- Overview to Cisco NFVI
- Cisco NFVI Installation Overview
- Preparing for Installation on Servers Without Internet Access
- Preparing for Cisco NFVI Installation
- Installing Cisco VTS
- Installing Cisco VIM
- Installing Cisco VIM Insight
- Installing Cisco VIM through Cisco VIM Insight
- Verifying the Cisco NFVI Installation
Installing Cisco VIM
Insight
Cisco VIM 2.2 offers a unified management solution which will be available in the subsequent releases.
Cisco VIM Insight can be installed on two modes:
-
Standalone/non-HA mode on a dedicated node to manage multiple VIM pods.
-
Standalone/non-HA mode on the management node to manage a single VIM pods.
You can start installing in a Standalone/non-HA mode initially (on the management node of the pod) or a standalone (BOM) server. If VIM Insight is hosted on the node where the VIM management service of a pod is running, ensure that the workspace for Insight is different from that of the installer. Rendition and migration from one install mode to another is easy because the UI interacts to each pod through REST API and very little RBAC information of the admin and user is kept in the database. As the UI interacts with the REST API, it is not necessary that the pod should be managed by Insight from day 0. You can register a pod, with an Insight instance after it is up and running.
Also, the UI has two types of Admin: UI Admin and Pod Admin. UI Admin is for the administrators who can add more folks as UI Admin or Pod admin. Pod Admin has privileges only at the pod level, where as an UI Admin has privileges both at UI and pod level.
Complete the following procedure to install Cisco VIM Insight on the Cisco NFVI management node.
- Cisco VIM Insight with Internet Access
- Installing Cisco VIM Insight without Internet Access
- VIM Insight UI Admin Login for Standalone Setup
- VIM Insight Pod Admin Login for Standalone Setup
Cisco VIM Insight with Internet Access
Complete the following steps to install Cisco VIM Insight on the Cisco NFVI management node. As security is paramount to pod management, the web-service hosting the single pane of glass is protected through TLS. Following are the steps to get the TLS certificate setup going.
You can select one of the following approaches for the TLS certificate configurations:
-
Provide your own certificate: You can bring in your certificate on the management node and provide the absolute path of .pem and CA certificate files in the insight_setup_data.yaml file. The path must be provided as a value for the key 'PEM_PATH' in the insight_setup_data.yaml file.
-
Generate a new certificate on the node: You can create a new certificate on the node by running the following command: #./tls_insight_cert_gen.py -f <path_to_insight_setup_data.yaml>/insight_setup_data.yaml This script will search for the 'PEM_PATH' inside the insight_setup_data.yaml. As the path is not provided it will create a new certificate inside install-dir/openstack-configs.
You must complete all Cisco NFVI preparation tasks described in Preparing for Cisco NFVI Installation , and also the management node has to be installed as described Cisco VIM Management Node Networking .The procedure to bootstrap the node hosting the Insight is same as installing the buildnode.iso.
Installing Cisco VIM Insight without Internet Access
Complete the following steps to install Cisco VIM Insight on the Cisco NFVI management node.
Management Node setup (without Internet):
For many service providers, the infrastructure on which Management Node setup is run is air-gapped. This presents an additional dimension for the orchestrator to handle. To support install that is air-gapped, refer to the section Preparing for Installation on Servers Without InternetAccess , and follow the steps to prepare64G USB 2.0.
You must complete all Cisco NFVI preparation tasks described in Preparing for Cisco NFVI Installation , and the management node as described in Cisco VIM Management Node Networking .
Step 1 | Enter ip a to
verify the br_mgmt and br_api interfaces are up and are bound to bond1 and
bond0. For example:
$ ip a br_api: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff inet nnn.nnn.nnn.nnn/25 brd nnn.nnn.nnn.nnn scope global br_api valid_lft forever preferred_lft forever inet6 fe80::3c67:7aff:fef9:6035/64 scope link valid_lft forever preferred_lft forever bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_api state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff br_mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff inet nnn.nnn.nnn.nnn/24 brd nnn.nnn.nnn.nnn scope global br_mgmt valid_lft forever preferred_lft forever inet6 fe80::278:88ff:fe46:ee6e/64 scope link valid_lft forever preferred_lft forever bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_mgmt state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff
| ||
Step 2 | Run the
following commands to copy the installer directory and the standalone
insight_setup_data_yaml.
