Managing Applications After DCNM Deployment
This chapter describes how to verify and manage all of the applications that provide DC3 (Programmable Fabric) central point of management functions after the DCNM is deployed. This chapter includes the following sections:
- Cisco DCNM Applications
- Application Details
- Managing Applications
- Backing Up Cisco DCNM and Application Data
- Restoring Applications
- Updating the SFTP Server Address for IPv6
Note For information about managing these applications in a high-availability (HA) environment, see “Managing Applications in a High-Availability Environment” section.
Cisco DCNM Applications
A complete list of applications included in Cisco DCNM that provide Cisco Programmable Fabric is in Table 6-1 . Information about these applications and the corresponding login credentials are included.
Table 6-1 Cisco DCNM Applications
|
|
|
|
|
---|---|---|---|---|
created by Cisco Prime Network Services Controller administrator |
Created by Cisco Prime Network Services Controller administrator |
|||
Application Details
This section describes the details of all the applications within the functions they provide in Cisco DCNM. The functions are as follows:
- Network Management
- Network Services
- Orchestration
- Power On Auto Provisioning (POAP)
- Group provisioning of switches
Network Management
The data center network management function is provided by the Cisco Data Center Network Manager (DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data center infrastructure. Cisco DCNM can be accessed from your browser: http://[host/ip].
Note For more information about Cisco DCNM, see http://cisco.com/go/dcnm
Network Services
In the Cisco Programmable Fabric solution, traditional services, such as firewalls and load balancers, are deployed at regular leaf nodes within the spine-leaf topology, and at border leaf nodes, unlike more traditional data centers where these services are deployed at the aggregation layer.
Cisco Prime Network Services Controller (NSC) provides the orchestration and automation of network services in Cisco Programmable Fabric. The Prime NSC supports integration with virtual computer and storage managers such as vCenter and System Center Virtual Machine Manager (SCVMM) and provides end-to-end orchestration and automation for services in Cisco Programmable Fabric.
Note For more information about the Prime NSC, see the Cisco Prime Network Services Controller documentation at the following URL:
http://www.cisco.com/en/US/partner/products/ps13213/tsd_products_support_series_home.html.
A Prime NSC Adapter is bundled within the Cisco DCNM. It performs the following functions:
- Enables DCNM to interoperate with one or more instances of the Prime NSC.
- Provides translation of DCNM language and objects into the Prime NSC language and objects.
- Ensures that the Prime NSC and DCNM are always synchronized.
- Maps the tenants and virtual data centers to the Prime NSC instances responsible for network services
Note The Prime NSC Adapter supports DCNM-to-Prime NSC integration for multiple Prime NSC instances. A single Prime NSC instance is not able to fulfill Programmable Fabric scalability requirements for tenants and VMs. Consequently, multiple instances are required to achieve the scale that Programmable Fabric requires.
Config Profiles
When you are using autoconfiguration for Programmable Fabric, the network is associated with a configuration profile (config profile). A config profile template instance is created on leaf nodes wherever a network appears. When using services in the Cisco Prime Network Services Controller (NSC), you must select the correct config profile to orchestrate and automate the services in the Programmable Fabric network.
Table 6-2 includes the sample guidelines for edge firewall with regards to selecting config profiles when you are using services.
Table 6-2 Service configuration profiles
Universal config profile selection for Load Balancer and Edge Services
From Cisco DCNM Release 7.1.1, the universal configuration profiles are to decouple network profiles from VRF profiles, and therefore, allowing you to choose the network/VRF profile combination which best suits your requirement.
The table below shows how to use those universal profiles for a few cases with load balancers and (tenant) edge routers, depending on how such services are deployed.
Orchestration
Three components provide orchestration functions.
Rabbit MQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP). The RabbitMQ message broker sends events from the vCloud Director/vShield Manager to the Python script for parsing. You can configure this protocol by using certain CLI commands from the Secure Shell (SSH) console of the firmware.
Note You need to stop and restart AMQP on both DCNM's server in HA within 30 seconds, otherwise AMQP may not start.
For more information about RabbitMQ, go to http://www.rabbitmq.com/documentation.html
The orchestration Python script receives and parses events from VMware’s vCloud Director/vShield Manager through the RabbitMQ message broker. It communicates with vCloud Director/vShield Manager through web service APIs for detailed information and then calls Cisco DCNM REST APIs to populate data that is to be used by the fabric.
The Python integration scripts and the configuration files in the DCNM Open Virtual Appliance are as follows:
/root/utils/vCDclient-ini.conf
You should edit the vCDclient-ini.conf file with your specific information and start the integration using Python2.7 as python2.7 vCDclient.py
Tip By invoking the script with the Python command, you will invoke the default Python 2.6 version, which might fail; the integration script requires certain modules that are available only in Python 2.7.
The DCNM Open Virtual Appliance installs LDAP that serves as an asset database to the switches.
