Installing Cisco IoT FND-RPM for the First Time - Oracle Deployment
IoT FND Installation Overview
Installing and Setting Up the IoT FND Database
Installing and Setting Up the SSM (Utility Deployment)
Installing and Setting Up IoT FND
First-Time Log In Actions
IoT FND CLIs
Cleaning up the IoT FND Database
IoT FND Log File Location
IOT FND Helper Scripts
Installing and Configuring the IoT FND TPS Proxy
Backing Up and Restoring the IoT FND Database
Backing Up the IoT FND Database Incrementally
- Performing an Incremental Backup

Installing Cisco IoT FND-RPM for the First Time - Oracle Deployment

This chapter provides an overview of the steps required to install Cisco IoT Field Network Director (Cisco IoT FND) software and the supporting application and database hardware servers within your network for the first time. This guide focuses on installation of Red-hat Package Manager (RPM) deployments for large-scale Advanced Metering Infrastructure (AMI) use cases. These deployment options allow for a la carte deployment of each head-end component with dedicated hardware. With this design, you have the flexibility to horizontally scale the Cisco IoT FND to support up to 11 million endpoints.

Note

For an overview of the features and functionality of the application and details on how to configure features and manage the Cisco IoT Field Network Director after its installation, refer to the Cisco IoT Field Network Director User Guides, Releases 4.3.x. 4.4.x, 4.5.x or 4.6.x.

Note

Review the Before You Install Field Network Director chapter in this guide and the relevant FND Release Notes before you install Oracle software to ensure you are installing the correct version.

Note

Cisco IoT FND Releases 4.6.1 and later support Oracle 19c Enterprise Edition.

Only Cisco IoT FND Release 4.5.x and Cisco IoT FND Release 4.6.x support Oracle18c Enterprise Edition.

Cisco IoT FND Release 4.4.x and Cisco IoT FND Release 4.3.x support Oracle 12c and 11g Enterprise Editions.

IoT FND Installation Overview

Complete the following procedures to install IoT FND for the first time:

Installing and Setting Up the IoT FND Database
Installing and Setting Up IoT FND
Installing and Configuring the IoT FND TPS Proxy
Backing Up and Restoring the IoT FND Database

Installing and Setting Up the IoT FND Database

Complete the following procedures to finish your IoT FND installation:

Installation and Setup Overview
Downloading and Unpacking Oracle Database
Running the Oracle Database Installer
Setting Up the IoT FND Database
Additional IoT FND Database Topics

Installation and Setup of IoT FND Database Overview

The following topics provide an overview of IoT FND database deployment:

Single-Server Database Deployment
High Availability Database Server Deployment

Single-Server Database Deployment

To install and set up IoT FND database for a single-server database deployment:

Log in to the database server.
Downloading and Unpacking Oracle Database.
Running the Oracle Database Installer.
Setting Up the IoT FND Database.

High Availability Database Server Deployment

To install and set up IoT FND database for HA:

Log in to the primary IoT FND database server.
Downloading and Unpacking Oracle Database.
Running the Oracle Database Installer.
Log in to the standby database server
Downloading and Unpacking Oracle Database.
Running the Oracle Database Installer.

Downloading and Unpacking Oracle Database

To download the Oracle database:

Before you begin

Note

Before downloading and installing the Oracle Database, ensure that the /tmp folder can handle, at a minimum, a 5GB file. After you complete the full installation and are working with the FND user interface, you may need to zip up log files sets and the larger /tmp folder will be of value.

Procedure

Step 1	Log in to your server as root.
Step 2	Download Oracle18c Enterprise Edition Release. (Only FND 4.5.x and FND 4.6.x support this version).
Step 3	To avoid display-related errors when installing the Oracle Database software, as root run this command: `# xhost + local:oracle`
Step 4	Create the oracle user and dba group: `# groupadd dba # adduser -d /home/oracle -g dba -s /bin/bash oracle`
Step 5	Unpack the Oracle Database zip archives. `p10404530_121020_Linux-x86-64_1of7.zip p10404530_121020_Linux-x86-64_2of7.zip p10404530_121020_Linux-x86-64_3of7.zip p10404530_121020_Linux-x86-64_4of7.zip p10404530_121020_Linux-x86-64_5of7.zip p10404530_121020_Linux-x86-64_6of7.zip p10404530_121020_Linux-x86-64_7of7.zip`

Running the Oracle Database Installer

To install the Oracle database:

Before you begin

Note

Before running the Oracle installer, disable the firewall.

Procedure

Step 1

Switch to user oracle and run the Oracle database installer:

# su - oracle
# setenv DISPLAY <desktop>
# path_to_DB_installation_folder/database/runInstaller

Step 2

Click Yes, and then click Next.

Step 3

Click Install database software only, and then click Next.

Step 4

Click Single instance database installation, and then click Next.

Step 5

Select English as the language in which the database runs, and then click Next.

Step 6

Click Enterprise Edition 6.4GB (Oracle18c), and then click Next.

Step 7

Select the following two default installation values, Oracle Base and Software Location 12.1.0), and then click Next.

Oracle Base — /home/oracle/app/oracle
Software Location —/home/oracle/app/oracle/product/12.1.0/dbhome_1

Later you will create the environment variables ORACLE_BASE and ORACLE_HOME based on the values of the Oracle Base and Software Location properties.

Step 8

On the Create Inventory page, keep the default values, and then click Next.

Inventory Directory — /home/oracle/app/oraInventory
oraInventory_Group Name —dba

Step 9

On the Privileged Operating System Groups page, keep the default values, and then click Next.

Database Administrator (OSDBA) group — dba
Database Operator (OSOPER) group —dba
Database Backup and Recovery (OSBACKUPDBA) group —dba (18c only)
Data Guard administrative (OSDGDBA) group — dba (18c only)
Encryption Key Management administrative (OSKMDBA) group —dba (18c only)

Step 10

(optional) On the Perform Prerequisite Checks page, install any required software or run supplied scripts

The installer might require the installation of additional software based on your system kernel settings, and may also instruct you to run scripts to configure your system and complete the database installation.

Note

If no missing packages are noted or you see the message “This is a prerequisite condition to test whether the package “ksh” is available on the system, check the Ignore All box.

Step 11

After installing any missing packages, click Fix & Check Again.

Keep doing this until all requirements are met.

Caution

Do not ignore errors on this page. If there are errors during database installation, IoT FND may not function properly.

Step 12

Click Next.

Step 13

On the Summary page, verify the database settings, and then click Install (18c) to start the installation process.

Step 14

At the prompts, run the supplied configuration scripts.

Because the installer runs as the user oracle, it cannot perform certain installation operations that require root privileges. For these operations, you will be prompted to run scripts to complete the installation process. When prompted, open a terminal window and run the scripts as root.

Step 15

If the installation succeeds, click Close on the Finish page.

Note

If performing a new installation of Oracle 18c or upgrading from Oracle 11g, you must install the Oracle 18c. Go to Mandatory Installing 18c Patch Only Supported on FND 4.5.x and 4.6.x.

Mandatory Installing 18c Patch Only Supported on FND 4.5.x and 4.6.x

For all new Oracle 18c database installations and all Oracle 11g upgrades, you must install the 18c patch.

To install the patch:

