Check pre-upgrade disk space

As part of the trial upgrade on a lab system in advance of a live upgrade, you must ensure that the available disk capacity on each NFM-P component remains within tolerance.

Note: If the disk usage on an NFM-P partition approaches or exceeds 80% after the trial upgrade, you may need to add disk capacity before you attempt the upgrade on a live system.

Perform the following steps on each of the following stations:

• main server

• auxiliary server

• main database

1. Log in to the station as the root user.

2. Open a console window.

3. Enter the following:

   # df -kh ↵

   The usage information for each partition is displayed.

4. Record the information for each NFM-P partition; see the tables in Chapter 2, NSP disk setup and partitioning for the partition names and required capacities.

Open GUI client

Open at least one GUI client to monitor the network before the upgrade.

Stop NSP analytics servers, Flow Collectors

If the system includes one or more NSP analytics servers, stop each analytics server.

1. Log in to the analytics server station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ /opt/nsp/analytics/bin/AnalyticsAdmin.sh stop ↵

The following is displayed:

Stopping Analytics Application

When the analytics server is completely stopped, the following message is displayed:

Analytics Application is not running

If the system includes one or more NSP Flow Collector Controllers and Flow Collectors, stop each NSP Flow Collector Controller.

Note: If the NSP Flow Collector Controller is collocated on a station with an NSP Flow Collector, stopping the NSP Flow Collector Controller also stops the Flow Collector.

1. Log in to the NSP Flow Collector Controller station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ /opt/nsp/flow/fcc/bin/flowCollectorController.bash stop ↵

   The NSP Flow Collector Controller stops.

If the system includes one or more NSP Flow Collectors that are not collocated on a station with a Flow Collector Controller, stop each such NSP Flow Collector.

1. Log in to the NSP Flow Collector station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ /opt/nsp/flow/fc/bin/flowCollector.bash stop ↵

   The NSP Flow Collector stops.

Stop and disable standalone main server

Stop the main server.

1. Log in to the main server station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

4. Enter the following:

   bash$ ./nmsserver.bash stop ↵

5. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully stopped if the status is the following:

   Application Server is stopped

   If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

6. Enter the following to switch to the root user:

   bash$ su ↵

Disable the automatic main server startup so that the main server does not start in the event of a power disruption during the upgrade.

1. Enter the following:

   # systemctl disable nspos-nspd.service ↵

2. Enter the following:

   # systemctl disable nfmp-main-config.service ↵

3. Enter the following:

   # systemctl disable nfmp-main.service ↵

Upgrade standalone main database

Log in to the database station as the root user.

Open a console window.

Stop and disable the Oracle proxy and main database services.

1. Enter the following to stop the Oracle proxy:

   # systemctl stop nfmp-oracle-proxy.service ↵

2. Enter the following to disable the automatic Oracle proxy startup:

   # systemctl disable nfmp-oracle-proxy.service ↵

3. Enter the following to stop the main database:

   # systemctl stop nfmp-main-db.service ↵

4. Enter the following to disable the automatic database startup:

   # systemctl disable nfmp-main-db.service ↵

Perform the following steps.

1. Perform To apply a RHEL update to an NSP image-based OSon the main database station.

2. Open the /etc/fstab file using a plain-text editor such as vi.

3. Locate the tmpfs file system entry.

4. Remove the noexec option so that the entry reads as follows:

   tmpfs /dev/shm tmpfs nodev 0 0

5. Save and close the /etc/fstab file.

6. Enter the following to remount the /dev/shm partition:

   # mount -o remount /dev/shm ↵

If you are re-using the main database station, recommission the station according to the platform specifications in this guide and in the NSP Planning Guide.

For information about deploying the RHEL OS using an NSP OEM disk image, see NSP disk-image deployment.

Log in as the root user on the main database station.

Perform one of the following.

1. If the main server and database are collocated on one station, perform the following steps.

   1. Transfer the following downloaded installation files to an empty directory on the collocated station:

      • nsp-nfmp-oracle-R.r.p-rel.v.rpm

      • nsp-nfmp-main-db-R.r.p-rel.v.rpm

      • nsp-nfmp-nspos-R.r.p.rpm

      • nsp-nfmp-jre-R.r.p-rel.v.rpm

      • nsp-nfmp-config-R.r.p-rel.v.rpm

      • nsp-nfmp-main-server-R.r.p.rpm

      Note: In subsequent steps, the directory is called the NFM-P software directory.

