Add NFM-P to NSP configuration
|
|
|
1 |
Log in as the root or NSP admin user on the NSP deployer host.
|
2 |
Open the following file using a plain-text editor such as vi:
/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml
|
3 |
Configure the parameters in the integration section, nfmp subsection, as shown below:
Note: You must preserve the leading spaces in each line of the file.
Note: If the NFM-P system is standalone, you do not need to configure the standbyIp parameter.
Note: In the client section of samconfig on the NFM-P main servers, if the address for client access is set using the hostname parameter, the primaryIp and standbyIp values in the nfmp section of the NSP configuration file, nsp-config.yml, must be set to hostnames.
Likewise, if the public-ip parameter in the client section is configured on the main server, the primaryIp and standbyIp values in the nsp-config.yml file must be set to IP addresses.
integrations:
nfmp:
primaryIp: "server_1_address"
standbyIp: "server_2_address"
tlsEnabled: value
where
server_1_address is the IP address of the standalone main server, or the primary main server in a redundant NFM-P system
server_2_address is the IP address of the standby main server in a redundant NFM-P system
value is true or false
|
4 |
If both of the following are true, configure the following parameters in the integrations section:
nfmpDB:
primaryIp: ""
standbyIp: ""
|
5 |
If the NFM-P system includes one or more auxiliary servers, configure the following parameters in the integrations section:
auxServer:
primaryIpList: ""
standbyIpList: ""
|
6 |
If the NFM-P includes an auxiliary database, enable the auxiliary database in the NSP configuration.
-
Locate the following section:
auxDb:
secure: "value"
ipList: ""
standbyIpList: ""
-
Edit the section to read as follows:
auxDb:
secure: "true"
ipList: "cluster_1_IP1,cluster_1_IP2...cluster_1_IPn"
standbyIpList: "cluster_2_IP1,cluster_2_IP2...cluster_2_IPn"
where
cluster_1_IP1, cluster_1_IP2...cluster_1_IPn are the external IP addresses of the stations in the local cluster
cluster_2_IP1, cluster_2_IP2...cluster_2_IPn are the external IP addresses of the stations in the peer cluster; required only for geo-redundant deployment
|
7 |
Save and close the file.
|
Back up NFM-P Neo4j and PostgreSQL data
|
|
|
8 |
If you have not performed an NFM-P database backup for the system integration, you must perform a backup now.
Perform the steps in the “To back up the main database from the client GUI” procedure in one of the following guides, depending on the installed NFM-P release:
|
Restore NFM-P Neo4j and PostgreSQL data
|
|
|
9 |
Copy the following Neo4j and PostgreSQL database backup files created in
Step 8 to an empty temporary directory on the NSP deployer host:
where timestamp is the backup creation time
|
10 |
Perform
“How do I restore the NSP cluster databases?” in the NSP System Administrator Guide to restore only the following databases on the NSP cluster:
Note: Performing the procedure also starts the NSP.
-
Neo4j database
-
PostgreSQL database
|
Monitor NSP initialization
|
|
|
11 |
Monitor the NSP initialization; if the status of any pod is Error, you must correct the error; see the NSP System Administrator Guide for information about recovering an errored pod.
Note: You must not proceed to the next step until the cluster is operational and no pods are in error.
|
Configure NFM-P
|
|
|
12 |
Perform
Step 16 to
Step 27 on each NFM-P main server.
Note: If the NFM-P system is redundant, you must perform the steps on the standby main server first.
|
13 |
If the NFM-P does not include auxiliary servers, go to
Step 31.
|
14 |
Perform
Step 28 to
Step 30 on each NFM-P main server.
Note: If the NFM-P system is redundant, you must perform the steps on the standby main server first.
|
15 |
Go to
Step 32.
|
Configure main server
|
|
|
16 |
Log in as the nsp user on the NFM-P main server station.
|
17 |
Open a console window.
|
18 |
Stop the main server, if it is running.
-
Enter the following:
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
Enter the following:
bash$ ./nmsserver.bash stop ↵
-
Enter the following:
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully stopped if the status is the following:
Application Server is stopped
If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.
-
Enter the following to switch to the root user:
bash$ su ↵
-
If the NFM-P is at Release 23.11 or earlier, enter the following to display the NSP service status:
# nspdctl status ↵
Information like the following is displayed.
Mode: redundancy_mode
Role: redundancy_role
DC-Role: dc_role
DC-Name: dc_name
Registry: IP_address:port
State: stopped
Uptime: 0s
SERVICE STATUS
service_a inactive
service_b inactive
service_c inactive
You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.
|
19 |
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
|
20 |
Configure the NFM-P to use the NSP nspOs instance.
-
Enter the following:
<main> configure nspos ip-list cluster1_address;cluster2_address ↵
where
cluster1_address and cluster2_address are values in the platform—ingressApplications section of the config.yml file on the local NSP deployer host: In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:
-
if configured, the advertised value
-
otherwise, the virtualIp value
The prompt changes to <main configure nspos>.
