Installing Cisco VIM Unified Management


Note

Cisco VIM Insight is also known as Cisco VIM Unified Management. They are interchangeable across the guide.

Cisco VIM offers the Unified Management solution in standalone mode on a dedicated node to manage multiple Cisco VIM pods. As the UI interacts with the REST API, it is not necessary that the pod must be managed by Insight from Day 0. You can register a pod, with an Insight instance after it is up and running.

The UI supports two types of Admin: UI Admin and Pod Admin. The UI Admin is for the administrators who can add more folks as UI Admin or Pod admin. The Pod Admin has privileges only at the pod level, whereas an UI Admin has privileges both at UI and pod level.

Complete the following procedure to install Cisco VIM Insight on the Cisco NFVI management node.

Installing Cisco VIM Unified Management with Internet Access

Complete the following steps to install Cisco VIM Insight on the Cisco NFVI management node. As security is paramount to pod management, the web-service hosting the single pane of glass is protected through TLS. Following are the steps to get the TLS certificate setup going.

You can select one of the following approaches for the TLS certificate configurations:

  1. Provide your own certificate: You can bring in your certificate on the management node and provide the absolute path of .pem and CA certificate files in the insight_setup_data.yaml file. The path must be provided as a value for the key 'PEM_PATH' in the insight_setup_data.yaml file.

  2. Generate a new certificate on the node. You can create a new certificate on the node by running the following command:
    
     # cd /root/installer-<tag_id>/insight/
     #./tls_insight_cert_gen.py -f <path_to_insight_setup_data.yaml>/insight_setup_data.yaml.
    
    This script searchs for the 'PEM_PATH' inside the insight_setup_data.yaml. As the path is not provided, it creates a new certificate inside install-dir/openstack-configs.

    Note

    The self-signed certificate generation utility script is provided for lab/testing deployment only. Ensure that you do not use self-signed certificate generated by this utility for the production deployment.


Before you begin

Complete all Cisco NFVI preparation tasks that are described in Preparing for Cisco NFVI Installation, and the management node that are described Cisco VIM Management Node Networking .The procedure to bootstrap the node hosting the Insight is same as installing the buildnode.iso. Make sure that you plan for a standalone unified management node for production. Click the Yes option if the node is to be used in the production.

Procedure


Step 1

Enter ip a to verify the br_mgmt and br_api interfaces are up and are bound to bond0 and bond1 respectively. For example:

$  ip a
br_api: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff
inet nnn.nnn.nnn.nnn/25 brd nnn.nnn.nnn.nnn scope global br_api valid_lft forever preferred_lft forever
inet6 fe80::3c67:7aff:fef9:6035/64 scope link valid_lft forever preferred_lft forever
bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_api state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff
br_mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff
inet nnn.nnn.nnn.nnn/24 brd nnn.nnn.nnn.nnn scope global br_mgmt valid_lft forever preferred_lft forever
inet6 fe80::278:88ff:fe46:ee6e/64 scope link valid_lft forever preferred_lft forever
bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_mgmt state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff
Note 

The br_mgmt and br_api interfaces are created when you install the RHEL on the management node in Installing the Management Node.

Step 2

Run the following commands to copy the installer directory and the standalone insight_setup_data_yaml.

  1. Copy the installer dir to a directory in /root/. Start the name of the new directory with Insight-tag_id.

    # cd /root/
    # cp -pr installer-<tag_id> <Insight-tag_id>
    
    
  2. Copy the Standalone insight_setup_data.yaml. Standalone_EXAMPLE file from the Insight-dir/openstack-configs to any other location on the management node or the BOM.

    # cp /root/Insight-<tag_id>/openstack-configs/insight_setup_data.yaml.
    Standalone_EXAMPLE /root/insight_setup_data.yaml
    
Step 3

Modify the insight setup data according to your requirements.

#Configuration File:

#########################################################
# User Defined Configuration File.
# Information in this file is specific to the user setup.
########################################################

# This file is used as an inventory file to setup Insight Container.

#######################################################
# Registry credentials
 
####################################################### 
REGISTRY_USERNAME: '<username>'
REGISTRY_PASSWORD: '<password>'

# Install Mode: connected/disconnected, Optional parameter; default is connected 
INSTALL_MODE: connected

# https_proxy: <Name of the proxy server without https://> ; Optional Parameter for INSTALL_MODE
# Needed for connected install only and not required for disconnected mode. 

####################################################
# Super Admin Username Password
###################################################

# This user is the default Super Admin of the system and can grant Aacess to all other users getting registered to PODs.
# This is a mandatory field and is required to be filled every time. 
UI_ADMIN_USERNAME: '<username>'
UI_ADMIN_EMAIL_ID: '<email_id@domain.com>'

# Please define the mail server off which the Insight email alias works;
# For example, outbound.cisco.com
# Optional: Valid SMTP Server is required for sending mails to the customers. By default, it is set as True. 
INSIGHT_SMTP_SERVER: <smtp.domain.com>
#INSIGHT_SMTP_PORT: <port no.>           
#optional, defaults to 25, if undefined