Procedure

Step 1	Stop IoT FND application if running.
Step 2	Stop Oracle service if running.
Step 3	Run the following commands to verify inventory of installed Oracle software components and patches. No patches are applied at this stage. The following displays at the end: There are no interim patches installed in this Oracle Home. /home/oracle/app/oracle/product/12.1.0/dbhome_1/OPatch/opatch lsinventory -details Oracle Interim Patch Installer version 12.1.0.1.3 Copyright (c) 2016, Oracle Corporation. All rights reserved. Oracle Home : /home/oracle/app/oracle/product/12.1.0/dbhome_1 Central Inventory : /home/oracle/app/oraInventory from : /home/oracle/app/oracle/product/12.1.0/dbhome_1/oraInst.loc OPatch version : 12.1.0.1.3 OUI version : 12.1.0.2.0 Log file location : /home/oracle/app/oracle/product/12.1.0/dbhome_1/cfgtoollogs /opatch/opatch2016-02-25_10-37-50AM_1.log Lsinventory Output file location : /home/oracle/app/oracle/product/12.1.0/dbhome_1 /cfgtoollogs/opatch/lsinv/lsinventory2016-02-25_10-37-50AM.txt -------------------------------------------------------------------------------- Installed Top-level Products (1): Oracle Database 18c 12.1.0.2.0 There are 1 products installed in this Oracle Home. Installed Products (135): Assistant Common Files 12.1.0.2.0 Buildtools Common Files 12.1.0.2.0 Cluster Verification Utility Common Files 12.1.0.2.0 Database Configuration and Upgrade Assistants 12.1.0.2.0 Database Migration Assistant for Unicode 12.1.0.2.0 Database SQL Scripts 12.1.0.2.0 Database Workspace Manager 12.1.0.2.0 DB TOOLS Listener 12.1.0.2.0 Deinstallation Tool 12.1.0.2.0 Enterprise Edition Options 12.1.0.2.0 Expat libraries 2.0.1.0.2 Generic Connectivity Common Files 12.1.0.2.0 Hadoopcore Component 12.1.0.2.0 HAS Common Files 12.1.0.2.0 HAS Files for DB 12.1.0.2.0 Installation Common Files 12.1.0.2.0 Installation Plugin Files 12.1.0.2.0 Installer SDK Component 12.1.0.2.0J Accelerator (COMPANION) 12.1.0.2.0 Java Development Kit 1.6.0.75.0 LDAP Required Support Files 12.1.0.2.0 OLAP SQL Scripts 12.1.0.2.0 Oracle Advanced Security 12.1.0.2.0 Oracle Application Express 12.1.0.2.0 Oracle Bali Share 11.1.1.6.0 Oracle Call Interface (OCI) 12.1.0.2.0 Oracle Clusterware RDBMS Files 12.1.0.2.0 Oracle Configuration Manager 10.3.8.1.1 Oracle Configuration Manager Client 10.3.2.1.0 Oracle Configuration Manager Deconfiguration 10.3.1.0.0 Oracle Containers for Java 12.1.0.2.0 Oracle Context Companion 12.1.0.2.0 Oracle Core Required Support Files 12.1.0.2.0 Oracle Core Required Support Files for Core DB 12.1.0.2.0 Oracle Core XML Development Kit 12.1.0.2.0 Oracle Data Mining RDBMS Files 12.1.0.2.0 Oracle Database 18c 12.1.0.2.0 Oracle Database 18c 12.1.0.2.0 Oracle Database 18c Multimedia Files 12.1.0.2.0 Oracle Database Deconfiguration 12.1.0.2.0 Oracle Database Gateway for ODBC 12.1.0.2.0 Oracle Database Plugin for Oracle Virtual Assembly Builder 12.1.0.2.0 Oracle Database User Interface 11.0.0.0.0 Oracle Database Utilities 12.1.0.2.0 Oracle Database Vault option 12.1.0.2.0 Oracle DBCA Deconfiguration 12.1.0.2.0 Oracle Extended Windowing Toolkit 11.1.1.6.0 Oracle Globalization Support 12.1.0.2.0 Oracle Globalization Support 12.1.0.2.0 Oracle Globalization Support For Core 12.1.0.2.0 Oracle Help for Java 11.1.1.7.0 Oracle Help Share Library 11.1.1.7.0 Oracle Ice Browser 11.1.1.7.0 Oracle Internet Directory Client 12.1.0.2.0 Oracle Java Client 12.1.0.2.0 Oracle Java Layout Engine 11.0.0.0.0 Oracle JDBC Server Support Package 12.1.0.2.0 Oracle JDBC/OCI Instant Client 12.1.0.2.0 Oracle JDBC/THIN Interfaces 12.1.0.2.0 Oracle JFC Extended Windowing Toolkit 11.1.1.6.0 Oracle JVM 12.1.0.2.0 Oracle JVM For Core 12.1.0.2.0 Oracle Label Security 12.1.0.2.0 Oracle LDAP administration 12.1.0.2.0 Oracle Locale Builder 12.1.0.2.0 Oracle Message Gateway Common Files 12.1.0.2.0 Oracle Multimedia 12.1.0.2.0 Oracle Multimedia Client Option 12.1.0.2.0 Oracle Multimedia Java Advanced Imaging 12.1.0.2.0 Oracle Multimedia Locator 12.1.0.2.0 Oracle Multimedia Locator Java Required Support Files 12.1.0.2.0 Oracle Multimedia Locator RDBMS Files 12.1.0.2.0 Oracle Net 12.1.0.2.0 Oracle Net Java Required Support Files 12.1.0.2.0 Oracle Net Listener 12.1.0.2.0 Oracle Net Required Support Files 12.1.0.2.0 Oracle Net Services 12.1.0.2.0 Oracle Netca Client 12.1.0.2.0 Oracle Notification Service 12.1.0.2.0 Oracle Notification Service (eONS) 12.1.0.2.0 Oracle Notification Service for Instant Client 12.1.0.2.0 Oracle ODBC Driver 12.1.0.2.0 Oracle ODBC Driverfor Instant Client 12.1.0.2.0 Oracle OLAP 12.1.0.2.0 Oracle OLAP API 12.1.0.2.0 Oracle OLAP RDBMS Files 12.1.0.2.0 Oracle One-Off Patch Installer 12.1.0.1.2 Oracle Partitioning 12.1.0.2.0 Oracle Programmer 12.1.0.2.0 Oracle Quality of Service Management (Client) 12.1.0.2.0 Oracle R Enterprise Server Files 12.1.0.2.0 Oracle RAC Deconfiguration 12.1.0.2.0 Oracle RAC Required Support Files-HAS 12.1.0.2.0 Oracle Real Application Testing 12.1.0.2.0 Oracle Recovery Manager 12.1.0.2.0 Oracle Security Developer Tools 12.1.0.2.0 Oracle Spatial and Graph 12.1.0.2.0 Oracle SQL Developer 12.1.0.2.0 Oracle Starter Database 12.1.0.2.0 Oracle Text 12.1.0.2.0 Oracle Text ATG Language Support Files 12.1.0.2.0 Oracle Text for Core 12.1.0.2.0 Oracle Text Required Support Files 12.1.0.2.0 Oracle Universal Connection Pool 12.1.0.2.0 Oracle Universal Installer 12.1.0.2.0 Oracle USM Deconfiguration 12.1.0.2.0 Oracle Wallet Manager 12.1.0.2.0 Oracle XML Development Kit 12.1.0.2.0 Oracle XML Query 12.1.0.2.0 oracle.swd.oui.core.min 12.1.0.2.0 Parser Generator Required Support Files 12.1.0.2.0 Perl Interpreter 5.14.1.0.0 Perl Modules 5.14.1.0.0 PL/SQL 12.1.0.2.0 PL/SQL Embedded Gateway 12.1.0.2.0 Platform Required Support Files 12.1.0.2.0 Precompiler Common Files 12.1.0.2.0 Precompiler Common Files for Core 12.1.0.2.0 Precompiler Required Support Files 12.1.0.2.0 Precompilers 12.1.0.2.0 RDBMS Required Support Files 12.1.0.2.0 RDBMS Required Support Files for Instant Client 12.1.0.2.0 RDBMS Required Support Files Runtime 12.1.0.2.0 Required Support Files 12.1.0.2.0 Sample Schema Data 12.1.0.2.0 Secure Socket Layer 12.1.0.2.0 SQLPlus 12.1.0.2.0 SQLPlus Files for Instant Client 12.1.0.2.0 SQL*Plus Required Support Files 12.1.0.2.0 SQLJ Runtime 12.1.0.2.0 SSL Required Support Files for InstantClient 12.1.0.2.0 Tracle File Analyzer 12.1.0.2.0 XDK Required Support Files 12.1.0.2.0 XML Parser for Java 12.1.0.2.0 XML Parser for Oracle JVM 12.1.0.2.0 There are 135 products installed in this Oracle Home. There are no Interim patches installed in this Oracle Home.
Step 4	Apply the patch. On the database machine. Copy the patch file : “p20830993_121020_Linux-x86-64.zip” Run a prerequisite check. It should pass. $ cd /home/oracle/patches/20830993/ $ /home/oracle/app/oracle/product/12.1.0/dbhome_1/OPatch /opatch prereq CheckConflictAgainstOHWithDetail -ph./ Oracle Interim Patch Installer version 12.1.0.1.3 Copyright (c) 2016, Oracle Corporation. All rights reserved. PREREQ session Oracle Home : /home/oracle/app/oracle/product/12.1.0/dbhome_1 Central Inventory : /home/oracle/app/oraInventory from : /home/oracle/app/oracle/product/12.1.0/dbhome_1/oraInst.loc OPatch version : 12.1.0.1.3 OUI version : 12.1.0.2.0 Log file location :/home/oracle/app/oracle/product/12.1.0/dbhome_1 /cfgtool logs/opatch/opatch2016-02-25_10-48-48AM_1.log Invoking prereq "checkconflictagainstohwithdetail" Prereq "checkConflictAgainstOHWithDetail" passed. OPatch succeeded. Apply the patch. $ /home/oracle/app/oracle/product/12.1.0/dbhome_1 /OPatch/opatch apply Oracle Interim Patch Installer version 12.1.0.1.3 Copyright (c) 2016, Oracle Corporation. All rights reserved. Oracle Home : /home/oracle/app/oracle/product/12.1.0/dbhome_1 Central Inventory : /home/oracle/app/oraInventory from : /home/oracle/app/oracle/product/12.1.0/dbhome_1/oraInst.loc OPatch version : 12.1.0.1.3 OUI version : 12.1.0.2.0 Log file location: /home/oracle/app/oracle/product/12.1.0/dbhome_1 /cfgtoollogs/opatch/20830993_Feb_25_2016_10_53_25/apply2016-02-25_10-53-25AM_1.log Applying interim patch '20830993' to OH '/home/oracle/app/oracle/product/12.1.0/dbhome_1' Verifying environment and performing prerequisite checks... All checks passed. Please shutdown Oracle instances running out of this ORACLE_HOME on the local system. (Oracle Home = '/home/oracle/app/oracle/product/12.1.0/dbhome_1') Is the local system ready for patching? [y\|n] y User Responded with: Y Backing up files... Patching component oracle.rdbms, 12.1.0.2.0... Verifying the update... Patch 20830993 successfully applied Log file location:/home/oracle/app/oracle/product/12.1.0/dbhome_1/cfgtoollogs /opatch/ 20830993_Feb_25_2016_10_53_25/apply2016-02-25_10-53-25AM_1.log OPatch succeeded. Run Opatch utility to verify that the patch is now recognized. Notice the mention of "Interim Patch" at the end of following output. $ /home/oracle/app/oracle/product/12.1.0/dbhome_1/OPatch/opatch lsinventory -details Oracle Interim Patch Installer version 12.1.0.1.3 Copyright (c) 2016, Oracle Corporation. All rights reserved. Oracle Home : /home/oracle/app/oracle/product/12.1.0/dbhome_1 Central Inventory : /home/oracle/app/oraInventory from : /home/oracle/app/oracle/product/12.1.0/dbhome_1/oraInst.loc OPatch version : 12.1.0.1.3 OUI version : 12.1.0.2.0 Log file location : /home/oracle/app/oracle/product/12.1.0/dbhome_1 /cfgtoollogs/opatch/opatch2016-02-25_11-05-19AM_1.log Lsinventory Output file location : /home/oracle/app/oracle/product/12.1.0/dbhome_1 /cfgtoollogs/opatch/lsinv/lsinventory2016-02-25_11-05-19AM.txt ------------------------------------------------------------------------- ------- Installed Top-level Products (1): Oracle Database 18c 12.1.0.2.0 There are 1 products installed in this Oracle Home. Installed Products (135): Assistant Common Files 12.1.0.2.0 Buildtools Common Files 12.1.0.2.0 Cluster Verification Utility Common Files 12.1.0.2.0 Database Configuration and Upgrade Assistants 12.1.0.2.0 Database Migration Assistant for Unicode 12.1.0.2.0 Database SQL Scripts 12.1.0.2.0 Database Workspace Manager 12.1.0.2.0 DB TOOLS Listener 12.1.0.2.0 Deinstallation Tool 12.1.0.2.0 Enterprise Edition Options 12.1.0.2.0 Expat libraries 2.0.1.0.2 Generic Connectivity Common Files 12.1.0.2.0 Hadoopcore Component 12.1.0.2.0 HAS Common Files 12.1.0.2.0 HAS Files for DB 12.1.0.2.0 Installation Common Files 12.1.0.2.0 Installation Plugin Files 12.1.0.2.0 Installer SDK Component 12.1.0.2.0 JAccelerator (COMPANION) 12.1.0.2.0 Java Development Kit 1.6.0.75.0 LDAP Required Support Files 12.1.0.2.0 LAP SQL Scripts 12.1.0.2.0 Oracle Advanced Security 12.1.0.2.0 Oracle Application Express 12.1.0.2.0 Oracle Bali Share 11.1.1.6.0 Oracle Call Interface (OCI) 12.1.0.2.0 Oracle Clusterware RDBMS Files 12.1.0.2.0 Oracle Configuration Manager 10.3.8.1.1 Oracle Configuration Manager Client 10.3.2.1.0 Oracle Configuration Manager Deconfiguration 10.3.1.0.0 Oracle Containers for Java 12.1.0.2.0 Oracle Context Companion 12.1.0.2.0 Oracle Core Required Support Files 12.1.0.2.0 Oracle Core Required Support Files for Core DB 12.1.0.2.0 Oracle Core XML Development Kit 12.1.0.2.0 Oracle Data Mining RDBMS Files 12.1.0.2.0 Oracle Database 18c 12.1.0.2.0 Oracle Database 18c 12.1.0.2.0 Oracle Database 18c Multimedia Files 12.1.0.2.0 Oracle Database Deconfiguration 12.1.0.2.0 Oracle Database Gateway for ODBC 12.1.0.2.0 Oracle Database Plugin for Oracle Virtual Assembly Builder 12.1.0.2.0 Oracle Database User Interface 11.0.0.0.0 Oracle Database Utilities 12.1.0.2.0 Oracle Database Vault option 12.1.0.2.0 Oracle DBCA Deconfiguration 12.1.0.2.0 Oracle Extended Windowing Toolkit 11.1.1.6.0 Oracle Globalization Support 12.1.0.2.0 Oracle Globalization Support 12.1.0.2.0 Oracle Globalization Support For Core 12.1.0.2.0 Oracle Help for Java 11.1.1.7.0 Oracle Help Share Library 11.1.1.7.0 Oracle Ice Browser 11.1.1.7.0 Oracle Internet Directory Client 12.1.0.2.0 Oracle Java Client 12.1.0.2.0 Oracle Java Layout Engine 11.0.0.0.0 Oracle JDBC Server Support Package 12.1.0.2.0 Oracle JDBC/OCI Instant Client 12.1.0.2.0 Oracle JDBC/THIN Interfaces 12.1.0.2.0 Oracle JFC Extended Windowing Toolkit 11.1.1.6.0 Oracle JVM 12.1.0.2.0 Oracle JVM For Core 12.1.0.2.0 Oracle Label Security 12.1.0.2.0 Oracle LDAP administration 12.1.0.2.0 Oracle Locale Builder 12.1.0.2.0 Oracle Message Gateway Common Files 12.1.0.2.0 Oracle Multimedia 12.1.0.2.0 Oracle Multimedia Client Option 12.1.0.2.0 Oracle Multimedia Java Advanced Imaging 12.1.0.2.0 Oracle Multimedia Locator 12.1.0.2.0 Oracle Multimedia Locator Java Required Support Files 12.1.0.2.0 Oracle Multimedia Locator RDBMS Files 12.1.0.2.0 Oracle Net 12.1.0.2.0 Oracle Net Java Required Support Files 12.1.0.2.0 Oracle Net Listener 12.1.0.2.0 Oracle Net Required Support Files 12.1.0.2.0 Oracle Net Services 12.1.0.2.0 Oracle Netca Client 12.1.0.2.0 Oracle Notification Service 12.1.0.2.0 Oracle Notification Service (eONS) 12.1.0.2.0 Oracle Notification Service for Instant Client 12.1.0.2.0 Oracle ODBC Driver 12.1.0.2.0 Oracle ODBC Driverfor Instant Client 12.1.0.2.0 Oracle OLAP 12.1.0.2.0 Oracle OLAP API 12.1.0.2.0 Oracle OLAP RDBMS Files 12.1.0.2.0 Oracle One-Off Patch Installer 12.1.0.1.2 Oracle Partitioning 12.1.0.2.0 Oracle Programmer 12.1.0.2.0 Oracle Quality of Service Management (Client) 12.1.0.2.0 Oracle R Enterprise Server Files 12.1.0.2.0 Oracle RAC Deconfiguration 12.1.0.2.0 Oracle RAC Required Support Files-HAS 12.1.0.2.0 Oracle Real Application Testing 12.1.0.2.0 Oracle Recovery Manager 12.1.0.2.0 Oracle Security Developer Tools 12.1.0.2.0 Oracle Spatial and Graph 12.1.0.2.0 Oracle SQL Developer 12.1.0.2.0 Oracle Starter Database 12.1.0.2.0 Oracle Text 12.1.0.2.0 Oracle Text ATG Language Support Files 12.1.0.2.0 Oracle Text for Core 12.1.0.2.0 Oracle Text Required Support Files 12.1.0.2.0 Oracle Universal Connection Pool 12.1.0.2.0 Oracle Universal Installer 12.1.0.2.0 Oracle USM Deconfiguration 12.1.0.2.0 Oracle Wallet Manager 12.1.0.2.0 Oracle XML Development Kit 12.1.0.2.0 Oracle XML Query 12.1.0.2.0 oracle.swd.oui.core.min 12.1.0.2.0 Parser Generator Required Support Files 12.1.0.2.0 Perl Interpreter 5.14.1.0.0 Perl Modules 5.14.1.0.0 PL/SQL 12.1.0.2.0 PL/SQL Embedded Gateway 12.1.0.2.0 Platform Required Support Files 12.1.0.2.0 Precompiler Common Files 12.1.0.2.0 Precompiler Common Files for Core 12.1.0.2.0 Precompiler Required Support Files 12.1.0.2.0 Precompilers 12.1.0.2.0 RDBMS Required Support Files 12.1.0.2.0 RDBMS Required Support Files for Instant Client 12.1.0.2.0 RDBMS Required Support Files Runtime 12.1.0.2.0 Required Support Files 12.1.0.2.0 Sample Schema Data 12.1.0.2.0 Secure Socket Layer 12.1.0.2.0 SQLPlus 12.1.0.2.0 SQLPlus Files for Instant Client 12.1.0.2.0 SQL*Plus Required Support Files 12.1.0.2.0 SQLJ Runtime 12.1.0.2.0 SSL Required Support Files for InstantClient 12.1.0.2.0 Tracle File Analyzer 12.1.0.2.0 XDK Required Support Files 12.1.0.2.0 XML Parser for Java 12.1.0.2.0 XML Parser for Oracle JVM 12.1.0.2.0 There are 135 products installed in this Oracle Home. Interim patches (1) : Patch 20830993 : applied on Thu Feb 25 10:53:50 PST 2016 Unique Patch ID: 18912657 Created on 13 May 2015, 00:37:38 hrs PST8PDT Bugs fixed: 20830993 Files Touched: /qksvc.o --> ORACLE_HOME/lib/libserver12.a ins_rdbms.mk --> ORACLE_HOME/rdbms/lib/ioracle Patch Location in Inventory: /home/oracle/app/oracle/product/12.1.0/dbhome_1/inventory/oneoffs/20830993 Patch Location in Storage area: /home/oracle/app/oracle/product/12.1.0/dbhome_1/.patch_storage/20830993_May_13_2015_00_37_38 ------------------------------------------------------------------------ -------- Process complete. Continue to Setting Up the IoT FND Database

