Network Services Orchestrator, NSO
NSO enabled by Tail-f (a Cisco company) provides end-to-end automation to design and deliver services much faster. It seamlessly integrates all of your infrastructure across different technologies, vendors. Learn more at https://developer.cisco.com/site/nso/
Downloading the NSO
Get the link for downloading nso from Cisco website then download the nso package
basondole@netbox:~$ mkdir nso basondole@netbox:~$ cd nso basondole@netbox:~/nso$ wget "https://devnet-filemedia-download.s3.amazonaws.com/119b2bc7-dbf6-49a1-974d-0a5610e41390/nso-5.1.0.1.linux.x86_64.signed.bin?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAXOWDCPZVVCGUYIRZ%2F20191113%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191113T130414Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=f66d3a819f755e24dfdb08844fb2e9d5fd676f28a518a3ab922347b302cda0b4" -O nso-5.1.0.1 basondole@netbox:~/nso$ ls nso-5.1.0.1 basondole@netbox:~/nso$
Extract the package
basondole@netbox:~/nso$ sh nso-5.1.0.1 Unpacking... Verifying signature... Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ... Successfully downloaded and verified crcam2.cer. Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ... Successfully downloaded and verified innerspace.cer. Successfully verified root, subca and end-entity certificate chain. Successfully fetched a public key from tailf.cer. Successfully verified the signature of nso-5.1.0.1.linux.x86_64.installer.bin using tailf.cer basondole@netbox:~/nso$ ls cisco_x509_verify_release.py nso-5.1.0.1.linux.x86_64.installer.bin README.signature nso-5.1.0.1 nso-5.1.0.1.linux.x86_64.installer.bin.signature tailf.cer basondole@netbox:~/nso$
Installation
In this system, we'll install the nso in the home directory
basondole@netbox:~/nso$ sh nso-5.1.0.1.linux.x86_64.installer.bin $HOME/nso-5.1.0.1 INFO Using temporary directory /tmp/ncs_installer.2786 to stage NCS installation bundle INFO Unpacked ncs-5.1.0.1 in /home/basondole/nso-5.1.0.1 INFO Found and unpacked corresponding DOCUMENTATION_PACKAGE INFO Found and unpacked corresponding EXAMPLE_PACKAGE INFO Generating default SSH hostkey (this may take some time) INFO SSH hostkey generated INFO Environment set-up generated in /home/basondole/nso-5.1.0.1/ncsrc INFO NCS installation script finished INFO Found and unpacked corresponding NETSIM_PACKAGE INFO NCS installation complete basondole@netbox:~/nso$
Incase of a python error
basondole@netbox:~/nso$ sh nso-5.1.0.1 Unpacking... ERROR Verification requires Python version 2.7.4 or later. ERRORTo overcome this do a python install then extrat the file again
basondole@netbox:~/nso$ sudo apt install python . . basondole@netbox:~/nso$ sh nso-5.1.0.1.linux.x86_64.installer.bin $HOME/nso-5.1.0.1
Running the nso
basondole@netbox:~/nso$ cd .. basondole@netbox:~$ ls nso nso-5.1.0.1 basondole@netbox:~$ source $HOME/nso-5.1.0.1/ncsrc basondole@netbox:~$ ncs-setup --dest $HOME/ncs-run basondole@netbox:~$ ls ncs-run nso nso-5.1.0.1 basondole@netbox:~$ cd ncs-run/ basondole@netbox:~/ncs-run$ ls logs ncs-cdb ncs.conf packages README.ncs scripts state basondole@netbox:~/ncs-run$ ncs ! takes a minute to start basondole@netbox:~/ncs-run$ ncs --status basondole@netbox:~/ncs-run$ ncs --version 5.1.0.1 basondole@netbox:~/ncs-run$ ncs --status | grep status status: started basondole@netbox:~/ncs-run$
Accessing the nso
The NSO offers a frontend UI which can be accessed via a web browser via http://192.168.56.20:8080/login.html
Where 192.168.56.20 is my server address
The default login credentials:username: adminpassword: admin
To access the nso via CLI
basondole@netbox:~/ncs-run$ ncs_cli -u admin -C admin connected from 192.168.56.1 using ssh on netbox admin@ncs# exit basondole@netbox:~/ncs-run$
Configuration
To enable pasting of multiple lines of text in the ncs cli add below lines in the ncs config file
basondole@netbox:~/ncs-run$ nano ncs.conf
<enabled>true</enabled>
<space-completion><enabled>false</enabled></space-completion>
<ignore-leading-whitespace>true</ignore-leading-whitespace>
<auto-wizard><enabled>false</enabled></auto-wizard>
To offer support for a range of multivendor devices, NSO uses Network Element Drivers (NEDs).