# for Insight UI, customer needs to create a mailer, so that automated mails come from that alias;
# For example, vim-insight-admin@cisco.com
# Mandatory: You need to create a valid email alias that would be responsible for sending email notification for users and UI Admin.
INSIGHT_EMAIL_ALIAS: <Email-Alias@domain.com>
# Optional: Insight Email Alias Password is required if log in on a SMTP server requires authentication.
INSIGHT_EMAIL_ALIAS_PASSWORD: <password>    #Optional

####################################################
# LDAP Configuration
###################################################
LDAP_MODE: <True or False>      # Required, True when ldap server is available.
#
# Following LDAP settings are required only when LDAP_MODE is True.
LDAP_SERVER: <IP Address of the LDAP Server>
LDAP_PORT: <port no.>
LDAP_ADMIN: '<user-DN for admin>' # e.g Complete DN of admin user for bind and search. <cn=admin, dc=example, dc=com>
LDAP_ADMIN_PASSWORD: '<password>' # e.g. password of bind user
LDAP_BASE_DN: '<DN tree for Groups>' # e.g. 'ou=Groups,dc=cisco,dc=com'
LDAP_SECURE: '<True or False> # For protocol to be followed. True is for ldaps and False is for ldap
# LDAP certificate path for self-signed certificates only;
# Required when LDAP_SECURE is True for self-signed certificate.
# In case of trusted Root-CA-Certificate, this key in not required.
LDAP_CERT_PATH: '<abs_location_for_cert_path>'
LDAP_USER_ID_ATTRIBUTE: 'LDAP attribute which can be used as user-id' # e.g. <'uid' or 'cn' or 'mail'>
LDAP_GROUP_SEARCH_FILTER: 'LDAP search filter to search groups on LDAP' # e.g. <LDAP_GROUP_SEARCH_FILTER: "(objectClass=posixGroup)">
LDAP_GROUP_USER_SEARCH_FILTER: 'LDAP search filter to search group-members on LDAP' # e.g. <LDAP_GROUP_USER_SEARCH_FILTER: "(objectClass=posixAccount)">

#TLS certificate path;
#Absolute TLS certificate path, can also be generated using the script tls_insight_cert_gen.py located at
# installer-<tagid>/insight/; if generated by: tls_insight_cert_gen.py, then entry of the info is optional;
# the script copies the certs to installer-<tagid>/openstack-configs/ dir
PEM_PATH: <abs_location_for_cert_path>
SSL_CERT_CHAIN_FILE: <abs_location_for_cert_chain_file of x509 certificate> #Mandatory if PEM_PATH is defined in the setupdata.



#If using tls_insight_cert_gen.py to create the cert, please define the following:
CERT_IP_ADDR: <br_api of the insight node> # Mandatory
CERT_HOSTNAME: <Domain name for Cert>      # Optional
And then execute:
# cd installer-<tagid>/insight
# ./tls_insight_cert_gen.py --file <absolute path of insight_setup_data.yaml>

The script generates the certs at installer-<tagid>/openstack-configs/ dir

If bringing in a 3rd part Cert, skip the above step and define the following 
CERT_IP_ADDR: <br_api of the insight node> # Mandatory
CERT_HOSTNAME: <Domain name for Cert> # Optional
PEM_PATH in insight_setup_data.yaml, and go to step 4 instead of executing # ./tls_insight_cert_gen.py

As part of insight bootstrap the script copy the certs to installer-<tagid>/openstack-configs/ dir 

Step 4

Save the edited insight_setup_data.yaml file.

Step 5

Start the insight installation process.

$ cd /root/Insight-<tag_id>/insight/
$./bootstrap_insight.py --help
usage: bootstrap_insight.py [-h]  –-action ACTION
                            [--regenerate_secrets] [--setpassword]
                            [--file INSIGHTSETUPDATA] [--keep] [--verbose]
                            [--backupdir BACKUPDIR] [-y]

Insight install setup helper.

optional arguments:
  -h, --help            show this help message and exit
  --action ACTION, -a ACTION
                        install - Install Insight UI
                        install-status - Display Insight Install Status
                        reconfigure - reconfigure - Reconfigure Insight DB password, 
			   TLS Certificate, INSIGHT_SMTP_SERVER, 
                        INSIGHT_EMAIL_ALIAS_PASSWORD, 
                        INSIGHT_EMAIL_ALIAS, INSIGHT_SMTP_PORT
                        LDAP_MODE, LDAP_SERVER, LDAP_PORT, LDAP_ADMIN
                        LDAP_ADMIN_PASSWORD, LDAP_BASE_DN, LDAP_SECURE
                        LDAP_CERT_PATH, LDAP_USER_ID_ATTRIBUTE,
     		     SSL_CERT_CHAIN_FILE, LDAP_GROUP_SEARCH_FILTER, 
                        LDAP_GROUP_USER_SEARCH_FILTER


                        update - Update Insight UI
                        update-status - Display Insight Update Status
                        rollback - Rollback Insight UI update
                        commit - Commit Insight UI update
                        backup - Backup Insight UI
                        uninstall - Uninstall Insight UI
  --regenerate_secrets, -r
                        System generated INSIGHT_DB_PASSWORD
  --setpassword, -s     User supplied INSIGHT_DB_PASSWORD, 
  --file INSIGHTSETUPDATA, -f INSIGHTSETUPDATA
                        Location of insight_setup_data.yaml 
  --keep, -k            Preserve Insight artifacts during uninstall
  --verbose, -v         Verbose on/off
  --backupdir BACKUPDIR, -b BACKUPDIR
                        Path to backup Insight
  -y, --yes             Option to skip reconfigure or uninstall steps without prompt


