Appendix

IP Maestro : Installation Guide : Appendix

Appendix

Start Options Description

This section describes the user configuration options during IP Maestro Startup:

1. Set up SSL Certificates: Select the SSL certificates model. Currently support self-signed certificates, but users also have the option to provide their own certificates from a Certificate Authority (CA). The default is set to 'true' for self-signed certificates.

Use self-signed certificate/key for Portal SSL settings? [true]: <<<<< <CR>

If false is provided, make sure external certificates are placed at nsmo/certs folder in advance. The startup will required the certificate and key names and check their existence at nsmo/certs folder.

Use self-signed certificate/key for Portal SSL settings? [true]: false

[2024-01-25T15:19:41,362][INFO][config-tls] Use self-signed cert/key settings: false...

[2024-01-25T15:19:41,366][INFO][config-tls] Setting up external SSL certificate/key for Portal. Files MUST be located at nsmo/certs ...

SSL Certificate Name: fullchain.pem <<<< Type name of certificate

SSL Certificate Key Name: privkey.key <<<< Type name of key

[2024-01-25T15:19:57,354][INFO][config-tls] Verifying if certificates are present at nsmo/certs ...

2. Provide local Image and License Repository: IP Maestro supports a local Image and License repository for OcNOS. Users can download images and licenses from this hosted repository, which can be located anywhere (not restricted to the IP Maestro server). The following prompts allow users to specify the repository details.

Image upgrade location []: <<<<< <CR>

License installation path []: <<<<< <CR>

3. Push Basic Configuration on Device Mount: When mounting devices, IP Maestro pushes basic configurations for LLDP, Beats monitoring, and enabling FMS for Alarms. Users have the option to disable any subset of these configurations. The default is to enable the push.

push.configuration.for.ELK <true/false> [true]: <<<<< <CR>

push.configuration.for.LLDP <true/false> [true]: <<<<< <CR>

push.configuration.for.ALARMS <true/false> [true]: <<<<< <CR>

4. OcNOS credentials for SDN service usage and the Netconf port on the device. Default values are set.

OcNOS login [ocnos]: <<<<< <CR>

OcNOS password [ocnos]: <<<<< <CR>

OcNOS port [830]: <<<<< <CR>

Call Home Feature

IP Maestro supports the Call Home protocol defined in IETF RFC 8071. The Call-Home Server listens for incoming TCP connections and assumes that the other side of the connection is a device calling home through a NETCONF connection with SSH for management. The Maestro server uses port 4334 for all Call Home connections.

The following is an example which shows a configuration to enable Call Home on a device;

OcNOS(config)#netconf callhome

OcNOS(config)#feature netconf callhome enable

OcNOS(config)#reconnect enable

OcNOS(config)#retry-interval 20

OcNOS(config)#callhome server 10.12.104.25 10.12.104.25 port 4334

Configure External Databases (LDAP/AD)

In IP Maestro, you can provide users the access to external databases and directories, such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). This is an alternate authentication service to the local user database wherein the user interface of IP Maestro utilizes the User Federation capabilities of authentication manager to integrate LDAP and AD.

This section provides a step-by-step guide on how to configure LDAP/AD provider in IP Maestro. A standard LDAP server typically contains an LDAP Data Interchange Format (LDIF) file that holds all the configurations.

The following configurations are demonstrated using the LDIF file shown below:

• 2 Groups: ldap-admin and ldap-user

• 2 Users:

• jbrown123 - part of ‘ldap-admin’ and ‘ldap-user’ groups.

• bwilson - part of 'ldap-user' group.

LDIF file

dn: dc=keycloak,dc=org

objectclass: dcObject

objectclass: organization

o: Keycloak

dc: Keycloak

dn: ou=People,dc=keycloak,dc=org

objectclass: top

objectclass: organizationalUnit

ou: People

dn: ou=RealmRoles,dc=keycloak,dc=org

objectclass: top

objectclass: organizationalUnit

ou: RealmRoles

dn: uid=jbrown123,ou=People,dc=keycloak,dc=org

objectclass: top

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

uid: jbrown123

cn: James

sn: Brown

mail: jbrown123@keycloak.org

postalCode: 88441

userPassword: password123

dn: uid=bwilson,ou=People,dc=keycloak,dc=org

objectclass: top

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

uid: bwilson

cn: Bruce

sn: Wilson

mail: bwilson@keycloak.org

postalCode: 77332

street: Elm 5

userPassword: password123

dn: cn=ldap-admin,ou=RealmRoles,dc=keycloak,dc=org

objectclass: top

objectclass: groupOfNames

cn: ldap-admin

member: uid=jbrown123,ou=People,dc=keycloak,dc=org

dn: cn=ldap-user,ou=RealmRoles,dc=keycloak,dc=org

objectclass: top

objectclass: groupOfNames

cn: ldap-user

member: uid=jbrown123,ou=People,dc=keycloak,dc=org

member: uid=bwilson,ou=People,dc=keycloak,dc=org

For detailed information on adding and mapping providers to IP Maestro users, refer to the User Management section in IP Maestro User Manual.