Appendix
Start Options Description
This section describes the user configuration options during IP Maestro Startup:
1. Set up SSL Certificates: Select the SSL certificates model. Currently support self-signed certificates, but users also have the option to provide their own certificates from a Certificate Authority (CA). The default is set to 'true' for self-signed certificates.
Use self-signed certificate/key for Portal SSL settings? [true]: <<<<< <CR>
If false is provided, make sure external certificates are placed at nsmo/certs folder in advance. The startup will required the certificate and key names and check their existence at nsmo/certs folder.
Use self-signed certificate/key for Portal SSL settings? [true]: false
[2024-01-25T15:19:41,362][INFO][config-tls] Use self-signed cert/key settings: false...
[2024-01-25T15:19:41,366][INFO][config-tls] Setting up external SSL certificate/key for Portal. Files MUST be located at nsmo/certs ...
SSL Certificate Name: fullchain.pem <<<< Type name of certificate
SSL Certificate Key Name: privkey.key <<<< Type name of key
[2024-01-25T15:19:57,354][INFO][config-tls] Verifying if certificates are present at nsmo/certs ...
2. Provide local Image and License Repository: IP Maestro supports a local Image and License repository for OcNOS. Users can download images and licenses from this hosted repository, which can be located anywhere (not restricted to the IP Maestro server). The following prompts allow users to specify the repository details.
Image upgrade location []: <<<<< <CR>
License installation path []: <<<<< <CR>
3. Push Basic Configuration on Device Mount: When mounting devices, IP Maestro pushes basic configurations for LLDP, Beats monitoring, and enabling FMS for Alarms. Users have the option to disable any subset of these configurations. The default is to enable the push.
push.configuration.for.ELK <true/false> [true]: <<<<< <CR>
push.configuration.for.LLDP <true/false> [true]: <<<<< <CR>
push.configuration.for.ALARMS <true/false> [true]: <<<<< <CR>
4. OcNOS credentials for SDN service usage and the Netconf port on the device. Default values are set.
OcNOS login [ocnos]: <<<<< <CR>
OcNOS password [ocnos]: <<<<< <CR>
OcNOS port [830]: <<<<< <CR>
Call Home Feature
IP Maestro supports the Call Home protocol defined in IETF RFC 8071. The Call-Home Server listens for incoming TCP connections and assumes that the other side of the connection is a device calling home through a NETCONF connection with SSH for management. The Maestro server uses port 4334 for all Call Home connections.
The following is an example which shows a configuration to enable Call Home on a device;
OcNOS(config)#netconf callhome
OcNOS(config)#feature netconf callhome enable
OcNOS(config)#reconnect enable
OcNOS(config)#retry-interval 20
OcNOS(config)#callhome server 10.12.104.25 10.12.104.25 port 4334
Configure External Databases (LDAP/AD)
In IP Maestro, you can provide users the access to external databases and directories, such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). This is an alternate authentication service to the local user database wherein the user interface of IP Maestro utilizes the User Federation capabilities of authentication manager to integrate LDAP and AD.
This section provides a step-by-step guide on how to configure LDAP/AD provider in IP Maestro. A standard LDAP server typically contains an LDAP Data Interchange Format (LDIF) file that holds all the configurations.
The following configurations are demonstrated using the LDIF file shown below:
• 2 Groups: ldap-admin and ldap-user
• 2 Users:
• jbrown123 - part of ‘ldap-admin’ and ‘ldap-user’ groups.
• bwilson - part of 'ldap-user' group.
LDIF file
dn: dc=keycloak,dc=org
objectclass: dcObject
objectclass: organization
o: Keycloak
dc: Keycloak
dn: ou=People,dc=keycloak,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
dn: ou=RealmRoles,dc=keycloak,dc=org
objectclass: top
objectclass: organizationalUnit
ou: RealmRoles
dn: uid=jbrown123,ou=People,dc=keycloak,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: jbrown123
cn: James
sn: Brown
mail: jbrown123@keycloak.org
postalCode: 88441
userPassword: password123
dn: uid=bwilson,ou=People,dc=keycloak,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: bwilson
cn: Bruce
sn: Wilson
mail: bwilson@keycloak.org
postalCode: 77332
street: Elm 5
userPassword: password123
dn: cn=ldap-admin,ou=RealmRoles,dc=keycloak,dc=org
objectclass: top
objectclass: groupOfNames
cn: ldap-admin
member: uid=jbrown123,ou=People,dc=keycloak,dc=org
dn: cn=ldap-user,ou=RealmRoles,dc=keycloak,dc=org
objectclass: top
objectclass: groupOfNames
cn: ldap-user
member: uid=jbrown123,ou=People,dc=keycloak,dc=org
member: uid=bwilson,ou=People,dc=keycloak,dc=org
For detailed information on adding and mapping providers to IP Maestro users, refer to the User Management section in IP Maestro User Manual.