$ ./bootstrap_insight.py –a install –f </root/insight_setup_data.yaml> 

VIM Insight install logs are at: /var/log/insight/bootstrap_insight/bootstrap_insight_<date>_<time>.log

Management Node validation!
+-------------------------------+--------+-------+
| Rule	                   | Status | Error |
+-------------------------------+--------+-------+
| Check Kernel Version	   |  PASS  | None |
| Check Ansible Version         |  PASS  | None |
| Check Docker Version	   |  PASS  | None |
| Check Management Node Tag     |  PASS  | None |
| Check Bond Intf. Settings     |  PASS  | None |
| Root Password Check	    |  PASS  | None |
| Check Boot Partition Settings |  PASS  | None |
| Check LV Swap Settings        |  PASS  | None |
| Check Docker Pool Settings    |  PASS  | None |
| Check Home Dir Partition      |  PASS  | None |
| Check Root Dir Partition      |  PASS  | None |
| Check /var Partition          |  PASS  | None |
| Check LVM partition           |  PASS  | None |
| Check RHEL Pkgs Install State |  PASS  | None |
+-------------------------------+--------+-------+


Insight standalone Input validation!
+-------------------------------------------+--------+-------+
| Rule                                      | Status | Error |
+-------------------------------------------+--------+-------+
| Insight standalone Schema Validation      |  PASS  | None  |
| Valid Key Check in Insight Setup Data     |  PASS  | None  |
| Duplicate Key Check In Insight Setup Data |  PASS  | None  |
| CVIM/Insight Workspace Conflict Check     |  PASS  | None  |
| Check Registry Connectivity               |  PASS  | None  |
| Check LDAP Connectivity	            |  PASS  | None  |
| Test Email Server for Insight             |  PASS  | None  |

Downloading VIM Insight Artifacts, takes time!!!

Cisco VIM Insight Installed successfully!
+-----------------------+--------+---------------------------------------------------------+
| Description           | Status | Details                                                 |
+-----------------------+--------+---------------------------------------------------------+
| VIM Insight UI URL    | PASS   | https://<br_api:9000>                                   |
| VIM UI Admin Email ID | PASS   | Check for info @: <abs path of insight_setup_data.yaml> |
|                       |        |                                                         | 
| VIM UI Admin Password | PASS   | Check for info @ /opt/cisco/insight/secrets.yaml        |
| VIM Insight Workspace | PASS   | /root/Insight-<tag_id>/insight/                         |
+-----------------------+--------+---------------------------------------------------------+

Cisco VIM Insight backup Info!
+----------------------+-------+-------------------------------------------------------------------+
| Description          | Status| Details                                                           |
+----------------------+-------+-------------------------------------------------------------------+
| Insight backup Status| PASS  | Backup done @                                                     |
|                      |       | /var/cisco/insight_backup/insight_backup_<release_tag>_<date_time>|
+----------------------+-------+-------------------------------------------------------------------+


Cisco VIM Insight Autobackup Service Info!
+------------------------+--------+------------------------------------------------+
| Description            | Status | Details                                        |
+------------------------+--------+------------------------------------------------+
| VIM Insight Autobackup | PASS   | [ACTIVE]: Running 'insight-autobackup.service' |
+------------------------+--------+------------------------------------------------+

Done with VIM Insight install!
VIM Insight install logs are at: "/var/log/insight/bootstrap_insight/"

Logs of Insight Bootstrap are generated at : /var/log/insight/bootstrap_insight/ on the management node. Log file name for Insight Bootstrap are in the following format : bootstrap_insight_<date>_<time>.log. Only ten bootstrap Insight log files are displayed at a time. Once the bootstrap process is completed a summary table preceding provides the information of the UI URL and the corresponding login credentials. After first login, for security reasons, we recommend you to change the Password.
Insight autobackup takes place after an install and is located at default backup location /var/cisco/insight_backup;
details of which is provided in the backup summary table. 
To add a new UI Admin in a setup that just got created, login to VIM insight and add a new UI admin user from the Manage UI Admin Users menu. Without doing a fresh install (that is un-bootstrap, followed by bootstrap) of the insight application, the UI admin that was bootstrapped cannot be changed.
Refer Cisco VIM Insight Post Bootstrap Validation Checks section, to verify the bootstrap status of Cisco VIM Insight.


Installing Cisco VIM Unified Management with Cisco VIM Software Hub

To reduce the logistics of the artifact distribution during an air-gapped installation, use Cisco VIM Software Hub. To download the artifacts to the Cisco VIM Software Hub server, follow the instructions available at Installing Cisco VIM Software Hub in Air-Gapped Mode. Then, you can use the connected way of installing Unified Management (UM) on the UM node.

To install UM on the UM node through Cisco VIM Software Hub, you need RESGITRY_NAME as an additional field in the setup data for the UM node.

REGISTRY_NAME: '<registry_name>' #Mandatory Parameter when SDS is enabled. 

For example, registry FQDN name [your.domain.com]. When Cisco VIM Software Hub is not enabled, this parameter must not be used.