   2. You must remove the semvalidator package if it is installed; otherwise, the upgrade is blocked.

      Enter the following:

      # rpm -q nsp-nfmp-semvalidator ↵

      If the package is installed, the following is displayed:

      nsp-nfmp-semvalidator-version

      If the package is not installed, the following is displayed:

      package nsp-nfmp-semvalidator is not installed

   3. If the package is installed, enter the following:

      # dnf remove nsp-nfmp-semvalidator ↵

      The package is removed.

2. If the main server and database are on separate stations, transfer the following downloaded installation files to an empty directory on the main database station:

   • nsp-nfmp-jre-R.r.p-rel.v.rpm

   • nsp-nfmp-config-R.r.p-rel.v.rpm

   • nsp-nfmp-oracle-R.r.p-rel.v.rpm

   • nsp-nfmp-main-db-R.r.p-rel.v.rpm

   • nsp-nfmp-nodeexporter-R.r.p-rel.v.rpm, if downloaded

   Note: In subsequent steps, the directory is called the NFM-P software directory.

Transfer the following downloaded file to an empty directory on the main database station:

• OracleSw_PreInstall.sh

Navigate to the directory that contains the OracleSw_PreInstall.sh file.

Enter the following:

# chmod +x OracleSw_PreInstall.sh ↵

Enter the following:

# ./OracleSw_PreInstall.sh ↵

Note: A default value is displayed in brackets []. To accept the default, press ↵.

Note: If you specify a value other than the default, you must record the value for use when the OracleSw_PreInstall.sh script is run during a software upgrade, or when the Oracle management user information is required by technical support.

The following prompt is displayed:

This script will prepare the system for an upgrade to NFM-P Version R.r.

Do you want to continue? [Yes/No]:

Enter Yes. The following messages and prompt are displayed:

About to validate that the database can be upgraded to release.

Found the database installation directory /opt/nsp/nfmp/db/install.

Existing NFM-P main database version = version

Enter the password for the "SYS" Oracle user (terminal echo is off):

Enter the SYS user password.

The following messages and prompt are displayed:

Validating the database for upgrade. Please wait ...

INFO: Database upgrade validation passed.

Create/Update base nsp/oracle user directories

Creating group group if it does not exist ...

Checking or Creating the Oracle user home directory /opt/nsp/nfmp/oracle19...

Checking user username... usermod: no changes

Changing ownership of the directory /opt/nsp/nfmp/oracle19 to username:group.

About to unlock the UNIX user [username]

Unlocking password for user username.

passwd: Success

Unlocking the UNIX user [username] completed

Do you want to change the password for the user username? [Yes/No]:

Enter No.

The following messages and prompt are displayed.

Specify whether an NFM-P Main Server will be installed on this workstation.

The database memory requirements will be adjusted to account for the additional load.

Will the database co-exist with an NFM-P Main Server on this workstation [Yes/No]:

Enter Yes or No, as required.

Messages like the following are displayed as the script execution completes:

INFO: Created /etc/sysctl.d/97-nfmp-oracle.conf, not a reconfig scenario, not applying changes at this time.

INFO: Removing ulimit file /etc/security/limits.d/97-nfmp-oracle.conf

INFO: About to set ulimit parameters in /etc/security/limits.d/97-nfmp-oracle.conf...

INFO: Completed setting ulimit parameters in /etc/security/limits.d/97-nfmp-oracle.conf...

INFO: Completed running Oracle Pre-Install Tasks, you *MUST* reboot your box.

When the script execution is complete, enter the following to reboot the station:

# systemctl reboot ↵

The station reboots.

When the reboot is complete, log in as the root user on the main database station.

Open a console window.

Navigate to the NFM-P software directory.

Note: Ensure that the directory contains only the installation files.

Enter the following:

# chmod +x * ↵

Enter the following:

# dnf install *.rpm ↵

The dnf utility resolves any package dependencies, and displays the following prompt:

Total size: nn G

Installed size: nn G 

Is this ok [y/d/N]: 

Enter y. The following and the installation status are displayed as each package is installed:

Downloading Packages:

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

The package installation is complete when the following is displayed:

Complete!

