VOSS Automate verification
---------------------------


.. important::
   One or more verification steps require root access to VOSS Automate. These steps must be carried out by
   VOSS Support.

**If working with a cluster**

* Verify Primary and Secondary Nodes

  ``database config``

* Verify cluster connectivity

  ``cluster status``

* Verify network connectivity, disk status and NTP

  ``cluster check``

* As **root user** verify port 27020 is open to NBI on TCP/27020 on all Unified Nodes by reading the current firewall rules

  ``/opt/platform/apps/cluster/cluster.py run application "config.py get /apps/mongodb/firewall/mongodb/all"``

* If not, as **root user** open TCP/27020 on all Unified Nodes to NBI by creating the firewall rule replacing <NBI IP> with the IP address of the NBI instance

  ``/opt/platform/apps/cluster/cluster.py run application "config.py put /apps/mongodb/firewall/mongodb/all all:tcp.27020.0#<NBI IP>"``

To check access to the database, use netcat to test the connection to the VOSS database from the NBI machine, 
replacing <VOSS IP> with the IP address of the VOSS instance:

  ``diag test_connection <VOSS IP> 27020``

A system message confirms whether the connection is successful.

You can then recheck the firewall rules again on the VOSS instance:

  ``config.py get /apps/mongodb/firewall/mongodb/all all:tcp.27020.0#all``

* Copy the DB Password (root)

  ``/usr/bin/rest --get --path=/apps/voss-deviceapi/config/seed --value``


**If the server is a single node:**

* Check all services are up:

  ``app status``
* Copy the DB Password (root)

  ``/usr/bin/rest --get --path=/apps/voss-deviceapi/config/seed --value``
* As **root user** verify port 27020 is open to NBI on TCP/27020 by reading the current firewall rules

  ``config.py get /apps/mongodb/firewall/mongodb/all all:tcp.27020.0#all``

* If not, as **root user** open TCP/27020 to NBI by creating the firewall rule replacing <NBI IP> with the IP address of the NBI instance

  ``config.py put /apps/mongodb/firewall/mongodb/all all:tcp.27020.0#<NBI IP>"``

To check access to the database use netcat to test the connection to the VOSS database from the NBI machine, 
replacing <VOSS IP> with the IP address of the VOSS instance:

  ``diag test_connection <VOSS IP> 27020``

A system message confirms whether the connection is successful.

You can then recheck the firewall rules again:

  ``config.py get /apps/mongodb/firewall/mongodb/all all:tcp.27020.0#all``

Ensure the database model files (schemas) for a *new install only* are added via he GUI - these are the files in the Download section above and are added under the Administration - Import section.

Add an NBI user to the VOSS Automate GUI:

Note: NBI uses this user for internal communication with VOSS Automate.

* Create an administrator account on VOSS Automate, with a credential policy and password that doesn't expire.
* Log in as a utility admin and add an NBI user with the following minimum permissions: 

  * relation/HcsHierarchyNodeREL
    
    * read
    
  * relation/Subscriber
    
    * read
    
  * tool/Macro
    
    * execute (with read access on subscribers)

For VOSS Automate Provider administrators wishing to log in to the NBI GUI, the following 
permissions are required in the access profile:

* data/Reports

  * read

* tool/DataExtract
  
  * nbi_subscriber