-
Enter the following:
<main configure nspos> back ↵
The prompt changes to <main configure>.
|
21 |
Perform the following steps.
-
Enter the following:
<main configure tls> pki-server address ↵
where address is one of the following in the platform—ingressApplications—ingressController section of the nsp-config.yml file on the local NSP deployer host: In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:
-
if configured, the advertised value
-
otherwise, the virtualIp value
The prompt changes to <main configure tls>.
-
Enter the following:
<main configure tls> pki-server-port 80 ↵
-
Enter the following sequence of commands by copying and pasting at the CLI:
no keystore-file
no keystore-pass
no truststore-file
no truststore-pass
regenerate-certs
back
-
Enter the following:
<main configure tls> back ↵
The prompt changes to <main configure>.
|
22 |
If the NSP deployment includes an auxiliary database, configure the auxdb parameters.
-
Enter the following:
<main configure> auxdb enabled ↵
The prompt changes to <main configure auxdb>.
-
Enter the following:
Note: In a DR deployment, the order of the IP addresses must be the same on each main server.
<main configure auxdb> ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn ↵
where
cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IP addresses of the auxiliary database stations in the local data center
cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IP addresses of the stations in the peer data center of a DR deployment
-
If the auxiliary database is to store OAM test results, enter the following:
<main configure auxdb> oam-test-results ↵
-
If the auxiliary database cluster includes only one station, enter the following:
Caution: After you configure an auxdb parameter and start an main server, you cannot modify the redundancy-level parameter.
<main configure auxdb> redundancy-level 0 ↵
-
Enter the following:
<main configure auxdb> back ↵
The prompt changes to <main configure>.
|
23 |
To enable mTLS for internal Kafka authentication using two-way TLS, perform the following steps.
Note: Enabling mTLS for internal Kafka authentication is supported only in an NSP deployment that uses separate interfaces for internal and client communication.
-
Enter the following:
<main configure> nspos mtls-kafka-enabled ↵
The prompt changes to <main configure nspos>.
-
Enter the following:
<main configure nspos> back ↵
The prompt changes to <main configure>.
|
24 |
Enter the following:
<main configure> exit ↵
The prompt changes to <main>.
|
25 |
Enter the following:
<main> apply ↵
The configuration is applied.
|
26 |
Enter the following:
<main> exit ↵
The samconfig utility closes.
|
27 |
Enter the following to switch back to the nsp user:
# exit ↵
|
Configure auxiliary servers
|
|
|
28 |
Stop each Preferred and Reserved auxiliary server of the main server.
-
Log in as the root user on the auxiliary server station.
-
Enter the following to switch to the nsp user:
# su - nsp ↵
-
Enter the following:
bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵
-
Enter the following to stop the auxiliary server:
bash$ ./auxnmsserver.bash auxstop ↵
-
Enter the following:
bash$ ./auxnmsserver.bash auxappserver_status ↵
The server status is displayed; the server is fully stopped if the status is the following:
Auxiliary Server is stopped
If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.
-
Enter the following to switch back to the root user:
bash$ su - ↵
|
29 |
Update the NFM-P TLS configuration on each Preferred and Reserved auxiliary server of the main server.
-
Enter the following:
# samconfig -m aux ↵
The following is displayed:
Start processing command line inputs...
<aux>
-
Enter the following:
<aux> configure tls ↵
The prompt changes to <aux configure tls>.
-
Enter the following:
<aux configure tls> no keystore-file ↵
-
Enter the following:
<aux configure tls> no keystore-pass ↵
-
Enter the following:
<aux configure tls> pki-server address ↵
where address is one of the following in the platform—ingressApplications—ingressController section of the nsp-config.yml file on the local NSP deployer host: In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:
-
if configured, the advertised value
-
otherwise, the virtualIp value
-
Enter the following:
<aux configure tls> pki-server-port 80 ↵
-
Enter the following:
<aux configure tls> exit ↵
The prompt changes to <aux>.
-
Enter the following:
<aux> apply ↵
The configuration is applied.
-
Enter the following:
<aux> exit ↵
The samconfig utility closes.
|
30 |
Perform the following steps on each auxiliary server to start the auxiliary server.
-
Enter the following to switch to the nsp user:
bash$ su - nsp ↵
-
Enter the following:
bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵
-
Enter the following to start the auxiliary server:
bash$ ./auxnmsserver.bash auxstart ↵
-
Enter the following:
bash$ ./auxnmsserver.bash auxappserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Auxiliary Server process is running. See auxnms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
-
Close the console window.
|
Start main servers
|
|
|
31 |
Perform the following steps on each NFM-P main server to start the main server.
Note: If the NFM-P system is redundant, you must perform the steps on the primary main server first.
-
Enter the following:
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
Enter the following:
bash$ ./nmsserver.bash start ↵
-
Enter the following:
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Application Server process is running. See nms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
|
32 |
Close the open console windows.
End of steps |