Enter the following to upgrade the database:

Note: A database upgrade takes considerable time that varies, depending on the release from which you are upgrading.

# samupgradeDb ↵

The following prompt is displayed:

Enter the password for the "SAMUSER" database user (terminal echo is off):

Enter the password.

Messages like the following are displayed as the database upgrade begins:

Validating...

Validation succeeded.

Upgrade log is /opt/nsp/nfmp/db/install/NFM-P_Main_Database.upgrade.timestamp.stdout.txt

timestamp working..

timestamp Performing Step 1 of n - Initializing ...

.

.

.

timestamp Performing Step n of n - Finalizing ...

timestamp Database upgrade was successful

The database upgrade is complete when the following is displayed:

DONE

When the upgrade is complete, verify the database configuration.

1. Enter the following:

   # samconfig -m db ↵

   The following is displayed:

   Start processing command line inputs...

   <db> 

2. Enter the following:

   <db> show-detail ↵

   The database configuration is displayed.

3. Review each parameter to ensure that the value is correct; see NFM-P samconfig utility for information about using samconfig.

4. Configure one or more parameters, if required, and then enter back ↵.

5. If you change one or more parameters, enter the following:

   <db> apply ↵

   The configuration is applied.

6. Enter the following:

   <db> exit ↵

   The samconfig utility closes.

It is recommended that as a security measure, you limit the number of database user login failures that the NFM-P allows before the database user account is locked; see the NSP System Administrator Guide for information.

Note: You do not need to perform the step if the database has been configured before the upgrade to limit the user login failures.

Stop auxiliary servers

If the system includes one or more auxiliary servers, stop each auxiliary server.

1. Log in to the auxiliary server station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstop ↵

   The auxiliary server stops.

Upgrade standalone main server

If the main server and database are on separate stations and deployed in VMs created using an NSP RHEL OS disk image, perform To apply a RHEL update to an NSP image-based OS on the main server station.

Log in as the root user on the main server station.

Open a console window.

Perform one of the following.

1. If the main server and database are collocated on one station, go to Step 44.

2. If the main server and database are on separate stations, transfer the following downloaded installation files to an empty directory on the main server station:

   • nsp-nfmp-nspos-R.r.p.rpm

   • nsp-nfmp-jre-R.r.p-rel.v.rpm

   • nsp-nfmp-config-R.r.p-rel.v.rpm

   • nsp-nfmp-main-server-R.r.p.rpm

   • nsp-nfmp-nodeexporter-R.r.p-rel.v.rpm, if downloaded

   Note: In subsequent steps, the directory is called the NFM-P software directory.

You must remove the semvalidator package if it is installed; otherwise, the upgrade is blocked.

Perform the following steps.

1. Enter the following:

   # rpm -q nsp-nfmp-semvalidator ↵

   If the package is installed, the following is displayed:

   nsp-nfmp-semvalidator-version

   If the package is not installed, the following is displayed:

   package nsp-nfmp-semvalidator is not installed

2. If the package is installed, enter the following:

   # dnf remove nsp-nfmp-semvalidator ↵

   The package is removed.

Navigate to the NFM-P software directory.

Note: Ensure that the directory contains only the installation files.

Enter the following:

# chmod +x * ↵

Enter the following:

# dnf install *.rpm ↵

The dnf utility resolves any package dependencies, and displays the following prompt:

Total size: nn G

Installed size: nn G 

Is this ok [y/d/N]: 

Enter y. The following and the installation status are displayed as each package is installed:

Downloading Packages:

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

The package installation is complete when the following is displayed:

Complete!

Configure standalone main server

Enter the following; see NFM-P samconfig utility for information about using samconfig:

Note: Regardless of whether you intend to modify the main server configuration, you must apply the main server configuration, as described in the following steps.

# samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main>

Enter the following:

<main> configure ↵

The prompt changes to <main configure>.

To apply a new or updated NFM-P license, enter the following:

Note: You cannot start a main server unless the main server configuration includes a current and valid license. You can use samconfig to specify the license file in this step, or later import the license, as described in the NSP System Administrator Guide.

<main configure> license license_file back ↵

where license_file is the absolute path and file name of the NSP license bundle

Verify the main server configuration.

