Page tree
Skip to end of metadata
Go to start of metadata

In this section:

 

This procedure explains how to deploy an MCT instance on the OpenStack Dashbord using security keys.

Prerequistes

Create the following before deploying and MCT instance:

Creating an MCT Instance Using Security Keys

To create an MCT instance using security keys:

  1. Log on to OpenStack dashboard.

  2. On the navigation pane, click Project > Orchestration > Stacks.

    Figure : Launch Stack Screen

  3. Click on Launch Stack.

    Figure : Launch Stack Screen

  4. Heat Template: Download the DSI Qcow2 and HEAT template from Salesforce.

     

    Use MCT_HEAT_TEMPLATE_2Stage_SECURITY_KEYS.yaml to launch the MCT stack.

    Figure : Browse Stack Screen

  5. Click Next.
     Enter the required values as given in the following table:

    Table : Template Values

    FieldDescriptionValues
    Stack Name
    A unique name for the stack.
    MCT-1
    Creation Timeout (minutes)
    Time in minutes for stack creation time-out.
     The default value is 60 minutes.
    60
    Rollback on FailureIf you do not wish to view any stack creation log or
    updation, select the Rollback on Failure checkbox.
    unchecked
    Password for user "admin"Admin login password that you require to
    perform operations throughout the stack lifecycle.
    The value is "admin".
    Admin Password

    Admin user login password.

    Provide an encrypted password to the

    admin user account. The admin password input

    parameter is in an encrypted format.

    For more information, refer to

    Example: $1$MCT$qV/7pdlOwk.KezF0c2sSH^C

    Note: If you are not using Ribbon Heat Template,

    add the following lines into your heat template.

    AdminPassword:
        type: string
        label: AdminPassword
        description: Admin Password
        default: ""
    
    chpasswd:
      list: |
        admin:{ get_param: AdminPassword }
    Admin Pass

    Refer to

    Generating a Hashed Password Using Perl

    and copy the password.

    Or

    Generating a Hashed password Using OpenSSL

    and copy the password.

    The value obtained from

    Generating a Hashed Password Using Perl

    Or

    Generating a Hashed password Using OpenSSL

    Availability ZoneIndicates the availability zone in which you
    want to instantiate the MCT instance.
    nova
    Default Gateway InterfaceIndicates the interface where you configured
     the default gateway. The default is eth0.
    eth0

    DNS Servers

    (Optional)

    If you have a DNS Server, specify the DNS

    Server IP address.

    Note: If you have multiple DNS servers,  specify it as

    as x.x.x.x, y.y.y.y (separated by comma)

    10.128.254.68,10.128.254.91

    External Network Id for Management NetworkOnly required, if you mention a Floating IP Count as 1.
    If Floating IP Count is given as 0, Do not mention
    External Network ID.
    ext-net
    FlavorLists all the different types of MCT flavors you can apply
     to the stack.
    DSI
    Floating IP count for Management NetworkSelect a Floating IP count as 1, if you want to assign
    a separate Floating IP, to access the MCT.
    If you do not want to use the Floating IP,
    mention the Floating IP count as 0.
    However,  when you mention a Floating IP as 0,
     you need to have an external Public IP address.

    1 = To assign and use Floating

    IP address

    0 = To use the fixed external

    Public IP address from your network.

    Image
    The unique name of the OpenStack glance image
     created by using the DSI SWe qcow2 image file.
    DSI_V12.00.00R00
    Management Fixed IPThe fixed management IP address from the
    available range of provider network
    management IP addresses.
    10.34.146.251
    Management Fixed IP PrefixThe prefix for IPV4 configured in your network.
    23
    Management Gateway IPThe management gateway IP address.
    10.54.58.1
    Management Network IdThe management network ID for the
    provider management network.
    External OAM 0
    Management Subnet IdThe management subnet ID for the provider
    management network.
    External_OAM_0_SN_V4
    mctuser PasswordMCT user password.
    for example: $6$.pIyCWzzeGtnG/HE$TTal0pX

    The value obtained from

    Generating a Hashed Password Using Perl

    Or

    Generating a Hashed password Using OpenSSL

    Management Interface Routing dataThe management routing data.""
    NtpServers

    The NTP Server IP address, if you have the NTP server.
    This is an optional field.
    Note
    : If you have multiple NTP servers, then it can
    be specified as x.x.x.x, y.y.y.y.
    10.128.254.68,10.128.254.91
    External Network ID for II Management InterfaceThe external network id of the II Management Interface. 
    Floating IP count for II Management InterfaceSelect a Floating IP count as 1, if you want to assign a
     separate Floating IP to access the MCT. If you do not
    want to use a Floating IP, mention Floating IP count as 0.
     However, when you mention the Floating IP as 0, mention
    the external Public IP address.

    1 = To assign and use Floating

    IP address

    0 = To use the fixed external Public

    IP address from your network.

    II Management Fixed IPThe fixed management IP address from the available
     range of the provider's network management IP addresses.
    10.34.148.251
    II Management Fixed IP PrefixThe prefix for IPv4 you have configured in your network.23
    II Management Gateway IPThe management gateway IP address.10.34.148.1
    II Management Network IdThe management network Id for the
    provider management network.
    External OAM 1
    II Management Subnet IdThe management subnet Id for the
     provider management network.
    External_OAM_1_SN_V4
    II Management Interface Routing dataSpecifies the Management Routing data.""
    Security GroupName of the security group associated
    with the stack.
    SONUS
    SFTP Public SSH Key 1 for admin

    The public key that is used for the admin user.