Setting Up the IoT FND Database

Complete the following procedures to set up the IoT FND database:

IoT FND Database Setup Overview
Defining Oracle Database Environment Variables
Installing IoT FND Oracle Database Scripts
Creating the IoT FND Oracle Database
Starting the IoT FND Oracle Database

IoT FND Database Setup Overview

To set up the IoT FND database:

Defining Oracle Database Environment Variables
Installing IoT FND Oracle Database Scripts
Creating the IoT FND Oracle Database
Starting the IoT FND Oracle Database

Defining Oracle Database Environment Variables

Before installing the IoT FND Oracle database, switch to the oracle user account and define the following Oracle database environment variables.

Variable

Description

ORACLE_BASE

Defines the path to the Oracle root directory on your system. For example:


$ export ORACLE_BASE=/home/oracle/app/oracle

If this variable is not set, the IoT FND setup script displays an error.

ORACLE_HOME

Defines the path to the Oracle home of the IoT FND database. For example:


$ export ORACLE_HOME=/home/oracle/app/oracle/product/12.1.0/dbhome_1

Note

Do not have any trailing backslashes in the ORACLE_HOME environment variable.

PATH

Defines the path to the Oracle binaries. For example:


$ export PATH=$PATH:$ORACLE_HOME/bin

LD_LIBRARY_PATH

Defines the path to the libraries. For example:


$ export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH

ORACLE_SID

Defines the Oracle System ID (SID).

If you are only using one database server or installing an HA deployment, set this variable on the primary database server to cgms :


$ export ORACLE_SID=cgms

If deploying a standby database server, set this variable on the standby database server to cgms_s :


$ export ORACLE_SID=cgms_s

If this variable is not set, the IoT FND setup script displays an error.

You can set these variables manually, as shown in the following example:

On a Single or Primary Database Server	On a Standby Database Server
`$ su - oracle $ export ORACLE_BASE=/home/oracle/app/oracle $ export ORACLE_HOME=/home/oracle/app/oracle/ product/12.1.0/dbhome_1 $ export PATH=$PATH:$ORACLE_HOME/bin $ export LD_LIBRARY_PATH=$ORACLE_HOME/ lib:$LD_LIBRARY_PATH $ export ORACLE_SID=cgms`	`$ su - oracle $ export ORACLE_BASE=/home/oracle/app/oracle $ export ORACLE_HOME=/home/oracle/app/oracle/ product/12.1.0/dbhome_1 $ export PATH=$PATH:$ORACLE_HOME/bin $ export LD_LIBRARY_PATH=$ORACLE_HOME/ lib:$LD_LIBRARY_PATH $ export ORACLE_SID=cgms_s`

On a Single or Primary Database Server

On a Standby Database Server


$ su - oracle
$ export ORACLE_BASE=/home/oracle/app/oracle
$ export ORACLE_HOME=/home/oracle/app/oracle/
product/12.1.0/dbhome_1
$ export PATH=$PATH:$ORACLE_HOME/bin
$ export LD_LIBRARY_PATH=$ORACLE_HOME/
lib:$LD_LIBRARY_PATH
$ export ORACLE_SID=cgms


$ su - oracle
$ export ORACLE_BASE=/home/oracle/app/oracle
$ export ORACLE_HOME=/home/oracle/app/oracle/
product/12.1.0/dbhome_1
$ export PATH=$PATH:$ORACLE_HOME/bin
$ export LD_LIBRARY_PATH=$ORACLE_HOME/
lib:$LD_LIBRARY_PATH
$ export ORACLE_SID=cgms_s

Installing IoT FND Oracle Database Scripts

IoT FND is packaged with scripts and Oracle database templates.

To install the Oracle scripts on your Oracle server:

Procedure

Step 1

Step 2

Securely copy the IoT FND Oracle script RPM to your Oracle server:

$ scp cgms-oracle-version_number
.x86_64.rpm root@oracle-machine:~
$ rpm –ivh cgms-oracle-version_number
.x86_64.rpm

Step 3

Run the script installCgmsOracleScripts.sh from the path /opt/cgms-oracle/scripts/

Creating the IoT FND Oracle Database

To create the IoT FND Oracle database in a single-database-server deployment, run the setupCgmsDb.sh script as the user oracle. This script starts the Oracle Database and creates the IoT FND database.