Note From Cisco DCNM Release 7.1.x, during installation of Virtual Appliances, Secure LDAP is enabled by default on Port 636.
Device Power On Auto Provisioning
Power On Auto Provisioning (POAP) occurs when a switch boots without any startup configuration. It is accomplished by two components that were installed:
The DHCP server parcels out IP addresses to switches in the fabric and points to the location of the POAP database, which provides the Python script and associates the devices with images and configurations.
During the Cisco DCNM installation, you define the IP Address for the inside fabric management address or OOB management network and the subnets associated with the Cisco Programmable Fabric management.
Note You should always configure DHCP through Cisco DCNM web UI by choosing: UI > Configure > POAP > DHCP Scopes. Editing the /etc/dhcp/dhcp.conf file from an SSH terminal might lead to unexpected behavior.
The TFTP server hosts boot scripts that are used for POAP.
The SCP server downloads the database files, configuration files, and the software images.
Group Provisioning of Switches
You can accomplish group provisioning of switches by using the Extensible Messaging and Presence Protocol (XMPP) server. Through the XMPP server and Cisco Jabber, you have access to all devices in the fabric and can create chat groups of spines and leaves for group provisioning of switches.
The initial XMPP configuration can be done through the Cisco DCNM web UI by choosing: Configure > LAN Fabric Settings > General.
Note Before a switch can participate in XMPP, it must be added to the XMPP database by using the appmgr CLI command shown in Table 6-4. See the“XMPP User and Group Management” section for information.
Managing Applications
You can manage the applications for Cisco Programmable Fabric in the Cisco DCNM through commands in an SSH terminal.
Enter the appmgr command from the SSH terminal by using the following credentials:
Note For your reference, context sensitive help is available for the appmgr command. Use the appmgr command to display help.
Use the appmgr tech_support command to produce a dump of the log files. You can then provide this information to the TAC team for troubleshooting and analysis of your setup.
Note This section does not describe commands for Network Services using Cisco Prime Network Services Controller.
This section includes the following:
- Verifying the Application Status after Deployment
- Stopping, Starting, and Resetting Applications
- XMPP User and Group Management
- Change from Local Database to an External Database
- Change password for Linux root user
Verifying the Application Status after Deployment
After you deploy the OVA/ISO file, you can determine the status of the applications that were deployed in the file. You can use the appmgr status command in an SSH session to perform this procedure.
Note Context-sensitive help is available for the appmgr status command. Use the appmgr status ? command to display help.
DETAILED STEPS
Step 1 Open up an SSH session:
a. Enter the ssh root DCNM network IP address command.
b. Enter the administrative password to login.
Step 2 Check the status of the applications by entering this command:
Stopping, Starting, and Resetting Applications
Use the following CLI commands for stopping, starting, and resetting applications:
Note From Cisco DCNM Release 7.1.x, when you stop an application by using the appmgr stop <<app_name>> command, the application will not start during successive reboots.
For example, if DHCP is stopped by using the appmgr stop dhcp command, and the OS is rebooted, the DHCP application will still be down after the OS is up and running.
To start again, use the command appmgr start dhcp. The DHCP application will be started after reboots also. This is to ensure that when an environment uses an application that is not packaged as part of the virtual appliance (like CPNR instead of DHCP), the application locally packaged with the virtual appliance will not interfere with its function after any OS reboots.
Note When a DCNM appliance (ISO/OVA) is deployed, the Cisco SMIS component will not get started by default. However, this component can be managed using the appmgr CLI:
appmgr start/stop dcnm-smis
appmgr start/stop dcnm will start/stop only the DCNM web component.
XMPP User and Group Management
XMPP in-band registration is disabled in the Cisco DCNM from a security perspective.
Before a switch can participate in XMPP, it must be added to the XMPP database by using the appmgr CLI command shown in Table 6-4 .
Note A switch that has gone through POAP does not need to be added to the XMPP database using the appmgr CLI commands.
When POAP definitions are created in DCNM Web UI for a given switch, an XMPP user for that switch is automatically created in the XMPP database with the switch hostname “XMPP user” and with an XMPP password specified in the POAP definitions.
When the Cisco DCNM is deployed, an XMPP user named “admin” and a group named “dcnm-dfa” are created. This can be changed later in the DCNM Web UI by choosing Configure > LAN Fabric Settings > General.
Table 6-4 CLI Commands for XMPP user and group management
Change from Local Database to an External Database
Cisco recommends that you use an external Oracle database if you have large number of devices to be managed by your Cisco DCNM. Perform the following procedures to change from local database to an external database, when required.
Reconfigure DCNM to use an external Oracle database
Note Reconfiguring Cisco DCNM to use an external Oracle database is supported only for OVA/ISO deployments.
Perform the following steps to reconfigure the DCNM to use an external Oracle database.
Step 2 To configure the DCNM to use an external Oracle database, use appmgr update dcnm -u <oracle_jdbc_url> -n <oracle_db_user> -p <oracle_db_password> command.
