompt changes to <main configure auxdb>.

2. Enter the following:

   Note: In a DR deployment, the order of the IP addresses must be the same on each main server.

   <main configure auxdb> ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn ↵

   where

   cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IP addresses of the auxiliary database stations in the local data center

   cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IP addresses of the stations in the peer data center of a DR deployment

3. If the auxiliary database is to store OAM test results, enter the following:

   <main configure auxdb> oam-test-results ↵

4. If the auxiliary database cluster includes only one station, enter the following:

   Caution: After you configure an auxdb parameter and start an main server, you cannot modify the redundancy-level parameter.

   <main configure auxdb> redundancy-level 0 ↵

5. Enter the following:

   <main configure auxdb> back ↵

   The prompt changes to <main configure>.

To enable mTLS for internal Kafka authentication using two-way TLS, perform the following steps.

Note: Enabling mTLS for internal Kafka authentication is supported only in an NSP deployment that uses separate interfaces for internal and client communication.

1. Enter the following:

   <main configure> nspos mtls-kafka-enabled ↵

   The prompt changes to <main configure nspos>.

2. Enter the following:

   <main configure nspos> back ↵

   The prompt changes to <main configure>.

Enter the following:

<main configure> exit ↵

The prompt changes to <main>.

Enter the following:

<main> apply ↵

The configuration is applied.

Enter the following:

<main> exit ↵

The samconfig utility closes.

Start main servers

Enter the following to switch back to the nsp user:

# exit ↵

Perform the following steps on each main server to start the server.

Note: If the NFM-P system is redundant, you must perform the steps on the primary main server first.

1. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

2. Enter the following:

   bash$ ./nmsserver.bash start ↵

3. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully initialized if the status is the following:

   Application Server process is running.  See nms_status for more detail.

   If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Stop PKI server

If the PKI server is running, press Ctrl+C in the NSP deployer host console window to stop the PKI server.

Add NFM-P to NSP configuration

Log in as the root user on the NSP deployer host.

Open the following file using a plain-text editor such as vi:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

Configure the parameters in the integration section, nfmp subsection, as shown below:

Note: You must preserve the leading spaces in each line of the file.

Note: If the NFM-P system is standalone, you do not need to configure the standbyIp parameter.

Note: In the client section of samconfig on the NFM-P main servers, if the address for client access is set using the hostname parameter, the primaryIp and standbyIp values in the nfmp section of the NSP configuration file, nsp-config.yml, must be set to hostnames.

Likewise, if the public-ip parameter in the client section is configured on the main server, the primaryIp and standbyIp values in the nsp-config.yml file must be set to IP addresses.

 integrations:

   nfmp:

     primaryIp: "server_1_address"

     standbyIp: "server_2_address"

     tlsEnabled: value

where

server_1_address is the IP address of the standalone main server, or the primary main server in a redundant NFM-P system

server_2_address is the IP address of the standby main server in a redundant NFM-P system

value is true or false

If all of the following are true, configure the following parameters in the integrations section:

• The NSP system includes the NFM-P.

• You want the NFM-P to forward system metrics to the NSP cluster.

• The NFM-P main server and main database are on separate stations:

    nfmpDB:

      primaryIp: ""

      standbyIp: ""

If both of the following are true, configure the following parameters in the integrations section:

• You want the NFM-P to forward system metrics to the NSP cluster.

• The NFM-P system includes one or more auxiliary servers:

    auxServer:

      primaryIpList: ""

      standbyIpList: ""

If the NFM-P includes an auxiliary database, enable the auxiliary database in the NSP configuration.

1. Locate the following section:

       auxDb:

         secure: "value"

         ipList: ""

         standbyIpList: ""

2. Edit the section to read as follows:

       auxDb:

         secure: "true"

         ipList: "cluster_1_IP1,cluster_1_IP2...cluster_1_IPn"

         standbyIpList: "cluster_2_IP1,cluster_2_IP2...cluster_2_IPn"

   where

   cluster_1_IP1, cluster_1_IP2...cluster_1_IPn are the external IP addresses of the stations in the local cluster

   cluster_2_IP1, cluster_2_IP2...cluster_2_IPn are the external IP addresses of the stations in the peer cluster; required only for geo-redundant deployment

Save and close the file.

Back up NFM-P Neo4j and PostgreSQL data

If you have not performed an NFM-P database backup for the system integration, you must perform a backup now.

Perform the steps in the “To back up the main database from the client GUI” procedure in one of the following guides, depending on the installed NFM-P release:

• Release 22.9 or earlier—NSP NFM-P Administrator Guide

• Release 22.11 or later—NSP System Administrator Guide

Restore NFM-P Neo4j and PostgreSQL data

Copy the following Neo4j and PostgreSQL database backup files created in Step 25 to an empty temporary directory on the NSP deployer host:

• nspos-neo4j_backup_timestamp.tar.gz

• nspos-postgresql_backup_timestamp.tar.gz

where timestamp is the backup creation time

Perform “How do I restore the NSP cluster databases?” in the NSP System Administrator Guide to restore only the following databases on the NSP cluster:

Note: Performing the procedure also starts the NSP.

• Neo4j database

• PostgreSQL database

Monitor NSP initialization

Monitor the NSP initialization; if the status of any pod is Error, you must correct the error; see the NSP System Administrator Guide for information about recovering an errored pod.

Note: You must not proceed to the next step until the cluster is operational and no pods are in error.

Close the open console windows.

End of steps