Installing the NorthStar Controller 3.1.0
You can use the procedures described in the following sections if you are performing a fresh install of NorthStar Controller Release 3.1.0, or upgrading from a 2.x or 3.0.x release.
If you are configuring a high availability (HA) cluster, ensure that:
You configure each server individually using these instructions before proceeding to HA setup.
The database and rabbitmq passwords are the same for all servers that will be in the cluster.
All server time is synchronized by NTP using the following procedure:
- Install NTP.
yum -u install ntp - Specify the preferred NTP server in ntp.conf.
- Verify the configuration.
ntpq -p
- Install NTP.
The NorthStar Controller software includes a number of third-party packages. To avoid possible conflict, we recommend that you only install these packages as part of the NorthStar Controller RPM bundle installation rather than installing them manually.
The following sections describe the download, installation, and initial configuration of the NorthStar Controller. For HA setup after all the servers that will be in the cluster have been configured, see Configuring a NorthStar Cluster for High Availability.
Download the Software
The NorthStar Controller software download page is available at http://www.juniper.net/support/downloads/?p=northstar#sw.
- From the Version drop-down list, select 3.1.
- Click the NorthStar Application (which includes the RPM bundle) and the NorthStar JunosVM to download them.
If Upgrading, Back Up Your JunosVM Configuration and iptables
If you are doing an upgrade from Release 2.x, back up your JunosVM configuration before installing the new software. Restoration of the JunosVM configuration is performed automatically after the upgrade is complete as long as you use the net_setup.py utility to save your backup.
- Launch the net_setup.py script:
[root@hostname~]# /opt/northstar/utils/net_setup.py - Type D and press Enter to select Maintenance and Troubleshooting.
- Type 1 and press Enter to select Backup JunosVM Configuration.
- Confirm the backup JunosVM configuration is stored at
'/opt/northstar/data/junosvm/junosvm.conf'. - Save the iptables.
iptables-save > /opt/northstar/data/iptables.conf
Install NorthStar Controller
You can either install the RPM bundle on a physical server or use a two-VM installation method in an OpenStack environment, in which the JunosVM is not bundled with the NorthStar Controller software.
The following optional parameters are available for use with the install.sh command:
- -vm—Same as ./install-vm.sh,
creates a two-VM installation.
- -setup-fw—For either
physical server installation or two-VM installation, reinitializes
the firewall using the NorthStar Controller recommended rules. Without
this option, the firewall is not changed.
- -skip-bridge—For
a physical server installation, skips checking if the external0 and
mgmt0 bridges exist.
The default bridges are external0 and mgmt0. If you have two interfaces such as eth0 and eth1 in the physical setup, you must configure the bridges to those interfaces. However, you can also define any bridge names relevant to your deployment.
We recommend that you configure the bridges before running install.sh.
For a physical server installation, execute the following commands to install NorthStar Controller:
[root@hostname~]# rpm -Uvh <rpm-filename>[root@hostname~]# cd /opt/northstar/northstar_bundle_3.1.0/[root@hostname~]# ./install.shNote -Uvh works for both upgrade and fresh installation.
For a two-VM installation, execute the following commands to install NorthStar Controller:
[root@hostname~]# rpm -Uvh <rpm-filename>[root@hostname~]# cd /opt/northstar/northstar_bundle_3.1.0/[root@hostname~]# ./install-vm.shNote -Uvh works for both upgrade and fresh installation.
The script offers the opportunity to change the JunosVM IP address from the system default of 172.16.16.2.
Checking current disk spaceINFO: Current available disk space for /opt/northstar is 34G. Will proceed with installation.System currently using 172.16.16.2 as NTAD/junosvm ipDo you wish to change NTAD/junosvm ip (Y/N)? yPlease specify junosvm ip:
Configure Support for Older JunosVM Versions
If you are using a two-VM installation, in which the JunosVM is not bundled with the NorthStar Controller, and if your external JunosVM is older than Release 17.2, you must edit the northstar.cfg file to make the NorthStar Controller compatible with the external VM.
If you edit the northstar.cfg file to make the NorthStar Controller compatible with an older external VM, segment routing on the NorthStar Controller will no longer be supported.
