To convert a standalone NFM-P system to IPv6
Description
The following steps describe how to change the communication between components in a standalone NFM-P system from IPv4 to IPv6. Ensure that you record the information that you specify, for example, directory names, passwords, and IP addresses.
Note: You require the following user privileges:
Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:
Steps
Disable automatic main server startup | |||||||||||||
1 |
Prevent the main server from starting in the event of a power disruption during the conversion.
| ||||||||||||
Stop main server | |||||||||||||
2 |
Note: This step marks the beginning of the network management outage. Stop the main server.
| ||||||||||||
Update auxiliary database IP addresses | |||||||||||||
3 |
If the deployment includes an NSP auxiliary database, perform the NSP System Administrator Guide procedure that describes changing the auxiliary database external IP addresses. | ||||||||||||
Stop main database | |||||||||||||
4 |
Stop the main database and proxy services.
| ||||||||||||
Configure main database | |||||||||||||
5 |
Enter the following: # samconfig -m db ↵ The following is displayed: Start processing command line inputs... <db> | ||||||||||||
6 |
Enter the following: <db> configure ip address ↵ where address is the IPv6 address that the other NFM-P components must use to reach the database The prompt changes to <db configure>. | ||||||||||||
7 |
To enable IP validation, which restricts the server components that have access to the main database, configure the parameters in the following table, and then enter back ↵. Note: For security reasons, it is strongly recommended that you enable IP validation. Note: You must configure the remote-servers parameter if the deployment includes any of the following: Table 17-1: Standalone database parameters —
|
Parameter |
Description |
---|---|
main-one |
Public IPv6 address of main server Configuring the parameter enables IP validation. |
remote-servers |
Comma-separated list that includes the following: |
To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵.
Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated.
Table 17-2: Standalone database parameters — tls
Verify the database configuration.
-
<db configure> show-detail ↵
The database configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<db configure> back ↵
The prompt changes to <db>.
Enter the following to apply the configuration changes:
<db> apply ↵
The changes are applied.
Enter the following:
<db> exit ↵
The samconfig utility closes.
Configure auxiliary servers
If the NFM-P system includes auxiliary servers, perform Step 13 to Step 23 on each auxiliary server station. Otherwise, go to Step 24.
Stop the auxiliary server.
-
bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵
-
bash$ ./auxnmsserver.bash auxstop ↵
-
bash$ ./auxnmsserver.bash auxappserver_status ↵
The auxiliary server is stopped when the following message is displayed:
Auxiliary Server is stopped
If the command output indicates that the server is not completely stopped, wait five minutes and then re-enter the command in this step to check the server status.
Do not proceed to the next step until the server is completely stopped.
Enter the following to switch to the root user:
bash$ su - ↵
Enter the following:
# samconfig -m aux ↵
The following is displayed:
Start processing command line inputs...
<aux>
Enter the following:
<aux> configure ip address ↵
where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server
The prompt changes to <aux configure>.
Enter the following, and then enter back ↵.
<aux configure> main-server ip-one address ↵
where address is the main server IPv6 address that the auxiliary server must use to reach the main server
Enter the following:
<aux configure> data-sync local-ip address ↵
where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server
The prompt changes to <aux configure data-sync>.
Enter the following, and then enter back ↵.
<aux configure data-sync> peer-ip address ↵
where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server
If the XML API clients require IPv6 access, enter the following, and then enter back ↵.
<aux configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the auxiliary server
Verify the auxiliary server configuration.
-
<aux configure> show-detail ↵
The auxiliary server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<aux configure> back ↵
The prompt changes to <aux>.
Enter the following:
<aux> apply ↵
The configuration is applied.
Enter the following:
<aux> exit ↵
The samconfig utility closes.
Configure main server
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> configure ip address ↵
where address is the main server IPv6 address that the database must use to reach the main server
The prompt changes to <main configure>.
As required, configure the client parameters as described in the following table, and then enter back ↵.