| ||
Step 3 | Modify the insight setup data according to the requirements. Refer to the insight_setup_data.yaml and cert generation as listed in step 5 of the preceding section. | ||
Step 4 | Save the edited insight_setup_data.yaml file. | ||
Step 5 | Run Import
Artifacts:
$ cd /root/insight-<tag_id>/tools ./import_artifacts.sh This verifies that /var/cisco/artifcats on the management node has the following Insight artifacts, along with the other components 'insight-K9.tar', 'mariadb-app-K9.tar'.' | ||
Step 6 | Start the
insight installation process.
$ cd /root/Insight-<tag_id>/insight/ $./bootstrap_insight.py --help usage: bootstrap_insight.py [-h] --action ACTION [--regenerate_secrets] [--setpassword] [--file INSIGHTSETUPDATA] [--keep] [--verbose] [--backupdir BACKUPDIR] [-y] Insight install setup helper. optional arguments: -h, --help show this help message and exit --action ACTION, -a ACTION install - Install Insight UI install-status - Display Insight Install Status reconfigure - reconfigure - Reconfigure Insight DB password, TLS Certificate, INSIGHT_SMTP_SERVER, INSIGHT_EMAIL_ALIAS_PASSWORD, INSIGHT_EMAIL_ALIAS, INSIGHT_SMTP_PORT update - Update Insight UI update-status - Display Insight Update Status rollback - Rollback Insight UI update commit - Commit Insight UI update backup - Backup Insight UI uninstall - Uninstall Insight UI --regenerate_secrets, -r System generated INSIGHT_DB_PASSWORD --setpassword, -s User supplied INSIGHT_DB_PASSWORD, --file INSIGHTSETUPDATA, -f INSIGHTSETUPDATA Location of insight_setup_data.yaml --keep, -k Preserve Insight artifacts during uninstall --verbose, -v Verbose on/off --backupdir BACKUPDIR, -b BACKUPDIR Path to backup Insight -y, --yes Option to skip reconfigure or uninstall steps without prompt $ ./bootstrap_insight.py –a install –f </root/insight_setup_data.yaml> VIM Insight install logs are at: /var/log/insight/bootstrap_insight/bootstrap_insight_<date>_<time>.log Management Node Validations! +-------------------------------+--------+-------+ | Rule | Status | Error | +-------------------------------+--------+-------+ | Check Kernel Version | PASS | None | | Check Ansible Version | PASS | None | | Check Docker Version | PASS | None | | Check Management Node Tag | PASS | None | | Check Bond Intf. Settings | PASS | None | | Root Password Check | PASS | None | | Check Boot Partition Settings | PASS | None | | Check LV Swap Settings | PASS | None | | Check Docker Pool Settings | PASS | None | | Check Home Dir Partition | PASS | None | | Check Root Dir Partition | PASS | None | | Check /var Partition | PASS | None | | Check LVM partition | PASS | None | | Check RHEL Pkgs Install State | PASS | None | +-------------------------------+--------+-------+ Insight standalone Input Validations! +-------------------------------------------+--------+-------+ | Rule | Status | Error | +-------------------------------------------+--------+-------+ | Insight standalone Schema Validation | PASS | None | | Valid Key Check in Insight Setup Data | PASS | None | | Duplicate Key Check In Insight Setup Data | PASS | None | | Test Email Server for Insight | PASS | None | +-------------------------------------------+--------+-------+ Setting up Insight, Kindly wait!!! Cisco VIM Insight Installed successfully! +-----------------------+--------+---------------------------------------------------------+ | Description | Status | Details | +-----------------------+--------+---------------------------------------------------------+ | VIM Insight UI URL | PASS | https://<br_api:9000> | | VIM UI Admin Email ID | PASS | Check for info @: <abs path of insight_setup_data.yaml> | | | | | | VIM UI Admin Password | PASS | Check for info @ /opt/cisco/insight/secrets.yaml | | VIM Insight Workspace | PASS | /root/Insight_<tag_id>/insight/ | +-----------------------+--------+---------------------------------------------------------+ Cisco VIM Insight backup Info! +----------------------+-------+-------------------------------------------------------------------+ | Description | Status| Details | +----------------------+-------+-------------------------------------------------------------------+ | Insight backup Status| PASS | Backup done @ | | | | /var/cisco/insight_backup/insight_backup_<release_tag>_<date_time>| +----------------------+-------+-------------------------------------------------------------------+ Done with VIM Insight install! VIM Insight install logs are at: /var/log/insight/bootstrap_insight/ Logs of Insight Bootstrap will be generated at : /var/log/insight/bootstrap_insight/ on the management node. Log file name for Insight Bootstrap will be in the following format : bootstrap_insight_<date>_<time>.log. Only ten bootstrap Insight log files are displayed at a time. Once the bootstrap process is completed a summary table preceding provides the information of the UI URL and the corresponding login credentials. After first login, for security reasons, we recommend you to change the Password. Insight autobackup takes place after an install and is located at default backup location /var/cisco/insight_backup; details of which is provided in the backup summary table. To add a new UI Admin in a setup that just got created, login to VIM insight and add a new UI admin user from the Manage UI Admin Users menu. Without doing a fresh install (that is un-bootstrap, followed by bootstrap) of the insight application, the UI admin that was bootstrapped with cannot be changed. Refer Cisco VIM Insight Post Bootstrap Validation Checks section to verify the bootstrap status of Cisco VIM Insight. |
Cisco VIM Insight Post Bootstrap Validation Checks
-
After the VIM Insight bootstrap, you can view the status of Insight installation through install-status action using bootstrap.
$ cd /root/installer-<tag_id>/insight/ $ ./bootstrap_insight.py –a install-status Cisco VIM Insight Install Status! +-----------------------+--------+----------------------------------+ | Description | Status | Details | +-----------------------+--------+----------------------------------+ | VIM Insight Version | PASS | <release_tag> | | VIM Insight UI URL | PASS | https://<br_api:9000> | | VIM Insight Container | PASS | insight_<tag_id> | | VIM Mariadb Container | PASS | mariadb_<tag_id> | | VIM Insight Workspace | PASS | /root/installer-<tag_id>/insight | +-----------------------+--------+----------------------------------+
-
You can also verify if the Insight and Mysql containers are up or not by running the following command:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES cbe582706e50 cvim-registry.com/mercury-rhel7-osp10/insight:7434 "/start.sh" 10 hours ago Up 10 hours insight_7321 68e3c3a19339 cvim-registry.com/mercury-rhel7-osp10/mariadb-app:7434 "/usr/bin/my_init /ma" 10 hours ago Up 10 hours mariadb <tag-id>
-
Check the status of Insight by running the following command :
$ systemctl status docker-insight docker-insight.service - Insight Docker Service Loaded: loaded (/usr/lib/systemd/system/docker-insight.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2017-04-07 13:09:25 PDT; 36s ago Main PID: 30768 (docker-current) Memory: 15.2M CGroup: /system.slice/docker-insight.service └─30768 /usr/bin/docker-current start -a insight_<tag-id> Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: Tables_in_rbac Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: buildnode_master Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: permission_master Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: role_master Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: role_permission Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_master Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_role Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_session Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: Starting the apache httpd Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 2.2.2.6. Set the 'ServerName' directive gl... this message Hint: Some lines were ellipsized, use -l to show in full.
