Prepare for migration

Log in as the root or NSP admin user on the NSP deployer host.

Open a console window.

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/fc/fc-k8s-upgrade ↵

where

release-ID is the new release of the upgraded NSP cluster, in the following format:

MAJOR.minor.patch-rel.version

Enter the following to create the required Python virtual environment:

# ./createVenv.sh ↵

Enter the following to activate the virtual environment:

# source fcenv/bin/activate ↵

Enter the following to install the Python dependency files for the migration scripts:

# ./installPyDeps.sh ↵

If the NSP deployer host is unable to reach the Flow Collector and Flow Collector Controller stations during the migration, for example, if the stations are to be decommissioned beforehand, perform one of the following.

1. Manually back up and transfer the configuration of each station to the NSP deployer host:

   1. Enter the following on the NSP deployer host:

      # mkdir /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/fc/

      fc-k8s-upgrade/cfg-dld/ ↵

   2. Perform the following steps on the following stations:

   • each NSP Flow Collector Controller station

   • each station that hosts only an NSP Flow Collector.

     1. Log in as the root user.

     2. Open a console window.

     3. Enter the following:

        # cd /tmp ↵

     4. Enter the following:

        # tar -czf host_flow_backup /opt/nsp/flow/role/cfg ↵

        where

        host is a unique station ID such as the IP address or hostname, or a name that indicates the station role, such as FCCn for a Flow Collector Controller, or FCAAn for a Flow Collector in AA mode

        role is the station role, which is fcc for a Flow Collector Controller, and fc for a Flow Collector

        A host_flow_backup.tar.gz file is created in the /tmp directory.

     5. Transfer the host_flow_backup.tar.gz file to a secure location on a separate station that is not affected by the migration activity.

     6. Transfer the host_flow_backup.tar.gz file to the following directory on the NSP deployer host:

        /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/fc/fc-k8s-upgrade/cfg-dld

2. Perform the migration on a station other than the NSP deployer host.

   Note: The station must have:

   • Python 3.6.8 or later installed

   • network access to each Flow Collector and Flow Collector Controller station

   • network access to the NSP cluster

   1. Contact Nokia technical support to obtain the migration script files as an archive file.

   2. Extract the files from the archive on the station.

   3. Navigate to the directory that contains the extracted files.

   4. Perform Step 8 to Step 16 on the station.

Download configurations

Perform one of the following to download each Flow Collector and Flow Collector Controller configuration:

1. If the same user credentials and SFTP port are accepted by all Flow Collector and Flow Collector Controller stations, enter the following:

   # python3 fccfgcopy.py -l cfg-dld -c address_1 address_2 ... address_n -p port -U username -P 'password' ↵

   where

   address_1 address_2 ... address_n are the IP addresses of the Flow Collector and Flow Collector Controller stations

   port is the SFTP port number; the default is 22

   username and password are the user credentials that are common to each station

   For each station, the script creates the following subdirectory in the cfg-dld directory, and transfers the configuration files from the station to the subdirectory:

   cfg_IP

   where IP is the station IP address

2. If not all Flow Collector and Flow Collector Controller stations accept the same parameter values, use interactive mode, which prompts for information.

   Note: Interactive mode prompts only for parameter values described in Step 8 option a that you do not include in the command line. A value that you do include is used for the file transfer from each station. You can use the following to display the command usage information:

   python3 fccfgcopy.py -h

   1. Enter the following:

      Note: One or more of the following substeps may not apply, depending on the common parameters that you include, so can be skipped.

      # python3 fccfgcopy.py -l cfg-dld -i common_parameters ↵

      where common_parameters are any parameter arguments that are common to all stations, for example, -p port

      The following prompt is displayed:

      Add more Flow Collectors? [yes/no] (yes): 

   2. Perform one of the following.

      1. Enter yes or press Enter to specify a Flow Collector or Flow Collector Controller.

         The following prompt is displayed:

         Enter FC IP (127.0.0.1):

      2. If you are finished specifying all stations, enter no and go to Step 9

         The script exits.

   3. Enter the station IP address.

      The following prompt is displayed:

      Enter FC SSH port for address (22):

   4. Enter the station SFTP port number, or press Enter to accept the default in parentheses.

      The following prompt is displayed:

      Enter FC user name for address:port (root):

   5. Enter the required username, or press Enter to accept the default in parentheses.

      The following prompt is displayed:

      Enter NSP user password for user@address:port:

   6. Enter the user password.

      You are prompted to specify another station.

   7. Return to substep 1.

   For each station, the script creates the following subdirectory in the cfg-dld directory, and transfers the configuration files from the station to the subdirectory:

   cfg_IP

   where IP is the station IP address

View the FC_Config_Download.log file in the current working directory to identify any error messages.

If you identify any error messages, resolve the related issues and return to Step 8 to retry any failed transfer operations.

Upgrade configurations, migrate to NSP cluster

Perform one of the following to upgrade each downloaded configuration.

Note: If you are upgrading multiple Flow Collectors and configuration inconsistencies are noted during an upgrade attempt, the upgrade is halted by default. You can use the -f command option to force the upgrade, but must be aware of the following:

• The configuration of the final AA or SYS Flow Collector that you specify on the command line is used as the general AA or SYS Flow Collector configuration in the NSP cluster; you must ensure that the Flow Collector configuration that you want to retain is specified as the last on the command line.

