The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to verify and manage all of the applications that provide Cisco Dynamic Fabric Automation (DFA) central point of management functions after the DCNM open virtual appliance (OVA) is deployed. This chapter includes the following sections:
Note For instructions on installing these applications with the Cisco DCNM OVA, see the “Installing the Cisco DCNM OVA” section.
Note For information about managing these applications in a high-availability (HA) environment, see “Managing Applications in a High-Availability Environment” section.
A complete list of applications included in Cisco DCNM that provide Cisco DFA is in Table 3-1 . Information about these applications and the corresponding login credentials are included.
Table 3-1 Cisco DCNM OVA Applications
created by Cisco Prime Network Services Controller administrator |
created by Cisco Prime Network Services Controller administrator |
|||
This section describes the details of all the applications within the functions they provide in Cisco DCNM. The functions are as follows:
The data center network management function is provided by the Cisco Prime Data Center Network Manager (DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data center infrastructure. Cisco DCNM can be accessed from your browser: http://[host/ip].
Note For more information about Cisco DCNM, see http://cisco.com/go/dcnm.
In the Cisco DFA solution, traditional services, such as firewalls and load balancers, are deployed at regular leaf nodes within the spine-leaf topology, and at border leaf nodes, unlike more traditional data centers where these services are deployed at the aggregation layer.
Cisco Prime Network Services Controller (Prime NSC) provides the orchestration and automation of network services in Cisco DFA. The Prime NSC supports integration with virtual computer and storage managers such as vCenter and System Center Virtual Machine Manager (SCVMM) and provides end-to-end orchestration and automation for services in Cisco DFA.
Note For more information about the Prime NSC, see the Cisco Prime Network Services Controller documentation at the following URL:
http://www.cisco.com/en/US/partner/products/ps13213/tsd_products_support_series_home.html
A Prime NSC Adapter is bundled within the Cisco DCNM OVA. It performs the following functions:
Note The Prime NSC Adapter supports DCNM-to-Prime NSC integration for multiple Prime NSC instances. A single Prime NSC instance is not able to fulfill DFA scalability requirements for tenants and VMs. Consequently, multiple instances are required to achieve the scale that DFA requires.
You can create instances with the help of a Prime NSC Adapter Manager CLI feature. See the “Cisco Prime Network Services Controller Adapter Manager Command-Line Interface” section.
This procedure describes how to configure connectivity between the Prime NSC and DCNM.
After you have successfully configured connectivity, the following aspects apply:
Before you begin to configure connectivity with DCNM, confirm the following:
Step 1 Log in to the DCNM VM console as root.
Step 2 Navigate to the /opt/nscadapter/bin directory.
Step 3 Start the Prime NSC Adapter by entering the following command:
nsc-adapter-mgr start.
Step 4 Use the nsc-adapter-mgr nsc add command to enter the following information to provide DCNM with access to Prime NSC:
– Prime NSC management IP address
– Username for Prime NSC access
– Password for Prime NSC access
The command format is nsc-adapter-mgr nsc add ip-address user name password.
Step 5 Log in to the Cisco DCNM web UI and do the following:
a. Choose Admin > Dynamic Fabric Automation > Settings.
b. Choose Config > Dynamic Fabric Automation (DFA) > Auto-Configuration .
c. Click Add Organization and enter the information for the organization. An organization in DCNM corresponds to a tenant in Prime NSC Adapter.
d. Add a network to the organization.
e. As needed, add partitions to the organization. A partition in DCNM corresponds to a virtual data center in Prime NSC.
Step 6 To confirm that connectivity is established between DCNM and Prime NSC, log in to Prime NSC and confirm that the organization is displayed in the Tenant Management tab.
See the “Cisco Prime Network Services Controller Adapter Manager Command-Line Interface” section for a list of all of the CLI commands.
You can register a Cisco Prime Network Services Controller (Prime NSC) instance using the Prime NSC Adapter Manager command-line interface (CLI). A single Prime NSC instance is not able to fulfill Cisco DFA’s scalability requirements for tenants and VMs; therefore, multiple instances are required to achieve the scale that Cisco DFA requires.