-
Check if the Insight is up by running the following command:
$curl https://br_api:9000 -k (or --insecure) Your response of curl should show the DOCTYPE HTML: <!DOCTYPE html> <!--[if lt IE 7]> <html lang="en" ng-app="myApp" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]--> <!--[if IE 7]> <html lang="en" ng-app="myApp" class="no-js lt-ie9 lt-ie8"> <![endif]--> <!--[if IE 8]> <html lang="en" ng-app="myApp" class="no-js lt-ie9"> <![endif]--> <!--[if gt IE 8]><!--> <html lang="en" ng-app="mercuryInstaller" class="no-js"> <!--<![endif]--> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Cisco VIM Installer</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"/> <link rel="stylesheet" href="../static/lib/html5-boilerplate/dist/css/normalize.css"> <link rel="stylesheet" href="../static/lib/html5-boilerplate/dist/css/main.css"> <link rel="stylesheet" href="../static/lib/bootstrap/bootstrap.min.css"> <link rel="stylesheet" href="../static/lib/font-awesome/font-awesome.min.css"> <!--<link href="http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet">--> <link rel="stylesheet" href="../static/lib/bootstrap/bootstrap-theme.min.css"> <link rel="stylesheet" href="../static/lib/uigrid/ui-grid.min.css"> <link rel="stylesheet" href="../static/lib/chart/angular-chart.min.css"> <script src="../static/lib/html5-boilerplate/dist/js/vendor/modernizr-2.8.3.min.js"></script> <link rel="stylesheet" href="../static/css/app.css"> <!--new dashboard css starts--> <link rel="stylesheet" href="../static/css/dashboard.css"> <!--new dashboard css end--> </head> <body class="skin-blue sidebar-collapse" ng-controller="DashboardCtrl" id="ToggleNavbar"> <div class="wrapper" id="wrapper"> <div class="content-wrapper" id="contentclass"> <mi-header></mi-header> <mi-left-side-navbar></mi-left-side-navbar> <message-box> </message-box> <div class=" viewheight" ng-view autoscroll="true"></div> </div> <mi-footer></mi-footer> </div> <!--new dashboard js starts--> <script src="../static/lib/bootstrap/jquery.min.js"></script> <script src="../static/lib/jquery/jquery-ui.js"></script> <script src="../static/lib/bootstrap/progressbar.js"></script> <!--new dashboard js ends--> <script src="../static/lib/chart/Chart.min.js"></script> <script src="../static/lib/bootstrap/bootstrap.min.js"></script> <script src="../static/lib/angular/angular.js"></script> <script src="../static/lib/chart/angular-chart.min.js"></script> <script src="../static/lib/uigrid/angular-touch.js"></script> <script src="../static/lib/uigrid/angular-animate.js"></script> <script src="../static/lib/uigrid/csv.js"></script> <script src="../static/lib/uigrid/pdfmake.js"></script> <script src="../static/lib/uigrid/vfs_fonts.js"></script> <script src="../static/lib/uigrid/ui-grid.js"></script> <script src="../static/lib/angular/smart-table.min.js"></script> <script src="../static/lib/angular-route/angular-route.js"></script> <script src="../static/lib/angular-cookies/angular-cookies.js"></script> <script src="../static/lib/angular/angular-translate.js"></script> <script src="../static/lib/angular/angular-translate-loader-static-files.min.js"></script> <script src="../static/lib/angular/angular-translate-storage-cookie.min.js"></script> <script src="../static/lib/angular/angular-translate-storage-local.min.js"></script> <script src="../static/lib/yamltojson/yaml.js"></script> <script src="../static/lib/yaml/js-yaml.min.js"></script> <script src="../static/lib/d3/d3min.js"></script> <script src="../static/utility/utility.js"></script> <script src="../static/widgets/widgets.js"></script> <script src="../static/app.js"></script> <script src="../static/layout/layout.js"></script> <script src="../static/login/login.js"></script> <script src="../static/globals/globals.js"></script> <script src="../static/dashboard/dashboard.js"></script> <script src="../static/cloudpulse/cloudpulse.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/ucsmcommon.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/cimccommon.js"></script> <script src="../static/vmtp/runvmtp.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/networking.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/serverandroles.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/cephsetup.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/cindersetup.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/glancesetup.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/haproxy.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/keystonesetup.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/swiftstack.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/neutronsetup.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/vmtpsetup.