OpenNSA Installation Guide
Steps tested for ubuntu 14.04.5.
Update and upgrade:
apt-get update && apt-get -y dist-upgrade
(Optional - Only when you want to clone the source code from the git repo) Install the following packages/applications:
apt-get install -y git
Install PostgreSQL Server and its development dependencies: (You can experience error regarding availability of versions of packages. Newer packages should work as well.)
apt-get install -y postgresql postgresql-plpython-9.3 postgresql-server-dev-9.3
Install Python 2.7:
apt-get install -y python python-minimal python-pip python-dev python-openssl libffi-dev libssl-dev openssl libffi6
Get sources
Using GIT:cd /usr/src git clone https://code.geant.net/stash/scm/ccs/opennsa.git cd opennsa git checkout development
Or download sources from here and copy it in there manually.
TODO: ADD THE PACKAGEUse pip to install deps:
##from the directory as shown in prompt ...:/usr/src/opennsa# pip install -r docs/requirements-for-pip.txt
Initialize and Start the PostgreSQL:
/etc/init.d/postgresql restart
Prepare the environment for Opennsa:
useradd -m opennsa chown opennsa:opennsa /usr/src/opennsa ### Should this be chown -R ?
Install OpenNSA:
From the directory as shown in prompt.
:/usr/src/opennsa#python setup.py install
Create the database:
NOTE that LOC in db name means specification of process (aka the individual OpenNSA instance, which means a single uPA , or the aggregator. This depends on the deployment scenario.). Further used in step 13. Note that the 'opennsa' user need only be created once.
cd /usr/src/opennsa cp datafiles/schema.sql /tmp/ su - postgres -c " createdb opennsa-LOC createuser -RSD opennsa " su - opennsa -c " psql opennsa-LOC -c '\i /tmp/schema.sql' "
Create DB for each process (all uPAs + aggregator when used). # eg: opennsa-MAIN, opennsa-FOO, opennsa-BAR, where FOO stands for the location and could be, e.g. mx1.ams.nl, BAR could be mx2.zag.hr, etc.
It's important to keep the server time accurate (feel free to specify your servers and don't forget to add iburst directive):
apt-get -y install ntp /etc/init.d/ntp start
Generate your SSH keys:
su - opennsa -c" ssh-keygen -t rsa -N '' -f ~/.ssh/opennsa_mcrsa.key "
Now create init scripts for each instance (one per dataplane MX router + one as main process-the aggregator)
Note that this step is for Ubuntu 14.04 which is NOT using systemd. This step should work with systemd as well, but it is not right way how to do it and right systemd way will be introduced soon.
TODO: Introduce the proper way for systemd.Default init script is: /etc/init.d/opennsa
Just make copies of it with proper names, and then chmod -x the default script as we won't be running it.cp /etc/init.d/opennsa /etc/init.d/opennsa-LOC # Where LOC = some string eg: "mx1.ams.nl" or "AMS".
Common practice is to create one init script for each router in your dataplane (uPAs) + one where LOC=“main” to be the aggregator.
Edit like in following template…#! /bin/sh # /etc/init.d/opennsa: Start the OpenNSA service ### BEGIN INIT INFO # Provides: opennsa # Required-Start: $network # Required-Stop: $network # Should-Start: $time # Should-Stop: $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: OpenNSA Service ### END INIT INFO . /lib/lsb/init-functions CONFIG_FILE=/etc/opennsa/opennsa-LOC.conf PIDFILE=/var/run/opennsa-LOC.pid DEFAULT_USER=root APP_START="from opennsa import setup ; application = setup.createApplication('$CONFIG_FILE', payload=False, debug=False)" ...............
Interesting lines to edit are: CONFIG_FILE and PIDFILE and APP_START(need to fill arguments to setup.createApplication() )
Create and edit conf files:
cd /etc mkdir opennsa cp opennsa.conf opennsa/opennsa-LOC.conf
Edit config as follows (Configuration is different for uPAs and for aggregator. Read commented config template carefully.):To more details about domain aggregate follow this link.
