To enable NSP compatibility with an earlier NFM-P system

Purpose

In an NSP deployment that includes an NFM-P system at an earlier release, you may need to perform specific actions to enable NSP and NFM-P compatibility.

Note: You must apply an NFM-P Service Pack to the older NFM-P system to enable integration of the systems. Ensure that you follow the required Service Pack instructions before you perform this procedure.

Note: NSP release compatibility varies by system type; see the NSP compatibility matrix in the NSP Release Notice for the supported release combinations.

Perform this procedure to enable mixed-release NSP and NFM-P compatibility if your NSP deployment includes an NFM-P system at one of the following releases:

23.11
24.4
24.8
24.11

Note: release-ID in a file path has the following format:

R.r.p-rel.version

where

R.r.p is the NSP release, in the form MAJOR.minor.patch

version is a numeric value

Steps

CAUTION

Service disruption

Modifying the system configuration may have serious consequences that include service disruption. It is strongly recommended that you perform the procedure only with the assistance of technical support.

Contact your technical support representative before you attempt to perform the procedure.

Prepare for migration

In order to be compatible with the NSP, an NFM-P system must use OAUTH2 user authentication.

If the NFM-P system currently uses OAUTH2 user authentication, go to Step 3.

As required, edit NFM-P user accounts to prepare for importing to the NSP local user database; for example, remove duplicate user IDs, or enter e-mail addresses.

Note: For users whose user account includes an e-mail address, the import operation sends a new randomly generated temporary password. Users who lack an e-mail address are assigned a global temporary password.

Configure NFM-P main servers

If the NFM-P system is redundant, perform Step 5 to Step 11 on the standby main server.

Perform Step 5 to Step 11 on the standalone or primary main server.

Stop the main server.

Enter the following to switch to the nsp user:

# su - nsp ↵
Enter the following:

bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
Enter the following to stop the main server:

bash$ ./nmsserver.bash stop ↵
Enter the following:

bash$ ./nmsserver.bash appserver_status ↵

The server status is displayed; the server is fully stopped if the status is the following:

Application Server is stopped

If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.
Enter the following to switch back to the root user:

bash$ su - ↵

Enter the following:

# samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main>

If the NFM-P is at Release 23.11 or earlier and is using CAS user authentication, set the authentication mode to OAUTH2.

Enter the following:

<main> configure nspos authMode oauth2 ↵

The prompt changes to <main configure nspos>.
Enter the following:

<main configure nspos> exit ↵

The prompt changes to <main>.

Update the NFM-P TLS configuration.

Enter the following:

<main> configure tls ↵

The prompt changes to <main configure tls>.
Enter the following:

<main configure tls> no keystore-file ↵
Enter the following:

<main configure tls> no truststore-file ↵
Enter the following:

<main configure tls> no keystore-pass ↵
Enter the following:

<main configure tls> no truststore-pass ↵
Enter the following:

<main configure tls> pki-server address ↵

where address is one of the following in the platform—ingressApplications—ingressController section of the nsp-config.yml file on the local NSP deployer host:
In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:
- if configured, the advertised value
- otherwise, the virtualIp value
Enter the following:

<main configure tls> pki-server-port 80 ↵
Enter the following:

<main configure tls> exit ↵

The prompt changes to <main>.
Enter the following:

<main> apply ↵

The configuration is applied.
Enter the following:

<main> exit ↵

The samconfig utility closes.

If the NFM-P includes auxiliary servers, stop each Preferred and Reserved auxiliary server of the main server.

Log in as the root user on the auxiliary server station.
Enter the following to switch to the nsp user:

# su - nsp ↵
Enter the following:

bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵
Enter the following to stop the auxiliary server:

bash$ ./auxnmsserver.bash auxstop ↵
Enter the following:

bash$ ./auxnmsserver.bash auxappserver_status ↵

The server status is displayed; the server is fully stopped if the status is the following:

Auxiliary Server is stopped

If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.
Enter the following to switch back to the root user:

bash$ su - ↵

If the NFM-P includes auxiliary servers, update the NFM-P TLS configuration.

