4. NISH manager

4.1. Overview

The NISH manager is a Linux service that provides a dynamic inventory of SR OS nodes that can be managed to the NISH client.

The NISH manager is positioned between the NISH clients and the SR OS nodes and correlates information about which nodes and which clients are available.

Figure 5 shows NISH CLI management of a BNG CUPS deployment with two CP nodes, three UP nodes, and the NISH manager.

Figure 5:  NISH manager overview 

The SR OS nodes register with the NISH manager when configured to do so through the SR OS Remote Manager feature. Figure 6 shows the SR OS remote-management communication with the NISH manager.

For more information about the SR OS Remote Manager feature, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

Figure 6:  SR OS remote management communication with NISH manager 

When a NISH client is started in manager mode, it registers with the NISH manager. The NISH manager provides the details of the available SR OS nodes to the NISH client, including the names, device labels, and IP address and port information.

Figure 7 shows the NISH client communication with the NISH manager.

Figure 7:  NISH client communication with NISH manager 

The NISH manager runs as a standalone application in the foreground or background of the Linux shell or as a systemd service on the CentOS 7 Linux distribution. Using user-specified IP address and port combinations, the NISH manager listens for connections from a NISH client and SR OS nodes that are configured with the SR OS Remote Manager. By default, the NISH manager listens on all available IP interfaces and on the default gRPC port (57400).

The NISH manager does not make any outbound connections to the SR OS nodes or to the NISH client, although it does respond to both.

4.2. Installing the NISH manager

The NISH manager is delivered as a set of RPM packages and is supported on the CentOS 7 Linux distribution.

To install the NISH manager, perform the following steps:

  1. Put the RPMs in a local directory on the target machine.
  2. Use the YUM package manager built into CentOS 7, as shown in following example:
    [root@server ~]# yum localinstall -y nish-manager-20.20-R1.el7.x86_64.rpm nish-deps-
    20.20-R1.el7.x86_64.rpm 
    Last metadata expiration check: 1:54:38 ago on Tue 16 Sep 2020 16:19:23 CEST. 
    Dependencies resolved. 
    =================================================================================== 
    Package Architecture Version Repository Size 
    ===================================================================================
    Installing:
     nish-manager x86_64 20.10-R1.el7 @commandline 86 k
     nish-deps x86_64 20.10-R1.el7 @commandline 3.9 M
    Transaction Summary 
    =================================================================================== 
    Install 2 Packages 
    Total size: 4.0 M 
    Installed size: 14 M 
    Downloading Packages: 
    Running transaction check 
    Transaction check succeeded. 
    Running transaction test 
    Transaction test succeeded. 
    Running transaction
      Preparing : 
    1/1 Installing : nish-deps-20.10-R1.el7.x86_64 
    1/2 Running scriptlet: nish-deps-20.10-R1.el7.x86_64 
    1/2 Running scriptlet: nish-manager-20.10-R1.el7.x86_64 
    2/2 Installing : nish-manager-20.10-R1.el7.x86_64 
    2/2 Running scriptlet: nish-manager-20.10-R1.el7.x86_64 
    2/2 Verifying : nish-manager-20.10-R1.el7.x86_64 
    1/2 Verifying : nish-deps-20.10-R1.el7.x86_64 
    2/2 Installed : nish-manager-20.10-R1.el7.x86_64 nish-deps-20.10-R1.el7.x86_64
    Complete!

The installation process installs the following:

  1. the NISH manager in /usr/bin/nish-manager
  2. nish-manager as a systemd service
  3. the End User License Agreement (EULA) in /usr/share/licenses/nish-manager/EULA
  4. the Linux man pages for nish-manager
  5. a log rotation schedule in /etc/logrotate.d/nish-manager
  6. a CentOS firewalld definition in /usr/lib/firewalld/services/nish-manager.xml
  7. an example configuration file in /etc/nish-manager/nish-manager.conf

4.3. Execution options

By default, the NISH manager is installed as a systemd Linux service and must be started to operate. The operator can also start the NISH manager as an interactive process.

4.3.1. Interactive process

When the preferred method of execution is an interactive process, the operator can start the NISH manager from the Linux command line, as shown in the following example:

[root@server ~]# nish-manager
2020-06-16 18:57:16.329 WARNING: Failed to read backup file: →
'/var/lib/nish-manager/connections.bkp'
2020-06-16 18:57:16.329 WARNING: Could not restore Db from: →
'/var/lib/nish-manager/connections.bkp'
2020-06-16 18:57:16.330 INFO: Server listening on [::]:57400
Note:

  1. To use the nish-manager command to start the NISH manager service, the user must have the required Linux permissions to bind the service to an IP address and TCP port.
  2. The IP address and port number specified cannot conflict with an instance of the NISH manager service that is already running. This also applies if the running instance of the NISH manager service is running within systemd.
  3. To run the NISH manager service in the background, append an ampersand (&) to the command. For information about additional command options, see Command options.
  4. The displayed warnings about the connections.bkp file are the expected behavior for the first run because there is no backup file yet; see Backup file.