Even though the Prime NSC Adapter is part of the DCNM OVA, you must manually start the Prime NSC Adapter. Refer to the following table for CLI commands to start and stop the Prime NSC Adapter.
Table 3-2 Cisco Prime Network Services Controller Adapter commands
Note See the Cisco Prime Network Services Controller User Guide for more information about Cisco Prime Network Services Controller.
When you are using autoconfiguration for DFA, the network is associated with a configuration profile (config profile). A config profile template instance is created on leaf nodes wherever a network appears. When using services in the Cisco Prime Network Services Controller (Prime NSC), you must select the correct config profile to orchestrate and automate the services in the DFA network.
Table 3-3 includes the sample guidelines for edge firewall with regards to selecting config profiles when you are using services.
Three components provide orchestration functions.
Rabbit MQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP). The RabbitMQ message broker sends events from the vCloud Director/vShield Manager to the Python script for parsing. You can configure this protocol by using certain CLI commands from the Secure Shell (SSH) console of the OVA.
Note For more information about RabbitMQ, go to http://www.rabbitmq.com/documentation.html
The orchestration Python script receives and parses events from VMware’s vCloud Director/vShield Manager through the RabbitMQ message broker. It communicates with vCloud Director/vShield Manager through web service APIs for detailed information and then calls Cisco DCNM REST APIs to populate data that is to be used by the fabric.
The Python integration scripts and the configuration files in the OVA are as follows:
/root/utils/vCDclient-ini.conf
You should edit the vCDclient-ini.conf file with your specific information and start the integration using Python2.7 as python2.7 vCDclient.py
Tip By invoking the script with the Python command, you will invoke the default Python 2.6 version, which might fail; the integration script requires certain modules that are available only in Python 2.7.
The OVA installs LDAP that serves as an asset database to the switches.
Power On Auto Provisioning (POAP) occurs when a switch boots without any startup configuration. It is accomplished by two components that were installed with the OVA:
The DHCP server parcels out IP addresses to switches in the fabric and points to the location of the POAP database, which provides the Python script and associates the devices with images and configurations.
During the Cisco DCNM OVA installation, you define the IP Address for the inside fabric management address or OOB management network and the subnets associated with the Cisco DFA management.
Note You should always configure DHCP through Cisco DCNM web UI by choosing: UI > Config > POAP > DHCP Scopes. Editing the /etc/dhcp/dhcp.conf file from an SSH terminal might lead to unexpected behavior.
The TFTP server hosts boot scripts that are used for POAP.
The SCP server downloads the database files, configuration files, and the software images.
You can accomplish group provisioning of switches by using the Extensible Messaging and Presence Protocol (XMPP) server. Through the XMPP server and Cisco Jabber, you have access to all devices in the fabric and can create chat groups of spines and leaves for group provisioning of switches.
The initial XMPP configuration can be done through the Cisco DCNM web UI by choosing: Admin > DFA Settings .
Note Before a switch can participate in XMPP, it must be added to the XMPP database by using the appmgr CLI command shown in Table 3-4. See the“XMPP User and Group Management” section for information.
You can manage the applications for Cisco DFA in the Cisco DCNM OVA through commands in an SSH terminal.
Enter the appmgr command from the SSH terminal by using the following credentials:
Note For your reference, context sensitive help is available for the appmgr command. Use the appmgr ? command to display help.
Use the appmgr tech_support command to produce a dump of the log files. You can then provide this information to the TAC team for troubleshooting and analysis of your setup.
Note This section does not describe commands for Network Services using Cisco Prime Network Services Controller. For network services commands, see the “Cisco Prime Network Services Controller Adapter Manager Command-Line Interface” section.
After you deploy the OVA file, you can determine the status of the applications that were deployed in the OVA file. You can use the appmgr status command in an SSH session to perform this procedure.
Note Context-sensitive help is available for the appmgr status command. Use the appmgr status ? command to display help.