Perform the following steps:
- SSH to the NorthStar server.
- Using a text editor such as vi, edit the following statement
in the opt/northstar/data/northstar.cfg file from the default of
use_sr=1touse_sr=0:JunosVM ntad version supporting segment routing: No (0) or Yes (1)
use_sr=0 - Restart the toposerver process:
supervisorctl restart northstar:toposerver
Create Passwords
When prompted, enter new database/rabbitmq and web UI Admin passwords.
- Create an initial database/rabbitmq password by typing
the password at the following prompts:
Please enter new DB and MQ password (at least one digit, one lowercase, one uppercase and no space):
Please confirm new DB and MQ password:
- Create an initial Admin password for the web UI by typing
the password at the following prompts:
Please enter new UI Admin password:
Please confirm new UI Admin password:
Enable the NorthStar License
You must enable the NorthStar license as follows, unless you are upgrading from Release 2.x and you have an activated license.
- Copy or move the license file.
[root@northstar]# cp /path-to-license-file/npatpw /opt/pcs/db/sys/npatpw
- Set the license file owner to the PCS user.
[root@northstar]# chown pcs:pcs /opt/pcs/db/sys/npatpw
- Restart all the NorthStar Controller processes.
[root@northstar]# supervisorctl restart northstar_pcs:PCServer && supervisorctl restart infra:web
- Check the status of the NorthStar Controller processes
until they are all up and running.
[root@northstar]# supervisorctl status
Renew the SSL Certificate
For NorthStar standalone mode (as opposed to a cluster configuration), the installation script automatically renews the SSL certificate.
For both standalone and cluster configurations, the certificate renewal is only applicable if the certificate owner is NorthStar.
- Check the certificate expiration date using the following
command:
[root@node1 root]# openssl x509 -enddate -noout -in /opt/northstar/data/apache-cassandra/conf/client.pem
If the certificate is set to expire in more than one year, you can stop here.
- Source the environment variable.
[root@node1 root]# . /opt/northstar/northstar.env
- Obtain the current certificate and keystore password.
[root@node1 root]# cat /opt/northstar/data/apache-cassandra/conf/cassandra.yaml | grep keystore_password
- Verify the existing certificate.
[root@node1 root]# keytool -list -v -keystore /opt/northstar/data/apache-cassandra/conf/server.keystore -storepass ${password} - For a cluster configuration, run the ha_update_ssl_cert.py (located in the /opt/northstar/utils directory) in a maintenance window on any cluster member to renew the certificate.
If you run the script when the current certificate is set to expire
in more than one year, a new certificate is not generated.
Running the script on one cluster member restarts the infra:Cassandra process and renews the certificate on all cluster members, but only if all cluster members can communicate with one another. Before running the script, ensure that they can.
[root@node1 root]# cd /opt/northstar/utils/ [root@node1 utils]# ./ha_update_ssl_cert.py WARNING ! This operation will restart the database process in each cluster member. Please ensure that this operation is performed in maintenance window Type YES to continue... YES Checking connectivity of cluster_communication_interface... Cluster communications status for node VzNode1 cluster interface external1 ip 172.16.1.1: OK Cluster communications status for node VzNode2 cluster interface external1 ip 172.16.1.2: OK Cluster communications status for node VzNode3 cluster interface external1 ip 172.16.1.3: OK Verifying the NorthStar version on each node: VzNode1 : NorthStar-Bundle-3.1.0-20170119_191203_68973_316.x86_64 VzNode2 : NorthStar-Bundle-3.1.0-20170119_191203_68973_316.x86_64 VzNode3 : NorthStar-Bundle-3.1.0-20170119_191203_68973_316.x86_64 Verifying current ssl cert on each node: VzNode1 : n9HN_6svZEitaP8_QqyD20HsMVigb5O1ayx9kbqq12w_ VzNode2 : n9HN_6svZEitaP8_QqyD20HsMVigb5O1ayx9kbqq12w_ VzNode3 : n9HN_6svZEitaP8_QqyD20HsMVigb5O1ayx9kbqq12w_ Verifying current ssl cert owner on each node: VzNode1 : Owner: CN=NorthStar, OU=NorthStar, O=Juniper, L=Sunnyvale, ST=CA, C=US VzNode2 : Owner: CN=NorthStar, OU=NorthStar, O=Juniper, L=Sunnyvale, ST=CA, C=US VzNode3 : Owner: CN=NorthStar, OU=NorthStar, O=Juniper, L=Sunnyvale, ST=CA, C=US SSL certifications Owner: CN=NorthStar, OU=NorthStar, O=Juniper, L=Sunnyvale, ST=CA, C=US SSL certifications validity period is 0 SSL certifications owner is NorthStar SSL certifications year to expire is 0 Proceed to renew SSL certifications Certificate stored in file </opt/northstar/data/apache-cassandra/conf/server.publickey> Certificate was added to keystore Certificate stored in file </opt/northstar/data/apache-cassandra/conf/client.pem> Updating SSL cert for HA Updating SSL cert for node #1: VzNode1 Updating SSL cert for node #2: VzNode2 Updating SSL cert for node #3: VzNode3 Restart database at node VzNode1 Restart database at node VzNode2 Restart database at node VzNode3 Please wait... SSL certifications has been successfully renewed
- Obtain the new certificate and keystore password.