Using NEDs, NSO makes device configuration commands available over a network wide, multivendor Command Line Interface (CLI), APIs, and user interface
Learn more at https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/network-services-orchestrator/datasheet-c78-734669.html
To verify the pre installed NEDs on your system
basondole@netbox:~/ncs-run$ cd $NCS_DIR basondole@netbox:~/nso-5.1.0.1$ ls packages/ lsa neds services tools basondole@netbox:~/nso-5.1.0.1$ ls packages/neds/ a10-acos-cli-3.0 cisco-ios-cli-3.0 cisco-iosxr-cli-3.0 cisco-nx-cli-3.0 juniper-junos-nc-3.0 alu-sr-cli-3.4 cisco-ios-cli-3.8 cisco-iosxr-cli-3.5 dell-ftos-cli-3.0 basondole@netbox:~/nso-5.1.0.1$
To verif whether the packages are loaded in the ncs
basondole@netbox:~/ncs-run$ ncs_cli -u admin -C admin connected from 192.168.56.1 using ssh on netbox admin@ncs# show packages % No entries found. admin@ncs# exit
If they are not loaded as seen above you can issue a reload command in the ncs
basondole@netbox:~/ncs-run$ ncs_cli -u admin -C admin connected from 192.168.56.1 using ssh on netbox admin@ncs# show packages % No entries found. admin@ncs# packages reload >>> System upgrade is starting. >>> Sessions in configure mode must exit to operational mode. >>> No configuration changes can be performed until upgrade has completed. >>> System upgrade has been cancelled. Error: User java class "com.tailf.packages.ned.ios.UpgradeNedId" exited with status 127 admin@ncs# show packages % No entries found. admin@ncs# exit
If you run into this error confirm you have java installed and if not install java
basondole@netbox:~/ncs-run$ java -version Command 'java' not found, but can be installed with: sudo apt install default-jre sudo apt install openjdk-11-jre-headless sudo apt install openjdk-8-jre-headless basondole@netbox:~/ncs-run$ sudo apt-get update -y . . basondole@netbox:~/ncs-run$ sudo apt-get install openjdk-11-jre -y . . basondole@netbox:~/ncs-run$ sudo apt-get install ant -y . . basondole@netbox:~/ncs-run$ java -version openjdk version "11.0.5" 2019-10-15 OpenJDK Runtime Environment (build 11.0.5+10-post-Ubuntu-0ubuntu1.118.04) OpenJDK 64-Bit Server VM (build 11.0.5+10-post-Ubuntu-0ubuntu1.118.04, mixed mode, sharing)
Also confirm the packages are available on the directory you are running NSO from
in my case I'm running NSO from ~/ncs-run
basondole@netbox:~/ncs-run$ ls packages/ basondole@netbox:~/ncs-run$
If the package directory is empty copy the NEDs from the $NCS_DIR directory
basondole@netbox:~/ncs-run$ cp -r ~/nso-5.1.0.1/packages/neds/* ./packages/ basondole@netbox:~/ncs-run$ ls packages/ cisco-ios-cli-3.0 cisco-iosxr-cli-3.0 cisco-nx-cli-3.0 cisco-ios-cli-3.8 cisco-iosxr-cli-3.5 juniper-junos-nc-3.0
Login to the ncs and reload the packages
basondole@netbox:~/ncs-run$ ncs_cli -u admin -C
admin@ncs# packages reload
.
reload-result {
package cisco-iosxr-cli-3.5
result false
info --ERROR--
}
reload-result {
package cisco-nx-cli-3.0
result false
info --ERROR--
}
reload-result {
package dell-ftos-cli-3.0
result false
info --ERROR--
}
reload-result {
package juniper-junos-nc-3.0
result true
}
basondole@ncs# show packages package oper-status
PACKAGE
PROGRAM META FILE
CODE JAVA BAD NCS PACKAGE PACKAGE CIRCULAR DATA LOAD ERROR
NAME UP ERROR UNINITIALIZED VERSION NAME VERSION DEPENDENCY ERROR ERROR INFO
----------------------------------------------------------------------------------------------------------------
cisco-ios-cli-3.0 - - X - - - - - - -
cisco-nx-cli-3.0 - - X - - - - - - -
cisco-iosxr-cli-3.0 - - X - - - - - - -
dell-ftos-cli-3.0 - - X - - - - - - -
juniper-junos-nc-3.0 X - - - - - - - - -
basondole@ncs# exit
From above we see we had errors loading a couple of NEDs with java unitialized status
The issue here is very likely related to the JavaVM, since all the Java packages are failing,
while the Junos NETCONF NED (which doesn't use any Java) is fine.