Step 1 Open up an SSH session:
a. Enter the ssh root DCNM network IP address command.
b. Enter the administrative password to login.
Step 2 Check the status of the applications by entering this command:
Use the following CLI commands for stopping, starting, and resetting applications:
XMPP in-band registration is disabled in the Cisco DCNM OVA from a security perspective.
Before a switch can participate in XMPP, it must be added to the XMPP database by using the appmgr CLI command shown in Table 3-4 .
Note A switch that has gone through POAP does not need to be added to the XMPP database using the appmgr CLI commands.
When POAP definitions are created in DCNM Web UI for a given switch, an XMPP user for that switch is automatically created in the XMPP database with the switch hostname “XMPP user” and with an XMPP password specified in the POAP definitions.
When the Cisco DCNM OVA is deployed, an XMPP user named “admin” and a group named “dcnm-dfa” are created. This can be changed later in the DCNM Web UI by choosing Admin > DFA Settings.
Table 3-4 CLI Commands for XMPP user and group management
Note If you configure a remote Oracle database for both DCNM and XMPP in an appliance (OVA/ISO), create two separate database users—one for the DCNM and the other for XMPP.
Perform the following task to import SSL certificates after you fetch the CSR certificates from the CA. CSR must include intermediate, root and server certificates.
Step 2 Update the server.xml with the key alias name.
Step 3 Start the DCNM servers.
Note You must import the certificates in the order: intermediate, root and server certificates.
Step 4 If it is required to use the CA signed certificates for both Fabric server and the LAN server, the certificates must be imported in both the files
Step 5 Use the following commands to import the certificates:
Step 6 To import the certificates to fmtrust.jks, perform the following:
You can use the appgmr backup command to back up Cisco DCNM and application data. See the following sections for details about backing up data. However, Cisco DCNM does not take a backup of the NX-OS image. You must take the backup of the NX-OS images separately.
Note For your reference, context sensitive help is available for the appmgr backup command. Use the appmgr backup ? command to display help.
You can back up Cisco DCNM with a single command.
Note Configuration archive directories are not part of this backup. The command backs up only the local PostgreSQL database used by Cisco DCNM.
Backing up all application data can be performed for a specific application or for all applications at once. Refer to the following table for CLI backup commands.
Table 3-5 CLI Commands for backing up application data
If you use cron jobs for backup procedures, the database passwords can be assigned arguments so that there are no prompts. For example, you can use the -p1 command for the Cisco DCNM database password. You can use the -p2 command for the XMPP database password. Both passwords apply only to local databases.
Note Before upgrading or restoring backed-up data onto another OVA setup, the files under folder /usr/local/cisco/dcm/fm/pm/db needs to be backed-up since these files locally saved in the DCNM server instead of database.
Restoring an application clears all the existing data from that application. Before you restore an application, you should shut down the application.
Because all data will be cleared, you should perform a backup of the application that you are going to restore.
Use the following procedure to back up application data and restore the application on a new OVA.
Note A backup and restore procedure is supported only on either the same OVA or a new OVA deployed with an identical network configuration as the backed-up OVA.
Step 1 Stop all the DCNM services, by using the appmgr stop all command.
Step 2 Use the appmgr backup command on the existing OVA.
You must take the backup of the NX-OS images in the devices separately.
Step 3 Transfer the backup file to any repository.
Step 4 Power off the first OVA.
Step 5 Deploy another OVA with the same network configuration as the existing one, using the same IP/Netmask/Gateway/Hostname/DNS.
Step 6 Transfer the backup file to the second OVA.
The NX-OS images backup file must be restored to the /var/lib/dcnm folder.
Step 7 Run the appmgr restore with the new backup on the new OVA.
Note See Table 3-6 for a list of CLI commands to restore applications.
Table 3-6 CLI commands for restoring applications
Note Before restoring backed-up data onto another OVA setup, the files under folder /usr/local/cisco/dcm/fm/pm/db needs to be restored back in the same location.