-u <oracle_jdbc_url> : Oracle JDBC URL, example, jdbc:oracle:thin:@1.2.3.4:1521:XE
-n <oracle_db_user> : Database Username
-p <oracle_db_password>: Database User Password
Change password for Linux root user
Use the following CLI command to change the password of the Linux root user.
At the prompt, enter the new password:
Note Do not use the following characters in your password:
"&$%' and <SPACE>.
Backing Up Cisco DCNM and Application Data
You can use the appgmr backup command to back up Cisco DCNM and application data. See the following sections for details about backing up data.
Note For your reference, context sensitive help is available for the appmgr backup command. Use the appmgr backup ? command to display help.
Backing Up Cisco DCNM
You can back up Cisco DCNM with a single command.
Note Configuration archive directories are not part of this backup. The command backs up only the local PostgreSQL database used by Cisco DCNM.
Backing Up Application Data
Backing up all application data can be performed for a specific application or for all applications at once. Refer to the following table for CLI backup commands.
Table 6-5 CLI Commands for backing up application data
Using Scripted Backups for Backing Up Application Data
If you use cron jobs for backup procedures, the database passwords can be assigned arguments so that there are no prompts. For example, you can use the -p1 command for the Cisco DCNM database password. You can use the -p2 command for the XMPP database password. Both passwords apply only to local databases.
Collecting Log Files
Log files are needed to troubleshoot the Cisco DCNM installation.
Cisco DCNM-SAN is installed under <DCNM_HOME>. The following are the default installation directories:
Note In Microsoft Windows, when a Cisco DCNM 32-bit installer is used for installation in a 64-bit environment, the default installation directory is C:\Program Files <x86>\Cisco Systems.
Once the Cisco DCNM installation is complete, you can find the installer logs under:
- Microsoft Windows—USER_HOME\dcnm_installer.log
- Linux— /root/dcnm_installer.log
- OVA/ISO— appmgr tech_support command
Note When you have several Cisco DCNM installations on the same machine, the installer preserves the logs with a timestamp. When the installation is done in the debug mode, the dcnm_installer.log file is not available.
The PostgreSQL install logs are available under:
- Microsoft Windows—USER_TEMP_DIR\install-postgresql.log
- Linux: /tmp/install-postgresql.log
- OVA/ISO— appmgr tech_support command
The Cisco DCNM-SAN server logs are available under:
- Microsoft Windows—DCNM_HOME>\dcm\jboss\server\fm\logs
- Linux—DCNM_HOME/dcm/jboss/server/fm/logs
- OVA/ISO— appmgr tech_support command
Note For Cisco DCNM Virtual Appliance, use the appmgr tech_support command to produce a dump of the log files. You can then provide this information to the TAC team for troubleshooting and analysis of your setup.
Restoring Applications
Restoring an application clears all the existing data from that application. Before you restore an application, you should shut down the application.
Because all data will be cleared, you should perform a backup of the application that you are going to restore.
Use the following procedure to back up application data and restore the application on a new DCNM Open Virtual Appliance.
Note A backup and restore procedure is supported only on either the same Open Virtual Appliance or a new Open Virtual Appliance deployed with an identical network configuration as the backed-up Open Virtual Appliance.
If you have applied device pack on your DCNM instance, they will not be backed up. You may lose functionality provided by the device pack on restore. For more information, refer Restoring Device Pack Functionality, in Cisco DCNM Fundamentals Guide, Release 10.4(2).
DETAILED STEPS
Step 1 Use the appmgr backup command on the existing Open Virtual Appliance.
Step 2 Transfer the backup file to any repository.
Step 3 Power off the first Open Virtual Appliance.
Step 4 Deploy another Open Virtual Appliance with the same network configuration as the existing one, using the same IP/Netmask/Gateway/Hostname/DNS.
Step 5 Transfer the backup file to the second Open Virtual Appliance.
Step 6 Run the appmgr restore with the new backup on the new Open Virtual Appliance.
Note See Table 6-6 for a list of CLI commands to restore applications.
Table 6-6 CLI commands for restoring applications
|
|
---|---|
Updating the SFTP Server Address for IPv6
After deploying the DCNM OVA/ISO successfully with EFM IPv4 and IPv6, by default the SFTP address is pointed to IPv4 only. You need to change the IPv6 address manually in the following two places:
- In the DCNM Web Client, choose Administration > Server Properties and then update the below fields to IPv6 and click the Apply Changes button.
#_____________________________________________________________________
# GENERAL>xFTP CREDENTIAL
#
# xFTP server's ip address for copying switch files:
server.FileServerAddress
- Log in to the DCNM through ssh and update the SFTP address with IPv6 manually in the server.properties file (/usr/local/cisco/dcm/fm/conf/server.properties).
# xFTP server's ip address for copying switch files:
server.FileServerAddress=2001:420:5446:2006::224:19