[root@node1 root]# cat /opt/northstar/data/apache-cassandra/conf/cassandra.yaml | grep keystore_password
- Verify the new certificate. You should see a new expiration
date on the “Valid from” line. All cluster members should
have the same SSL certificate and password.
[root@node1 root]# keytool -list -v -keystore /opt/northstar/data/apache-cassandra/conf/server.keystore -storepass ${password}. . . Valid from: Wed May 10 21:15:20 EDT 2017 until: Sat May 08 21:15:20 EDT 2027 . . .
Adjust Firewall Policies
The iptables default rules could interfere with NorthStar-related traffic. If necessary, adjust the firewall policies.
Refer to NorthStar Controller System Requirements for a list of ports that must be allowed by iptables and firewalls.
A sample set of iptables rules is available in the /opt/northstar/utils/firewall.sh directory.
Launch the Net Setup Utility
Launch the Net Setup utility to perform host server configuration.
[root@northstar]# /opt/northstar/utils/net_setup.py
Main Menu:
.............................................
A.) Host Setting
.............................................
B.) JunosVM Setting
.............................................
C.) Check Network Setting
.............................................
D.) Maintenance & Troubleshooting
.............................................
E.) HA Setting
.............................................
F.) Collect Trace/Log
.............................................
G.) Data Collector Setting
.............................................
H.) Setup SSH Key for external JunosVM setup
.............................................
X.) Exit
.............................................
Please select a letter to execute.
Configure the Host Server
- From the NorthStar Controller setup Main Menu, type A and press Enter to display
the Host Configuration menu:
Host Configuration: ******************************************************** In order to commit your changes you must select option Z ******************************************************** ............................................. 1. ) Hostname : northstar 2. ) Host default gateway : 3A.) Host Interface #1 (external_interface) Name : external0 IPv4 : Netmask : Type (network/management) : network 3B.) Delete Host Interface #1 (external_interface) data 4A.) Host Interface #2 (mgmt_interface) Name : mgmt0 IPv4 : Netmask : Type (network/management) : management 4B.) Delete Host Interface #2 (mgmt_interface) data 5A.) Host Interface #3 Name : IPv4 : Netmask : Type (network/management) : network 5B.) Delete Host Interface #3 data 6A.) Host Interface #4 Name : IPv4 : Netmask : Type (network/management) : network 6B.) Delete Host Interface #4 data 7A.) Host Interface #5 Name : IPv4 : Netmask : Type (network/management) : network 7B.) Delete Host Interface #5 data 8. ) Show Host current static route 9. ) Show Host candidate static route A. ) Add Host candidate static route B. ) Remove Host candidate static route ............................................. X. ) Host current setting Y. ) Apply Host static route only Z. ) Apply Host setting and static route ............................................. ............................................. Please select a number to modify. [<CR>=return to main menu]:To interact with this menu, type the number or letter corresponding to the item you want to add or change, and press Enter.
- Type 1 and press Enter to configure the hostname. The existing hostname
is displayed. Type the new hostname and press Enter.