[service] # Just suggested format of network name, eg: DOMAIN = "LOC.nsi.geant.net" and LOC = "mx1.ams.nl" or "ams" as per previous convention # NOTE: When configuring aggregator, the domain should look like the following: DOMAIN = "nsi.geant.net". network=DOMAIN user=opennsa logfile=/home/opennsa/logs/opennsa-LOC.log ## Host can often be detected. ## Default port is 9080/9443 depending on tls host=OPENNSA_HOST_IP port=9444 # Good practise is to use 9443 for main/aggregator process database=opennsa-LOC dbuser=opennsa dbpassword= tls=false # Uncomment the following for enabling the domain aggregation role. (become the aggregator) #policy=domainaggregate # Location of topology description file # NOTE: When configuring aggregator, NO NRM FILE should be configured. Just comment out/delete the nrmmap line. nrmmap=/home/opennsa/topology/opennsa-LOC-top.nrm # Peering: with domainaggregate feature uPAs should not have any peers defined! # peers=http://ANY_OPENNSA_HOST_IP_OF_PEER:PORT_OF_PEER/NSI/discovery.xml # http://ANY_OPENNSA_HOST_IP_OF_PEER:PORT_OF_PEER/NSI/discovery.xml # Backend configuration here is for the gts Junos MX platform with ssh channel against router ... # Always uncomment/use just one backend at the time. More description can be found on OpenNSA wiki. # NOTE: When configuring aggregator, NO BACKEND should be configured. Just comment out/delete the backend section. # use this dummy backend without any further configs. Useful for testing. #[dud] # JunosMX is the backend for Juniper MX platform supporting VLAN,MPLS and port based STPs. [junosmx] host=MANAGEMET_IP user=opennsa fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX publickey=/home/opennsa/.ssh/opennsa_rsa.key.pub privatekey=/home/opennsa/.ssh/opennsa_rsa.key # LOOPBACK_IP for beeing used as LSP target from different PE routers # All routers in dataplane needs to be listed here. routers=ROUTER_LOC1:LOOPBACK_IP # LOOPBACK_IP for beeing used as LSP target from different PE routers ROUTER_LOC2:LOOPBACK_IP #JunosEX is the backend for Juniper EX 4550 platform supporting VLAN based STPs only. #It supports label swapping using CCC feature. [junosex] host=MANAGEMET_IP user=opennsa fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX publickey=/home/opennsa/.ssh/opennsa_rsa.key.pub privatekey=/home/opennsa/.ssh/opennsa_rsa.key #Section for JUNOS SPACE backend configuration. Uncomment just one backend config for the configured instance [junosspace] space_user=USERNAME space_password=PASSWORD space_api_url=https://IPADDR/api/space configlet_activate_local=CONFIGLET_ID_IN_JUNOSSPACE configlet_activate_remote=CONFIGLET_ID_IN_JUNOSSPACE configlet_deactivate_local=CONFIGLET_ID_IN_JUNOSSPACE configlet_deactivate_remote=CONFIGLET_ID_IN_JUNOSSPACE # LOOPBACK_IP for beeing used as LSP target from different PE routers # All routers in dataplane needs to be listed here. routers=gtstest2:589838:IPADDR2 # FORMAT OF THE 3 tuple: network_name:router_id_in_junosspace:loopback_ip gtstest1:589834:IPADDR1
Create and edit topology files. Up there in conf files is specified their location in the field “nrmmap”.
More info here.Example of London instance topology configuration:
ethernet mx0-3-2 - vlan:3000-3099 1000 ge-0/3/2 - ethernet xe11-0-1 - port:1 10000 xe-11/0/1 - ethernet geant_fra geant_fra:topology#geant_lon-(in|out) mpls:1-4000 10000 xe-0/0/1 - ethernet geant_ams geant_ams:topology#geant_lon-(in|out) mpls:1-4000 10000 xe-0/0/2 -
Create restart script for further use:
#!/bin/bash for l in LOC LOC LOC main; do # Where 'main' is the name of your main/aggregator instance, and "LOC" as per previous convention (add as many as you have) /etc/init.d/opennsa-$l restart sleep 5 done for l in LOC LOC LOC main; do # Where 'main' is the name of your main/aggregator instance, and "LOC" as per previous convention (add as many as you have) /etc/init.d/opennsa-$l restart sleep 5 done
The restart is done twice because of proper sync of topology information between instances.
Run opennsa by calling the script you just created, or call each process individually:
/etc/init.d/opennsa-LOC start /etc/init.d/opennsa-LOC2 start <...> /etc/init.d/opennsa-LOCn start
DONE