Once REGISTRY_NAME is defined in the setup data, the UM software fetches the artifacts from the Cisco VIM Software Hub server as long as the INSTALL_MODE is defined to be connected or not defined in the insight_setup_data.yaml file. By default, it is assumed to be connected.

Installing Cisco VIM Unified Management with LDAP

Insight supports both LDAP and LDAPs (Secure over SSL) for an AD (Active Directory) environment. You can choose only one at a time.

LDAPs supports connection using both self-signed and CA-signed certificate. You can choose any type of certificate for LDAPs.

  • Selecting self-signed certificate option will require a certificate for verification over LDAPs and to make a secure connection to LDAP over SSL.

  • No certificate is required when selecting CA-signed certificate option.

The following are the required keys in setup data for LDAP support:

  • LDAP_MODE: < True or False >

  • LDAP_SERVER: < IP address of LDAP server >

  • LDAP_PORT: < Port no. >

  • LDAP_BASE_DN: <DN tree for Groups>

  • LDAP_SECURE: < True or False >

  • LDAP_USER_ID_ATTRIBUTE: <'uid' or 'cn' or 'mail'>

Following optional key is required in the setup_data file, when LDAP_SECURE is True and a self-signed certificate is used:

LDAP_CERT_PATH: < Path of cert file >

Following optional keys are required in the setup_data file, when LDAP server is configured to support simple binding:

  • LDAP_ADMIN: < User-Name of Admin user >

  • LDAP_ADMIN_PASSWORD: < Password of user Admin >

  • LDAP_GROUP_SEARCH_FILTER: < Filter to search LDAP-Group on Server >

  • LDAP_GROUP_USER_SEARCH_FILTER: < Filter to search user in LDAP-Group >

Installing Cisco VIM Unified Management Without SMTP

By default, a SMTP infrastructure is required for Cisco VIM Unified Management service.

For releases starting from Cisco VIM 2.4.2, the Unified Management service is supported in the absence of SMTP.


Note

The migration of the Unified Management service to SMTP enabled mode from the mode which does not require SMTP, is not supported.

To install Unified Management without SMTP, follow the below steps:

Procedure


Step 1

Modify the insight_setup_data.yaml file and add following key:

SMTP_MODE: False
Step 2

Remove the following keys from the insight_setup_data.yaml:


INSIGHT_SMTP_SERVER
INSIGHT_EMAIL_ALIAS
INSIGHT_SMTP_PORT and 
INSIGHT_EMAIL_ALIAS_PASSWORD
Step 3

Save the yaml file and begin the installation from the insight dir:

#./bootstrap_insight.py -a install -f <path to insight_setup_data.yaml>

With SMTP disabled, bootstrap insight sets both the Super Admin and Pod Admin as the default user.

The user can login and register the Pod, but cannot perform the following:

  • Add new user at POD Level.

  • Add new Pod Admin.

  • Add new Super Admin.

To add new user or update password for the existing user for Insight without SMTP, use the below script.


# ./user_populate.py --help
usage: user_populate.py [-h] [--username USERNAME] [--emailid EMAILID]
                        [--usertype USERTYPE] [--updatepass UPDATEPASS]

Optional arguments:


  -h, --help            
                        show the help message and exit
  --username USERNAME, -u USERNAME
                        name of the user.
  --emailid EMAILID, -e EMAILID
                        Email ID of the user.
  --usertype USERTYPE, -t USERTYPE
                        User Type:
                        super_admin - User is Super User for Insight
                        pod_admin - User allowed to register new PODS
                        pod_user - User can only get associated with PODS
  --updatepass UPDATEPASS, -p UPDATEPASS
                        Email ID of user whose password needs to be updated.
To add a user, enter the below command:
#./user_populate.py -u abc -e abc@abc.com -t pod_user 
Note 
  • -t can take one of the following values such as super_admin, pod_admin, and pod_user as an argument.

  • If the user already exists, an error stating "User already exists" is displayed. If the user is new, the script prompts to enter a new password and confirmation password.

To use forgot password functionality, use the below command:

#./user_populate.py -p abc@abc.com

If the user is added or password has been changed using "-p" option, then on first login through Unified Management, the user is redirected to the Change Password page.


Installing Cisco VIM Unified Management without Internet Access

Complete the following steps to install Cisco VIM Insight on the Cisco NFVI management node.

Management Node setup (without Internet):

For many service providers, the infrastructure on which management node setup is run is air-gapped. This presents an additional dimension for the orchestrator to handle. To support install that is air-gapped, refer to the section Preparing for Installation on Servers Without InternetAccess and follow the steps to prepare 64G USB 2.0. You can use USB 3.0 if the management node is based on M5.