This script creates the user cgms_dev used by IoT FND to access the database. The default password for this user account is cgms123. The default password for the sys DBA account is cgmsDba123.

Note

We strongly recommend that you change all default passwords. Do not use special characters such as, @, #, !, or + when using the encryption_util.sh script. The script cannot encrypt special characters.

Note

If the DB server is used by other applications in addition to IOT FND and cgms DB is also created on that DB server, then use Oracle provided tools like RMAN for DB management tasks.

Note

This script might run for several minutes. To check the setup progress, run the command:$ tail -f /tmp/cgmsdb_setup.log

$ su - oracle
$ export DISPLAY=localhost:0
$ cd $ORACLE_BASE/cgms/scripts
$ ./setupCgmsDb.sh
09-13-2018 10:38:07 PDT: INFO: ======== CGMS Database Setup Started ==========
09-13-2018 10:38:07 PDT: INFO: Log file: /tmp/cgmsdb_setup.log
 
Are you sure you want to setup CG-NMS database (y/n)? y
 
09-13-2018 10:38:08 PDT: INFO: User response: y
09-13-2018 10:38:08 PDT: INFO: CGMS database does not exist.
Enter new password for SYS DBA:
Re-enter new password for SYS DBA:
09-13-2018 10:38:14 PDT: INFO: User entered SYS DBA password.
 
Enter new password for CG-NMS database:
Re-enter new password CG-NMS database:
09-13-2018 10:38:18 PDT: INFO: User entered CG-NMS DB password.
09-13-2018 10:38:18 PDT: INFO: Stopping listener...
09-13-2018 10:38:18 PDT: INFO: Listener already stopped.
09-13-2018 10:38:18 PDT: INFO: Deleting database files...
09-13-2018 10:38:18 PDT: INFO: Creating listener...
09-13-2018 10:38:19 PDT: INFO: Listener creation completed successfully.
09-13-2018 10:38:19 PDT: INFO: Configuring listener...
09-13-2018 10:38:19 PDT: INFO: Listener successfully configured.
09-13-2018 10:38:19 PDT: INFO: Creating database. This may take a while. Please be patient...
09-13-2018 10:42:55 PDT: INFO: Database creation completed successfully.
09-13-2018 10:42:55 PDT: INFO: Updating /etc/oratab...
09-13-2018 10:42:55 PDT: INFO: /etc/oratab updated.
09-13-2018 10:42:55 PDT: INFO: Configuring database...
09-13-2018 10:42:56 PDT: INFO: Starting listener...
09-13-2018 10:42:56 PDT: INFO: Listener start completed successfully.
09-13-2018 10:42:56 PDT: INFO: Starting database configuration...
09-13-2018 10:43:17 PDT: INFO: Database configuration completed successfully.
09-13-2018 10:43:17 PDT: INFO: Starting Oracle...
09-13-2018 10:43:17 PDT: INFO: Starting Oracle in mount state...
ORACLE instance started.
 
Total System Global Area 1.6836E+10 bytes
Fixed Size 2220032 bytes
Variable Size 8589934592 bytes
Database Buffers 8187281408 bytes
Redo Buffers 56487936 bytes
Database mounted.
09-13-2018 10:43:26 PDT: INFO: Opening database for read/write...
 
Database altered.
 
09-13-2018 10:43:29 
PDT: INFO: ========== CGMS Database Setup Completed Successfully ==========

Starting the IoT FND Oracle Database

To start the IoT FND Oracle database:

Procedure

Step 1

Run the script:

$ su - oracle
$ cd $ORACLE_BASE/cgms/scripts
$ ./startOracle.sh

Step 2

Configure a cron job that starts IoT FND database at bootup by running this script:

./installOracleJob.sh

Additional IoT FND Database Topics

The following procedures discuss database management:

Stopping the IoT FND Oracle Database
Removing the IoT FND Database
Upgrading the IoT FND Database
Changing the SYS DBA and IoT FND Database Passwords
IoT FND Database Helper Scripts

Stopping the IoT FND Oracle Database

Typically, you do not have to stop the Oracle database during the installation procedure. However, if it becomes necessary to stop the Oracle database, use the stop script in the scripts directory:


su - oracle
cd $ORACLE_BASE/cgms/scripts
./stopOracle.sh
...
SQL> Database closed.
Database dismounted.
ORACLE instance shut down.
...

Removing the IoT FND Database

Caution

The following script is destructive. Do not use this script during normal operation.

To remove the IoT FND database, run this script:


cd $ORACLE_BASE/cgms/scripts
./deleteCgmsDb.sh

Upgrading the IoT FND Database

To upgrade the IoT FND database:

Procedure

Step 1

Add the database files (a total of 15 files).

ALTER TABLESPACE USERS ADD DATAFILE 
'&oracle_base/oradata/&sid_caps/users<02 to 15>.dbf'
SIZE 5M AUTOEXTEND ON;

This is required for scaling the system.

Step 2

Enable block-change tracking (required for incremental backup):

ALTER DATABASE ENABLE BLOCK CHANGE TRACKING USING FILE
'&oracle_base/oradata/&sid_caps/rman_change_track.f' REUSE;

Step 3

Disable parallel execution:

set parallel_max_servers = 0 scope=both

Caution

The incremental IoT FND backup script enables the Oracle block-change tracking feature to improve backup performance. To take advantage of this feature, delete your IoT FND database and run the setupCgmsDb.sh script before performing the first incremental backup. To avoid losing data, run these commands:

sqlplus sys/password@cgms as sysdba
ALTER DATABASE ENABLE BLOCK CHANGE TRACKING USING FILE
'/home/oracle/app/oracle/oradata/CGMS/rman_change_track.f' REUSE;
exit;

Changing the SYS DBA and IoT FND Database Passwords

To change default IoT FND database password for the CGMS_DEV user:

Procedure

Step 1

On the IoT FND server, run the setupCgms.sh script and change the password for the CGMS_DEV account.

Caution

The password for the IoT FND database and the cgnms_dba user password must match or IoT FND cannot access the database.

# cd /opt/cgms/bin
#./setupCgms.sh
...
Do you want to change the database password (y/n)? y
09-13-2018 17:15:07 PDT: INFO: User response: y
Enter database password:
Re-enter database password:
09-13-2018 17:15:31 PDT: INFO: Configuring database password. 
This may take a while. Please wait...
09-13-2018 17:15:34 PDT: INFO: Database password configured.
...

For information about running the setupCgms.sh script, see Setting Up IoT FND

Step 2

On the Oracle server, run the change_password.sh script and change the password for the CGMS_DEV account:

$ ./change_password.sh
09-13-2018 10:48:32 PDT: INFO: ======== Database Password Util Started ==========
09-13-2018 10:48:32 PDT: INFO: Log file: /tmp/cgms_oracle.log
 
Are you sure you want to change CG-NMS database password (y/n)? y
09-13-2018 10:48:33 PDT: INFO: User response: y
 
Enter current password for SYS DBA:
Re-enter current password for SYS DBA:
09-13-2018 10:48:41 PDT: INFO: User entered current SYS DBA password.
Enter new password for SYS DBA:
Re-enter new password for SYS DBA:
09-13-2018 10:48:54 PDT: INFO: User entered SYS DBA password.
 
Enter new password for CG-NMS database:
Re-enter new password CG-NMS database:
09-13-2018 10:49:03 PDT: INFO: User entered CG-NMS DB password.
User altered.
...

Note

As root, you can also use this script to change the password for the sys user (SYS DBA).

Step 3

On the IoT FND server, run the cgms_status.sh script to verify the connection between IoT FND and the IoT FND database:


RHEL Version	Command
8.x	`systemctl status cgms`
7.x	`service cgms status`

Example Output:

# service cgms status
09-06-2018 18:51:20 PDT: INFO: CG-NMS database server: localhost
09-06-2018 18:51:21 PDT: INFO: CG-NMS database connection verified.

IoT FND Database Helper Scripts

IoT FND Database Helper Scripts describes helper IoT FND database scripts available in the $ORACLE_BASE/cgms/scripts/ directory.

Note

Cisco provides helpful scripts to enable you to perform few tasks easily as FND application talks to DB and interacts with the DB server. However, DB administration tasks are NOT responsibility of Cisco and has to be taken care by your DB administrator.

Table 1. **IoT FND Database Helper Scripts**
Script	Description
change_password.sh	Use this script to change the passwords for the database administration and IoT FND database user accounts. The IoT FND database user account is used by IoT FND to access the database.
backup_archive_log.sh	Use this script to back up the archive logs.
backupCgmsDb.sh	Use this script to back up the IoT FND database. This script supports full and incremental backups.
restoreCgmsDb.sh	Use this script to restore the IoT FND database from a backup.
setupCgmsDb.sh	Use this script to set up IoT FND database.
startOracle.sh	Use this script to start the IoT FND database.
stopOracle.sh	Use this script to stop the IoT FND database.
setupStandbyDb.sh	(IoT FND database HA installations only) Use this script to set up the standby database server.
setupHaForPrimary.sh	(IoT FND database HA installations only) Use this script to set up the primary database server.
getHaStatus.sh	Run this script to verify that the database is set up for HA.

Note

These IoT FND database helper scripts will work if the DB for FND is installed by following the procedure given in the Cisco IoT Field Network Director Installation Guide - Oracle Deployment, Releases 4.3.x and Later.

The helper scripts will not work if custom listener is configured. For example, the ./setupcgmsDB.sh script will set variables and parameters for listeners in listener.ora, tnsnames.ora, and other environment variables or parameters. If the listener.ora and tnsnames.ora are changed, then the helper scripts like restoreCgmsDb.sh might not work. The IoT FND database helper scripts will not work for Oracle RAC clusters. For custom install of DB and also for Oracle RAC clusters, Oracle provided tools like RMAN can be used for backup and restore.

For IoT FND database HA installations, the backup DB uses Oracle Data Guard and has to be setup as given in the Validating the FND Oracle Database HA. If Fast-Start Failover is not enabled as shown in Setting Up the Observer and a custom setup is done for backup DB, for example by duplicating the DB, then the helper scripts (setupStandbyDb.sh, setupHaForPrimary.sh, getHaStatus.sh) for backup DB also might not work.

Installing and Setting Up the SSM (Utility Deployment)

The Software Security Module (SSM) is a low-cost alternative to a Hardware Security Module (HSM). IoT FND uses the CSMP protocol to communicate with meters, DA Gateway (IR500 devices), and range extenders. SSM uses Cisco to provide cryptographic services such as signing and verifying CSMP messages, and CSMP Keystore management. SSM ensures Federal Information Processing Standards (FIPS) compliance, while providing services. You install SSM on the IoT FND application server or other remote server. SSM remote-machine installations use HTTPS to securely communicate with IoT FND.

