NMS Agent

NMS Agent Overview

The NMS Agent runs on each NMS Services server and monitors NMS back-end services.

The NMS Agent is a Java process which runs as the NMS administrative user on the machine where NMS Services run. With dual-environment configuration, both administrative users have an NMS Agent instance installed and running. The Agent has various monitor tasks, which store the most recent results in memory.

Status Monitor

The status monitor runs /usr/bin/env in a ksh login shell to get the current NMS environment variables for the administrator user. It is therefore a requirement that the $HOME/.profile file of the administrator user sources the .nmsrc script. The status monitor periodically executes the NMS utility oem-util in this environment to retrieve the current state of NMS.

File Monitor

The file monitor monitors the following files for updates and upon detection of changes will initiate a reload of the Status Monitors environment:

$HOME/.nmsrc

$NMS_HOME/.nms-site-rc

In addition the following file is monitored in order to maintain the current NMS version installed on the server:

$NMS_ROOT/nms/inventory/nms_version.xml

Web Service

The NMS agent listens for https requests with the following end point:

GET /nmsagent/v1/status

This is used by the NMS Monitor to periodically return the current and previous state of the services, timestamps and the NMS version.

Security

The NMS Agent web service will requires two-way authentication. See NMS Agent for full details on configuration.

Logs

NMS Agent logs to the $NMS_LOG_DIR/nmsagent.log. Daily log rotation places the old logs into the $NMS_LOG_DIR/old_logs/ directory.

Configuration

The NMS Agent is configured via the nmsagent.properties configuration file located in the administrator users $NMS_HOME/etc directory. A configuration tool, nms-agent-config is provided to help in the configuration of the NMS Agent.

The NMS Agent should be configured to run as a service for each administrator user on the servers where the NMS Services run. With dual-environment configuration, the NMS Agent must be configured on both administration users. For this sake of this document these are assumed to be nms_1 and nms_2. One NMS Agent should be configured per user.

Administration User Profile

It is a requirement that the $HOME/.profile file of the administrator user sources the .nmsrc script.

Configuration Tool Main Page

To configure an NMS Agent on a server run the interactive nms-agent-config utility. This utility must be executed on both NMS administration users.

The main page displays the following options:

• Display properties: Selecting this option displays the current configuration properties for the NMS Agent.

• Configure server: This option allows the server properties to be configured including hostname and port.

• Keystore actions: This options allows you to create an identity keystore for the agent and export the agent’s certificate.

• Truststore actions: This option allows you to create a trust keystore for the agent and import certificates.

• Generate service script: This option provides the configuration and commands necessary to run the NMS Agent as a service.

In addition a list of outstanding issues that have still to be performed are listed. This is a subset of the options listed above. As options are completed they are removed from the outstanding issues.

As the NMS Agent is configured a property file /etc/nmsagent.properties is automatically created in the user’s home directory to store the configuration.

Configure Server

Select the Configure server option to configure the server properties. The tool displays the current settings for the server:

• server.host: This is the hostname of the server running the NMS Services

• server.port: This is the listen port that the NMS Agent shall use, default is 9988.

• server.protocol: This is the protocol used to communicate to the NMS Monitor, valid values are http or https

• nmsstatus.interval: This is the timout interval used to determine how often the NMS Agent checks the status of the NMS Services. This parameter is in milliseconds and defaults to 5000.

The following options are available:

• Set hostname

• Set port

• Set protocol

• Set interval

Set Hostname

Select the Set hostname option to set the hostname of the server. Enter the hostname of the server.

Set Port

Select the Set port option to set the listen port. Enter the port number or press Enter to use the default value, 9988. Make sure to choose a unique port for each user instance on the system.

Set Protocol

Select the Set protocol option to set the transport protocol. Enter https for secure protocol or press Enter to default to http protocol.

Set Interval

Select the Set interval option to set the timeout interval. Enter the interval or press Enter to default to 5000 milliseconds.

Keystore Actions

Select the Keystore actions option to configure the identity keystore. The tool displays the current settings for the keystore:

credentials.keystore: This is the location of the identity store. The default location is etc/nmsagent_keystore.p12 in the user’s home directory.

credentials.keystore_password: This is the encrypted password used to access the identity store.

The following options are available:

1. Set keystore location

2. Create keystore

3. Export certificate

Set Keystore Location

Select the Set keystore location option to configure the keystore location. You will be prompted for the location of the keystore. Enter the location or press Enter to select the default option.

If the file does not exist, the keystore actions page shall indicate that the file does not exist. The keystore is generated using option 2 Create keystore.

Create Keystore

Select the Create keystore option to create the identity keystore and save its password in encrypted form. The tool will prompt for the following information:

Enter Password: Enter the desired password for accessing the new identity store.

Re-enter Password: You are then asked to confirm the password.

The tool will then continue to prompt for the Distinguished Name information for the NMS Agent certificate. Pressing Enter at each prompt will select the default value of Unknown.