The nish-manager command can also be started as an interactive process using a configuration file that contains the required variables to start an instance of the NISH manager. For more information about configuration files, see NISH manager configuration files.

To start the NISH manager as an interactive process using a configuration file, append the filename to the nish-manager command as shown in the following example:

[root@server ~]# nish-manager myconfigfile.conf

4.3.2. Linux service

The NISH manager is installed as a Linux systemd service, which for security reasons is installed as follows:

  1. in a stopped state (not running)
  2. disabled (does not start automatically on reboot)

The operator can either start and enable the NISH manager within systemd at the same time or independently.

To start the NISH manager service within systemd and ensure that it restarts when the service or workstation is rebooted, issue the following commands:

[root@server ~]# systemctl enable nish-manager --now

The enable operation ensures that the NISH manager is started on system boot. The --now switch ensures that the NISH manager service starts immediately.

It is also possible to perform the start and enable operations independently. To do so, issue the following commands:

[root@server ~]# systemctl start nish-manager
[root@server ~]# systemctl enable nish-manager

To disable and stop the NISH manager within systemd, issue the following command:

[root@server ~]# systemctl disable nish-manager --now

The disable operation ensures that NISH manager is no longer started upon reboot. The --now switch ensures that the NISH manager service stops immediately.

To perform the stop and disable operations independently, issue the following commands:

[root@server ~]# systemctl stop nish-manager
[root@server ~]# systemctl disable nish-manager

The following example shows the nish-manager.log output file after startup. After the trademark, legal, and disclaimer information, NISH displays the following:

2020-06-16 18:52:47.952 WARNING: Failed to read backup file: →
'/var/lib/nish-manager/connections.bkp'
2020-06-16 18:52:47.952 WARNING: Could not restore Db from: →
'/var/lib/nish-manager/connections.bkp'
2020-06-16 18:52:47.953 INFO: Server listening on [::]:57400
Note:

The displayed warnings about the connections.bkp file are the expected behavior for the first run because there is no backup file yet; see Backup file.

Multiple NISH manager systemd services can be started simultaneously and each one can maintain its own configuration in a NISH manager configuration file; see NISH manager configuration files for more information.

By default, when the NISH manager is started as a systemd service (for example, using systemctl start nish-manager) it reads from the /etc/nish-manager/nish-manager.conf configuration file, if this file exists. If this file does not exist, the default values are used.

The NISH manager can also be started by systemd using the values specified in a specific NISH manager configuration file. This configuration file must be located in the /etc/nish-manager directory and .conf must be appended to the file extension.

To start a systemd instance of the NISH manager using a configuration file, issue the commands as shown in the following example:

[root@server ~]# systemctl start nish-manager@example1
[root@server ~]# systemctl enable nish-manager@example1

The start command runs the service and reads from the configuration filename provided in the command after the @ symbol. In this example, the nish-manager Linux service starts and reads the configuration file /etc/nish-manager/example1.conf for its instantiation variables.

These commands can be combined together as shown in the following example:

[root@server ~]# systemctl enable nish-manager@example1 --now

Another systemd NISH manager service can be started by adding the configuration filename (without the .conf file extension) after the @ symbol. In the following example, a NISH manager service instance starts and reads the /etc/nish-manager/example2.conf configuration file for its instantiation variables:

[root@server ~]# systemctl enable nish-manager@example2 --now

Multiple systemd NISH manager services can run in parallel if the IP address and TCP port combination bindings do not overlap.

4.4. Command options

The Linux man pages provide an overview of the options/flags for the nish-manager command. Table 3 describes some of the specific options/flags that can be used when starting the NISH manager.