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/physicalsetupwizard.js"></script> <script src="../static/blueprintsetup/servicesSetupWizard/systemlog.js"></script> <script src="../static/blueprintsetup/servicesSetupWizard/nfvbench.js"></script> <script src="../static/blueprintsetup/servicesSetupWizard/servicesSetupWizard.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/openstacksetupwizard.js"></script> <script src="../static/blueprintsetup/blueprintsetup.js"></script> <script src="../static/blueprintmanagement/blueprintmanagement.js"></script> <script src="../static/topology/topology.js"></script> <script src="../static/monitoring/monitoring.js"></script> <script src="../static/horizon/horizon.js"></script> <script src="../static/podmanagement/podmanagement.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/tlssupport.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/elksetup.js"></script> <script src="../static/systemupdate/systemupdate.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/registrysetup.js"></script> <script src="../static/registertestbed/registertestbed.js"></script> <script src="../static/registersaas/registersaas.js"></script> <script src="../static/useradministration/manageusers.js"></script> <script src="../static/useradministration/rolemanagement.js"></script> <script src="../static/saasadmindashboard/saasadmindashboard.js"></script> <script src="../static/saasadmindashboard/buildnodes.js"></script> <script src="../static/saasadmindashboard/buildnodeusers.js"></script> <script src="../static/saasadmindashboard/managesaasuser.js"></script> <script src="../static/saasadminusermanagement/saasadminusermgmt.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/nfvisetup.js"></script> <script src="../static/blueprintsetup/physicalsetupwizard/torswitch.js"></script> <script src="../static/blueprintsetup/openstacksetupwizard/vtssetup.js"></script> <script src="../static/rbacutilities/rbacutility.js"></script> <script src="../static/forgotpassword/forgotpassword.js"></script> <script src="../static/changepassword/changepassword.js"></script> <script src="../static/passwordreconfigure/passwordreconfigure.js"></script> <script src="../static/openstackconfigreconfigure/openstackconfigreconfigure.js"></script> <script src="../static/reconfigureoptionalservices/reconfigureoptionalservices.js"></script> </body>
-
VIM Insight Autobackup: Insight will invoke Insight Autobackup as a daemon process. Autobackup is taken as an incremental backups of database and /opt/cisco/insight/mgmt_certs dir if there is any change.
You can check the status of Insight Autobackup service:
systemctl status insight-autobackup insight-autobackup.service - Insight Autobackup Service Loaded: loaded (/usr/lib/systemd/system/insight-autobackup.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2017-09-04 05:53:22 PDT; 19h ago Process: 21246 ExecStop=/bin/kill ${MAINPID} (code=exited, status=0/SUCCESS) Main PID: 21287 (python) Memory: 9.2M CGroup: /system.slice/insight-autobackup.service └─21287 /usr/bin/python /var/cisco/insight_backup/insight_backup_2.1.10_2017-08-31_03:02:06/root /rohan/installer-10416/insight/playbooks/../insight_autobackup.py Sep 04 05:53:22 F23-insight-4 systemd[1]: Started Insight Autobackup Service. Sep 04 05:53:22 F23-insight-4 systemd[1]: Starting Insight Autobackup Service...
VIM Insight UI Admin Login for Standalone Setup
For security reasons, the UI Admin need to login to the UI with which Insight has been bootstrapped, and add other users as UI Admin. UI Admin needs to add new users as Pod Admin.
Registration of UI Admin to Insight
Step 1 | Enter the following address on the browser: https://<br_api>:9000. |
Step 2 | Enter the Email ID and the Password. Email ID should be the one specified as 'UI_ADMIN_EMAIL_ID in insight_setup_data.yaml during bootstrap. Password for UI Adminis generated at : /opt/cisco/insight/secrets.yaml and key is 'UI_ADMIN_PASSWORD |
Step 3 | Click Login as UI Admin User. You will be redirected to Insight UI Admin Dashboard. |
VIM Insight Pod Admin Login for Standalone Setup
Registration of Pod Admin to Insight:
Step 1 | Login as Insight UI Admin. |
Step 2 | Navigate to Manage Pod Admin. |
Step 3 | Click Add Pod Admin. |
Step 4 | Enter a new Email ID in Add Pod Admin pop-up. |
Step 5 | Enter the username of the Pod Admin. |
Step 6 | Click Save. User Registration Mail would be sent to newly added Pod Admin with a token. |
Step 7 | Click the URL with token and if token is valid then Pod Admin will be redirected to Insight-Update Password page. |
Step 8 | Enter new password and then confirm the same password. |
Step 9 | Click Submit. |