Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Installing and Configuring HA on Juniper Networks NSM via the CLI

0

0

Article ID: KB4517 KB Last Updated: 27 Aug 2010Version: 4.0
Summary:
Installing and Configuring HA on Juniper Networks NSM via the CLI
Symptoms:

Solution:
noteIn this article, the example 172.24.29.90 was used as the IP address for the primary server and 172.24.55.76 was used for the secondary server. Other IP addresses were also used as examples.

To install and configure HA on Juniper Networks NSM via the CLI, perform the following steps:

Log in to the NSM server as root using SSH.

Start the installation by executing the following command:

noteThe options we have selected for installation are highlighted in bold text.

[root@NSM fp2]# sh nsm04fp2_servers_linux_x86.sh
Creating staging directory...ok


########## PERFORMING PRE-INSTALLATION TASKS ##########
Running preinstallcheck...
Checking if platform is valid.................................ok
Checking for correct intended platform........................ok
Checking if all needed binaries are present...................ok
Checking for platform-specific binaries.......................ok
Checking if user is root......................................ok
Checking if user root exists..................................ok
Checking if system meets RAM requirement......................ok
Checking for sufficient disk space............................ok
Checking if RPM binary has been updated.......................ok
Noting OS name................................................ok
Stopping any running servers

########## GATHERING INFORMATION ##########

1) Install Device Server only
2) Install GUI Server only
3) Install both Device Server and GUI Server
Enter selection (1-3) [ ]> 3


########## GENERAL SERVER SETUP DETAILS ##########

Will this machine participate in an HA cluster? (y/n) [n]> y
Is this machine the primary server for the HA cluster? (y/n) [y]> y

note The servers will need to be stopped on the secondary server during the installation of this software to avoid data corruption.

Continue the installation by configuring the Device server and GUI server details.

########## DEVICE SERVER SETUP DETAILS ##########

Will the Device Server data directory be located on a shared disk partition? (y/n) [n]> n

The Device server stores all of the user data under a single directory. By default, this directory is /var/netscreen/DevSvr. Because the user data (including logs and policies) can grow to be quite large, it is sometimes desirable to place this data in another partition.

Please enter an alternative location for this data if so desired, or press ENTER for the location specified in the brackets.

Enter data directory location [/var/netscreen/DevSvr]>/var/netscreen/DevSvr

########## GUI SERVER SETUP DETAILS ##########

Will the GUI Server data directory be located on a shared disk partition? (y/n) [n]> n


The GUI server stores all of the user data under a single directory. By default, this directory is /var/netscreen/GuiSvr. Because the user data (including logs and policies) can grow to be quite large, it is sometimes desirable to place this data in another partition.

Please enter an alternative location for this data if so desired, or press ENTER for the location specified in the brackets.

Enter data directory location [/var/netscreen/GuiSvr]> /var/netscreen/GuiSvr


Enter the management IP address of this server [172.24.29.90]> 172.24.29.90
Setting GUI Server address and port to 172.24.29.90:7801 for Device Server.
Please enter a password for the 'super' user.
Enter password (password will not display as you type)>
Please enter again for verification.
Enter password (password will not display as you type)>
Will a Statistical Report Server be used with this GUI Server? (y/n) [n]> n

Configure the High Availability (HA) setup details.

########## HIGH AVAILABILITY (HA) SETUP DETAILS ##########

Enter the IP address for the primary HA server [172.24.29.90]> 172.24.29.90
Enter the IP address for the secondary HA server [ ]> 172.24.55.76
Enter how often to perform HA replications (10 to 1440 minutes) [60]> 60
Enter number of heartbeat links between the primary and secondary machines [1]> 1

noteHeartbeat link(s) are needed between the primary and secondary machines.

The IP addresses entered here must be correct and match on both ends of the link for automatic failover to function correctly.
Enter the IP address for this machines primary heartbeat link [172.24.29.90]> 172.24.29.90
Enter the IP address for the peers primary heartbeat link [172.24.55.76]> 172.24.55.76
Enter the port used for heartbeat communication [7802]> 7802
Enter a time interval (seconds) between heartbeat messages [15]> 15
Enter the number of missing heartbeat messages before automatic switchover occurs [4]> 4

An IP address outside the HA cluster is needed to monitor this servers network connection.

Enter an IP address outside of the cluster [ ]> 172.24.28.1
Enter HA directory [/var/netscreen/dbbackup]> /var/netscreen/dbbackup


The HA server(s) requires that you have previously installed the rsync program.
Enter the full path to rsync [/usr/bin/rsync]> /usr/bin/rsync

The HA server(s) requires that you have previously installed the SSH program.
Enter the full path for the SSH command [/usr/bin/ssh]> /usr/bin/ssh

noteA trust relationship between the primary and the secondary server, via SSH-keygen, is a requirement for the remote replication to work properly.

The following are sample commands:

cd /root
ssh-keygen -t rsa
chmod 0700 .ssh

-- then copy .ssh/id_rsa.pub to the peer machines .ssh/authorized_keys

Configure the backup setup details and post-installation options.