Since we have quite a few NEDs, the issue is almost certainly that the JavaVM is out of memory/heap space.
To check the java-vm log on ncs basondole@netbox:~/ncs-run$ less logs/ncs-java-vm.log
To fix the memory problem in my case since my server has 2GB of RAM, I assigned 1GB of memory to java.basondole@netbox:~/ncs-run$ export NCS_JAVA_VM_OPTIONS=-Xmx1G
You can add this to your .bash_profile so that it is done automatically everytime you log in
We then relaunch the ncs
basondole@netbox:~/ncs-run$ ncs --stop
basondole@netbox:~/ncs-run$ ncs
basondole@netbox:~/ncs-run$ ncs_cli -C
basondole connected from 192.168.56.1 using ssh on netbox
basondole@ncs# packages reload
>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully.
.
.
reload-result {
package cisco-iosxr-cli-3.0
result true
}
reload-result {
package cisco-iosxr-cli-3.5
result true
}
reload-result {
package juniper-junos-nc-3.0
result true
}
basondole@ncs#
basondole@ncs# show packages package oper-status
PACKAGE
PROGRAM META FILE
CODE JAVA BAD NCS PACKAGE PACKAGE CIRCULAR DATA LOAD ERROR
NAME UP ERROR UNINITIALIZED VERSION NAME VERSION DEPENDENCY ERROR ERROR INFO
----------------------------------------------------------------------------------------------------------------
cisco-ios-cli-3.0 X - - - - - - - - -
cisco-ios-cli-3.8 X - - - - - - - - -
cisco-iosxr-cli-3.0 X - - - - - - - - -
cisco-iosxr-cli-3.5 X - - - - - - - - -
cisco-nx-cli-3.0 X - - - - - - - - -
juniper-junos-nc-3.0 X - - - - - - - - -
basondole@ncs# exit
basondole@netbox:~/ncs-run$
Adding the auth group to the ncs
Before we can add devices in the ncs we have to define an authentication group
admin@ncs# config admin@ncs(config)# devices authgroups group GROUP01 admin@ncs(config-group-GROUP01)# default-map remote-name fisi admin@ncs(config-group-GROUP01)# default-map remote-password fisi123 admin@ncs(config-group-GROUP01)# top admin@ncs(config)# commit check Validation complete admin@ncs(config)# show configuration diff +devices authgroups group GROUP01 + default-map remote-name fisi + default-map remote-password $8$1SgUsPkoEaFvTwK02flfv5Ta5ut9WBf+I1m+OaTo8vQ= +! admin@ncs(config)# commit Commit complete. admin@ncs(config)# do show configuration commit list 2019-12-24 13:53:45 SNo. ID User Client Time Stamp Label Comment ~~~~ ~~ ~~~~ ~~~~~~ ~~~~~~~~~~ ~~~~~ ~~~~~~~ 1000 10002 admin cli 2019-12-24 13:51:41 1000 10001 system system 2019-11-13 13:42:45
Configuring devices for nso
Configuration is pulled from devices I used on my presentation at Pycon Tanzania Dec 2019 excuse the use of pycon for hostnames
Cisco IOS XR
RP/0/0/CPU0:pycon-iosxr(config)#show configuration Tue Dec 24 14:10:36.560 UTC Building configuration... username fisi secret 5 $1$UV0J$uNLTpu2nr6K2ZhY7z2cks/ ssh server v2 ssh server netconf port 830 ssh server logging netconf-yang agent ssh RP/0/0/CPU0:pycon-iosxr(config)#commit RP/0/0/CPU0:pycon-iosxr(config)#exit RP/0/0/CPU0:pycon-iosxr#crypto key generate rsa
JunOS
fisi@pycon-junos> show configuration system services
ssh;
netconf {
ssh;
}
fisi@pycon-junos> show configuration system login user fisi
uid 2000;
class super-user;
authentication {
encrypted-password "$1$ty9HKQjx$n3zBLWY5HgycHOQW2/epX/"; ## SECRET-DATA
}
Cisco IOS
Only configure ssh
Adding a cisco ios xr device to nso
admin@ncs(config)# devices device pycon-iosxr
admin@ncs(config-device-pycon-iosxr)# address 192.168.56.65
admin@ncs(config-device-pycon-iosxr)# authgroup GROUP01
admin@ncs(config-device-pycon-iosxr)# device-type cli ned-id cisco-iosxr-cli-3.5
admin@ncs(config-device-pycon-iosxr)# device-type cli protocol ssh
admin@ncs(config-device-pycon-iosxr)# state admin-state unlocked
admin@ncs(config-device-pycon-iosxr)# top
admin@ncs(config)# commit check
Validation complete
admin@ncs(config)# show configuration diff
+devices device pycon-iosxr
+ address 192.168.56.65
!
