What is NSP artifact administration?
Artifacts
NSP administrators are responsible for obtaining, importing, and installing the Nokia-provided NSP artifacts that are required for model-driven management of various Nokia and multivendor devices. Pluggable NSP artifacts produced by Nokia are delivered on the software delivery site both with and between NSP releases.
See “What is an artifact?” in the NSP Network Automation Guide for overview information about artifacts, and the “Artifact management” chapter in the NSP Network Automation Guide for information about managing artifact bundles in the NSP UI.
Signatures
Signatures provide visibility of the authorship of an artifact bundle, and ability to easily verify that the bundle comes from a trusted source.
Artifact bundles created by Nokia are signed by Nokia and do not require NSP administrative action.
However, NSP administrators are responsible for managing the authenticity of artifact bundles created in-house.
The procedures in this chapter describe operations performed on NSP host servers to support signing customer-created artifact bundles.
Public/private key pairs
Signing artifact bundles requires the creation of a public/private key pair. To ensure authenticity of artifacts, artifact bundles are signed with a private key that must only be known to the original artifact bundle developer.
The corresponding public key is installed, along with the corresponding author name, in NSP. When a signed artifact bundle is installed, NSP looks up the corresponding public key registered for the author name and validates the artifact bundle signature. The private key must be stored in a safe place.
After the keys are generated, the public key and the bundle author name are saved to a secret YAML file, which is loaded into Kubernetes.
The secret file must be saved to all standby sites in a DR NSP deployment. If an NSP upgrade requires removal of Kubernetes resources such as secrets, the files will need to be loaded again after the upgrade is completed.
Nokia recommends backing up all secret YAML files before performing an NSP upgrade.