Enter the following:

# samconfig -m aux ↵

The following is displayed:

Start processing command line inputs...

<aux>
Enter the following:

<aux> configure tls ↵

The prompt changes to <aux configure tls>.
Enter the following:

<aux configure tls> no keystore-file ↵
Enter the following:

<aux configure tls> no keystore-pass ↵
Enter the following:

<aux configure tls> pki-server address ↵

where address is one of the following in the platform—ingressApplications—ingressController section of the nsp-config.yml file on the local NSP deployer host:
In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:
- if configured, the advertised value
- otherwise, the virtualIp value
Enter the following:

<aux configure tls> pki-server-port 80 ↵
Enter the following:

<aux configure tls> exit ↵

The prompt changes to <aux>.
Enter the following:

<aux> apply ↵

The configuration is applied.
Enter the following:

<aux> exit ↵

The samconfig utility closes.

Apply compatibility patch

Perform the following steps on each main server station to transfer the patch files for the NFM-P release from the NSP.

Note: In a redundant NFM-P system, it is recommended to perform the steps on the primary main server station first.

Log in as the root user on the station.
Open a console window.
Enter the following:

# mkdir -p /opt/nsp/patches ↵
Enter the following:

# scp -rp address:/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/src/ansible/roles/

config/files/compatibility/nfmp/NFMP_R_r/* /opt/nsp/patches/ ↵

where

address is the address of the NSP deployer host

R_r is the release of the NFM-P system

If the NFM-P is at Release 23.11, 24.4, or 24.8, go to Step 15.

If the NFM-P is at Release 24.11, go to Step 16.

Apply the compatibility patch to a Release 23.11, 24.4, or 24.8 NFM-P system.

Note: In a redundant NFM-P system, you must perform the steps on each main server station.

Perform each action in Table 10-1, Compatibility actions, NFM-P Releases 23.11, 24.4, and 24.8 by executing the commands associated with the action.

To facilitate the command execution, you can copy a command block and paste the block into the console window.

Table 10-1: Compatibility actions, NFM-P Releases 23.11, 24.4, and 24.8

Action and commands
1. Create backup directories
mkdir -p /opt/nsp/patches/backup/alu_orbw mkdir -p /opt/nsp/patches/backup/nms mkdir -p /opt/nsp/patches/backup/nspos
2. Back up Orbweaver files
cd /opt/nsp/nms/lib/alu_orbw cp equipment-model-avro.jar /opt/nsp/patches/backup/alu_orbw/ cp service-model-avro.jar /opt/nsp/patches/backup/alu_orbw/
3. Back up nspos adapter files
cd /opt/nsp/nms/lib/nspos cp nms_nspos_equipment_model_adapter.jar /opt/nsp/patches/backup/nspos/ cp nms_nspos_fm_model_adapter.jar /opt/nsp/patches/backup/nspos/ cp nms_nspos_service_model_adapter.jar /opt/nsp/patches/backup/nspos/ cp nms_nspos_model_adapter.jar /opt/nsp/patches/backup/nspos/
4. Back up trackedClasses.properties file
cd /opt/nsp/nms/config cp trackedClasses.properties /opt/nsp/patches/backup/nms
5. Rename artifacts
cd /opt/nsp/patches cp shared-equipment-model-avro.jar equipment-model-avro.jar cp shared-service-model-avro.jar service-model-avro.jar
6. Apply compatibility-patch files
cd /opt/nsp/patches chown nsp:nsp * cp -p equipment-model-avro.jar /opt/nsp/nms/lib/alu_orbw/ cp -p service-model-avro.jar /opt/nsp/nms/lib/alu_orbw/ cp -p nms_nspos_equipment_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p nms_nspos_fm_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p nms_nspos_service_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p nms_nspos_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p trackedClasses.properties /opt/nsp/nms/config

Apply the compatibility patch to a Release 24.11 NFM-P system.

Note: In a redundant NFM-P system, you must perform the steps on each main server station.

Perform each action in Table 10-2, Compatibility actions, NFM-P Releases 24.11 by executing the commands associated with the action.

To facilitate the command execution, you can copy a command block and paste the block into the console window.