• What is your first and last name? (Unknown) = nms@example.com

• What is the name of your organizational unit? (Unknown) = GBU

• What is the name of your organization? (Unknown) = Oracle

• What is the name of your City or Locality? (Unknown) = Minneapolis

• What is the name of your State or Province? (Unknown) = Minnesota

• What is the two-letter country code for this unit? (Unknown) = US

You are then prompted to confirm the details.

• Is CN=nms@opal.com,OU=GBU,O=Oracle,L=MPLS,ST=Minnesota,C=US correct? (no) =

Enter yes to confirm the details or press Enter to select the default option (no). Selecting no will cancel the action and the keystore shall not be created.

You are then prompted for the valid duration of the server certificate that will be created.

• Enter validity period in days (365)

Enter a period in days or press Enter to select 365 days.

The identity keystore is the created in the correct location and the encrypted password is set in the NMS Agent property file.

Export Certificate

The NMS Agents certificate must be added to the truststore of each NMS Monitor that communicates with the agent. In order to do this the certificate needs to be exported to file. Select the export certificate option to export the agent’s certificate.

You will be prompted for the keystore password.

After the password is correctly entered, the certificate is automatically exported to the file:

nmsagent-<hostname>-<username>.cert

Truststore Actions

Select the Truststore actions option to configure the truststore for the NMS Agent. The tool displays the current settings for the truststore:

credentials.truststore

This is the location of the identity store. The default location is etc/nmsagent_truststore.p12 in the user’s home directory.

credentials.truststore_password

This is the encrypted password used to access the truststore.

The following options are available:

1. Set truststore location

2. Create truststore

3. Import certificate

Set truststore location

Select the Set truststore location option to configure the truststore location. You will be prompted for the location of the truststore. Enter the location or press Enter to select the default option.

If the file does not exist, the truststore actions page shall indicate that the file does not exist. The truststore is generated using option 2 Create truststore.

Create truststore

Select the Create truststore option to create the truststore and save its password in encrypted form. The tool will prompt for the following information:

Enter Password:

Enter the desired password for accessing the new identity store.

Re-enter Password:

You are then asked to confirm the password.

The identity truststore is the created in the correct location and the encrypted password is set in the NMS Agent property file.

Import Certificate

Select the Import certificate option to import a certificate into the agent’s truststore. Each NMS Monitor that communicates with the agent will require its certificate to be imported into the agent’s truststore.

You will be prompted for the truststore password.

You will then be prompted for the alias they wish to store the certificate under.

Enter alias =

You should enter the name of the alias for the NMS Monitor certificate being imported.

You will then be asked for the location of the certificate on the filesystem.

Enter certificate location (myalias.cert) =

Enter the location of the certificate or press Enter to use the default location of <alais>.cert

The certificate will then be loaded into the truststore.

Generate Service Script

To allow the NMS Agent to execute on server start-up it needs to be configured as a service. Selecting the Generate service script option will generate the necessary configuration to run the agent as a service and show you the commands that need to be executed.

The tool displays the set of commands required to create a service once the service script has been generated.

Select option 1 to generate the service file then use the following commands to configure the service:

- sudo cp nmsagent-<username>.service /usr/lib/systemd/system/

- sudo systemctl enable nmsagent-<username>

Use the following commands to manage the service:

- sudo systemctl start nmsagent-<username>

- sudo systemctl stop nmsagent-<username>

- sudo systemctl status nmsagent-<username>

The following options are available:

• Generate Service Script

Generate Service Script

Select Generate Service Script to create the service script used to configure the service.

You will be prompted for the user group they wish the service to run under. Enter a user group that the current user belongs to.

The script is then generated with the following file format:

nmsagent-<username>.service

The format of the file is as follows:

[Unit]

Description=NMS Agent <username>

ConditionFileIsExecutable=/home/<username>/nmsagent/bin/nms-agent

Requires=network-online.target local-fs.target

After=network-online.target local-fs.target

[Service]

User=<username>

Group=<usergroup>

Type=forking

PIDFile=/home/=<username>/logs/nmsagent.pid

ExecStart=/home/=<username>/nmsagent/bin/nms-agent start

ExecStop=/home/=<username>/nmsagent/bin/nms-agent stop

Restart=on-failure

RestartSec=5

Environment="NMS_HOME=/home/<username>"

Environment="NMS_BASE=/home/<username>"

Environment="NMS_LOG_DIR=/home/<username>/logs"

[Install]

WantedBy=multi-user.target

The nmsagent Directory

The NMS Agent is normally installed under $NMS_BASE/nmsagent

This must be copied to $NMS_HOME/nmsagent each time a new version of nmsagent is installed. This will avoid the need to regenerate the service script each time a new release is installed. This can be done with the following command: rsync -avL --delete "$NMS_BASE/nmsagent/" "$NMS_HOME/nmsagent"

It is important to make sure that the executable to $NMS_HOME/nmsagent/bin/nms-agent is a valid link or executable.