Installation option 3
The following instructions describe how to deploy Prelude with option 3 on two hosts.
Note
If you are installing the demo version of Prelude, you won't need the registry account
Before starting, make sure :
- your host is matching the minimum requirements
- docker and docker compose are installed (Docker Installation Guide)
- you have your registry account credentials (if you don't have an Arolo registry account, contact us)
- downloading Cisco NSO 6.1 container from cisco.com
Note
For the demo version of Prelude, you can get Cisco NSO trial version from NSO website.
You are ready to start !
The following guide is considering that you are installing Prelude in the /opt/prelude folder of each host.
Validate registry authentication
If you are not installing the demo version of Prelude, start by validating that you can connect to Arolo container registry on any of the two host.
Then, enter you username and password. If authentication failed, please contact us.
Install Prelude OneBoard
Connect to the Prelude OneBoard host.
We are providing ready to use docker and config files, get them from gitlab.com.
cd /opt
sudo git clone https://gitlab.com/arolo-solutions/prelude-oneboard-installation
mv prelude-oneboard-installation prelude
cd prelude
And you might end up with the following folder tree in /opt:
└── prelude
├── docker-compose.yml
├── oneboard.env
├── oneboard-config.json
├── ssl/
└── volumes
├── nats
│ └── nats-server.conf
├── oneboard-db/
└── oneboard-storage/
Config variables
In order to set up your environment, you need to replace in the config files the following variables:
- nats-gateway-user-key and nats-gateway-secret-key Gateway keys to authenticate with NATS. Generate nkeys guide
- nats-oneboard-user-key and nats-oneboard-secret-key OneBoard keys to authenticate with NATS. Generate nkeys guide
- northbound-domain-cert-file The name of the cert & key files for web UI HTTPS (by default, these files should be in /opt/prelude/ssl)
- northbound-fqdn The Fully Qualified Domain Name of the northbound interface. It must match with the TLS certificate
- northbound-ip The northbound interface IP
- oneboard-postgre-password Random string of at least 32 characters to authenticate on the oneboard database
- prelude-key Random string of 16 characters to authenticate between Prelude components. It must be the same on for all components of the same Prelude instance
- southbound-ip The southbound interface IP
These variables have to be replaced in the following files:
- oneboard.env oneboard-postgre-password
- oneboard-config.json northbound-domain-cert-file, northbound-fqdn, northbound-ip, oneboard-postgre-password, prelude-key & southbound-ip
- oneboard-seed.txt nats-oneboard-secret-key
- volumes/nats/nats-server.conf nats-gateway-user-key & nats-oneboard-user-key
Select Prelude version
The docker compose file is ready to use for the Prelude demo version installation. To install your production version, replace the image's name by the one that your Arolo contact shared with you.
Make sure that the docker-compose.yml file is using the latest version of Prelude or the one you want to install, here v1.2.
For Prelude demo version install
For Prelude production install
services:
...
oneboard:
image: registry.arolo-solutions.com/<customer>/prelude-<customer>-oneboard:1.2
...
Finally, pull all the containers images:
Make sure, that all images have been pulled, except for NSO.
Run Prelude OneBoard
Expected output :
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
prelude-oneboard-db-1 postgres:16.1-alpine "docker-entrypoint.s…" db-oneboard 6 hours ago Up 6 hours 5432/tcp
prelude-nats-1 nats:2.10-linux "/nats-server -c /et…" nats 6 hours ago Up 6 hours 6222/tcp, 0.0.0.0:4222->4222/tcp, [::]:4222->4222/tcp, 8222/tcp
Migrate the database models :
docker compose run --entrypoint="/app/prelude-oneboard migrate" oneboard
docker compose up -d --remove-orphans
Expected output :
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
prelude-db-oneboard-1 postgres:16.1-alpine "docker-entrypoint.s…" db-oneboard 6 hours ago Up 6 hours 5432/tcp
prelude-nats-1 nats:2.10-linux "/nats-server -c /et…" nats 6 hours ago Up 6 hours 6222/tcp, 0.0.0.0:4222->4222/tcp, [::]:4222->4222/tcp, 8222/tcp
prelude-prelude-1 registry.arolo-solutions.com/self-test/prelude-oneboard:1.2 "/app/prelude-oneboa…" prelude 6 hours ago Up 6 hours 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 0.0.0.0:4010->4010/tcp, [::]:4010->4010/tcp
Create Prelude OneBoard superuser:
docker compose exec -it prelude /app/prelude-oneboard user create -u admin -e john.doe@arolo-solutions.com -p <password>
Open https://northbound-fqdn/ in your web browser and try to log in with the superuser credentials.
Install Prelude Foundation
Connect to the Prelude Foundation host.
