Install and Configure the NBI Application
-----------------------------------------
NBI Script Upload
......................
Upload the NBI Install Script (``NBI-<name>-<version>.script``) to the media directory of the newly deployed VM.
Checksum Verification
......................
To verify SHA256 checksums for the script, run the following command:
* ``system checksum media/NBI-<name>-<version>.script``
NBI Package Install
......................
.. important::
Ensure no ISO's are mounted prior to continuing (run **system unmount**).
#. ``system unmount``
#. ``app install media/NBI-<name>-<version>.script delete-on-success y --force``
NBI Configuration
.................
If certificate-based authentication is used against the northbound system:
* Ensure the certificate file and key file is copied to the media directory before running the wizard.
Run the following command to configure the NBI using the wizard:
``billing-data-extract config --setup``
.. tabularcolumns:: |p{35mm}|p{6cm}|p{5cm}|
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| Option | Description | Example |
+=======================+============================================+===========================================================================+
| remote_mongostring | Comma separated host:port combinations | <UN1 IP>:27020,<UN2 IP>:27020,<UN3 IP>:27020,<UN4 IP>:27020 |
| | for VOSS-4-UC DB nodes. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| remote_seed | The VOSS-4-UC DB password. | <secret value> |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| host | The IP address of this NBI node. | <NBI IP> |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| | The path to the CA certificate that is | media/ca.pem |
| notifier_ca | used to sign the NBI system's | |
| | authentication certificate. | |
| | | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| notifier_key | The path to the private key for NBI | media/key.pem |
| | certificate-based authentication. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| notifier_cert | The path to the certificate for NBI | media/cert.crt |
| | certificate-based authentication. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| notifier_useCerts | Configuration to determine if | True or False |
| | certificate-based authentication is | |
| | required by the northbound system. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| notifier_url | The HTTP API URL exposed by the northbound | https://<host>:<port>/<endpoint> |
| | system for receiving notifications from | |
| | NBI. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| callback_username | NBI callback service username used by | <username> |
| | the northbound system. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| callback_password | NBI callback service password used by | <secret value> |
| | the northbound system. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| secure_callback | Configuration to enable HTTPS on the | **True** if callback must accept requests over HTTPS otherwise **False** |
| | callback service endpo | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| | IP address of VOSS-4-UC API, web proxy | <WP IP> |
| http_connection | recommended for redundancy. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| http_user | VOSS-4-UC username for NBI's API user. | <VOSS-4-UC API username for NBI> |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| http_pass | VOSS-4-UC password for NBI's API user. | <VOSS-4-UC API password for NBI> |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| http_user | VOSS-4-UC username for NBI's API user. | <VOSS-4-UC API username for NBI> |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
| schema | The 2 or 3 abbreviation allocated to you | XY or ABC |
| | by VOSS. | |
+-----------------------+--------------------------------------------+---------------------------------------------------------------------------+
Configure Callback Service URL
..............................
Update the callback server URL as follows:
* Set the URL
``billing-data-extract config --set callback.url https://<NBI IP>:5009/callback``
.. important::
The callback service URL must either be HTTP or HTTPS depending on the
value set for ``secure_callback``
* Restart services to apply the configuration change:
``app start --force``
Configure NBI SDE (Reconciliation) File Extraction
..................................................
1. On the NBI server:
* Login as root
``app install nrs --force``
* Check if ssh key pair exists
``ls /root/.ssh/id_rsa``
* Generate ssh key pair if it does not exist
``ssh-keygen``
* Copy public key to the VOSS-4-UC node where SDE runs nightly
``scp /root/.ssh/id_rsa.pub platform@<VOSS-4-UC IP>:~/media/``
2. On the VOSS-4-UC node where SDE runs nightly:
* Login as platform user
* Add SFTP-only user
``user sftp add nbi_sftp``
* Set password for SFTP-only user
``user sftp password nbi_sftp``
* Disable password expiry for SFTP-only user
``user password expiry nbi_sftp never``
* Add the key from the media directory
``user addkey nbi_sftp ~platform/media/id_rsa.pub``
* Ensure that SDE has been run for the current day. If not, run it manually
``voss export group subscriber``
3. On the NBI server (as root):
* Verify that SFTP is using both key- and password-based authentication
``sftp -vv nbi_sftp@<VOSS-4-UC IP>``
* Create the NBI SDE output directory
``mkdir -p /opt/platform/admin/home/media/nbi_extract``
* Change ownership of the NBI SDE output directory
``chown platform /opt/platform/admin/home/media/nbi_extract``
* Edit the config to set up SFTP access details
``crypttools.py edit /opt/platform/apps/billing-data-extract/billing-data-extract.json``
.. tabularcolumns:: |p{35mm}|p{6cm}|p{35mm}|
+-----------------------+--------------------------------------------+-----------------------+
| Key | Description | Example |
+=======================+============================================+=======================+
| sde.v4uc_ip | The IP address of the VOSS-4-UC node where | <UN1 IP> |
| | SDE runs daily. | |
+-----------------------+--------------------------------------------+-----------------------+
| sde.nbi_sftp_user | SFTP username in VOSS-4-UC | nbi_sftp |
+-----------------------+--------------------------------------------+-----------------------+
| sde.nbi_sftp_password | The SFTP user's password in VOSS-4-UC | <secret> |
+-----------------------+--------------------------------------------+-----------------------+
| sde.src_location | The path where SDE files are saved in | media/data_export |
| | VOSS-4-UC | |
+-----------------------+--------------------------------------------+-----------------------+
* Test NBI SDE and verify that output is generated and saved in the correct location
``billing-data-extract run_sde``