This section describes SSM installation and set up, including:

Installing or Upgrading the SSM Server
Uninstalling the SSM Server
Integrating SSM and IoT FND

With the SSM server installed, configured, and started and with IoT FND configured for SSM, you can view the CSMP certificate on Admin > Certificates > Certificate for CSMP.

Note

See the Setting Up the HSM Client section in the Generating and Installing Certificates chapter for information on the Hardware Security Module (HSM).

Prerequisites

Ensure that the installation meets the hardware and software requirements listed in the IoT FND Release Notes.

Installing or Upgrading the SSM Server

Note

If you are upgrading the SSM server, first backup the ssm_web_keystore file located at /opt/cgms-ssm/conf and restore after the update is complete.

To install the SSM server:

Procedure

Step 1

Run the cgms-ssm-<version>-<release>.<architecture>.rpm rpm script:

[root@VMNMS demossm]# rpm -Uvh cgms-ssm-<version>.x86_64.rpm
Preparing... ########################################### [100%]
1:cgms-ssm ########################################### [100%]

Step 2

Copy the pre-shared key file (fnd_psk.tgz) from Cisco IoT FND installation in opt/cgms/server/cgms/conf to /opt/cgms-ssm/conf.

Step 3

Get the IoT FND configuration details for the SSM. SSM ships with following default credentials:

ssm_csmp_keystore password: ciscossm
csmp alias name: ssm_csmp
key password: ciscossm
ssm_web_keystore password: ssmweb

[root@VMNMS demossm]# cd /opt/cgms-ssm/bin/
[root@VMNMS bin]# ./ssm_setup.sh
 
Software Security Module Server
1. Generate a new keyalias with self signed certificate for CSMP
2. Generate a new keypair & certificate signing request for CSMP
3. Import a trusted certificate
4. Change CSMP keystore password
5. Print CG-NMS configuration for SSM
6. Change SSM server port
7. Change SSM-Web keystore password
Select available options.Press any other key to exit
Enter your choice :

Step 4

Enter 5 at the prompt, and complete the following when prompted:

Enter current ssm_csmp_keystore password :ciscossm
Enter alias name : ssm_csmp
Enter key password :ciscossm
 
security-module=ssm
ssm-host=<Replace with IPv4 address of SSM server>
ssm-port=8445
ssm-keystore-alias=ssm_csmp
ssm-keystore-password=NQ1/zokip4gtUeUyQnUuNw==
ssm-key-password=NQ1/zokip4gtUeUyQnUuNw==

Step 5

To connect to this SSM server, copy paste the output from Enter 5 at the prompt, and complete the following when prompted: into the cgms.properties file.

Note

You must include the IPv4 address of the interface for Cisco IoT FND to use to connect to the SSM server.

Step 6

Configure the certificate for Cisco IoT FND to SSM communication. See document.

Step 7

(Optional) Run the ssm_setup.sh script to:

Generate a new key alias with self-signed certificate for CSMP
Change SSM keystore password
Change SSM server port
Change SSM-Web keystore password

Note

If you perform any of the above operations, you must run the SSM setup script, select “Print CG-NMS configuration for SSM,” and copy and paste all details into the cgms.properties file.

Step 8

Start the SSM server by running the following command:


RHEL Version	Command
8.x	`systemctl start ssm`
7.x	`service ssm start`

Example Output:

[root@VMNMS ~]# service ssm start
Starting Software Security Module Server: [ OK ]

Monitoring SSM Log Files

You can monitor SSM logs in /opt/cgms-ssm/log/ssm.log

The default metrics report interval is 900 secs (15 min.), which is the minimum valid value. Only servicing metrics are logged. If there are no metrics to report, no messages are in the log.

You can change the metrics report interval by setting the ssm-metrics-report-interval field (in secs) in the /opt/cgms-ssm/conf/ssm.properties file.

Note

Your SSM server must be up and running before starting the IoT FND server.

Uninstalling the SSM Server

This section presents steps to completely uninstall the SSM server, including the steps for a fresh installation.

Note

Do not use this procedure for upgrades. Use the procedure in Installing or Upgrading the SSM Server.

To uninstall the SSM server:

Procedure

Step 1

Stop the SSM server by running the following command:


RHEL Version	Command
8.x	`systemctl stop ssm`
7.x	`service ssm stop`

Step 2

Copy and move the /opt/cgms-ssm/conf directory and contents to a directory outside of /opt/cgms-ssm.

Step 3

Uninstall the cgms-ssm rpm:

rpm -e cgms-ssm

Fresh installations only

Step 4

Install a new SSM server.

Step 5

Copy and overwrite the /opt/cgms-ssm/conf directory with the contents moved in Copy and move the /opt/cgms-ssm/conf directory and contents to a directory outside of /opt/cgms-ssm.

Integrating SSM and IoT FND

Note

You must install and start the SSM server before switching to SSM.

To switch from using the Hardware Security Module (HSM) for CSMP-based messaging and use the SSM:

Procedure

Step 1

Run the following command to stop IoT FND.


RHEL Version	Command
8.x	`systemctl stop cgms`
7.x	`service cgms stop`

Step 2

Run the ssm_setup.sh script on the SSM server.

Step 3

Select option 3 to print IoT FND SSM configuration.

Step 4

Copy and paste the details into the cgms.properties to connect to that SSM server.

EXAMPLE

security-module=ssm
ssm-host=127.107.155.85
ssm-port=8445
ssm-keystore-alias=ssm_csmp
ssm-keystore-password=NQ1/zokip4gtUeUyQnUuNw==
ssm-key-password=NQ1/zokip4gtUeUyQnUuNw==

Step 5

To set up the HSM, specify the following properties in the cgms.properties file (see also Setting Up the HSM Client in the Generating and Exporting Certificates chapter):

security-module=ssm/hsm (required; hsm: Hardware Security Module default.)
hsm-keystore-name=testGroup1 (optional; hsm partition name; testGroup1 default)
hsm-keystore-password=TestPart1 (optional; encrypted hsm partition password;
 TestPart1 default)

Step 6

Ensure that the SSM up and running and you can connect to it.

Step 7

Start IoT FND.

Integrating SSM and IoT FND

Note

You must install and start the SSM server before switching to SSM.

To switch from using the Hardware Security Module (HSM) for CSMP-based messaging and use the SSM:

Procedure

Step 1

Run the following command to stop IoT FND.


RHEL Version	Command
8.x	`systemctl stop cgms`
7.x	`service cgms stop`

Step 2

Run the ssm_setup.sh script on the SSM server.

Step 3

Select option 3 to print IoT FND SSM configuration.

Step 4

Copy and paste the details into the cgms.properties to connect to that SSM server.

EXAMPLE

security-module=ssm
ssm-host=127.107.155.85
ssm-port=8445
ssm-keystore-alias=ssm_csmp
ssm-keystore-password=NQ1/zokip4gtUeUyQnUuNw==
ssm-key-password=NQ1/zokip4gtUeUyQnUuNw==

Step 5

To set up the HSM, specify the following properties in the cgms.properties file (see also Setting Up the HSM Client in the Generating and Exporting Certificates chapter):

security-module=ssm/hsm (required; hsm: Hardware Security Module default.)
hsm-keystore-name=testGroup1 (optional; hsm partition name; testGroup1 default)
hsm-keystore-password=TestPart1 (optional; encrypted hsm partition password;
 TestPart1 default)

Step 6

Ensure that the SSM up and running and you can connect to it.

Step 7

Start IoT FND.

Installing and Setting Up IoT FND

Complete the following procedures to finish your IoT FND installation:

Installation and Setup Overview
Installing IoT FND
Setting Up IoT FND
Starting IoT FND
Checking IoT FND Status
Running the IoT FND Database Migration Script
Accessing the IoT FND Web GUI

Prerequisites

To install IoT FND, first obtain the IoT FND installation RPM:


cgms-version_number
.x86_64.rpm

Note

Ensure that /etc/hosts and /etc/resolv.conf files are correctly configured on the IoT FND server.

Installation and Setup Overview

These topics provide an overview of the two types of IoT FND installations:

Single-Server Deployment
Cluster Deployment (HA)

Single-Server Deployment

To install and set up IoT FND for a single-server deployment:

Log in to the RHEL server that will host IoT FND.
Installing IoT FND.
Setting Up IoT FND.
Running the IoT FND Database Migration Script.
Checking IoT FND Status.
Accessing the IoT FND Web GUI

Cluster Deployment (HA)

To install and set up IoT FND for HA deployments, repeat the steps in Single-Server Deployment, but only run the IoT FND database migration script once.

Setting up a Cluster on CG-NMS Versions Greater than 2.1

A unique cluster for CG-NMS versions greater than 2.1.x is identified by the tuple (UDP_MULTICAST_ADDR,UDP_MULTICAST_PORT).

Note

HA_PARTITION_NAME is not honored now. However, a new parameter CLUSTER_BIND_ADDR is required and it should be set to the IP address of the server that is reachable by other servers in the cluster.

These settings must be set in the /opt/cgms/bin/cgms.conf file. Restart all cluster members after you put these settings on EACH of them.

Note

By default, JBOSS starts forming cluster over 228.11.11.11 and port 45688.

Example:

CLUSTER_BIND_ADDR=2.2.55.25
UDP_MULTICAST_ADDR=228.11.11.21
UDP_MULTICAST_PORT=45691

Note

If you have multiple clusters on the same network, you must configure a different multicast IP and Port pair for each of the clusters.

Installing IoT FND

To install the IoT FND application:

Procedure

Step 1

Run the IoT FND installation RPM:

$ rpm –ivh cgms-version.x86_64.rpm

Step 2

Verify installation and check the RPM version:

$ rpm -qa | grep -i cgms
cgms-1.0

Setting Up IoT FND

To set up IoT FND, run the setupCgms.sh script.

Note

If deploying a IoT FND server cluster, the setupCgms.sh script must be run on every node in the cluster.

Caution

The IoT FND certificate encrypts data in the database. The setupCgms.sh script runs database migration, which requires access to the IoT FND certificate in the keystore. You must set up certificates before running setupCgms.sh. The script results in an error if it migrates the database and cannot access the certificate (see Generating and Exporting Certificates).

Caution

Ensure that the database password entered while running the setupCgms.sh script is valid. If you enter an invalid password multiple times, Oracle might lock your user account. You can unlock your account on the database server.

Note

For more information about unlocking your password, see Unlocking the IoT FND Database Password in the Troubleshooting Guide for Cisco IoT Field Network Director.

This example uses the setupCgms.sh script to set up a single-server IoT FND system that uses one database.


