diff --git a/content/includes/nim/installation/optional-steps/disable-metrics-collection.md b/content/includes/nim/installation/optional-steps/disable-metrics-collection.md index 9ccd93654..3204e6299 100644 --- a/content/includes/nim/installation/optional-steps/disable-metrics-collection.md +++ b/content/includes/nim/installation/optional-steps/disable-metrics-collection.md @@ -6,6 +6,6 @@ files: - content/nim/disconnected/offline-install-guide.md --- -If you’re not collecting metrics—because you didn’t install ClickHouse or don’t plan to use it—you must disable metrics collection in the `/etc/nms/nms.conf` file. This setup requires NGINX Agent version {{< lightweight-nim-nginx-agent-version >}}. +If you’re not collecting metrics — because you didn’t install ClickHouse or don’t plan to use it — you must disable metrics collection in the `/etc/nms/nms.conf` and `/etc/nms/nms-sm-conf.yaml` files. This setup requires NGINX Agent version {{< lightweight-nim-nginx-agent-version >}}. For instructions, see [Disable metrics collection]({{< ref "nim/system-configuration/configure-clickhouse.md#disable-metrics-collection" >}}). \ No newline at end of file diff --git a/content/nim/deploy/kubernetes/deploy-using-helm.md b/content/nim/deploy/kubernetes/deploy-using-helm.md index 3b36c5a0e..bed9203a9 100644 --- a/content/nim/deploy/kubernetes/deploy-using-helm.md +++ b/content/nim/deploy/kubernetes/deploy-using-helm.md @@ -72,7 +72,7 @@ kubectl create secret docker-registry regcred \ ### OpenShift ```shell -oc new-project nms +oc new-project nms && \ oc create secret docker-registry regcred \ --docker-server=private-registry.nginx.com \ --docker-username= \ diff --git a/content/nim/deploy/vm-bare-metal/install-nim-manual.md b/content/nim/deploy/vm-bare-metal/install-nim-manual.md index fa8f6df42..3c8e956c0 100644 --- a/content/nim/deploy/vm-bare-metal/install-nim-manual.md +++ b/content/nim/deploy/vm-bare-metal/install-nim-manual.md @@ -58,7 +58,7 @@ Follow these steps to download the certificate and private key for NGINX Instanc Install NGINX Open Source or NGINX Plus on the host where you'll install NGINX Instance Manager. NGINX Instance Manager uses NGINX as a front-end proxy and for managing user access. -- [Installing NGINX and NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/) +- [Installing NGINX and NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}})
@@ -88,9 +88,9 @@ Make sure to review the [Technical Specifications]({{< ref "/nim/fundamentals/te NGINX Instance Manager uses ClickHouse to store metrics, events, alerts, and configuration data. -In 2.20.0, we introduced Lightweight mode, which can skip the ClickHouse installation entirely. It’s ideal if you don’t need monitoring data or want a simpler setup. This reduces system requirements and avoids the work of managing a metrics database. You can add ClickHouse later if your needs change. +Starting in version 2.20.0, you can run NGINX Instance Manager in Lightweight mode, which skips the ClickHouse installation entirely. This setup works well if you don’t need monitoring data or want to reduce system requirements. It also avoids the effort of managing a metrics database. You can add ClickHouse later if your needs change. -If you don’t need to store metrics, you can skip installing ClickHouse. But you must use NGINX Agent version {{< lightweight-nim-nginx-agent-version >}}, and you must disable metrics collection in the `/etc/nms/nms.conf` file. +If you don’t need to store metrics, you can skip installing ClickHouse. But you must use NGINX Agent version {{< lightweight-nim-nginx-agent-version >}}, and you must disable metrics collection in the `/etc/nms/nms.conf` and `/etc/nms-sm.conf.yaml` files. For instructions, see [Disable metrics collection]({{< ref "nim/system-configuration/configure-clickhouse.md#disable-metrics-collection" >}}). @@ -203,7 +203,7 @@ To install NGINX Instance Manager, you need to add the official repository to pu 1. To upgrade to the latest version of the Instance Manager, run the following command: ```bash - sudo apt-get update + sudo apt-get update && \ sudo apt-get install -y --only-upgrade nms-instance-manager ``` diff --git a/content/nim/disconnected/add-license-disconnected-deployment.md b/content/nim/disconnected/add-license-disconnected-deployment.md index e4a272a6a..1039852aa 100644 --- a/content/nim/disconnected/add-license-disconnected-deployment.md +++ b/content/nim/disconnected/add-license-disconnected-deployment.md @@ -18,7 +18,7 @@ type: This guide shows you how to add a license to NGINX Instance Manager in a disconnected (offline) environment. In this setup, systems don’t have internet access. You’ll download and apply your subscription’s JSON Web Token (JWT) license, then verify your entitlements with F5. -{{< call-out "tip" "Using the REST API" "" >}}{{< include "nim/how-to-access-nim-api.md" >}}{{}} +{{< call-out "tip" "Using the REST API" "" >}}{{< include "nim/how-to-access-nim-api.md" >}}{{}} ## Before you begin @@ -39,7 +39,7 @@ To configure NGINX Instance Manager for a disconnected environment, you need to ## Add license and submit initial usage report {#add-license-submit-initial-usage-report} -{{}} +{{< tabs name="submit-usage-report" >}} {{%tab name="Bash script (recommended)"%}} @@ -86,7 +86,7 @@ To license NGINX Instance Manager, complete each of the following steps in order Run these `curl` commands on a system that can access NGINX Instance Manager and connect to `https://product.apis.f5.com/` on port `443`. Replace each placeholder with your specific values. -{{}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{}} +{{< important >}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{}} 1. **Add the license to NGINX Instance Manager**: @@ -117,7 +117,7 @@ Run these `curl` commands on a system that can access NGINX Instance Manager and --header "referer: https:///ui/settings/license" ``` -1. **Update the license configuration on NGINX Instance Manager**: +1. **Update the license configuration on NGINX Instance Manager (not required in 2.20 or later)**: This step ensures that the license configuration is fully applied. diff --git a/content/nim/fundamentals/tech-specs.md b/content/nim/fundamentals/tech-specs.md index d5035bac0..685794aec 100644 --- a/content/nim/fundamentals/tech-specs.md +++ b/content/nim/fundamentals/tech-specs.md @@ -38,13 +38,13 @@ This section outlines the recommendations for NGINX Instance Manager deployments We recommend using SSDs to enhance storage performance. -{{}} +{{< bootstrap-table "table table-striped table-bordered" >}} | Number of Data Plane Instances | CPU | Memory | Network | Storage | |--------------------------------|--------|----------|-----------|---------| | 10 | 2 vCPU | 4 GB RAM | 1 GbE NIC | 100 GB | | 100 | 2 vCPU | 4 GB RAM | 1 GbE NIC | 1 TB | | 1000 | 4 vCPU | 8 GB RAM | 1 GbE NIC | 3 TB | -{{}} +{{}} These values represent the minimum resources needed for deployments that fall under standard configurations. @@ -52,22 +52,33 @@ These values represent the minimum resources needed for deployments that fall un For environments requiring more resources, **large configurations** are suitable. These configurations can support up to **300 upstream servers** and are designed for enterprise environments or applications handling high traffic and complex configurations, without NGINX App Protect. -{{}} +{{< bootstrap-table "table table-striped table-bordered" >}} | Number of Data Plane Instances | CPU | Memory | Network | Storage | |--------------------------------|--------|----------|-----------|---------| | 50 | 4 vCPU | 8 GB RAM | 1 GbE NIC | 1 TB | | 250 | 4 vCPU | 8 GB RAM | 1 GbE NIC | 2 TB | -{{}} +{{}} ### NGINX configuration deployments with NGINX App Protect {#system-sizing-app-protect} If using NGINX App Protect features in NGINX Instance Manager, this requires additional CPU and Memory for policy compilation and security monitoring features. At a minimum, 8gb Memory and 4 CPUs are required for a standard NGINX App Protect use case (under 20 NGINX Plus instances). The requirements are heavily dependent on the number of policies being managed, the frequency of updates and the number of events being that occur in the security monitoring feature. +### Lightweight mode {#lightweight-mode} + +(New in 2.20.0) You can run NGINX Instance Manager without installing ClickHouse. This setup is useful if you don’t need monitoring data or prefer a simpler deployment. It reduces system requirements and removes the need to manage a metrics database. You can add ClickHouse later if your needs change. For instructions, see [Disable metrics collection]({{< ref "nim/system-configuration/configure-clickhouse.md#disable-metrics-collection" >}}). + +In