Table 10-2: Compatibility actions, NFM-P Releases 24.11

Action and commands
1. Create backup directories
mkdir -p /opt/nsp/patches/backup/alu_orbw mkdir -p /opt/nsp/patches/backup/nms mkdir -p /opt/nsp/patches/backup/nspos
2. Back up Orbweaver files
cd /opt/nsp/nms/lib/alu_orbw cp service-model-avro.jar /opt/nsp/patches/backup/alu_orbw/
3. Back up nspos adapter files
cd /opt/nsp/nms/lib/nspos cp nms_nspos_equipment_model_adapter.jar /opt/nsp/patches/backup/nspos/ cp nms_nspos_service_model_adapter.jar /opt/nsp/patches/backup/nspos/ cp nms_nspos_model_adapter.jar /opt/nsp/patches/backup/nspos/
4. Back up trackedClasses.properties file
cd /opt/nsp/nms/config cp trackedClasses.properties /opt/nsp/patches/backup/nms
5. Rename service-model-avro.jar file
cd /opt/nsp/patches cp shared-service-model-avro.jar service-model-avro.jar
6. Apply compatibility-patch files
cd /opt/nsp/patches chown nsp:nsp * cp -p service-model-avro.jar /opt/nsp/nms/lib/alu_orbw/ cp -p nms_nspos_equipment_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p nms_nspos_service_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p nms_nspos_model_adapter.jar /opt/nsp/nms/lib/nspos/ cp -p trackedClasses.properties /opt/nsp/nms/config

Update the auxiliary database TLS configuration

If the system does not include an auxiliary database, go to Step 24.

Note: If the auxiliary database is geo-redundant, you must perform these steps on a station in each auxiliary database cluster.

Open the /opt/nsp/nfmp/auxdb/install/config/install.config file using a plain-text editor such as vi.

Edit the following lines in the file to read as shown below:

secure=true

pki_server=address

pki_server_port=80

where address is one of the following in the platform—ingressApplications—ingressController section of the nsp-config.yml file on the local NSP deployer host:

In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:

if configured, the advertised value
otherwise, the virtualIp value

Note: If an external pki-server is used for generation of NSP certificate artifacts, use the address and port of the external pki-server instead.

Save and close the install.config file.

Enter the following to regenerate the TLS certificates:

# ./auxdbAdmin.sh configureTLS force-gen↵

Perform the following steps on each auxiliary database station.

Note: If the auxiliary database is geo-redundant, you must perform these steps on all stations in each auxiliary database cluster.

Log in as the root user.
Open a console window.
Enter the following command to restart the auxiliary database proxy service:

# systemctl restart nspos-auxdbproxy.service ↵

Start NFM-P servers

Perform the following steps on each main server to start the main server.

Note: You must perform the steps first on the standalone or primary main server.

Enter the following to switch to the nsp user:

bash$ su - nsp ↵
Enter the following:

bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
Enter the following to start the main server:

bash$ ./nmsserver.bash start ↵
Enter the following:

bash$ ./nmsserver.bash appserver_status ↵

The server status is displayed; the server is fully initialized if the status is the following:

Application Server process is running. See nms_status for more detail.

If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
Close the console window.

Perform the following steps on each auxiliary server to start the auxiliary server.

Enter the following to switch to the nsp user:

bash$ su - nsp ↵
Enter the following:

bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵
Enter the following to start the auxiliary server:

bash$ ./auxnmsserver.bash auxstart ↵
Enter the following:

bash$ ./auxnmsserver.bash auxappserver_status ↵

The server status is displayed; the server is fully initialized if the status is the following:

Auxiliary Server process is running. See auxnms_status for more detail.

If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
Close the console window.

Import NFM-P users and groups

If you are not importing NFM-P users to the NSP local user database as described in Step 2, go to Step 30.

Perform “How do I import users and groups from NFM-P?” in the NSP System Administrator Guide.

Inform each imported NFM-P user of the new password sent to their e-mail address, or of the global temporary password assigned to the user account, if an e-mail address is not assigned.

Close the open console windows.

End of steps