Before you begin

You must complete all Cisco NFVI preparation tasks described in Preparing for Cisco NFVI Installation and the management node as described in Cisco VIM Management Node Networking

Procedure


Step 1

Enter ip a to verify the br_mgmt and br_api interfaces are up and are bound to bond1 and bond0. For example:

$  ip a
br_api: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff
inet nnn.nnn.nnn.nnn/25 brd nnn.nnn.nnn.nnn scope global br_api valid_lft forever preferred_lft forever
inet6 fe80::3c67:7aff:fef9:6035/64 scope link valid_lft forever preferred_lft forever
bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_api state UP link/ether 00:42:68:6f:79:f2 brd ff:ff:ff:ff:ff:ff
br_mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff
inet nnn.nnn.nnn.nnn/24 brd nnn.nnn.nnn.nnn scope global br_mgmt valid_lft forever preferred_lft forever
inet6 fe80::278:88ff:fe46:ee6e/64 scope link valid_lft forever preferred_lft forever
bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br_mgmt state UP link/ether 00:78:88:46:ee:6e brd ff:ff:ff:ff:ff:ff

Note 

The br_mgmt and br_api interfaces are created when you install RHEL on the management node in Installing the Management Node , on page 56

Step 2

Run the following commands to copy the installer directory and the standalone insight_setup_data_yaml.

  1. Copy the installer dir to a another directory in /root/. The name of the new directory should start with Insight-

    # cd /root/
    # cp –r installer-<tag_id> Insight-<tag_id>
    
  2. Copy the Standalone insight_setup_data.yaml.Standalone_EXAMPLE filefrom the Insight-dir/openstack-configs to any other location on the management node or the BOM.

    # cp /root/Insight-<tag_id>/openstack-configs/insight_setup_data.yaml.Standalone_EXAMPLE
    /root/insight_setup_data.yaml
    
Step 3

Modify the insight setup data according to the requirements. Refer to the insight_setup_data.yaml and cert generation as listed in step 5 of the preceding section.

Step 4

Save the edited insight_setup_data.yaml file.

Step 5

Run Import Artifacts:

$ cd /root/insight-<tag_id>/tools
./import_artifacts.sh

This verifies that /var/cisco/artifcats on the management node has the following Insight artifacts, along with the other components 'insight-K9.tar', 'mariadb-app-K9.tar'.'

Step 6

Start the insight installation process.

$ cd /root/Insight-<tag_id>/insight/
$./bootstrap_insight.py --help
usage: bootstrap_insight.py [-h] --action ACTION
                            
                            [--regenerate_secrets] [--setpassword]
                            [--file INSIGHTSETUPDATA] [--keep] [--verbose]
                            [--backupdir BACKUPDIR] [-y]

Insight install setup helper.

optional arguments:
  -h, --help            show this help message and exit
  --action ACTION, -a ACTION
                        install - Install Insight UI
                        install-status - Display Insight Install Status
                        reconfigure - reconfigure - Reconfigure Insight DB password, 
		          TLS Certificate, INSIGHT_SMTP_SERVER, 
		          INSIGHT_EMAIL_ALIAS_PASSWORD, 
			   INSIGHT_EMAIL_ALIAS, INSIGHT_SMTP_PORT
		          LDAP_MODE, LDAP_SERVER, LDAP_PORT, LDAP_ADMIN
		          LDAP_ADMIN_PASSWORD, LDAP_BASE_DN, LDAP_SECURE
		          LDAP_CERT_PATH, LDAP_USER_ID_ATTRIBUTE, SSL_CERT_CHAIN_FILE, LDAP_GROUP_SEARCH_FILTER, 
                        LDAP_GROUP_USER_SEARCH_FILTER
                        update - Update Insight UI
                        update-status - Display Insight Update Status
                        rollback - Rollback Insight UI update
                        commit - Commit Insight UI update
                        backup - Backup Insight UI
                        uninstall - Uninstall Insight UI
  --regenerate_secrets, -r
                        System generated INSIGHT_DB_PASSWORD
  --setpassword, -s     User supplied INSIGHT_DB_PASSWORD, 
  --file INSIGHTSETUPDATA, -f INSIGHTSETUPDATA
                        Location of insight_setup_data.yaml 
  --keep, -k            Preserve Insight artifacts during uninstall
  --verbose, -v         Verbose on/off
  --backupdir BACKUPDIR, -b BACKUPDIR
                        Path to backup Insight
  -y, --yes             Option to skip reconfigure or uninstall steps without prompt




$ ./bootstrap_insight.py –a install –f </root/insight_setup_data.yaml> Insight Schema Validation would be initiated:

VIM Insight install logs are at: / var/log/insight/<bootstrap_insight_<date>_<time>.log

Management Node Validations!
+-------------------------------+--------+-------+
| Rule	| Status | Error |
+-------------------------------+--------+-------+
| Check Kernel Version	|  PASS | None |
| Check Ansible Version         |  PASS  | None |
| Check Docker Version	|  PASS | None |
| Check Management Node Tag	|  PASS | None |
| Check Bond Intf. Settings	|  PASS | None |
| Root Password Check	|  PASS | None |
| Check Boot Partition Settings |  PASS | None |
| Check LV Swap Settings	|  PASS | None |
| Check Docker Pool Settings	|  PASS | None |
| Check Home Dir Partition	|  PASS | None |
| Check Root Dir Partition	|  PASS | None |
| Check /var Partition	|  PASS | None |
| Check LVM partition	|  PASS | None |
| Check RHEL Pkgs Install State |  PASS | None |
+-------------------------------+--------+-------+

Insight standalone Input Validations!
+-------------------------------------------+--------+-------+
| Rule                                      | Status | Error |
+-------------------------------------------+--------+-------+
| Insight standalone Schema Validation      |  PASS  | None  |
| Valid Key Check in Insight Setup Data     |  PASS  | None  |
| Duplicate Key Check In Insight Setup Data |  PASS  | None  |
| CVIM/Insight Workspace Conflict Check     |  PASS  | None  |
| Check Registry Connectivity               |  PASS  | None  |
| Check LDAP Connectivity                   |  PASS  | None  |
| Test Email Server for Insight             |  PASS  | None  |
+-------------------------------------------+--------+-------+

Setting up Insight, Kindly wait!!!