1. Enter the following:

   <main configure> show ↵

   The main server configuration is displayed.

2. Review each parameter to ensure that the value is correct; see NFM-P samconfig utility for information about using the samconfig utility.

3. Configure one or more parameters, if required.

   Note: The NFM-P uses the database backup settings to initialize the database during installation only. To change the backup settings after installation, you must use the Database Manager form in the NFM-P client GUI, as described in the NSP System Administrator Guide.

4. When you are certain that the configuration is correct, enter the following:

   <main configure> back ↵

   The prompt changes to <main>.

Enter the following:

<main> apply ↵

The configuration is applied.

Enter the following:

<main> exit ↵

The samconfig utility closes.

To enable mTLS for internal Kafka authentication using two-way TLS, perform the following steps.

Note: Enabling mTLS for internal Kafka authentication is supported only in an NSP deployment that uses separate interfaces for internal and client communication.

1. Enter the following:

   # samconfig -m main ↵

   The following is displayed:

   Start processing command line inputs...

   <main> 

2. Enter the following:

   # configure nspos mtls-kafka-enabled back ↵

3. Enter the following:

   <main> apply ↵

   The configuration is applied.

4. Enter the following:

   <main> exit ↵

   The samconfig utility closes.

Enable Windows Active Directory access

If you intend to use Windows Active Directory, or AD, for single sign-on client access, you must configure LDAP remote authentication for AD; otherwise, go to Step 60.

Open the following file as a reference for use in subsequent steps:

/opt/nsp/os/install/examples/config.yml

Note: Consider the following.

• The NFM-P does not assign a default user group to users of a remote authentication source that you define for Windows AD; the authentication source must provide the user group attributes.

• Windows AD supports the following LDAP server types for remote authentication:

  AD—The user group of an AD user is derived from the group_base_dn attribute in the server configuration; group search filters are not supported.

  AUTHENTICATED—The server configuration must include bind credentials; group search filters are supported. After NFM-P initialization, you add the AD server bind credentials to the NSP password vault using the NSP Session Manager RESTCONF API.

Locate the section that begins with the following lines:

#   ldap:

#     enabled: true

#     servers:

#       - type: AUTHENTICATED/AD/ANONYMOUS

#         url: ldaps://ldap.example.com:636

#         security: SSL/STARTTLS/NONE

Open the following file using a plain-text editor such as vi:

/opt/nsp/os/install/config.json

Locate the section that begins with the following line:

"sso": {

The section has one subsection for each type of SSO access.

Note: You can enable multiple remote authentication methods such as LDAP and RADIUS in the config.json file, or by using the NFM-P GUI. Using the GUI also allows you to specify the order in which the methods are tried during login attempts; however, no ordering is applied to multiple methods enabled in the config.json file.

In the sso section, create an ldap subsection as shown below using the parameter names from the ldap section of config.yml and the required values for your configuration.

The following example shows the LDAP configuration for two AD servers:

    "ldap": {

      "enabled": true,

      "servers": [

        {

          "type": "auth_type",

          "url": "ldaps://server1:port",

          "server1_parameter_1": "value",

          "server1_parameter_2": "value",

          .

          .

          "server1_parameter_n": "value",

          },

        {

          "type": "auth_type",

          "url": "ldaps://server2:port",

          "server2_parameter_1": "value",

          "server2_parameter_2": "value",

          .

          .

          "server2_parameter_n": "value",

          },

      }]

    }

where auth_type is AD or AUTHENTICATED

Save and close the files.

Enter the following:

# samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 

Enter the following:

<main> apply ↵

The AD LDAP configuration is applied.

Enter the following:

<main> exit ↵

The samconfig utility closes.

Upgrade auxiliary servers

If the system includes one or more auxiliary servers, perform To upgrade a Release 22.9 or later NFM-P auxiliary server on each auxiliary server station.

Perform NSP Flow Collector migration

If the system includes one or more NSP Flow Collectors, contact technical support for information about NSP Flow Collector and Flow Collector Controller migration to an NSP cluster.

Upgrade auxiliary database

If the system includes an NSP auxiliary database, perform To upgrade a standalone Release 22.9 or later auxiliary database.

Start auxiliary servers

If the system includes one or more auxiliary servers, start each auxiliary server.