########## BACKUP SETUP DETAILS ##########

Will this machine require local database backups? (y/n) [y]> y
Enter hour of day to start the database backup (00 = midnight, 02 = 2am, 14 = 2pm ...)[02]> 02
Will daily backups need to be sent to a remote machine? (y/n) [n]> n
Enter number of database backups to keep [7]> 7

########## POST-INSTALLATION OPTIONS ##########

Start High Availability daemon processes when finished? (y/n) [ ]> n

Confirm the configuration, and then monitor the installation tasks.

########## CONFIRMATION ##########

About to proceed with the following actions:
- Install Device Server
- Install GUI Server
- Install High Availability Server
- This machine participates in an HA cluster
- This server is the primary: Yes
- Store Device Server data in /var/netscreen/DevSvr
- Store GUI Server data in /var/netscreen/GuiSvr
- Use IP address 172.24.29.90 for management
- Connect to GUI Server at 172.24.29.90:7801
- Set password for 'super' user
- IP address for the primary HA Server: 172.24.29.90
- IP address for the secondary HA Server: 172.24.55.76
- HA replication frequency 60 minutes
- Number of Heartbeat links: 1
- IP address for this machine's primary heartbeat link: 172.24.29.90
- IP address for the peer's primary heartbeat link: 172.24.55.76
- IP address for remote HA replications: 172.24.55.76
- Port for HA heartbeat communication: 7802
- Seconds between heartbeat messages: 15
- Missing heartbeat messages: 4
- Outside pingable IP address: 172.24.28.1
- Become primary in the event of a tie: y
- Create database backup in /var/netscreen/dbbackup
- Use rsync program at /usr/bin/rsync
- Path for the ssh command: /usr/bin/ssh
- Local database backups are enabled
- Start backups at 02
- Daily backups will not be sent to a remote machine
- Number of database backups to keep: 7
- Start High Availability daemon processes when finished: Yes

Are the above actions correct? (y/n)> y

########## EXTRACTING PAYLOADS ##########

Extracting payload............................................ok
Decompressing payload.........................................ok

########## PERFORMING MIGRATION TASKS ##########

########## PERFORMING INSTALLATION TASKS ##########

----- INSTALLING Device Server -----
Looking for existing RPM package..............................ok
Installing Device Server RPM..................................ok
Installing JRE................................................ok
Creating var directory........................................ok
Creating /var/netscreen/dbbackup..............................ok
Putting NSROOT into start scripts.............................ok
Filling in Device Server config file(s).......................ok
Setting permissions for Device Server.........................ok
Restarting xinetd service.....................................ok
Installation of Device Server complete.

----- INSTALLING GUI Server -----
Looking for existing RPM package..............................ok
Installing GUI Server RPM.....................................ok
Installing JRE................................................ok
Creating var directory........................................ok
Putting NSROOT into start scripts.............................ok
Filling in GUI Server config file(s)..........................ok
Setting permissions for GUI Server............................ok
Running generateMPK utility...................................ok
Running fingerprintMPK utility................................ok
Installation of GUI Server complete.

----- INSTALLING HA Server -----
Looking for existing RPM package..............................ok
Installing HA Server RPM......................................ok
Creating var directory........................................ok
Putting NSROOT into start scripts.............................ok
Filling in HA Server config file(s)...........................ok
Setting permissions for HA Server.............................ok
Installation of HA Server complete.

----- SETTING START SCRIPTS -----
Disabling Device Server start script..........................ok
Disabling GUI Server start script.............................ok
Enabling HA Server start script...............................ok

########## PERFORMING POST-INSTALLATION TASKS ##########
Running nacnCertGeneration....................................ok
Removing staging directory....................................ok

noteThe installation log is stored here: /usr/netscreen/DevSvr/var/errorLog/netmgtInstallLog.20041024215447

noteThis is the GUI Server fingerprint: 81:51:FF:FC:CD:98:14:6D:AE:59:02:DD:40:EA:03:30:D6:27:84:FD

You will need this for verification purposes when logging into the GUI server.

Repeat Step 1 and 2 for the Secondary server. When prompted is this machine the primary server for the HA cluster? (y/n) [y]>, enter n.

Repeat Step 3 for the Secondary Device server and GUI server details. When prompted, enter the management IP address of this server, enter 172.24.55.76.

Repeat Step 4 to configure the High Availability setup details for the Secondary server. When prompted, enter the IP address for this machine's primary heartbeat link, enter 172.24.55.76 . When prompted, enter the IP address for the peer's primary heartbeat link, enter 172.24.29.90. When prompted, enter an IP address outside of the cluster [ ]>, enter 172.24.55.1.

Repeat Step 5 and 6 for the secondary server.The installation log is stored at the following location: /usr/netscreen/DevSvr/var/errorLog/netmgtInstallLog.20041024220209

The GUI server fingerprint is as follows: 5C:E3:D6:F0:12:4B:07:02:A9:0F:87:68:FE:05:8C:A8:A4:18:46:50

You will need this for verification purposes when logging into the GUI server.

Install and configure HA on the Primary NSM server via the GUI. For more information, go to Installing and Configuring HA on the Primary NSM Server via the GUI.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search