Please select a number to modify. [<CR>=return to main menu]: 1 current host hostname : northstar new host hostname : node1
- Type 2 and press Enter to configure the host default gateway. The existing
host default gateway IP address (if any) is displayed. Type the new
gateway IP address and press Enter.
Please select a number to modify. [<CR>=return to main menu]: 2 current host default_gateway : new host default_gateway : 10.25.152.1
- Type 3A and press Enter to configure the host interface #1 (external_interface).
The first item of existing host interface #1 information is displayed.
Type each item of new information (interface name, IPv4 address, netmask,
type), and press Enter to proceed to the
next.
Note The designation of network or management for the type of interface is a label only, for your convenience. NorthStar Controller does not use this information.
Please select a number to modify. [<CR>=return to main menu]: 3A current host interface1 name : external0 new host interface1 name : external0 current host interface1 ipv4 : new host interface1 ipv4 : 10.25.153.6 current host interface1 netmask : new host interface1 netmask : 255.255.254.0 current host interface1 type (network/management) : network new host interface1 type (network/management) : network
- Type A and press Enter to add a host candidate static route. The existing
route, if any, is displayed. Type the new route and press Enter.
Please select a number to modify. [<CR>=return to main menu]: A Candidate static route: new static route (format: x.x.x.x/xy via a.b.c.d dev <interface_name>): 10.25.158.0/24 via 10.25.152.2 dev external0
- If you have more than one static route, type A and press Enter again
to add each additional route.
Please select a number to modify. [<CR>=return to main menu]: A Candidate static route: [0] 10.25.158.0/24 via 10.25.152.2 dev external0 new static route (format: x.x.x.x/xy via a.b.c.d dev <interface_name>): 10.25.159.0/24 via 10.25.152.2 dev external0
- Type Z and press Enter to save your changes to the host configuration.
Note If the host has been configured using the CLI, the Z option is not required.
The following example shows saving the host configuration.
Host Configuration: ******************************************************** In order to commit your changes you must select option Z ******************************************************** ............................................. 1. ) Hostname : node1 2. ) Host default gateway : 10.25.152.1 3A.) Host Interface #1 (external_interface) Name : external0 IPv4 : 10.25.153.6 Netmask : 255.255.254.0 Type (network/management) : network 3B.) Delete Host Interface #1 (external_interface) data 4A.) Host Interface #2 (mgmt_interface) Name : mgmt0 IPv4 : Netmask : Type (network/management) : management 4B.) Delete Host Interface #2 (mgmt_interface) data 5A.) Host Interface #3 Name : IPv4 : Netmask : Type (network/management) : network 5B.) Delete Host Interface #3 data 6A.) Host Interface #4 Name : IPv4 : Netmask : Type (network/management) : network 6B.) Delete Host Interface #4 data 7A.) Host Interface #5 Name : IPv4 : Netmask : Type (network/management) : network 7B.) Delete Host Interface #5 data 8. ) Show Host current static route 9. ) Show Host candidate static route A. ) Add Host candidate static route B. ) Remove Host candidate static route ............................................. X.) Host current setting Y.) Apply Host static route only Z.) Apply Host setting and static route ............................................. ............................................. Please select a number to modify. [<CR>=return to main menu]: z Are you sure you want to setup host and static route configuration? This option will restart network services/interfaces (Y/N) y Current host/PCS network configuration: host current interface external0 IP: 10.25.153.6/255.255.254.0 host current interface internal0 IP: 172.16.16.1/255.255.255.0 host current default gateway: 10.25.152.1 Current host static route: [0] 10.25.158.0/24 via 10.25.152.2 dev external0 [1] 10.25.159.0/24 via 10.25.152.2 dev external0 Applying host configuration: /opt/northstar/data/net_setup.json Please wait ... Restart Networking ... Current host static route: [0] 10.25.158.0/24 via 10.25.152.2 dev external0 [1] 10.25.159.0/24 via 10.25.152.2 dev external0 Deleting current static routes ... Applying candidate static routes Static route has been added successfully for cmd 'ip route add 10.25.158.0/24 via 10.25.152.2' Static route has been added successfully for cmd 'ip route add 10.25.159.0/24 via 10.25.152.2' Host has been configured successfully - Press Enter to return to the Main Menu.