Cisco VIM Insight Installed successfully!
+-----------------------+--------+---------------------------------------------------------+
| Description           | Status | Details                                                 |
+-----------------------+--------+---------------------------------------------------------+
| VIM Insight UI URL    | PASS   | https://<br_api:9000>                                   |
| VIM UI Admin Email ID | PASS   | Check for info @: <abs path of insight_setup_data.yaml> |
|                       |        |                                                         | 
| VIM UI Admin Password | PASS   | Check for info @ /opt/cisco/insight/secrets.yaml        |
| VIM Insight Workspace | PASS   | /root/Insight_<tag_id>/insight/                          |
+-----------------------+--------+---------------------------------------------------------+

Cisco VIM Insight backup Info!
+----------------------+-------+-------------------------------------------------------------------+
| Description          | Status| Details                                                           |
+----------------------+-------+-------------------------------------------------------------------+
| Insight backup Status| PASS  | Backup done @                                                     |
|                      |       | /var/cisco/insight_backup/insight_backup_<release_tag>_<date_time>|
+----------------------+-------+-------------------------------------------------------------------+

Done with VIM Insight install!
VIM Insight install logs are at: /var/log/insight/bootstrap_insight/

Logs of Insight Bootstrap is generated at : /var/log/insight/bootstrap_insight/ on the management node. Log file name for Insight Bootstrap is in the following format : bootstrap_insight_<date>_<time>.log. Only ten bootstrap Insight log files are displayed at a time. Once the bootstrap process is completed a summary table preceding provides the information of the UI URL and the corresponding login credentials. After first login, for security reasons, we recommend you to change the Password.
Insight autobackup takes place after an install and is located at default backup location /var/cisco/insight_backup;
details of which is provided in the backup summary table. 

To add a new UI Admin in a setup that just got created, login to VIM insight and add a new UI admin user from the Manage UI Admin Users menu. Without doing a fresh install (that is un-bootstrap, followed by bootstrap) of the insight application, the UI admin that was bootstrapped with cannot be changed.
Refer Cisco VIM Insight Post Bootstrap Validation Checks , on page 128 to verify the bootstrap status of Cisco VIM Insight.

Installing Cisco VIM Unified Management with Optional Services

For releases from Cisco VIM 3.2.0, Cisco VIM Unified Management service provides the following as optional features:

  • Automatically add each UM-admin as the default pod-user with Full-Pod-Access to a pod during pod-registration.

  • Display all the pod-users as suggested users, while registering a new pod-user.


Note

By default, these features are set to False. To use these features, change the value of corresponding keys to True in Insight setup data file.

To install Unified Management with these features, follow the below steps:

Procedure


Step 1

Modify the insight_setup_data.yaml file and add following key:

  1. To automatically add each UM admin to pod with Full-Pod-Access during pod registration, set the following key with True as value:

    UM_ADMIN_AS_POD_ADMIN: True
  2. To display the suggested users during pod-user registration, set the following key with True as value:

    DISPLAY_ALL_POD_USERS: True
Step 2

Save the yaml file and begin the installation from the insight directory:

#./bootstrap_insight.py -a install -f <path to insight_setup_data.yaml>

Cisco VIM Insight Post Bootstrap Validation Checks

  1. After the VIM Insight bootstrap, you can view the status of Insight installation through install-status action using bootstrap.

    $ Cisco VIM Insight Install Status!
    +-----------------------+--------+------------------------------------------------+
    | Description	    | Status | Details                                        |
    +-----------------------+--------+------------------------------------------------+
    | VIM Insight Setup     | PASS   | Success                                        |
    | VIM Insight Version   | PASS   | <release_tag>                                  |
    | VIM Insight UI URL    | PASS   | https://<br_api:9000>                          |
    | VIM Insight Container | PASS   | insight_<tag_id>                               |
    | VIM Mariadb Container | PASS   | mariadb_<tag_id>                               |
    | VIM Insight Autobackup| PASS   | [ACTIVE]: Running 'insight-autobackup.service' |
    | VIM Insight Workspace | PASS   | /root/installer-<tag_id>/insight               |
    +-----------------------+--------+------------------------------------------------+
    
  2. You can also verify if the Insight and MySQL containers are up or not by running the following command:

    $ docker ps -a 
    CONTAINER ID        IMAGE                                                            COMMAND              CREATED             STATUS        NAMES
    cbe582706e50        cvim-registry.com/mercury-rhel7-osp10/insight:7434              "/start.sh"         10 hours ago        Up 10 hours    insight_7321
    68e3c3a19339        cvim-registry.com/mercury-rhel7-osp10/mariadb-app:7434    "/usr/bin/my_init /ma"   10 hours ago Up     10 hours        mariadb <tag-id>
  3. Check the status of Insight by running the following command :

    $ systemctl status docker-insight
    docker-insight.service - Insight Docker Service
    Loaded: loaded (/usr/lib/systemd/system/docker-insight.service; enabled; vendor preset: disabled)
    Active: active (running) since Fri 2017-04-07 13:09:25 PDT; 36s ago Main PID: 30768 (docker-current)
    Memory: 15.2M
    CGroup: /system.slice/docker-insight.service
    └─30768 /usr/bin/docker-current start -a insight_<tag-id>
    
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: Tables_in_rbac
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: buildnode_master
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: permission_master
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: role_master
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: role_permission
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_master
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_role
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: user_session
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: Starting the apache httpd
    Apr 07 13:09:26 i11-tb2-ins-3 docker[30768]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 2.2.2.6. 
    Set the 'ServerName' directive gl... this message
    Hint: Some lines were ellipsized, use -l to show in full.
    