We are providing ready to use docker and config files, get them from gitlab.com
cd /opt
sudo git clone https://gitlab.com/arolo-solutions/prelude-foundation-installation
mv prelude-foundation-installation prelude
cd prelude
And you might end up with the following folder tree in /opt:
└── prelude
├── docker-compose.yml
├── gateway.env
├── gateway-config.json
├── ssl/
└── volumes
├── gateway-db/
├── gateway-storage/
└── nso/
Config variables
In order to set up your environment, you need to replace in the config files the following variables:
- gateway-postgre-password Random string of at least 32 characters to authenticate on the gateway database
- nats-gateway-secret-key Gateway keys to authenticate with NATS. Generate nkeys guide
- northbound-ip The northbound interface IP
- northbound-ip-cert-file The name of the cert & key files for northbound API HTTPS (by default, these files should be in /opt/prelude/ssl)
- oneboard-southbound-ip The OneBoard host southbound interface IP
- prelude-key Random string of 16 characters to authenticate between Prelude components. It must be the same on for all components of the same Prelude instance
- southbound-ip The southbound interface IP
These variables have to be replaced in the following files:
- gateway.env gateway-postgre-password
- gateway-config.json gateway-postgre-password, northbound-ip, northbound-ip-cert-file, oneboard-southbound-ip, prelude-key & southbound-ip
- gateway-seed.txt nats-gateway-secret-key
Select Prelude version
The docker compose file is ready to use for the Prelude demo version installation. To install your production version, replace the image's name by the one that your Arolo contact shared with you.
Make sure that the docker-compose.yml file is using the latest version of Prelude or the one you want to install, here v1.2.
For Prelude demo version install
For Prelude production install
Finally, pull all the containers images:
Make sure, that all images have been pulled, except for NSO.
The following error message is expected:
pull access denied for cisco-nso-prod, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Setup Cisco NSO
You will have to adapt the NSO version to the one you got from Cisco.
Extract NSO image and load it in docker local registry:
cd ~
sh nso-6.1.12.container-image-prod.linux.x86_64.signed.bin
docker load -i nso-6.1.12.container-image-prod.linux.x86_64.tar.gz
cd /opt/prelude
Prepare NSO configuration files. This will create the NSO admin user with the given password. You will need this password to configure the NSO connector oin OneBoard.
docker run -itd --name cisco-nso \
-v /opt/prelude/volumes/nso-logs:/log \
-e ADMIN_USERNAME=admin \
-e ADMIN_PASSWORD='<admin-password>' \
cisco-nso-prod:6.1.12
sudo docker cp cisco-nso:/nso ./volumes/
sudo docker cp cisco-nso:/etc/ncs/ncs.conf ./ncs.conf
docker kill cisco-nso
docker rm cisco-nso
Edit NSO configuration file /opt/prelude/ncs.conf to move from pam authentication to local authentication and enable NETCONF northbound API :
<aaa>
<pam>
<enabled>false</enabled>
<service>system-auth</service>
</pam>
<local-authentication>
<enabled>true</enabled>
</local-authentication>
</aaa>
<netconf-north-bound>
<enabled>true</enabled>
<transport>
<ssh>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<port>2022</port>
</ssh>
</transport>
</netconf-north-bound>
In the same file, add the auto-wizard setting at the end of the xml:
Copy Prelude NSO packages in the NSO folder:
To get the Prelude NSO packages, please contact us.
The same is needed for the NEDs, that you can get from Cisco or the NSO website for the NSO trial version
Run Prelude Foundation
Expected output :
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
prelude-db-gateway-1 postgres:16.1-alpine "docker-entrypoint.s…" db-gateway 6 hours ago Up 6 hours 5432/tcp
prelude-nso-1 cisco-nso-prod:6.1.12 "/run-nso.sh" nso 6 hours ago Up 6 hours (healthy) 0.0.0.0:2022->2022/tcp, [::]:2022->2022/tcp
Migrate the database models :
docker compose run --entrypoint="/app/prelude-gateway migrate" gateway
docker compose up -d --remove-orphans
Expected output :
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
prelude-db-gateway-1 postgres:16.1-alpine "docker-entrypoint.s…" db-gateway 6 hours ago Up 6 hours 5432/tcp
prelude-gateway-1 registry.arolo-solutions.com/self-test/prelude-gateway:1.2 "/app/prelude-gatewa…" gateway 6 hours ago Up 6 hours 0.0.0.0:67->67/udp, [::]:67->67/udp, 0.0.0.0:4020-4021->4020-4021/tcp, [::]:4020-4021->4020-4021/tcp
prelude-nso-1 cisco-nso-prod:6.1.12 "/run-nso.sh" nso 6 hours ago Up 6 hours (healthy) 0.0.0.0:2022->2022/tcp, [::]:2022->2022/tcp
Initial Configuration
Finally, you need to register Cisco NSO connector and Prelude Gateway connector in Prelude OneBoard.
Success
Congratulations, you are now ready to enjoy Prelude features !!