1. Log in to the auxiliary server station as the nsp user.

2. Open a console window.

3. Enter the following:

   bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵

   The auxiliary server starts.

Integrate NFM-P and NSP cluster

If you are upgrading an NFM-P system that is not currently integrated with an NSP cluster, perform procedure To add an independent NFM-P to an existing NSP deployment.

Note: Performing the procedure also starts the main server.

Start main server

CAUTION Service Disruption

An NFM-P system upgrade is not complete until each main server performs crucial post-upgrade tasks during initialization.

Before you attempt an operation that requires a server shutdown, you must ensure that each main server is completely initialized, or the operation fails.

Note: You cannot start a main server unless the main server configuration includes a current and valid license. You can use samconfig to specify the license file, or import a license, as described in the NSP System Administrator Guide.

Start the main server.

1. Enter the following to switch to the nsp user:

   # su - nsp ↵

2. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

3. Enter the following:

   bash$ ./nmsserver.bash start ↵

4. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully initialized if the status is the following:

   Application Server process is running.  See nms_status for more detail.

   If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

If you have enabled Windows Active Directory access using the AUTHENTICATED type of LDAP server, use the NSP Session Manager RESTCONF API to add the LDAP server bind credentials; see the Network Developer Portal for information.

Specify the memory requirement for GUI clients based on the type of network that the NFM-P is to manage.

1. Enter the following:

   bash$ ./nmsdeploytool.bash clientmem -option ↵

   where option is one of the following:

   • m—medium, for management of limited-scale network

   • l—large, for a network of 15 000 or more NEs

2. Record the setting, which is not preserved through an upgrade, for future use.

3. Enter the following to commit the configuration change:

   bash$ ./nmsdeploytool.bash deploy ↵

Close the console window.

Check post-upgrade disk space

If you are performing a trial upgrade on a lab system in advance of a live upgrade, you must check the available capacity of the disk partitions on each component against the values recorded in Step 1.

Perform the following steps on each of the following stations:

• main server

• auxiliary server

• main database

1. Log in to the station as the root user.

2. Open a console window.

3. Enter the following:

   # df -kh ↵

   The usage information for each partition is displayed.

4. Record the information for each NFM-P partition; see the tables in Chapter 2, NSP disk setup and partitioning for the partition names and required capacities.

5. Compare the partition values with the values recorded in Step 1.

6. If the disk usage on an NFM-P partition approaches 80% or has increased substantially, you may need to add disk capacity before you attempt the upgrade on a live system. Contact technical support for assistance.

Perform NSP analytics server migration to NSP cluster

If the system includes one or more NSP analytics servers, move the analytics-server functions to the NSP cluster, as described in NSP analytics server migration from Release 22.9 or later.

Install or upgrade single-user GUI clients

As required, install or upgrade additional single-user GUI clients; see the following for information:

• NFM-P single-user GUI client installation

• NFM-P single-user GUI client upgrade from Release 22.9 or later

Install or upgrade client delegate servers

As required, install or upgrade client delegate servers; see the following for information:

• NFM-P client delegate server installation

• NFM-P client delegate server upgrade from Release 22.9 or later

Restore TLS version and cipher support configuration

An NFM-P system upgrade does not preserve your changes to the system support for specific TLS versions and ciphers.

If the system had customized TLS settings before the upgrade, see the NSP System Administrator Guide for information about how to restore the TLS version and cipher support settings.

Note: TLS 1.0 and 1.1 are disabled by default after an upgrade. If either version is enabled before an NFM-P system upgrade and required after the upgrade, you must re-enable the version support after the upgrade.

Configure and enable firewalls

If you intend to use any firewalls between the NFM-P components, and the firewalls are disabled, configure and enable each firewall.

Perform one of the following.

1. Configure each external firewall to allow the required traffic using the port assignments in the NSP Planning Guide, and enable the firewall.

2. Configure and enable firewalld on each component station, as required.

   1. Use an NFM-P template to create the firewalld rules for the component, as described in the NSP Planning Guide.

   2. Log in to the station as the root user.

   3. Open a console window.

   4. Enter the following:

      # systemctl enable firewalld ↵

   5. Enter the following:

      # systemctl start firewalld ↵

   6. Close the console window.

End of steps