    
  4. Check if the Insight is up by running the following command:

    $curl https://br_api:9000 -k (or --insecure) 
    Your response of curl should show the DOCTYPE HTML:
    <!DOCTYPE html>
    <!--[if lt IE 7]>      <html lang="en" ng-app="myApp" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>         <html lang="en" ng-app="myApp" class="no-js lt-ie9 lt-ie8"> <![endif]-->
    <!--[if IE 8]>         <html lang="en" ng-app="myApp" class="no-js lt-ie9"> <![endif]-->
    <!--[if gt IE 8]><!--> <html lang="en" ng-app="mercuryInstaller" class="no-js"> <!--<![endif]-->
        <head>
            <meta charset="utf-8">
            <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <title>Cisco VIM Installer</title>
            <meta name="description" content="">
            <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"/> 
            <link rel="stylesheet" href="../static/lib/html5-boilerplate/dist/css/normalize.css">
            <link rel="stylesheet" href="../static/lib/html5-boilerplate/dist/css/main.css">
            <link rel="stylesheet" href="../static/lib/bootstrap/bootstrap.min.css">
            <link rel="stylesheet" href="../static/lib/font-awesome/font-awesome.min.css">
            <!--<link href="http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet">-->
            <link rel="stylesheet" href="../static/lib/bootstrap/bootstrap-theme.min.css">
            <link rel="stylesheet" href="../static/lib/uigrid/ui-grid.min.css">
            <link rel="stylesheet" href="../static/lib/chart/angular-chart.min.css">
            <script src="../static/lib/html5-boilerplate/dist/js/vendor/modernizr-2.8.3.min.js"></script>
            <link rel="stylesheet" href="../static/css/app.css">
            <!--new dashboard css starts-->
            <link rel="stylesheet" href="../static/css/dashboard.css">
            <!--new dashboard css end-->
        </head>
        <body class="skin-blue sidebar-collapse" ng-controller="DashboardCtrl" id="ToggleNavbar">
        <div class="wrapper" id="wrapper">
    
    
    
            <div class="content-wrapper" id="contentclass">
                <mi-header></mi-header>
                <mi-left-side-navbar></mi-left-side-navbar>
                <message-box> </message-box>
               <div class=" viewheight" ng-view autoscroll="true"></div>
            </div>
    
            <mi-footer></mi-footer>
        </div>
            <!--new dashboard js starts-->
            <script src="../static/lib/bootstrap/jquery.min.js"></script>
            <script src="../static/lib/jquery/jquery-ui.js"></script>
            <script src="../static/lib/bootstrap/progressbar.js"></script>
            <!--new dashboard js ends-->
            <script src="../static/lib/chart/Chart.min.js"></script>
            <script src="../static/lib/bootstrap/bootstrap.min.js"></script>
            <script src="../static/lib/angular/angular.js"></script>
            <script src="../static/lib/chart/angular-chart.min.js"></script>
            <script src="../static/lib/uigrid/angular-touch.js"></script>
            <script src="../static/lib/uigrid/angular-animate.js"></script>
            <script src="../static/lib/uigrid/csv.js"></script>
            <script src="../static/lib/uigrid/pdfmake.js"></script>
            <script src="../static/lib/uigrid/vfs_fonts.js"></script>
            <script src="../static/lib/uigrid/ui-grid.js"></script>
            <script src="../static/lib/angular/smart-table.min.js"></script>
            <script src="../static/lib/angular-route/angular-route.js"></script>
            <script src="../static/lib/angular-cookies/angular-cookies.js"></script>
            <script src="../static/lib/angular/angular-translate.js"></script>
            <script src="../static/lib/angular/angular-translate-loader-static-files.min.js"></script>
            <script src="../static/lib/angular/angular-translate-storage-cookie.min.js"></script>
            <script src="../static/lib/angular/angular-translate-storage-local.min.js"></script>    
            <script src="../static/lib/yamltojson/yaml.js"></script>
            <script src="../static/lib/yaml/js-yaml.min.js"></script>
            <script src="../static/lib/d3/d3min.js"></script>
            <script src="../static/utility/utility.js"></script>
            <script src="../static/widgets/widgets.js"></script>
            <script src="../static/app.js"></script>
            <script src="../static/layout/layout.js"></script>
            <script src="../static/login/login.js"></script>
            <script src="../static/globals/globals.js"></script>
            <script src="../static/dashboard/dashboard.js"></script>
            <script src="../static/cloudpulse/cloudpulse.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/ucsmcommon.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/cimccommon.js"></script>
            <script src="../static/vmtp/runvmtp.js"></script>
    