Lightweight mode, we tested NGINX Instance Manager with ten managed NGINX instances and configuration publishing. It ran with as little as 1 CPU core and 1 GB of memory (without App Protect). When App Protect was enabled, we needed 2 CPU cores and 4 GB of memory to compile policies. + +These figures are guidelines only. They reflect the minimum tested configuration and may cause performance issues depending on your setup. For better performance, consider allocating more system resources. + + ### License and usage reporting only {#reporting-sizing} -This section assumes you've configured NGINX Instance Manager to manage your NGINX instances for licensing and usage reporting only. NGINX commercial license and usage reporting is done in an “unmanaged” way, where NGINX sends a request periodically to NGINX Instance Manager solely for counting purposes. For more information, see how you would [Prepare your environment for reporting]({{< ref "/solutions/about-subscription-licenses.md#set-up-environment" >}}). +This section applies when you’ve set up NGINX Instance Manager to handle licensing and usage reporting only. In this setup, NGINX instances report license and usage data in an "unmanaged" way. Each instance sends periodic updates to NGINX Instance Manager for counting purposes only. + +For details on how to configure this setup, see [Prepare your environment for reporting]({{< ref "/solutions/about-subscription-licenses.md#set-up-environment" >}}). -Therefore, the requirements for NGINX Instance Manager when used solely for licensing and usage reporting are minimal. +When used only for licensing and usage reporting, NGINX Instance Manager has minimal system requirements. We recommend using [Lightweight mode](#lightweight-mode) in this case to avoid the ClickHouse dependency, especially if you don’t plan to use other features. {{}} | Number of Data Plane Instances | CPU | Memory | Network | Storage | diff --git a/content/nim/system-configuration/configure-clickhouse.md b/content/nim/system-configuration/configure-clickhouse.md index 3f4a7f1be..2e2990d21 100644 --- a/content/nim/system-configuration/configure-clickhouse.md +++ b/content/nim/system-configuration/configure-clickhouse.md @@ -13,7 +13,7 @@ type: ## Overview NGINX Instance Manager uses ClickHouse to store metrics, events, alerts, and configuration data. -If your setup differs from the default configuration—for example, if you use a custom address, enable TLS, set a password, or turn off metrics—you need to update the `/etc/nms/nms.conf` file. +If your setup differs from the default configuration — for example, if you use a custom address, enable TLS, set a password, or turn off metrics — you need to update the `/etc/nms/nms.conf` file. This guide explains how to update those settings so that NGINX Instance Manager can connect to ClickHouse correctly. @@ -38,19 +38,27 @@ Unless otherwise specified in the `/etc/nms/nms.conf` file, NGINX Instance Manag ## Disable metrics collection -As of version 2.20, NGINX Instance Manager can run without ClickHouse. This lightweight mode reduces system requirements and simplifies installation for users who do not need metrics. To use this setup, you must run NGINX Agent version {{< lightweight-nim-nginx-agent-version >}}. +Starting in version 2.20, NGINX Instance Manager can run without ClickHouse. This lightweight mode reduces system requirements and simplifies installation for users who don't need metrics. To use this setup, you must run NGINX Agent version `{{< lightweight-nim-nginx-agent-version >}}`. To disable metrics collection after installing NGINX Instance Manager: -1. Open the configuration file at `/etc/nms/nms.conf`. - +1. Open the config file at `/etc/nms/nms.conf`. + 2. In the `[clickhouse]` section, set the following value: ```yaml - enable = false + clickhouse: + enable = false ``` -3. Restart the NGINX Instance Manager service: +3. Open the `/etc/nms/nms-sm-conf.yaml` file and set: + + ```yaml + clickhouse: + enable = false + ``` + +4. Restart the NGINX Instance Manager service: ```shell sudo systemctl restart nms diff --git a/static/scripts/install-nim-bundle.sh b/static/scripts/install-nim-bundle.sh old mode 100755 new mode 100644 index 7dc020eac..fb60d615a --- a/static/scripts/install-nim-bundle.sh +++ b/static/scripts/install-nim-bundle.sh @@ -566,14 +566,9 @@ This action deletes all