Install and Configure the NBI Application ----------------------------------------- NBI Script Upload ...................... Upload the NBI Install Script (``NBI--.script``) to the media directory of the newly deployed VM. Checksum Verification ...................... To verify SHA256 checksums for the script, run the following command: * ``system checksum media/NBI--.script`` NBI Package Install ...................... .. important:: Ensure no ISO's are mounted prior to continuing (run **system unmount**). #. ``system unmount`` #. ``app install media/NBI--.script delete-on-success y --force`` NBI Configuration ................. If certificate-based authentication is used against the northbound system: * Ensure the certificate file and key file is copied to the media directory before running the wizard. Run the following command to configure the NBI using the wizard: ``billing-data-extract config --setup`` .. tabularcolumns:: |p{35mm}|p{6cm}|p{5cm}| +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | Option | Description | Example | +====================+============================================+==========================================================================+ | remote_mongostring | Comma separated host:port combinations | :27020,:27020,:27020,:27020 | | | for VOSS Automate DB nodes. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | remote_seed | The VOSS Automate DB password. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | host | The IP address of this NBI node. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | | The path to the CA certificate that is | media/ca.pem | | notifier_ca | used to sign the NBI system's | | | | authentication certificate. | | | | | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | notifier_key | The path to the private key for NBI | media/key.pem | | | certificate-based authentication. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | notifier_cert | The path to the certificate for NBI | media/cert.crt | | | certificate-based authentication. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | notifier_useCerts | Configuration to determine if | True or False | | | certificate-based authentication is | | | | required by the northbound system. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | notifier_url | The HTTP API URL exposed by the northbound | https://:/ | | | system for receiving notifications from | | | | NBI. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | callback_username | NBI callback service username used by | | | | the northbound system. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | callback_password | NBI callback service password used by | | | | the northbound system. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | secure_callback | Configuration to enable HTTPS on the | **True** if callback must accept requests over HTTPS otherwise **False** | | | callback service endpo | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | | IP address of VOSS Automate API, web proxy | | | http_connection | recommended for redundancy. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | http_user | VOSS Automate username for NBI's API user. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | http_pass | VOSS Automate password for NBI's API user. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | http_user | VOSS Automate username for NBI's API user. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ | schema | The 2 or 3 abbreviation allocated to you | XY or ABC | | | by VOSS. | | +--------------------+--------------------------------------------+--------------------------------------------------------------------------+ Configure Callback Service URL .............................. Update the callback server URL as follows: * Set the URL ``billing-data-extract config --set callback.url https://:5009/callback`` .. important:: The callback service URL must either be HTTP or HTTPS depending on the value set for ``secure_callback`` * Restart services to apply the configuration change: ``app start --force`` Configure NBI SDE (Reconciliation) File Extraction .................................................. 1. On the NBI server: * Login as root ``app install nrs --force`` * Check if ssh key pair exists ``ls /root/.ssh/id_rsa`` * Generate ssh key pair if it does not exist ``ssh-keygen`` * Copy public key to the VOSS Automate node where SDE runs nightly ``scp /root/.ssh/id_rsa.pub platform@:~/media/`` 2. On the VOSS Automate node where SDE runs nightly: * Login as platform user * Add SFTP-only user ``user sftp add nbi_sftp`` * Set password for SFTP-only user ``user sftp password nbi_sftp`` * Disable password expiry for SFTP-only user ``user password expiry nbi_sftp never`` * Add the key from the media directory ``user addkey nbi_sftp ~platform/media/id_rsa.pub`` * Ensure that SDE has been run for the current day. If not, run it manually ``voss export group subscriber`` 3. On the NBI server (as root): * Verify that SFTP is using both key- and password-based authentication ``sftp -vv nbi_sftp@`` * Create the NBI SDE output directory ``mkdir -p /opt/platform/admin/home/media/nbi_extract`` * Change ownership of the NBI SDE output directory ``chown platform /opt/platform/admin/home/media/nbi_extract`` * Edit the config to set up SFTP access details ``crypttools.py edit /opt/platform/apps/billing-data-extract/billing-data-extract.json`` .. tabularcolumns:: |p{35mm}|p{6cm}|p{35mm}| +-----------------------+------------------------------------------------+-------------------+ | Key | Description | Example | +=======================+================================================+===================+ | sde.v4uc_ip | The IP address of the VOSS Automate node where | | | | SDE runs daily. | | +-----------------------+------------------------------------------------+-------------------+ | sde.nbi_sftp_user | SFTP username in VOSS Automate | nbi_sftp | +-----------------------+------------------------------------------------+-------------------+ | sde.nbi_sftp_password | The SFTP user's password in VOSS Automate | | +-----------------------+------------------------------------------------+-------------------+ | sde.src_location | The path where SDE files are saved in | media/data_export | | | VOSS Automate | | +-----------------------+------------------------------------------------+-------------------+ * Test NBI SDE and verify that output is generated and saved in the correct location ``billing-data-extract run_sde``