            <script src="../static/blueprintsetup/physicalsetupwizard/networking.js"></script>
    
            <script src="../static/blueprintsetup/physicalsetupwizard/serverandroles.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/cephsetup.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/cindersetup.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/glancesetup.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/haproxy.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/keystonesetup.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/swiftstack.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/neutronsetup.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/vmtpsetup.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/physicalsetupwizard.js"></script>
            <script src="../static/blueprintsetup/servicesSetupWizard/systemlog.js"></script>
            <script src="../static/blueprintsetup/servicesSetupWizard/NFVbench.js"></script>
             <script src="../static/blueprintsetup/servicesSetupWizard/servicesSetupWizard.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/openstacksetupwizard.js"></script>
            <script src="../static/blueprintsetup/blueprintsetup.js"></script>
            <script src="../static/blueprintmanagement/blueprintmanagement.js"></script>
            <script src="../static/topology/topology.js"></script>
            <script src="../static/monitoring/monitoring.js"></script>
            <script src="../static/horizon/horizon.js"></script>
            <script src="../static/podmanagement/podmanagement.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/tlssupport.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/elksetup.js"></script>
            <script src="../static/systemupdate/systemupdate.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/registrysetup.js"></script>
            <script src="../static/registertestbed/registertestbed.js"></script>
            <script src="../static/registersaas/registersaas.js"></script>
            <script src="../static/useradministration/manageusers.js"></script>
            <script src="../static/useradministration/rolemanagement.js"></script>
            <script src="../static/saasadmindashboard/saasadmindashboard.js"></script>
            <script src="../static/saasadmindashboard/buildnodes.js"></script>
            <script src="../static/saasadmindashboard/buildnodeusers.js"></script>
            <script src="../static/saasadmindashboard/managesaasuser.js"></script>
            <script src="../static/saasadminusermanagement/saasadminusermgmt.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/nfvisetup.js"></script>
            <script src="../static/blueprintsetup/physicalsetupwizard/torswitch.js"></script>
            <script src="../static/blueprintsetup/openstacksetupwizard/vtssetup.js"></script>
            <script src="../static/rbacutilities/rbacutility.js"></script>
            <script src="../static/forgotpassword/forgotpassword.js"></script>
     	    <script src="../static/changepassword/changepassword.js"></script>
            <script src="../static/passwordreconfigure/passwordreconfigure.js"></script>
            <script src="../static/openstackconfigreconfigure/openstackconfigreconfigure.js"></script>
            <script src="../static/reconfigureoptionalservices/reconfigureoptionalservices.js"></script> </body> 
    
  5. VIM Insight Autobackup: Insight will invoke Insight Autobackup as a daemon process. Autobackup is taken as an incremental backups of database and /opt/cisco/insight/mgmt_certs dir if there is any change.

    You can check the status of Insight Autobackup service:

    systemctl status insight-autobackup
    insight-autobackup.service - Insight Autobackup Service
       Loaded: loaded (/usr/lib/systemd/system/insight-autobackup.service; enabled; vendor preset: disabled)
       Active: active (running) since Mon 2017-09-04 05:53:22 PDT; 19h ago
      Process: 21246 ExecStop=/bin/kill ${MAINPID} (code=exited, status=0/SUCCESS)
     Main PID: 21287 (python)
       Memory: 9.2M
       CGroup: /system.slice/insight-autobackup.service
               └─21287 /usr/bin/python /var/cisco/insight_backup/insight_backup_2.1.10_2017-08-31_03:02:06/root
    /rohan/installer-10416/insight/playbooks/../insight_autobackup.py
    
    Sep 04 05:53:22 F23-insight-4 systemd[1]: Started Insight Autobackup Service.
    Sep 04 05:53:22 F23-insight-4 systemd[1]: Starting Insight Autobackup Service...
    

VIM UM Admin Login for Standalone Setup

For security reasons, the Insight Admin logs in to the UI with which UM is bootstrapped and Add users. Insight Admin needs to add new users as Pod Admin.

Registration of UM Admin to UM

Procedure


Step 1

Enter the following address on the browser: https://<br_api>:9000.

Step 2

Enter the Email ID and Password. The Email ID should be the one specified as 'UI_ADMIN_EMAIL_ID in insight_setup_data.yaml during bootstrap. The Password for UI Admins are generated at: /opt/cisco/insight/secrets.yaml and key is 'UI_ADMIN_PASSWORD'. If LDAP mode is True and LDAP user attribute is set to uid, login with LDAP user id credentials.

Step 3

Click Login as UI Admin User. You will be redirected to Insight UI Admin Dashboard.


VIM UM Pod Admin Login for Standalone Setup

Procedure


Step 1

Log in as Insight UM.

Step 2

Navigate to Manage Pod Admin and click Add Pod Admin.

Step 3

Enter a new Email ID in Add Pod Admin pop-up.

Step 4

Enter the username of the Pod Admin.

Step 5

Click Save. User Registration mail is sent to a newly added Pod Admin with a token.

Step 6

Click the URL with token and if token is valid then Pod Admin is redirected to Insight-Update Password page.

Step 7

Enter new password and then confirm the same password.

Step 8

Click Submit.