files in the following directories: /etc/nms , /etc/ngin getLatestPkgVersionFromRepo(){ repoUrl=$1 version=$2 - pkg_extension=$3 - if [[ "${pkg_extension}" == "rpm" ]]; then - response=$(curl --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} -sL "${repoUrl}" | awk -F '"' '/href=/ {print $2}' | grep -E "$version"| sort -t'-' -k4,4V | tac) - readarray -t versions < <(printf "%s" "${response}") - else - response=$(curl --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} -sL "${repoUrl}" | awk -F '"' '/href=/ {print $2}' | grep -E "$version"| sort -t'_' -k2,2V | tac) - readarray -t versions < <(printf "%s" "${response}") - fi + sort_fields=$3 + response=$(curl --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} -sL "${repoUrl}" | awk -F '"' '/href=/ {print $2}' | grep -E "$version"| eval sort "$sort_fields" | tac) + readarray -t versions < <(printf "%s" "${response}") if [ "${#versions[@]}" -eq 0 ]; then printf "Package %s not found. See available versions:" "${versions[@]}" exit 1; @@ -602,22 +597,26 @@ package_nim_offline(){ cd "${TEMP_DIR}/${TARGET_DISTRIBUTION}" || echo "directory ${TEMP_DIR} does not exits" if [[ "${USE_NGINX_PLUS}" == "true" ]]; then NGINX_PLUS_PACKAGE="^nginx-plus_[0-9]+-([0-9]+)~${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}_${OS_ARCH}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'_' -k2,2V" if [[ "${PKG_EXTENSION}" == "rpm" ]]; then NGINX_PLUS_PACKAGE="^nginx-plus-[0-9]+-([0-9]+)${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'-' -k3,3V" fi echo "regex for looking latest version : ${NGINX_PLUS_PACKAGE}" - NGINX_PLUS_VERSION=$(getLatestPkgVersionFromRepo "${NGINX_PLUS_REPO[${TARGET_DISTRIBUTION}]}" "${NGINX_PLUS_PACKAGE}" "${PKG_EXTENSION}") + NGINX_PLUS_VERSION=$(getLatestPkgVersionFromRepo "${NGINX_PLUS_REPO[${TARGET_DISTRIBUTION}]}" "${NGINX_PLUS_PACKAGE}" "${SORT_FIELDS}") echo "latest version for nginx_plus is ${NGINX_PLUS_VERSION}" echo "Downloading ${NGINX_PLUS_REPO[${TARGET_DISTRIBUTION}]}/${NGINX_PLUS_VERSION}...." curl -sfLO --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} "${NGINX_PLUS_REPO[${TARGET_DISTRIBUTION}]}/${NGINX_PLUS_VERSION}" check_last_command_status "curl -sfLO --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} \"${NGINX_PLUS_REPO[${TARGET_DISTRIBUTION}]}/${NGINX_PLUS_VERSION}\"" $? else NGINX_OSS_PACKAGE="^nginx_[0-9]+\.[0-9]+\.[0-9]+-([0-9]+)~${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}_${OS_ARCH}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'_' -k2,2V" if [[ "${PKG_EXTENSION}" == "rpm" ]]; then NGINX_OSS_PACKAGE="^nginx-[0-9]+\.[0-9]+\.[0-9]+-([0-9]+)${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'-' -k2,2V" fi echo "fetching latest version using ${NGINX_OSS_PACKAGE}" - NGINX_OSS_VERSION=$(getLatestPkgVersionFromRepo "${NGINX_REPO[${TARGET_DISTRIBUTION}]}" "${NGINX_OSS_PACKAGE}" "${PKG_EXTENSION}") + NGINX_OSS_VERSION=$(getLatestPkgVersionFromRepo "${NGINX_REPO[${TARGET_DISTRIBUTION}]}" "${NGINX_OSS_PACKAGE}" "${SORT_FIELDS}") echo "latest version for nginx is ${NGINX_OSS_VERSION}" echo "Downloading ${NGINX_REPO[${TARGET_DISTRIBUTION}]}/${NGINX_OSS_VERSION}...." curl -sfLO "${NGINX_REPO[${TARGET_DISTRIBUTION}]}/${NGINX_OSS_VERSION}" @@ -649,10 +648,12 @@ package_nim_offline(){ check_last_command_status "curl -sfLO \"${CLICKHOUSE_CLIENT_PATH}\"" $? fi NIM_PACKAGE_PATH="^nms-instance-manager_[0-9]+\.[0-9]+\.[0-9]+-([0-9]+)~${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}_${OS_ARCH}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'_' -k2,2V" if [[ "${PKG_EXTENSION}" == "rpm" ]]; then NIM_PACKAGE_PATH="^nms-instance-manager-[0-9]+\.[0-9]+\.[0-9]+-([0-9]+)${OS_DISTRO_MAP[${TARGET_DISTRIBUTION}]}\.${PKG_EXTENSION}$" + SORT_FIELDS="-t'-' -k4,4V" fi - NIM_PACKAGE_VERSION=$(getLatestPkgVersionFromRepo "${NIM_REPO[${TARGET_DISTRIBUTION}]}" "${NIM_PACKAGE_PATH}" "${PKG_EXTENSION}") + NIM_PACKAGE_VERSION=$(getLatestPkgVersionFromRepo "${NIM_REPO[${TARGET_DISTRIBUTION}]}" "${NIM_PACKAGE_PATH}" "${SORT_FIELDS}") echo "Latest version for nginx instance manager is ${NIM_PACKAGE_VERSION}...." curl -sfLO --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} "${NIM_REPO[${TARGET_DISTRIBUTION}]}/${NIM_PACKAGE_VERSION}" check_last_command_status "curl -sfLO --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} \"${NIM_REPO[${TARGET_DISTRIBUTION}]}/${NIM_PACKAGE_VERSION}\"" $?