# cd /opt/cgms/bin
 
# ./setupCgms.sh
07-10-2023 17:10:00 IST: INFO: ========== IoT-FND  Setup Started - 2018-09-13-17-10-00 ==========
07-10-2023 17:10:00 IST: INFO: Log file: /opt/cgms/bin/../server/cgms/log/cgms_setup.log
Are you sure you want to setup CG-NMS (y/n)? y
 
07-10-2023 17:10:02 IST: INFO: User response: y
Do you want to change the database settings (y/n)? y
 
07-10-2023 17:10:05 IST: INFO: User response: y
Enter database server IP address [example.com]: 128.107.154.246
 
07-10-2023 17:11:02 IST: INFO: Database server IP: 128.107.154.246
Enter database server port [1522]:
07-10-2023 17:11:07 IST: INFO: Database server port: 1522
Enter database SID [cgms]:
07-10-2023 17:11:12 IST: INFO: Database SID: cgms
Do you wish to configure another database server for this CG-NMS ? (y/n)? n
 
07-10-2023 17:11:18 IST: INFO: User response: n
07-10-2023 17:11:18 IST: INFO: Configuring database settings. This may take a while. Please wait ...
07-10-2023 17:11:19 IST: INFO: Database settings configured.
Do you want to change the database password (y/n)? y
 
07-10-2023 17:15:07 IST: INFO: User response: y
Enter database password:
Re-enter database password:
07-10-2023 17:15:31 IST: INFO: Configuring database password. This may take a while. Please wait ...
07-10-2023 17:15:34 IST: INFO: Database password configured.
Do you want to change the keystore password (y/n)? n
 
07-10-2023 17:16:18 IST: INFO: User response: n
Do you want to change the web application 'root' user password (y/n)? n
 
07-10-2023 17:16:34 IST: INFO: User response: n
Do you want to change IPAM and PSK Settings (y/n)?
07-10-2023 17:16:34 IST: INFO: User response: y
Do you want to use Internal IP Address Management (IPAM) for Loopback (y/n)?

07-10-2023 17:16:34 IST: INFO: User response: y

07-10-2023 17:16:45 IST: Configuring Preferences settings for IPAM. This may take a while. 
Please wait…
07-10-2023 17:16:45 IST: Preferences Settings for IPAM completed successfully
Do you want to manage Tunnels using Unique Pre-Shared Keys (y/n)?
07-10-2023 17:16:34 PDT: INFO: User response: y

07-10-2023 17:16:45 IST: Configuring Preferences settings for Tunnel Mgmt. This may take a while. 
Please wait…
07-10-2023 17:16:45 IST: Preferences Settings for Tunnel Mgmt completed successfully
Do you want to change the FTP settings (y/n)? n
 
07-10-2023 17:16:45 IST: INFO: User response: n
07-10-2023 17:16:45 IST: INFO: ========== IoT-FND Setup Completed Successfully ==========

The setupCgms.sh script lets you configure these settings:

Configuring Database Settings
Configuring Database HA
Configuring the IoT FND Database Password
Configuring the Keystore Password
Configuring the Web root User Password
Configuring FTPS Settings

Configuring Database Settings

To configure the database settings, the setupCgms.sh script prompts you for this information:

IP address of the primary IoT FND database server
Port number of the IoT FND database server

Press Enter to accept the default port number (1522).
Database System ID (SID), which is cgms for the primary database server

Press Enter to accept the default SID (cgms). This SID identifies the server as the primary database server.


Do you want to change the database settings (y/n)? y
 
09-13-2018 17:10:05 PDT: INFO: User response: y
Enter database server IP address [example.com]: 128.107.154.246
 
09-13-2018 17:11:02 PDT: INFO: Database server IP: 128.107.154.246
Enter database server port [1522]:
09-13-2018 17:11:07 PDT: INFO: Database server port: 1522
Enter database SID [cgms]:
09-13-2018 17:11:12 PDT: INFO: Database SID: cgms

Configuring Database HA

To configure the standby database settings, the setupCgms.sh script prompts you for the following information:

IP address of the standby IoT FND database server
Port number of the standby IoT FND database server

Enter 1522 .
Database System ID (SID), which is cgms for the primary database server

Enter cgms_s . This SID identifies the server as the standby database server.


Do you wish to configure another database server for this CG-NMS ? (y/n)? y
 
09-13-2018 17:11:18 PDT: INFO: User response: y
Enter database server IP address []: 128.107.154.20
 
09-13-2018 17:11:02 PDT: INFO: Database server IP: 128.107.154.20
 
Enter database server port []: 1522
 
09-13-2018 17:11:07 PDT: INFO: Database server port: 1522
Enter database SID []: cgms_s
 
09-13-2018 17:11:12 PDT: INFO: Database SID: cgms_s
09-13-2018 17:11:18 PDT: INFO: Configuring database settings. This may take a while. Please wait ...
09-13-2018 17:11:19 PDT: INFO: Database settings configured.

For information about setting up database HA, see Setting Up IoT FND Database for HA.

Configuring the IoT FND Database Password

When prompted to change the IoT FND database password, enter the password of the CGMS_DEV account on the database server. If using the default password, do not change the database password now.


Do you want to change the database password (y/n)? y
 
09-13-2018 17:15:07 PDT: INFO: User response: y

Enter database password:
Re-enter database password:

09-13-2018 17:15:31 PDT: INFO: Configuring database password. This may take a while. Please wait ...
09-13-2018 17:15:34 PDT: INFO: Database password configured.

Configuring the Keystore Password

To configure the keystore password:


Do you want to change the keystore password (y/n)? y
09-13-2018 10:21:52 PDT: INFO: User response: y   

Enter keystore password: keystore_password
Re-enter keystore password: keystore_password
 
09-13-2018 10:21:59 PDT: INFO: Configuring keystore password. This may take a while. 
Please wait ... 
09-13-2018 10:22:00 PDT: INFO: Keystore password configured.

Configuring the Web root User Password

To change the password of the root user account that lets you access the IoT FND browser-based interface, enter y and provide the password:


Do you want to change the web application 'root' user password (y/n)? n
09-13-2018 17:16:34 PDT: INFO: User response: n

Configuring FTPS Settings

If deploying a cluster, provide the FTPS settings required for downloading logs. FTPS securely transfers files between cluster nodes. If the FTPS settings are not configured, you can only download logs from the IoT FND node where you are currently logged in.


Do you want to change the FTP settings (y/n)? y
09-13-2018 17:16:45 PDT: INFO: User response: y

Enter FTP user password:
Re-enter FTP user password:

09-13-2018 17:16:49 PDT: INFO: Configuring FTP settings. This may take a while. Please wait ...
09-13-2018 17:16:57 PDT: INFO: FTP settings configuration completed successfully

Running the IoT FND Database Migration Script

IoT FND uses a special database migration system that lets you quickly migrate your IoT FND database without having to perform a database dump and restore. Each database migration creates or modifies some of the tables in the IoT FND database so that IoT FND can keep a record of migrations already performed.

Before launching IoT FND the first time, run the database migration script to set up the IoT FND tables in the database:

#cd /opt/cgms/bin
#./db-migrate

Note

This script runs for a few minutes before launching IoT FND for the first time. Running this script after upgrading to a new version of IoT FND takes longer depending on the amount of data in the IoT FND database.

Note

If deploying a IoT FND server cluster, run the db-migrate script on only one cluster node.

The db-migrate command prompts you for the database password. The default password is cgms123.

Caution

Ensure that the password entered while running the db-migrate script is the correct password. If you enter an incorrect password multiple times, Oracle might lock your user account. If so, you have to unlock your account on the database server. Follow the steps below to unlock your password:

If you enter an incorrect IoT FND Database password multiple times, Oracle locks your user account. Unlock your password using the Oracle software, as shown in this example:


# su - oracle
# sqlplus sys/<database_password>@cgms as sysdba
alter user cgms_dev account unlock;
exit;.

Accessing the IoT FND Web GUI

IoT FND has a self-signed certificate for its Web GUI. You must add a security exception in your browser to access the IoT FND GUI. Once you start IoT FND, you can access its web GUI at:

The initial default username is root; the password is root123 .

IoT FND uses the default password of root123 unless the password was changed when the setup script ran.

For more information on the setup script, see Setting Up IoT FND .

Note

If the IoT FND includes the Hardware Security Module (HSM), the Firefox browser will not connect to IoT FND. To work around this issue, open Firefox Preferences, navigate to Advanced , and click the Encryption tab. Under Protocols, clear the Use TLS 1.0 check box. Reconnect to IoT FND and ensure that the page loaded properly.

HTTPS Connections

IoT FND only accepts TLSv1.2 based HTTPS connections. To access the IoT FND GUI, you must enable the TLSv1.2 protocol to establish an HTTPS connection with the IoT FND.

Note

IoT FND Release 2.1.1-54 and later do not support TLSv1.0 or TLSv1.1 based connections.

First-Time Log In Actions

This section explains the settings that are required when you log in for the first time.

Changing the Password

When you log in to IoT FND for the first time, a popup window prompts you to change the password.

Note

IoT FND supports a maximum 32-character password length.

Enter your New password.
Re-enter the new password in the Confirm Password field.
Click Change Password.

Configuring the Time Zone

To configure the time zone, follow these steps:

Procedure

Step 1	From the username drop-down menu (top right), choose Time Zone.
Step 2	Select a time zone.
Step 3	Click Update Time Zone .
Step 4	Click OK.

Changing the Sorting Order of Columns

For pages that display lists under a column heading (such as a list of routers) you can change the sort order (ascending or descending) by toggling the triangle icon in the column heading.

Filtering Lists

IoT FND lets you define filters on the DEVICES and OPERATIONS pages.

To define a filter, click Show Filters to the right of the search field to open a filter definition panel (shown below). After you define the search parameters in the field, click the magnifying glass icon to start search. Results display beneath the filter field.

In the following example, typing the search string deviceType:cgmesh status:up in the Search Devices field lists the mesh endpoint devices with an Up status.
Click Hide Filters to close the search field.

Setting User Preferences for User Interface

You can define what items display in the user interface by selecting the Preferences option under the <user name> drop-down menu (top right).

In the User Preferences panel that displays, you can select those items (listed below) that you want to display by checking the box next to that option. Click Apply to save.

User Preference options include:

Show chart on events page
Show summary counts on events/issues page
Enable map:
Default to map view
Show device type and function on device pages: Routers, Endpoints, Head End Routers, Servers

Logging Out

Click Log Out in the <user name> drop-down menu (top right).