    Refer to  Generating SSH key to instantiate MCT

    The value obtained from
     Generating SSH key to instantiate MCT
    SFTP Public SSH Key 1 for mctuser

    The public key that is used for the mct user.

    Refer to  Generating SSH key to instantiate MCT

    The value obtained from

     Generating SSH key to instantiate MCT

     

    TimeZoneThe TimeZone for your network,
    where the node is set up.
    Asia/Kolkata
    Volume Id
    The Cinder volume id.

    4ecb760f-80a3-4cd2-a551-9fa52d52ea0f

    MCT Installation directory pathThe directory or the path to install the MCT./global/home
     MCT IP Address

    The MCT IP Address to log in.

    10.34.146.251
    MCT Port NumberThe port number where the MCT connects.6610

    Delete Old Files

    The existing PCAP files to be deleted.False

    Diskspace

    The total space allocated for recordings.100
    Maximum Concurrent RecordingsThe maximum concurrent recordings.120
     RTP Port RangeThe ports on MCT, where the RTP recordings are saved.7000-9000
     Root PathThe default root login path./global/home
    Enable Debug TracesSpecifies to enable the debugs or not.true
    Log File PathThe path where all the logs are stored./global/home
    Maximum recordingsThe maximum PCAP files allowed.120
    Live RTP Packet Capture PathThe path where the live recording of the PCAP file is stored./tmp

  6. Click Launch.
    The Stack creation In Progress message is displayed.

    Figure : Stack Creation in Progress


    Once the stack is created, the status changes to Create Complete.

    Figure : Stack Creation Complete

  7. Click on Stack Name and verify whether the events are completed successfully.   

    Figure : Verifying Stack Events


  8. On the navigation pane, click Project > Compute > Instances. Verify whether the MCT instance is active and Power State shows as Running.
     

    Figure : Verifying MCT Instance Status


  9. After you create the MCT instance, click Console to log in.
     

    Figure : MCT Login Screen


     

  10. To verify the installation has succeeded, run a post-installation check. For more information, refer to Post Instantiation MCT checks.

Generating Hash password

Generating a Hashed Password Using Perl

 

  1. Generate the prompt for the password by executing the command:

    perl -le 'print "Password:"; 
    `stty -echo`;
    chomp($passphrase=<STDIN>); 
    `stty echo`; 
    @chars = ("a".."z", "A".."Z", 0..9, ".", "/"); 
    $salt .= $chars[rand @chars] for 1..16; 
    print crypt($passphrase, "\$6\$$salt");'
    Password:
  2. At the password prompt, enter a string password that you want to set. The string is not visible on the console. Instead, the hash value is displayed.
    For example,

    # perl -le 'print "Password:"; `
    stty -echo`; 
    chomp($passphrase=<STDIN>); 
    `stty echo`; 
    @chars = ("a".."z", "A".."Z", 0..9, ".", "/");
    $salt .= $chars[rand @chars] for 1..16; print crypt($passphrase, "\$6\$$salt");'
    Password:
    $6$0xQKiCDy2sAhzq2G$fLfjiUN86kPqmz2nhfziQQ2vhX8/tDy89R4IdQuCx/NpkEnHbcSC7jnUfpjVlx9RtqILlerA7a4xOVMNrmjIG/

    $6$0xQKiCDy2sAhzq2G$fLfjiUN86kPqmz2nhfziQQ2vhX8/tDy89R4IdQuCx/NpkEnHbcSC7jnUfpjVlx9RtqILlerA7a4xOVMNrmjIG/ in the code is the Hash value of the entered string.

Generating a Hashed password Using OpenSSL

You need the admin password in an encrypted format to instantiate MCT

To generate the password, you can use tools such as mkpassword, openssl, and so on.

To generate the admin password:

  1. Execute the following command:

    openssl passwd -1 -salt xyz <password>

    The following is an example of generating an encrypted version of the password "ribbon"

    openssl passwd -1 -salt xyz ribbon

    Sample output:

    $1$xyz$ZqrM8ZFXx4EzYn0waSuWD/

You can use the output as the input value for the field AdminPassword OpenStack GUI while instantiating MCT.

Generating SSH key to instantiate MCT

You need to generate SSH keys to instantiate MCT on OpenStack.

To generate SSH keys:

  1. Execute the following command on a Linux server:

    Check the files id_rsa and id_rsa.pub exist on the Linux server.

    ssh-keygen

    The following prompt is displayed:

    Generating public/private rsa key pair.
    Enter file in which to save the key (<the home directory of the Linux server>/.ssh/id_rsa):
  2. Press Enter. The following prompt is displayed.

    <the home directory of the Linux server>/.ssh/id_rsa already exists.
    Overwrite (y/n)?
  3. Enter "y".
    The following prompt is displayed

    Enter passphrase (empty for no passphrase):
  4. Press Enter.

    The following prompt is displayed:

    Enter same passphrase again:
  5. Press Enter.

    The following prompt is displayed:

    Your identification has been saved in <the home directory of the Linux server>/.ssh/id_rsa.
    Your public key has been saved in <the home directory of the Linux server>/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:NqYFcc0h0Jurdk6hBSQU+BCyV/UQwJBqNt3UUnQRf+I insight@treebeardVm3
    The key's randomart image is:
    +---[RSA 2048]----+
    |. oB*+@*o*+.     |
    | o+..= *o.+      |
    |..ooo + .o o .   |
    |.= ... oo . o    |
    |o .     S. E     |
    |       B.o       |
    |      o..        |
    |      o..        |
    |     . o.        |
    +----[SHA256]-----+