NMX Services Registration
In order for NMX-M to receive network telemetry and control information, NMX-M needs to register with NMX-T and NMX-C.
NMX Manager communicates with those services using mTLS encryption, which requires certificates to be configured.
During installation, mTLS certificates are automatically created and configured.
To have certificates configured for switch-trays that host NMX-C and NMX-T, use create-certificate.sh that can be found at this path: /opt/nvidia/nmx/Installation/Ansible/tools
1. Log in via SSH to the NMX Manager node that was used to run the NMX Manager installation process.
ssh nvidia@<IP_Address>
2. Use the create-certificate.sh script as root. Provide a certificate name, typically the switch's hostname or IP address.
nvidia@ubuntu:~$ su
root@ubuntu:/home/nvidia# /opt/nvidia/nmx/Installation/Ansible/tools/create-certificate.sh example
certificate.cert-manager.io/example-certificate created
Certificate is ready after 10 seconds.
Extracting secret data to local files...
Files created:
-rw-r--r-- 1 root root 1094 May 29 11:57 example-ca.crt
-rw-r--r-- 1 root root 1424 May 29 11:57 example-tls.crt
-rw-r--r-- 1 root root 3243 May 29 11:57 example-tls.key
-rw------- 1 root root 3907 May 29 11:57 example-tls.p12
Done.
3. Copy example-ca.crt and example-tls.p12 to the NVOS switch-tray and configure NMX services to use it.
4. Follow NVIDIA NVOS User Manual for NVLink Switches → NVLink Switching → Cluster Management → Cluster Manager → Cluster Manager Commands to apply the certificates to both NMX-C and NMX-T.
This can be accomplished by sending a POST request to the nmx/v1/services API using the following format:Example POST Request:
{
"Name": "Some-Name",
"Description": "This is a description.",
"ServiceType": "TELEMETRY",
"ServiceConnectionInformation": {
"Address": "1.1.1.1",
"PortNumber": 8001
}
}
Equivalent cURL Command:
curl --request POST \
--url https://NMX_M-IP/nmx/v1/services \
--header 'Authorization: Basic cnctdXNlcjpOdmlkaWExMg==' \
--header 'Content-Type: application/json' \
--data '{
"Name": "Some Name",
"Description": "Sample Description",
"ServiceType": "CONTROLLER",
"ServiceConnectionInformation": {
"Address": "10.188.47.166",
"PortNumber": 9370
}
}'
Note: The Authorization header will use either rw-user or ro-user along with the corresponding password.
Checking the Status of Registered Services
To retrieve the status of all registered services, perform a GET request to the same API.
Example Response:
[
{
"Status": "UP",
"Description": "Description",
"Address": "1.1.1.1",
"UpSince": "2000-01-23T04:56:07.000+00:00",
"Name": "Name",
"ApplicationUUID": "046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"Version": "Version",
"StatusInfo": "StatusInfo",
"ServiceType": "TELEMETRY",
"ID": "551137c2f9e1fac808a5f572",
"ClusterDomainUUID": "046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"PortNumber": 8001,
"RegisteredAt": "2000-01-23T04:56:07.000+00:00"
}
]
Equivalent cURL Command:
curl --request GET \
--url https://NMX-M-IP/nmx/v1/services \
--header 'Authorization: Basic cnctdXNlcjpOdmlkaWExMg=='
Note: The Authorization header will use either rw-user or ro-user along with the corresponding password.
Filtering Services
You can filter the response to retrieve only Telemetry or Controller services. For example, the following command retrieves only Telemetry services:
curl --request GET \
--url https://NMX-M-IP/nmx/v1/services \TELEMETRY&offset=0&limit=1' \
--header 'Authorization: Basic cnctdXNlcjpOdmlkaWExMg=='