Configure the JunosVM and its Interfaces
From the Setup Main Menu, configure the JunosVM and its interfaces. Ping the JunosVM to ensure that it is up before attempting to configure it. The net_setup script uses IP 172.16.16.2 to access the JunosVM using the login name northstar.
- From the Main Menu, type B and
press Enter to display the JunosVM Configuration
menu:
Junos VM Configuration Settings: ******************************************************** In order to commit your changes you must select option Z ******************************************************** .................................................. 1. ) JunosVM hostname : northstar_junosvm 2. ) JunosVM default gateway : 3. ) BGP AS number : 100 4A.) JunosVM Interface #1 (external_interface) Name : em1 IPv4 : Netmask : Type(network/management) : network 4B.) Delete JunosVM Interface #1 (external_interface) data 5A.) JunosVM Interface #2 (mgmt_interface) Name : em2 IPv4 : Netmask : Type(network/management) : management 5B.) Delete JunosVM Interface #2 (mgmt_interface) data 6A.) JunosVM Interface #3 Name : IPv4 : Netmask : Type(network/management) : network 6B.) Delete JunosVM Interface #3 data 7A.) JunosVM Interface #4 Name : IPv4 : Netmask : Type(network/management) : network 7B.) Delete JunosVM Interface #4 data 8A.) JunosVM Interface #5 Name : IPv4 : Netmask : Type(network/management) : network 8B.) Delete JunosVM Interface #5 data 9. ) Show JunosVM current static route A. ) Show JunosVM candidate static route B. ) Add JunosVM candidate static route C. ) Remove JunosVM candidate static route .................................................. X. ) JunosVM current setting Y. ) Apply JunosVM static route only Z. ) Apply JunosVM Setting and static route .................................................. Please select a number to modify. [<CR>=return to main menu]:To interact with this menu, type the number or letter corresponding to the item you want to add or change, and press Enter.
- Type 1 and press Enter to configure the JunosVM hostname. The existing
JunosVM hostname is displayed. Type the new hostname and press Enter.
Please select a number to modify. [<CR>=return to main menu]: 1 current junosvm hostname : northstar_junosvm new junosvm hostname : junosvm_node1
- Type 2 and press Enter to configure the JunosVM default gateway. The
existing JunosVM default gateway IP address is displayed. Type the
new IP address and press Enter.
Please select a number to modify. [<CR>=return to main menu]: 2 current junosvm default_gateway : new junosvm default_gateway : 10.25.152.1
- Type 3 and press Enter to configure the JunosVM BGP AS number. The existing
JunosVM BGP AS number is displayed. Type the new BGP AS number and
press Enter.
Please select a number to modify. [<CR>=return to main menu]: 3 current junosvm AS Number : 100 new junosvm AS Number: 100
- Type 4A and press Enter to configure the JunosVM interface #1 (external_interface).
The first item of existing JunosVM interface #1 information is displayed.
Type each item of new information (interface name, IPv4 address, netmask,
type), and press Enter to proceed to the
next.
Note The designation of network or management for the type of interface is a label only, for your convenience. NorthStar Controller does not use this information.
Please select a number to modify. [<CR>=return to main menu]: 4A current junosvm interface1 name : em1 new junosvm interface1 name: em1 current junosvm interface1 ipv4 : new junosvm interface1 ipv4 : 10.25.153.144 current junosvm interface1 netmask : new junosvm interface1 netmask : 255.255.254.0 current junosvm interface1 type (network/management) : network new junosvm interface1 type (network/management) : network
- Type B and press Enter to add a JunosVM candidate static route. The
existing JunosVM candidate static route (if any) is displayed. Type
the new candidate static route and press Enter.
Please select a number to modify. [<CR>=return to main menu]: B Candidate static route: new static route (format: x.x.x.x/xy via a.b.c.d): 10.25.158.0/24 via 10.25.152.2
- If you have more than one static route, type B and press Enter again
to add each additional route.
Please select a number to modify. [<CR>=return to main menu]: B Candidate static route: [0] 10.25.158.0/24 via 10.25.152.2 dev any new static route (format: x.x.x.x/xy via a.b.c.d): 10.25.159.0/24 via 10.25.152.2
- Type Z and press Enter to save your changes to the JunosVM configuration.
