To install the Cisco Prime
Network
Registrar virtual appliance, you must first download the correct installation file. There are two files available, a regional virtual
appliance and a local cluster virtual appliance. Each of these virtual appliances are provided as a .ova file.
The names are as follows:
Download the virtual appliance of your choice. Every Cisco Prime
Network
Registrar local cluster installation must connect to a Cisco Prime
Network
Registrar regional cluster in order to receive the necessary license information required to operate. Thus, before you install a Cisco Prime
Network
Registrar local virtual appliance you must identify the IP address of the regional cluster to which it will connect to receive the
license information.
To run the local cluster or regional cluster on OpenStack, you must first create a local or regional image out using the
.qcow2 distribution kit.
After this image exists, you may launch an instance of the local or regional cluster. The Flavor you associate with the instance
needs at least 1 VCPU, 8GB of RAM, and at least 14 GB of root disk storage. In order to have an operational instance of CPNR, you must allocate more than the absolute minimum of 14 GB of root disk storage. See the System Requirements section for the amount of disk space needed for a local or regional cluster.
An instance of Cisco Prime
Network
Registrar will be created with a fixed IP address. Cisco Prime
Network
Registrar will automatically use any IP addresses associated with interfaces that it can detect when it is started. If the interface
available to Cisco Prime
Network
Registrar has an IP address allocated to it from a provider network (i.e., it is accessible to the clients that need the DHCP or DNS
capabilities provided by Cisco Prime
Network
Registrar), then you can configure Cisco Prime
Network
Registrar normally.
You have two options when creating an OpenStack instance with respect to root login. When you install a Cisco Prime
Network
Registrar virtual appliance on VMware or using the KVM kit, you configure the root password for the underlying Linux system on the
system console when the virtual machine is first booted. However, usually OpenStack instances are created and deployed in
such a way as to only allow logins with SSH using an SSH key-pair that is configured as part of the OpenStack instance. Many
OpenStack instances do not allow root password login at all, and only allow login using SSH with an SSH key-pair.
A Cisco Prime
Network
Registrar OpenStack instance can be configured to operate in either of these two regimes:
Option 1: require root password configuration and allow root login using a password.
Option 2: disable the root password configuration and login, an SSH key-pair is required to login.
Option 1
This is the default approach for all Cisco Prime
Network
Registrar virtual appliance kits, and requires no additional actions. You will launch an instance from the Cisco Prime
Network
Registrar virtual appliance image, and on first boot you will have to bring up a console window for the Cisco Prime
Network
Registrar instance, and enter a root password for the Linux system, and accept the End User License Agreement. After the first boot,
you will not need to access the console. You can also access this instance with an SSH key-pair.
Option 2
If you wish to deploy the Cisco Prime
Network
Registrar virtual appliance instance in a way that is more in accordance with the usual practice for OpenStack instance deployment,
you can configure the Cisco Prime
Network
Registrar OpenStack instance to not allow root logins with a password, and require an SSH key-pair to login. If you also wish to allow a password based login for a user other than root with root permissions, instructions
on how to configure are listed below.
When you launch an OpenStack instance from WebUI, to prevent root password login you will have to perform specific configuration
in the Configuration section of the Launch instance dialog. You will need to provide a Customization Script -- which is analogous
to User Data in other systems. You will need to configure a script (provided below) which will make the OpenStack instance
disable the root password based login. After you deploy an instance configured with this Customization script, the only way
to gain the access to the Linux operating system on the instance is to login via ssh using the ssh key pair associated with the instance at the time of launch.
For example, you might login with: "ssh -i keypairname.pem root@a.b.c.d". If you did not associate a key pair with the instance,
or have lost access to the key pair, you will not be able to login to the instance. There is no default root password when
the instance is created in this way, and the root password login is disabled.
To configure option 2, enter the following in the "Customization Script" text box:
#cloud-boothook
#!/bin/bash
if [ ! -f /etc/cloud/cloud.cfg.orig ]; then
cp /etc/cloud/cloud.cfg /etc/cloud/cloud.cfg.orig
cp /etc/cloud/cloud.cfg.norootpasswd /etc/cloud/cloud.cfg
fi
Note |
If you choose option 2 and once you gained access to the instance using the ssh key pair, if you would like to login with a password as well, you can create a new Linux user using the useradd command and make that user a member of the group wheel. You must also give that user a secure password using the passwd command. Then you can always login with ssh or to the console as that user and have root privileges.
To create a user to allow password login, use the following command:
useradd safeuser -g wheel
passwd safeuser
Then, if you need root access, login as safeuser and use the following command:
enter the password for safeuser, and you will become a root user.
|
If the IP addresses that are associated with the available interfaces are fixed addresses (i.e., they are only accessible
to other instances in OpenStack), then you will need to associate a floating address with Cisco Prime
Network
Registrar instance. This floating address must then be accessible to the clients of the DHCP or DNS service to be provided by the Cisco Prime
Network
Registrar instance. You will have to configure the DHCP server provided by Cisco Prime
Network
Registrar to return the IP address of the floating address as its server-id, instead of the fixed IP address that Cisco Prime
Network
Registrar can detect that is associated with the interface built into the instance. In order to configure DHCP for this situation,
you will need to be in expert mode, and configure the DHCP Policy attribute "dhcp-server-identifier-address" with the floating
address allocated to this instance. Then the DHCP server will return the configured IP address (which will be the externally
visible IP address of this instance) instead of the IP address that the DHCP server can detect from examining the interface
that it is using for communications with clients (which is the fixed IP address).
A local cluster needs to be registered with a regional cluster. After this registration, the regional cluster needs to be
able to connect to the local cluster. When the local cluster initially registers with the regional cluster, it sends its IP
address to the regional cluster. If the regional cluster can contact the local cluster by using the IP address that the local
cluster sees is configured to its network interface, then no action need be taken. This would be the case if the local cluster
has a fixed IP address that is only visible within the OpenStack cloud, but the regional cluster was also in the same cloud.
If the regional cluster can ping the IP address that the local cluster sees as the IP address on its network interface, then
no additional steps are necessary. However, in the event that the regional cluster is not local to the OpenStack cloud on
which the local cluster is running, and the local cluster has a floating address in addition to a fixed address, then the
regional cluster's configuration for the local cluster needs to have its IP address updated to be that of the floating address
(and not the fixed address, which is what it will have from the initial registration).
When allocating a local cluster, you should consider allocating 4 or even 8 VCPUs and at least 12 GB of RAM, with more for
large systems. Local clusters will absolutely need more than the 7+ GB free space available in the minimal installation. Regional
clusters will probably need additional disk space, but 2 to 4 VCPUs and 8 to 12GB of RAM will suffice for many installations.