NMX Services Registration
In order for NMX-M to receive network telemetry and control information, NMX-M needs to register with NMX-T and NMX-C.
NMX Manager communicates with those services using mTLS encryption, which requires certificates to be configured.
During installation, mTLS certificates are automatically created and configured.
To have certificates configured for switch-trays that host NMX-C and NMX-T, use
create-certificate.sh that can be found at this path:
/opt/nvidia/nmx/Installation/Ansible/tools
1. Log in via SSH to the NMX Manager node that was used to run the NMX Manager installation process.
ssh nvidia@<IP_Address>
2. Use the
create-certificate.sh script as root. Provide a certificate name, typically the switch's hostname or IP address.
nvidia@ubuntu:~$
su
root@ubuntu:/home/nvidia
# /opt/nvidia/nmx/Installation/Ansible/tools/create-certificate.sh example
certificate.cert-manager.io/example-certificate created
Certificate is ready after 10 seconds.
Extracting secret data to
local files...
Files created:
-rw-r--r-- 1 root root 1094 May 29 11:57 example-ca.crt
-rw-r--r-- 1 root root 1424 May 29 11:57 example-tls.crt
-rw-r--r-- 1 root root 3243 May 29 11:57 example-tls.key
-rw------- 1 root root 3907 May 29 11:57 example-tls.p12
Done.
3. Copy
example-ca.crt and
example-tls.p12 to the NVOS switch-tray and configure NMX services to use it.
4. Follow NVIDIA NVOS User Manual for NVLink Switches → NVLink Switching → Cluster Management → Cluster Manager → Cluster Manager Commands to apply the certificates to both NMX-C and NMX-T.
This can be accomplished by sending a POST request to the
nmx/v1/services API using the following format:
Example POST Request:
{
"Name":
"Some-Name",
"Description":
"This is a description.",
"ServiceType":
"TELEMETRY",
"ServiceConnectionInformation": {
"Address":
"10.188.47.166",
"PortNumber":
9351
}
}
Equivalent cURL Command:
curl --request POST \
--url https:
//NMX_M-IP/nmx/v1/services \
--header
'Authorization: Basic cnctdXNlcjpOdmlkaWExMg==' \
--header
'Content-Type: application/json' \
--data '{
"Name":
"Some Name",
"Description":
"Sample Description",
"ServiceType":
"CONTROLLER",
"ServiceConnectionInformation": {
"Address":
"10.188.47.166",
"PortNumber":
9370
}
}'
Note: The Authorization header will use either
rw-user or
ro-user along with the corresponding password.
Checking the Status of Registered Services
To retrieve the status of all registered services, perform a GET request to the same API.
Example Response:
[
{
"Status":
"UP",
"Description":
"Description",
"Address":
"10.188.47.166",
"UpSince":
"2000-01-23T04:56:07.000+00:00",
"Name":
"Name",
"ApplicationUUID":
"046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"Version":
"Version",
"StatusInfo":
"StatusInfo",
"ServiceType":
"TELEMETRY",
"ID":
"551137c2f9e1fac808a5f572",
"ClusterDomainUUID":
"046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"PortNumber":
9351,
"RegisteredAt":
"2000-01-23T04:56:07.000+00:00"
}
]
Equivalent cURL Command:
curl --request GET \
--url https:
//NMX-M-IP/nmx/v1/services \
--header
'Authorization: Basic cnctdXNlcjpOdmlkaWExMg=='
Note: The Authorization header will use either
rw-user or
ro-user along with the corresponding password.
Filtering Services
You can filter the response to retrieve only Telemetry or Controller services. For example, the following command retrieves only Telemetry services:
curl --request GET \
--url https:
//NMX-M-IP/nmx/v1/services \TELEMETRY&offset=0&limit=1' \
--header
'Authorization: Basic cnctdXNlcjpOdmlkaWExMg=='