Table 3:  Options/flags for the nish-manager command 

Option/Flag

Description

Reference

--retention

-r

Defines a retention or cleanup interval

See Backup file

--backup

-b

Defines a location for the backup file

See Backup file

--ca-cert

-t

Specifies a CA certificate

See Security

--server-cert

-k

Provides the NISH manager server certificate

See Security

--server-key

-K

Provides the NISH manager server key file

See Security

--log-level

-l

Defines the log level for the NISH manager log file

See Logging

--listen-address

-a

Specifies an IP address for the NISH manager to listen on 1, 2, 3

--listen-port

-p

Specifies a port for the NISH manager to listen on 1, 2, 3

    Notes:

  1. Several listen addresses can be defined.
  2. If the operator omits the address and port for the NISH manager to listen on, the NISH manager listens by default on all IP interfaces available and on the default gRPC port (57400).
  3. Multiple instances of the NISH manager can run on a single server or workstation, if the IP address and port combinations of the instances do not clash.

4.5. Backup file

The NISH manager retains state information in a backup file. It writes the state information to the backup file for every change in the node connections.

To set the retention or cleanup time for connection registrations, use the -r or --retention flag followed by a value in minutes. The NISH manager discards connections that have a timestamp older than the retention period (default is 60 minutes).

To set the location of the backup file, use the -b or --backup flag followed by the absolute or relative path to the backup file. When the flag is present without a path, no backup file is created. When the flag is absent, the backup file is in the default location: /var/lib/nish-manager/connections.bkp.

When the NISH manager starts, it checks whether it was previously run. If a backup file is present, the NISH manager loads the previous state into its dynamic inventory.

4.6. Logging

When running a systemd service, the NISH manager writes logs continually into a plain text logfile located at /var/log/nish-manager/nish-manager.log on the local file system.

When running as a standalone program, the NISH manager writes logs continually to STDOUT.

To set the verbosity level for the log file, use the -l or --log-level flag. The following are the allowed values:

  1. e
    error
  2. w
    warning
  3. i
    info
  4. d
    debug

4.7. NISH manager configuration files

The NISH manager provides the ability to place commonly used attributes into a configuration file that is provided when the NISH manager starts. The configuration file can be used when executing the NISH manager as an interactive process or as a Linux service.

Note:

When a configuration file is provided, the user does not need to manually provide any variables on the command line. However, if variables are provided on the command line, they overwrite the variables provided in the configuration file.

Configuration file location

After the NISH manager installation is completed, an example (and default) configuration file can be found in /etc/nish-manager/nish-manager.conf.

When executing the nish-manager command as a systemd service or as an interactive service, the configuration file must be placed in the /etc/nish-manager directory. This is the only location that the system checks for the file.

Configuration file variables

Table 4 describes the variables that are supported in a NISH manager configuration file.

Table 4:  Supported variables in NISH manager configuration file 

Option/flag

Description

Multiple options per file

NISH_MANAGER_RETENTION

Time that an SR OS node or NISH client connection is retained as a valid node within the NISH manager without an update message, before it is expunged from the NISH manager

No

NISH_MANAGER_LISTEN_ ADDRESS

IPv4 or IPv6 address to which the NISH manager binds; if multiple addresses are required, multiple NISH_ MANAGER_LISTEN_ADDRESS lines must be provided, with one address per line

Default is "::", which indicates to bind to all IPv4 and IPv6 addresses present on the system

Yes

NISH_MANAGER_LISTEN_ PORT

TCP port to which the NISH manager binds; if multiple ports are required, multiple NISH_MANAGER_ LISTEN_PORT lines must be provided with one port per line

Default 57400 is used unless a NISH_ MANAGER_ LISTEN_PORT line is supplied

Yes

NISH_MANAGER_BACKUP_ FILE

Path to the filename that the NISH manager service reads from and writes to, for a persistent cache of connected SR OS nodes and NISH clients

Default is /var/lib/nish-manager/connections.bkp

No

NISH_MANAGER_LOG_LEVEL

Logging verbosity level of the NISH manager process

Default is "i" (informational)

No

NISH_MANAGER_CA_CERT

Path to the CA TLS certificate

No

NISH_MANAGER_SERVER_ CERT

Path to the server TLS certificate

No

NISH_MANAGER_SERVER_ KEY

Path to the service TLS key

No

It is permitted to provision multiple variables in the configuration file for the NISH manager listen address and listen port. Table 5 lists example address/port bindings when multiple variables are used in the configuration file.

Table 5:  Example address/port bindings for configuration file variables 

Example configuration file variables

Address/port binding

NISH_MANAGER_LISTEN_ADDRESS=1.1.1.1

NISH_MANAGER_LISTEN_PORT=57401

NISH_MANAGER_LISTEN_ADDRESS=2.2.2.2

NISH_MANAGER_LISTEN_PORT=57402

1.1.1.1:57401

1.1.1.1:57402

2.2.2.2:57402

2.2.2.2:57403