IoT FND CLIs

This section addresses key command-line interface (CLI) commands used to manage IoT FND:

Starting IoT FND
Checking IoT FND Status
Stopping IoT FND
Restarting IoT FND
IoT FND Log File Location
IoT FND Helper Scripts
Uninstalling IoT FND

Starting IoT FND

To start IoT FND, run the following command:


RHEL Version	Command
8.x	`systemctl start cgms`
7.x	`service cgms start`

To configure IoT FND so that it runs automatically at boot time, run this command:


chkconfig cgms on

Checking IoT FND Status

Before you can start IoT FND, check its connection to the IoT FND database by running the following command:


RHEL Version	Command
8.x	`systemctl status cgms`
7.x	`service cgms status`

Example Output:


# service cgms status
IoT-FND Version 4.3.0-78
07-05-2018 15:02:43 PDT: INFO: IoT-FND database server: 2.2.55.8
07-05-2018 15:02:44 PDT: INFO: IoT-FND database connection verified.
07-05-2018 15:02:46 PDT: INFO: IoT-FND application server is up and running.
07-05-2018 15:02:47 PDT: INFO: IoT-FND is up and running.

This command provides the IP address or hostname and status of the IoT FND database, and also verifies the connection to the IoT FND database. If the connection is not verified, you cannot start IoT FND.

Stopping IoT FND

To stop IoT FND, run the following command:


RHEL Version	Command
8.x	`systemctl stop cgms`
7.x	`service cgms stop`

Note

The application typically takes approximately 10 seconds to stop. Run ps | grep java to verify that no Java processes are running.

Restarting IoT FND

To restart IoT FND, run the following command:


RHEL Version	Command
8.x	`systemctl restart cgms`
7.x	`service cgms restart`

IoT FND Log File Location

The IoT FND log file (server.log) is located in the /opt/cgms/server/cgms/log directory.

Uninstalling IoT FND

Note

This deletes all IoT FND local installation configuration settings and installation files (for example, the keystore with your certificates).

Tip

If you plan to reinstall IoT FND, copy your current keystore and certificate files to use to overwrite the keystore and certificate files included with the install package.

To remove the IoT FND application, run these commands:


#rpm -e cgms 
# rm -rf /opt/cgms

Cleaning up the IoT FND Database

To clean up the IoT FND database:

(HA database configurations) Stop the Observer server.
(HA database configurations) Run the $ORACLE_BASE/cgms/scripts/ha/deleteStandbyDb.sh script to delete the standby database.
(HA database configurations) Run the $ORACLE_BASE/cgms/scripts/ha/deletePrimaryDbHa.sh script to delete the HA configuration from primary database.
Run the $ORACLE_BASE/cgms/scripts/deleteCgmsDb.sh script to delete primary database.

IoT FND Log File Location

The IoT FND log file (server.log) is located in the /opt/cgms/server/cgms/log directory.

IOT FND Helper Scripts

The following describes the helper IoT FND scripts in the /opt/cgms/bin/ directory


Script	Description
deinstall_cgms_watchdog.sh	Uninstalls the watchdog script.
install_cgms_watchdog.sh	Installs the watchdog script.
mcast_test.sh	Tests the communication between cluster members.
password_admin.sh	Changes or resets the user password used to access IoT FND.
print_cluster_view.sh	Prints cluster members.

Installing and Configuring the IoT FND TPS Proxy

The first use of the optional TPS proxy is typically when a field area router sends an inbound request to initialize the portion of Zero Touch Deployment (ZTD) handled by IoT FND. IoT FND operates behind a firewall and does not have a publicly reachable IP address. When field area routers (such as CGRs) contact IoT FND for the first time, IoT FND requires that they use the TPS proxy. This server lets these routers contact the IoT FND application server to request tunnel provisioning. See Managing Tunnel Provisioning in the Cisco IoT Field Network Director User Guide.

The TPS proxy does not have its own GUI. You must edit the properties in the cgnms.properties and tpsproxy.properties-template files for HTTPS outbound tunnel provisioning requests so that IoT FND recognizes them as requests from the TPS proxy.

After provisioning the tunnel (s), the field area routers can contact IoT FND directly without using the TPS proxy. IoT FND is notified of the exact certificate subject from the proxy certificate, and then authenticates that the HTTPS inbound requests are coming from the TPS proxy.

Figure 1. Zero Touch Deployment Architecture

Setting Up TPS Proxy

To configure the proxy-server settings:

Before you begin

Install the cgms-tpsproxy RPM package Java application on a separate (TPS proxy) server to act as a stateless extension of IoT FND outside the firewall. The TPS proxy can be a Red Hat Enterprise Linux (RHEL) server (see TPS proxy system requirements in the IoT FND Release Notes). The cgnms-tpsproxy application runs as a daemon on the server and requires the following configuration parameters:

URL of the IoT FND server (to forward inbound requests).
IP address of the IoT FND server, as part of a whitelist (approved list) for forwarding outbound requests.

Before you install the TPS proxy, obtain the TPS proxy installation package:

cgms-tpsproxy-version_number.x86_64.rpm

Procedure

Step 1

Configure a RHEL server to use as the TPS proxy.

Step 2

Connect this RHEL server so that it can be reached while outside the firewall.

Step 3

Configure the TPS proxy using the template file:

ssh root@tps_proxy_server
cd /opt/cgms-tpsproxy/conf
cp tpsproxy.properties-template tpsproxy.properties

Note

Edit the cgnms.properties and tpsproxy.properties files after running the encryption_util.sh script during IoT FND TPS Proxy Enrollment

Step 4

Edit the tpsproxy.properties file to add the following lines defining the inbound and outbound addresses for the IoT FND application server:

[root@cgr-centos57 conf]# cat tpsproxy.properties-template
inbound-proxy-destination=https://nms_domain_name:9120
outbound-proxy-allowed-addresses=nms_ip_address
cgms-keystore-password-hidden=<obfuscated password>

Note

You must edit the properties in the cgnms.properties and tpsproxy.properties-template files for HTTPS outbound tunnel provisioning requests so that IoT FND recognizes them as requests from the TPS proxy.

Configuring the TPS Proxy Firewall

To configure the TPS proxy firewall:

Set up a firewall rule to allow HTTPS connections from the TPS proxy to the IoT FND server on port 9120 (for HTTPS inbound requests).
Set up a firewall rule to allow HTTPS connections from the IoT FND server to the TPS proxy on port 9122 (for HTTPS outbound requests).

IoT FND TPS Proxy Enrollment

The enrollment process for the TPS proxy is the same as the IoT FND enrollment process. The certification authority (CA) that signs the certificate of the IoT FND application server must also sign the certificate of the TPS proxy. The certificate of the TPS proxy is stored in a Java keystore and is similar to the IoT FND certificate.

For the enrollment process, consider these scenarios:

Fresh installation

If the keystore password is the same as the default password, change the default password.

Note

We strongly recommend that you change all default passwords. Do not use special characters such as, @, #, !, or + as the encryption_util.sh script cannot encrypt special characters.

If the keystore password is different from default password, run the encryption_util.sh script and copy the encrypted password to the properties file.

Note

Edit the cgnms.properties and tpsproxy.properties files after running the encryption_util.sh script.

Upgrade

Regardless of whether you are using the default password or a custom one, the upgrade process encrypts the password in the /opt/cgms-tpsproxy/conf/tpsproxy.properties file.

For information on IoT FND enrollment, refer to the Generating and Exporting Certificates section in the Generating and Exporting Certificates chapter of this guide.

To enroll the terminal TPS proxy:

Procedure

Step 1	Create a cgms_keystore file .
Step 2	Add your certifications to this file.
Step 3	Copy the file to the /opt/cgms-tpsproxy/conf directory.

Configuring IoT FND to Use the TPS Proxy

Note

If the properties in the cgnms.properties and tpsproxy.properties-template files are not set, IoT FND does not recognize the TPS proxy, drops the forwarded request, and considers it from an unknown device.

Note

The following examples employ variable not mandatory values, and are provided as examples only.

To configure IoT FND to use the TPS proxy:

Procedure

Step 1

Open an SSH connection to the IoT FND server:

ssh root@nms_machine
cd /opt/cgms/server/cgms/conf/

Note

Edit the cgnms.properties and tpsproxy.properties files after running the encryption_util.sh script during IoT FND TPS Proxy Enrollment

Step 2

Edit the cgms.properties file to add lines identifying the TPS proxy IP address, domain name, and user subjects in the cgdm-tpsproxy-subject property:

Note

The cgdm-tpsproxy-subject property must match the installed TPS proxy certificate.

cgdm-tpsproxy-addr=proxy_server_IP_address
cgdm-tpsproxy-subject=CN="common_name", OU="organizational_unit", O="
organization", L="location", ST="state", C="country"

Note

Use quotes around comma-separated strings.

Starting the IoT FND TPS Proxy

Start the TPS proxy after it is installed, configured, and enrolled.

To start the TPS proxy, run the start script:


RHEL Version	Command
8.x	`systemctl start tpsproxy`
7.x	`service tpsproxy start`

The TPS proxy log file is located at /opt/cgms-tpsproxy/log/tpsproxy.log.

Note

For information, see TPS Proxy Validation.

TPS Proxy Validation

The TPS proxy logs all HTTPS inbound and outbound requests in the TPS proxy log file located at /opt/cgms-tpsproxy/log/tpsproxy.log

The following entry in the TPS proxy tpsproxy.log file defines inbound requests for a CGR:


73: cgr-centos57: May 21 2014 01:05:20.513 -0700: %CGMS-6-UNSPECIFIED:
 %[ch=TpsProxyServlet-49dc423f][eid=CGR1240/K9+JAF1732ARCJ][ip=192.168.201.5]
[sev=INFO][tid=qtp46675819-29]: Inbound proxy request from [192.168.201.5]
 with client certificate subject [CN=CGRJAF1732ARCJ.example.com, 
SERIALNUMBER=PID:CGR1240/K9 SN:JAF1732ARCJ]

This message entry in the TPS proxy tpsproxy.log file indicates that the TPS successfully forwarded the message to IoT FND:


74: cgr-centos57: May 21 2014 01:05:20.564 -0700: %CGMS-6-UNSPECIFIED: 
%[ch=TpsProxyServlet-49dc423f][sev=INFO]
[tid=com.cisco.cgms.tpsproxy.TpsProxyServlet-49dc423f-22]: 
Completed inbound proxy request from [192.168.201.5]
 with client certificate subject [CN=CGRJAF1732ARCJ.example.com, 
SERIALNUMBER=PID:CGR1240/K9 SN:JAF1732ARCJ]

The following entry in the IoT FND server log file identifies the TPS proxy:


Request came from proxy
Using forwarded client subject (CN=cg-cgr-1, SERIALNUMBER=PID:CGR1240/K9 SN:JSJ15220047)
 for authentication

The following entry in the TPS proxy tpsproxy.log file defines outbound requests:


%CGMS-6-UNSPECIFIED: %[ch=TpsProxyOutboundHandler][ip=192.168.205.5]
[sev=INFO][tid=qtp257798932-15]: Outbound proxy request from [192.168.205.5]
 to [192.168.201.5:8443]

The following entry in the IoT FND server log file identifies the HTTPS connection:


Using proxy at 192.168.201.6:9122 to send to 
https://192.168.201.4:8443/cgdm/mgmt commands:

Backing Up and Restoring the IoT FND Database

The following topics demonstrate how IoT FND supports both full and incremental database backups:

Before You Begin
Creating a Full Backup of the IoT FND Database
Scheduling a Full IoT FND Backup
Restoring a IoT FND Backup

Before You Begin

Before backing up your IoT FND database:

Download and install the latest cgms-oracle-version_number .x86_64.rpm package.
Copy the scripts, templates, and tools folders from the /opt/cgms-oracle folder to the $ORACLE_BASE/cgms folder.
Set the ownership of the files and folders you copied to oracle:dba.

