Cisco Cisco Virtual Managed Services 1.02 Troubleshooting Guide

5. Network Services Orchestrator (NSO)

124

5.4 Operations

Start, Stop, Restart NSO

The NSO runs as a process under the host Linux OS and can be started, restarted and stopped using standard
Linux commands. In both Ubuntu and RedHat use the 

service

 command to run a System V init script under

/etc/init.d

.

E.g. 

service ncs [start | restart | stop | status ]

SSL Certificates

The NSO runs two web services (HTTP/HTTPS) for the Zero Touch Deployment (PnP) service and the Day 0
configuration service. Although these servers can be run as plain HTTP, it is recommended to enable HTTPS
for both.

For the PnP service, HTTPS is enabled in the 

pnp

 configuration section of the NSO as shown below.

 admin@ncs-vm> show configuration pnp server
 port    443;
 use-ssl true;

For the Day 0 service, HTTPS is enabled in the 

day0

 configuration section of the NSO as shown below:

 admin@ncs-vm> show configuration day0
 server {

 port    443;
 use-ssl true;  }

The 

/etc/ncs/ncs.conf

 file defines where the required certificate files are located for SSL. By default, the

NSO  will  use  the  self-signed  certificates  found  in 

${NCS_CONFIG_DIR}/ssl/cert/ 

which  translates  to

/etc/ncs/ssl/cert

. For a production system, it is highly recommended that these certificates be replaced

by actual CA signed certificates.

 ubuntu@NSO-vm:~$ ls -l /etc/ncs/ssl/cert/*2.*
 -rw-r--r-- 1 root root 1822 Nov 26 11:32 /etc/ncs/ssl/cert/host2.ca-cert
 -rw-r--r-- 1 root root 1822 Nov 26 11:32 /etc/ncs/ssl/cert/host2.cert
 -rw-r--r-- 1 root root 1651 Nov 26 11:32 /etc/ncs/ssl/cert/host2.csr
 -rw-r--r-- 1 root root 3243 Nov 26 11:32 /etc/ncs/ssl/cert/host2.key