The following example shows saving the JunosVM configuration.
Junos VM Configuration Settings: ******************************************************** In order to commit your changes you must select option Z ******************************************************** .................................................. 1. ) JunosVM hostname : northstar_junosvm 2. ) JunosVM default gateway : 3. ) BGP AS number : 100 4A.) JunosVM Interface #1 (external_interface) Name : em1 IPv4 : Netmask : Type(network/management) : network 4B.) Delete JunosVM Interface #1 (external_interface) data 5A.) JunosVM Interface #2 (mgmt_interface) Name : em2 IPv4 : Netmask : Type(network/management) : management 5B.) Delete JunosVM Interface #2 (mgmt_interface) data 6A.) JunosVM Interface #3 Name : IPv4 : Netmask : Type(network/management) : network 6B.) Delete JunosVM Interface #3 data 7A.) JunosVM Interface #4 Name : IPv4 : Netmask : Type(network/management) : network 7B.) Delete JunosVM Interface #4 data 8A.) JunosVM Interface #5 Name : IPv4 : Netmask : Type(network/management) : network 8B.) Delete JunosVM Interface #5 data 9. ) Show JunosVM current static route A. ) Show JunosVM candidate static route B. ) Add JunosVM candidate static route C. ) Remove JunosVM candidate static route .................................................. X.) JunosVM current setting Y.) Apply JunosVM static route only Z.) Apply JunosVM Setting and static route .................................................. Please select a number to modify. [<CR>=return to main menu]: z Are you sure you want to setup junosvm and static route configuration? (Y/N) y Current junosvm network configuration: junosvm current interface em0 IP: 10.16.16.2/255.255.255.0 junosvm current interface em1 IP: 10.25.153.144/255.255.254.0 junosvm current default gateway: 10.25.152.1 junosvm current asn: 100 Current junosvm static route: [0] 10.25.158.0/24 via 10.25.152.2 dev any [1] 10.25.159.0/24 via 10.25.152.2 dev any Applying junosvm configuration ... Please wait ... Commit Success. JunosVM has been configured successfully. Please wait ... Backup Current JunosVM config ... Connecting to JunosVM to backup the config ... Please check the result at /opt/northstar/data/junosvm/junosvm.conf JunosVm configuration has been successfully backed up - Press Enter to return to the Main Menu.
- If you are doing an upgrade
from a 2.x release, use the following command to restore the iptables
that you previously saved:
iptables-restore < /opt/northstar/data/iptables.conf
Set Up the SSH Key for External JunosVM
For a two-VM installation, you must set up the SSH key for the external JunosVM.
- From the Main Menu, type H and
press Enter.
Please select a number to modify. [<CR>=return to main menu]: H
Follow the prompts to provide your JunosVM username and router login class (super-user, for example). The script verifies your login credentials, downloads the JunosVM SSH key file, and returns you to the main menu.
For example:
Main Menu: ............................................. A.) Host Setting ............................................. B.) JunosVM Setting ............................................. C.) Check Network Setting ............................................. D.) Maintenance & Troubleshooting ............................................. E.) HA Setting ............................................. F.) Collect Trace/Log ............................................. G.) Data Collector Setting ............................................. H.) Setup SSH Key for external JunosVM setup ............................................. X.) Exit ............................................. Please select a letter to execute. H Please provide JunosVM login: admin 2 VMs Setup is detected Script will create user: northstar. Please provide user northstar router login class e.g super-user, operator: super-user The authenticity of host '10.49.118.181 (10.49.118.181)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Applying user northstar login configuration Downloading JunosVM ssh key file. Login to JunosVM Checking md5 sum. Login to JunosVM SSH key has been sucessfully updated Main Menu: ............................................. A.) Host Setting ............................................. B.) JunosVM Setting ............................................. C.) Check Network Setting ............................................. D.) Maintenance & Troubleshooting ............................................. E.) HA Setting ............................................. F.) Collect Trace/Log ............................................. G.) Data Collector Setting ............................................. H.) Setup SSH Key for external JunosVM setup ............................................. X.) Exit ............................................. Please select a letter to execute.