Creating a Full Backup of the IoT FND Database

Full backups back up all the blocks from the data file. Full backups are time consuming and consume more disk space and system resources than partial backups.

IoT FND lets you perform full hot backups of IoT FND database. In a hot backup, IoT FND and the IoT FND database are running during the backup

Note

The destination backup directory must be writable by the oracle user and have enough space for the IoT FND data.

To create a backup file of the IoT FND software:

Procedure

Step 1	On the IoT FND database server, open a CLI window.
Step 2	Switch to the user oracle: `su - oracle`
Step 3	Change directory to the location of the IoT FND backup script (backupCgmsDb.sh): `cd /home/oracle/app/oracle/cgms/scripts`
Step 4	Run the backup script and specify the destination folder. For example, to store the backup data in the /home/oracle/bkp folder, enter this command: ./backupCgmsDb.sh full /home/oracle/bkp08-03-2018 15:54:10 PST: INFO: ========== CGMS Database Backup Started ==========08-03-2018 15:54:10 PST: INFO: Log file: /tmp/cgms_backup_restore.logAre you sure you want to backup CG-NMS database (y/n)?y
Step 5	Enter y to begin the backup process.

Scheduling a Full IoT FND Backup

To schedule a full IoT FND backup to run daily at 1:00 AM (default setting):

Note

The destination backup directory must be writable by the oracle user and have enough space for the IoT FND data.

Procedure

Step 1	On the IoT FND database server, open a CLI window.
Step 2	Switch to the user oracle : `su - oracle`
Step 3	Change directory to the location of the IoT FND backup script (backupCgmsDb.sh): `cd /home/oracle/app/oracle/cgms/scripts`
Step 4	Run the backup script and specify the destination folder. To change the backup scheduling interval, edit the installCgmsBackupJob.sh script before running it.For example, to store the backup data in /home/oracle/bkp, enter this command: `./installCgmsBackupJob.sh /home/oracle/bkp` To delete the backup job, enter these commands: `cd /home/oracle/app/oracle/cgms/scripts ./deinstallCgmsBackupJob.sh`

Restoring a IoT FND Backup

Perform database backups and restores using the scripts provided in the cgms-oracle.rpm package. If using the supplied scripts, backups and restores only work if performed on the same Oracle database version.

Note

Backups from Oracle version 12.1.0 can only be restored on v12.1.0 if using the supplied scripts. Backups do not work across different versions of Oracle, for example, a backup taken on 12.1.0 cannot be restored on a different version of a future v12.x version using the supplied scripts. If a database upgrade from v12.1.0 to a future v12.x version is required, follow the Oracle upgrade procedure. Refer to the Oracle upgrade document and website.

IoT FND supports restoring IoT FND backups on the same host or different host. If you choose to restore IoT FND backups on a different host, ensure that the host runs the same version of the Oracle database software and that IoT FND database on the destination host was created using the setupCgmsDb.sh script.

Note

IoT FND does not support cross-platform backups.

To restore a IoT FND backup:

Procedure

Step 1

Run the following command to stop IoT FND.


RHEL Version	Command
8.x	`systemctl stop cgms`
7.x	`service cgms stop`

Step 2

Switch to the user oracle, change directories to the script location, and stop Oracle:

su - oracle

cd /home/oracle/app/oracle/cgms/scripts

./stopOracle.sh

Step 3

To restore the IoT FND database, run the command:

./restoreCgmsDb.sh full-backup-file

Tip

Performing a restore from a full backup can be time consuming. For large deployments, we recommend restoring the database from incremental backups.

To restore IoT FND database from an incremental backup, run these commands and specify the path to last incremental backup file:

su - oracle

cd /home/oracle/app/oracle/cgms/scripts

./restoreCgmsDb.sh last-incr1-backup-file

The restore script might display these errors:

06-08-2018 13:12:56 PDT: INFO: Import completed successfully
06-08-2018 13:12:56 PDT: INFO: Shared memory file system. Required (1K-blocks): 6084456,
Available (1K-blocks): 4083180
06-08-2018 13:12:56 PDT: ERROR: Insufficient shared memory file system. Increase your
shared memory file system before restoring this database.
06-08-2018 13:12:56 PDT: ERROR: ========== CGMS Database Restore Failed ==========
06-08-2018 13:12:56 PDT: ERROR: Check log file for more information.

To avoid these errors, increase the size of the shared memory file system:

###### as "root" user
###### Following command allocates 6G to shm. Adjust size as needed.
# umount tmpfs
# mount -t tmpfs tmpfs -o size=6G /dev/shm
 
###### Edit /etc/fstab and replace defaults as shown below
tmpfs /dev/shm tmpfs size=6G 0 0

Step 4

Start Oracle:

./startOracle.sh

Step 5

Change directories to /opt/cgms and run the db-migrate script:


$ cd /opt/cgms
$ bin/db-migrate

When you restore a IoT FND database, the restore script restores the database to the IoT FND version the database was using. An error returns if you restore an old database to a newer version of IoT FND. Run the migrate script to ensure that the database runs with the current version of IoT FND.

Step 6

Start IoT FND by running the following command:


RHEL Version	Command
8.x	`systemctl start cgms`
7.x	`service cgms start`

Note

For disaster recovery, perform a clean restore. The script starts by deleting the current IoT FND database:


$ su - oracle
$ cd /home/oracle/app/oracle/cgms/scripts
$ ./deleteCgmsDb.sh
INFO: ======== CGMS Database Deletion Started - 2011-10-16-07-24-09 ==========
INFO: Log file: /tmp/cgmsdb_setup.log
INFO: Deleting database. This may take a while. Please be patient...
INFO: Delete database completed successfully
INFO: ========== CGMS Database Deletion Completed Successfully 
- 2011-10-16-07-25-01 ==========

Note

If a clean restore is not required, use the Oracle tool to restore the database.

Backing Up the IoT FND Database Incrementally

Incremental backups only back up data file blocks that changed since the previous specified backup. IoT FND supports two incremental backup levels, and an hourly log backup:

incr0–Base backup for subsequent incremental backups. This is similar to a full backup. For large deployments (millions of mesh endpoints and several thousand routers such as CGR1000 and IR800), run incr0 backups twice a week.

incr1–Differential backup of all blocks changed since the last incremental backup. For large deployments (millions of mesh endpoints and several thousand routers), run incr1 backups once a day.

Note

An incr0 backup must run before an incr1 backup to establish a base for the incr1 differential backup.

Hourly archivelog backup–The Oracle Database uses archived logs to record all changes made to the database. These files grow over time and can consume a large amount of disk space. Schedule the backup_archive_log.sh script to run every hour. This script backs up the database archive (.arc) log files, stores them on a different server, and deletes the source archivelog files to free space on the database server.

Tip

Before performing any significant operation that causes many changes in the IoT FND database (for example, importing a million mesh endpoints or uploading firmware images to mesh endpoints), perform am incr0 backup. After the operation completes, perform another incr0 backup, and then resume the scheduled incremental backups.

Performing an Incremental Backup

Note

The destination backup directory must be writable by the oracle user and have enough space for the IoT FND data.

To perform an incremental backup:

Procedure

Step 1

On the IoT FND database server, open a CLI window.

Step 2

Switch to the user oracle and change directory to the location of the IoT FND backup script:

su - oracle
cd /home/oracle/app/oracle/cgms/scripts

Step 3

Run the backup script and specify the incremental backup level and the destination folder where the backup data is stored (for example, /home/oracle/bkp). For example, to perform an incr0 backup to/home/oracle/bkp, enter the command:

./backupCgmsDb.sh incr0 /home/oracle/bkp

To perform an incr1 backup, enter the command:

./backupCgmsDb.sh incr1 /home/oracle/bkp

Cisco IoT Field Network Director Installation Guide-Oracle Deployment, Releases 4.3.x and Later

Bias-Free Language

Results

Chapter: Installing Cisco IoT FND-RPM for the First Time - Oracle Deployment

Installing Cisco IoT FND-RPM for the First Time - Oracle Deployment

IoT FND Installation Overview

Installing and Setting Up the IoT FND Database

Installation and Setup of IoT FND Database Overview

Single-Server Database Deployment

High Availability Database Server Deployment

Downloading and Unpacking Oracle Database

Before you begin

Procedure

Running the Oracle Database Installer

Before you begin

Procedure

Mandatory Installing 18c Patch Only Supported on FND 4.5.x and 4.6.x

Procedure

Setting Up the IoT FND Database

IoT FND Database Setup Overview

Defining Oracle Database Environment Variables

Installing IoT FND Oracle Database Scripts

Procedure

Creating the IoT FND Oracle Database

Starting the IoT FND Oracle Database

Procedure

Additional IoT FND Database Topics

Stopping the IoT FND Oracle Database

Removing the IoT FND Database

Upgrading the IoT FND Database

Procedure

Changing the SYS DBA and IoT FND Database Passwords

Procedure

IoT FND Database Helper Scripts

Installing and Setting Up the SSM (Utility Deployment)

Installing or Upgrading the SSM Server

Procedure

Monitoring SSM Log Files

Uninstalling the SSM Server

Procedure

Integrating SSM and IoT FND

Procedure

Integrating SSM and IoT FND

Procedure

Installing and Setting Up IoT FND

Installation and Setup Overview

Single-Server Deployment

Cluster Deployment (HA)

Setting up a Cluster on CG-NMS Versions Greater than 2.1

Installing IoT FND

Procedure

Setting Up IoT FND

Configuring Database Settings

Configuring Database HA

Configuring the IoT FND Database Password

Configuring the Keystore Password

Configuring the Web root User Password

Configuring FTPS Settings

Running the IoT FND Database Migration Script

Accessing the IoT FND Web GUI

HTTPS Connections

First-Time Log In Actions

Changing the Password

Configuring the Time Zone

Procedure

Changing the Sorting Order of Columns

Filtering Lists

Setting User Preferences for User Interface

Logging Out

IoT FND CLIs

Starting IoT FND

Checking IoT FND Status

Stopping IoT FND

Restarting IoT FND

IoT FND Log File Location

Uninstalling IoT FND

Cleaning up the IoT FND Database

IoT FND Log File Location

IOT FND Helper Scripts

Installing and Configuring the IoT FND TPS Proxy