1. Enter the following to specify all download directories:

   # python3 fcupgrade.py upgrade -c cfg-dld/cjf_IP1 cfg-dld/cfg_IP2 ... cfg-dld/cfg_IPn -g ./out -H cluster_address -p 8545 -U username -P 'password' ↵

   where

   cfg-dld/cfg_IP1 cfg-dld/cfg_IP2 ... cfg-dld/cfg_IPn are the names of the download directories created in Step 8

   cluster_address is the NSP cluster IP address or hostname

   username and password are the NSP user credentials

   Each configuration is upgraded and then added to the Flow Collector configuration in the NSP cluster.

2. Use interactive mode, which prompts for information.

   Note: Interactive mode prompts only for parameter values described in Step 11 option a that you do not include in the command line. A value that you do include is used for the migration of each configuration. You can use the following to display the command usage information:

   python3 fcupgrade.py -h

   1. Enter the following:

      Note: One or more of the following substeps may not apply, depending on the common parameters that you include, so can be skipped.

      # python3 fcupgrade.py -l cfg-dld -i common_parameters ↵

      where common_parameters are any parameter arguments that are common to all stations, for example, -p port

      The following prompt is displayed:

      Enter NSP Server IP:

   2. Enter the NSP cluster IP address or hostname.

      The following prompt is displayed:

      Enter NSP Server RESTCONF port (8545):

   3. Press Enter to accept the default in parentheses, or enter the NSP RESTCONF API port number.

      The following prompt is displayed:

      Enter NSP user name:

   4. Enter the name of an NSP administrative user, for example, admin.

      The following prompt is displayed:

      Enter NSP user password for user@address:port:

   5. Enter the user password.

   Each configuration is upgraded and added to the Flow Collector configuration in the NSP cluster.

View the FC_Config_Upgrade.log file in the current working directory to identify any error messages.

The fcupgrade.py script extracts and saves the entire Flow Collection configuration in a file before and after performing the migration. The following log entry names the files, which you can compare to learn how the previous and new configurations differ:

INFO - Compare before and after upgrade configuration: ./gen/before_restconfCfgBackup.yaml - ./gen/after_restconfCfgBackup.yaml

If you identify any error messages, resolve the related issues and return to Step 11 to retry any failed upgrade operations.

If multiple Flow Collectors are migrating to the NSP cluster, check for and resolve configuration inconsistencies, as required.

1. View the content of the following file, which contains the output of the configuration consistency check described in Migrating multiple NSP Flow Collectors:

   /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/fc/fc-k8s-upgrade/diffReportJsonLoadedModel_PATCH.yaml

2. If any inconsistency is noted in the file, perform one of the following.

   • Use the NSP Flow Collector web UI to resolve each inconsistency.

   • Edit the downloaded configuration files as required to resolve each inconsistency.

   • Force the upgrade despite the inconsistencies; as required, identify one AA and one SYS configuration that you want the Flow Collectors to use after the migration.

3. Attempt the upgrade again; return to Step 11.

   Note: If you choose to force the upgrade despite configuration inconsistencies, use the -f option described in Step 11 and ensure that the last IP addresses that you specify in the upgrade command are the addresses of the correctly configured AA and SYS Flow Collectors.

Enter the following to deactivate the Python virtual environment:

# source fcenv/bin/deactivate ↵

Close the open console windows.

Restore upload-target passwords

Passwords for the FTP and SFTP upload targets are not migrated because the script cannot decrypt the passwords in the configuration files. In order for flow data forwarding to each target server to resume after the migration, you must restore the FTP or SFTP password of each target server.

Issue the following RESTCONF API call for each target server to restore the required password:

Note: In order to issue a RESTCONF API call, you require a token; see the My First NSP API Client tutorial on the Network Developer Portal for information.

PATCH https://address:8545/restconf/data/flowconf:config/policies/upload-target=server

where

address is the advertised NSP cluster address

server is the upload server name

The request body is the following:

{

    "upload-target" : [

        {

            "password" : "password"

        }

    ]

}

where password is the FTP or SFTP password

Reconfigure NFM-P

If the NSP deployment includes the NFM-P, use the samconfig utility on each main database station to replace the existing NSP Flow Collector and Flow Collector Controller addresses in the remote-servers list on each main database station with the following from the flowForwarder section of the NSP cluster configuration file, nsp-config.yml:

• if configured, one or both of the advertisedV4 and advertisedV6 values

• otherwise, one or both of the virtualIpV4 and virtualIpV6 values

Perform NFM-P PO data extraction

If the NSP deployment includes the NFM-P, extract the network data model from the NFM-P.

Issue the following RESTCONF API call:

Note: In order to issue a RESTCONF API call, you require a token; see the My First NSP API Client tutorial on the Network Developer Portal for information.

https://address:8545/restconf/operations/flowconf:extract-po

where address is the advertised NSP cluster address

The message body is the following:

{

    "flowconf:input" : [

      {

            "po-category" : "AA",

        }

    ]

}

The extraction may take considerable time, depending on the size and complexity of the managed network.

Update NE flow-data targets

On each NE that currently collects flow data, remove the existing Cflowd target addresses and add the following target addresses from the flowForwarder section of the NSP cluster configuration file, nsp-config.yml:

Note: Include port 4741 in each address.

• if configured, one or both of the advertisedV4 and advertisedV6 values

• otherwise, one or both of the virtualIpV4 and virtualIpV6 values

Decommission existing stations

After you verify that NSP flow collection is functioning as required, remove the NSP Flow Collector and Flow Collector Controller stations from the NSP deployment.

1. Uninstall the NSP software on the stations to prevent access to sensitive data; perform the NSP Flow Collector and Flow Collector Controller uninstallation procedures in the NSP Installation and Upgrade Guide for the installed release.

2. Disconnect the stations from the NSP management network.

End of steps