Start IP Maestro

IP Maestro : Installation Guide : Start IP Maestro

Start IP Maestro

This section outlines the steps to initiate the IP Maestro deployment.

Prerequisites

• IP Maestro deployment is installed and Docker images loaded into the local Docker repository. Refer to the section Deploy IP Maestro.

• IP Maestro deployment requires certificates to guarantee SSL communication between Ocnos devices and IP Maestro stack (Shipping of OcNOS device logs to IP Maestro), and to expose the deployment through https protocol. The certificates should be placed/installed in the nsmo/certs folder. As part of the IP Maestro startup process, self-signed certificates will be generated and placed inside the nsmo/certs folder. This particular step will only be executed during the initial startup call.

• Signed certificates by a Trusted CA Authority, can be used in the deployment instead of self-signed ones. The certificates needs to be placed at nsmo/certs folder, and during the first start call, the user should type false in the following question: Use self-signed certificate/key for Portal SSL settings. The name of the certificate and key will be requested and checked from nsmo/certs folder.

Procedure

Perform the following to start IP Maestro:

Note: During startup, questions will be presented, and default values will be pre-set. To continue with default values, you can hit <CR>. Explanations on the options will be provided below.!! The user inputs will only be asked in the first nsmo-start.sh call.

1. Setup and start IP Maestro containers: ./nsmo_start.sh

Note: This process creates the deployment, manages dependencies, and starts up containers (approximately 15 minutes).

2. Upon running the nsmo_start.sh script, user inputs are prompted. Press Enter to select defaults for most inputs.

Note: At this stage, IP Maestro is deployed and Docker image is loaded.

Here is an example of a sample run:

# ./nsmo-start.sh

:: Version 2.0.0 ::

[2024-05-29T15:10:43,709][INFO][host-validation] ----------- Executing Host Validation

[2024-05-29T15:10:43,744][INFO][validate-docker] Docker version: 24.0.7

[2024-05-29T15:10:43,886][INFO][validate-docker-compose] Docker Compose version: 2.23.3

[2024-05-29T15:10:43,902][WARN][validate-host-disk] Total Disk Space: 147GB

[2024-05-29T15:10:43,903][WARN][validate-host-disk] Host disk space 500GB or higher is the minimum recommended, but found 147GB

[2024-05-29T15:10:43,904][INFO][validate-host-disk] Available Disk Space: 82GB

[2024-05-29T15:10:43,905][INFO][validate-host-disk] Used Disk Space: 42%

[2024-05-29T15:10:43,915][WARN][validate-host-memory] Total memory: 31GB

[2024-05-29T15:10:43,916][WARN][validate-host-memory] Host memory 32GB or higher is the minimum recommended, but found 31GB

[2024-05-29T15:10:43,918][INFO][nsmo-start] ----------- Collecting Host Information

[2024-05-29T15:10:43,919][INFO][nsmo-start] Host IP: 10.12.104.22

[2024-05-29T15:10:43,920][INFO][nsmo-start] Hostname (--fqdn): QA-22Server.ipinfusion.com

[2024-05-29T15:10:43,928][INFO][load-properties] ----------- Checking IP Maestro global cfg

[2024-05-29T15:10:43,930][INFO][load-properties] Global cfg not present. Creating .cfg and setting required properties

Image upgrade location []: http://10.12.104.22:8000/maestro_resources/images/

License installation path []: http://10.12.104.22:8000/maestro_resources/licenses/

push.configuration.for.LLDP <true/false> [true]: true

push.configuration.for.ALARMS <true/false> [true]: true

DHCP interface []:

OcNOS login [ocnos]: ocnos

OcNOS password [ocnos]: ocnos

OcNOS port [830]: 830

[2024-05-29T15:11:12,510][INFO][config-tls] ----------- Loading IP Maestro TLS/SSL config

[2024-05-29T15:11:12,512][INFO][config-tls] Creating self-signed certificate/key. Files will be available for ssl configuration

=====================================================

======== Generating IP MAESTRO Certificate(s) =======

=====================================================

Generating Certificate for host QA-22Server.ipinfusion.com and ip 10.12.104.22 ...

Using instances.yml file to create certificates...

# This file is used by elasticsearch-certutil to generate X.509 certificates

# for the Elasticsearch transport networking layer.

# see https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html

# NOTE Remote connections based on IP is not a good aproach as IPs can change. DNS should be prefered instead.

instances:

- name: "CN=Self-Signed,C=US,ST=California,L=Santa Clara,O=IP Infusion,OU=NSMO"

filename: "selfsigned"

dns:

- QA-22Server.ipinfusion.com

ip:

- 10.12.104.22

Unzipping Certificates...

Deleting /certs/certs.zip - If it exists...

Creating self-signed PKCS8 key for filebeat from /certs/selfsigned.key

ODL Keystore not found. Creating ODL PKCS12 keystore using self-signed cert and key...

Importing keystore /certs/selfsigned.p12 to /odl/etc/keystore/keystore.jks...

Entry for alias karaf successfully imported.

Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

Applying Permissions...

=====================================================

Self-signed Certificate/Key generated successfully.

=====================================================

Use self-signed certificate/key for Portal SSL settings? [true]: no

[2024-05-29T15:11:17,719][INFO][config-tls] Use self-signed cert/key settings: no...

[2024-05-29T15:11:17,721][INFO][config-tls] Setting up external SSL certificate/key for Portal. Files MUST be located at nsmo/certs ...

SSL Certificate Name: fullchain.pem

SSL Certificate Key Name: privkey.pem

[2024-05-29T15:11:37,138][INFO][config-tls] Verifying if certificates are present at nsmo/certs ...

Execute the following command to check the status of the containers:

watch docker ps

Note: Ensure that containers that contain a health check have a healthy status.

Here is an example of the output:

*** The following is a short output to show the "healthy" STATUS expected

NAMES STATUS

ipi-dhcp Up 2 hours

ipi-metricbeat Up 2 hours

ipi-proxy Up 2 hours (healthy)

ipi-keycloak Up 2 hours (healthy)

ipi-portal-client Up 2 hours (healthy)

ipi-portal-server Up 2 hours (healthy)

ipi-odl Up 2 hours (healthy)

ipi-logstash Up 2 hours (healthy)

ipi-elasticsearch Up 2 hours (healthy)

ipi-rabbitmq Up 2 hours (healthy)

ipi-postgresql Up 2 hours (healthy)

ipi-restconf-monitor Up 2 hours (healthy)