Table 17-3: Standalone main server parameters — client
Parameter |
Description |
---|---|
nat |
Not applicable to IPv6 If the parameter is enabled, disable the parameter. |
hostname |
The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server Modify the value if the hostname changes as part of the conversion to IPv6. If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter. |
public-ip |
The IPv6 address that the GUI and XML API clients must use to reach the main server The parameter is configurable and mandatory when the hostname parameter is unconfigured. |
delegates |
A list of the client delegate servers, in the following format: address1;path1,address2;path2...addressN;pathN where an address value is a client delegate server IP address a path value is the absolute file path of the client delegate server installation location Replace each IPv4 address with the appropriate IPv6 address. |
Enter the following, and then enter back ↵.
<main configure> database ip address ↵
where address is the IPv6 address of the database
If you need to enable IPv6 for communication with the managed network, enter the following, and then enter back ↵.
<main configure> mediation snmp-ipv6 address ↵
where address is the main server IPv6 address that the managed NEs must use to reach the main server
The prompt changes to <main configure mediation>.
To disable IPv4 for communication with the managed network, perform the following steps.
-
<main configure> mediation no snmp-ipv4 ↵
-
<main configure mediation> no nat ↵
-
<main configure mediation> back ↵
Perform one of the following.
-
If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:
<main configure> oss public-ip address ↵
where address is the IPv6 address that the XML API clients must use to reach the main server
-
If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.
Table 17-4: Standalone main server parameters —
aux
Parameter
Description
ip-to-auxes
The primary main server IPv6 address that the auxiliary servers must use to reach the main server
Default: —
preferred-list
Comma-separated list of Preferred auxiliary server IPv6 addresses
Default: —
reserved-list
Comma-separated list of Reserved auxiliary server IPv6 addresses
Default: —
peer-list
Comma-separated list of Remote auxiliary server IPv6 addresses
Default: —
Configure the tls parameters in the following table, and then enter back ↵.
Table 17-5: Standalone main server parameters — tls
If the deployment includes an NSP auxiliary database, enter the following, and then enter back ↵:
Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.
<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn ↵
where
cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster
cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database
Configure the nspos parameters in the following table, and then enter back ↵.
Table 17-6: Standalone main server parameters — nspos
Configure the remote-syslog parameters in the following table, and then enter back ↵.
Table 17-7: Standalone main server parameters — remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.
Table 17-8: Standalone main server parameters — server-logs-to-remote-syslog
Parameter |
Description |
---|---|
enabled |
Enable the forwarding of the NFM-P server logs in syslog format to a remote server Default: disabled |
secured |
Whether the communication with the remote server is TLS-secured Default: disabled |
syslog-host |
Remote syslog server hostname or IP address Default: — |
syslog-port |
Remote server TCP port Default: — |
ca-cert-path |
Absolute local path of public CA TLS certificate file copied from remote server The file requires nsp:nsp ownership. |
Verify the main server configuration.
-
<main configure> show-detail ↵
The main server configuration is displayed.
-
Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.
-
When you are certain that the configuration is correct, enter the following:
<main configure> back ↵
The prompt changes to <main>.
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Enable Windows Active Directory access
If you use Windows Active Directory for single sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:
/opt/nsp/os/install/config.json
Otherwise, go to Step 45.
Change the IPv4 addresses to IPv6 addresses, as required.
Save and close the file.
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
Enter the following:
<main> apply ↵
The configuration is applied.
Enter the following:
<main> exit ↵
The samconfig utility closes.
Start main server
Enter the following to enable the main server startup:
# systemctl enable nfmp-main.service ↵
Start the main server.
-
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
bash$ ./nmsserver.bash start ↵
-
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Application Server process is running. See nms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
Start auxiliary servers
If the NFM-P system includes auxiliary servers, start each auxiliary server.
-
bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵
The auxiliary server starts.
Verify converted system using GUI client
Use an NFM-P GUI client to perform sanity testing of the converted system.
Note: If an IP address is specified for NFM-P client access, ensure that you use the IPv6 address, rather than the IPv4 address, for the client connection.
End of steps