+devices authgroups group GROUP01
+ default-map remote-name fisi
+ default-map remote-password $8$1SgUsPkoEaFvTwK02flfv5Ta5ut9WBf+I1m+OaTo8vQ=
+!
devices device pycon-iosxr
+ authgroup GROUP01
+ device-type cli ned-id cisco-iosxr-cli-3.0
+ device-type cli protocol ssh
+ state admin-state unlocked
+ config
+ no ios:service pad
+ no ios:ip domain-lookup
+ no ios:service password-encryption
+ no ios:cable admission-control preempt priority-voice
+ no ios:cable qos permission create
+ no ios:cable qos permission update
+ no ios:cable qos permission modems
+ no ios:ip cef
+ no ios:ip forward-protocol nd
+ no ios:ipv6 source-route
+ no ios:ipv6 cef
+ no nx:feature ssh
+ no nx:feature telnet
+ !
+!
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)# do show running-config | begin pycon
devices device pycon-iosxr
address 192.168.56.65
authgroup GROUP01
device-type cli ned-id cisco-iosxr-cli-3.0
device-type cli protocol ssh
state admin-state unlocked
config
no ios:service pad
no ios:ip domain-lookup
no ios:service password-encryption
no ios:cable admission-control preempt priority-voice
no ios:cable qos permission create
no ios:cable qos permission update
no ios:cable qos permission modems
no ios:ip cef
no ios:ip forward-protocol nd
no ios:ipv6 source-route
no ios:ipv6 cef
no nx:feature ssh
no nx:feature telnet
.
.
admin@ncs# show devices brief
NAME ADDRESS DESCRIPTION NED ID
------------------------------------------------------------
pycon-iosxr 192.168.56.65 - cisco-iosxr-cli-3.0
After adding the device we fetch its ssh keys and then sync-from so as to sychronise the device config to the ncs database
admin@ncs# devices device pycon-iosxr ssh fetch-host-keys
result updated
fingerprint {
algorithm ssh-rsa
value f6:46:c1:32:19:24:ff:21:e6:ac:0f:85:78:94:77:40
}
admin@ncs# devices device pycon-iosxr ping
result PING 192.168.56.65 (192.168.56.65) 56(84) bytes of data.
64 bytes from 192.168.56.65: icmp_seq=1 ttl=255 time=6.24 ms
--- 192.168.56.65 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.246/6.246/6.246/0.000 ms
admin@ncs# devices device pycon-iosxr sync-from
result true
admin@ncs#
admin@ncs# show devices device pycon-iosxr config
config
yanglib:modules-state module-set-id 762f393abd3986410711f2cf22587ccd
yanglib:modules-state module tailf-ned-cisco-ios-xr 2014-02-18
namespace http://tail-f.com/ned/cisco-ios-xr
conformance-type implement
admin@ncs#
Now after synching the config from the router to the ncs database, we logon to the router and change configuration
RP/0/0/CPU0:pycon-iosxr(config)#username baggy
RP/0/0/CPU0:pycon-iosxr(config-un)#show commi chan diff
Tue Dec 24 14:45:24.827 UTC
Building configuration...
!! IOS XR Configuration 5.3.0
+ username baggy
!
end
RP/0/0/CPU0:pycon-iosxr(config-un)#commit
Then we check with the ncs to see what has changed
admin@ncs# devices device pycon-iosxr compare-config
diff
devices {
device pycon-iosxr {
config {
+ cisco-ios-xr:username baggy {
+ }
}
}
}
admin@ncs#
We see the config that we added on the router is displayed, this is the diff between the actual config on the device and
the config on the ncs database. Here we can either sync-from this device to update the ncs copy of the config or sync-to
to push the config from ncs to the device and removing the added config.
In this case we synced from the device however this was done via web ui.
Back on the device we revert the change and remove the username
RP/0/0/CPU0:pycon-iosxr(config)#load rollback changes last 1 Building configuration... Loading. 53 bytes parsed in 1 sec (51)bytes/sec RP/0/0/CPU0:pycon-iosxr(config)#show commi chan diff Tue Dec 24 14:50:27.226 UTC Building configuration... !! IOS XR Configuration 5.3.0 - username baggy end RP/0/0/CPU0:pycon-iosxr(config)#commit
Then we check with ncs to see what's changed. The dry-run option allows us to preview of what would happen if we are to sync the config but with this option the ncs doesnt actually sync the config. After the dry run we then sync the config from device to ncs database
We can use the show run command to check the synced config
admin@ncs# devices device pycon-iosxr sync-from dry-run
cli config {
- cisco-ios-xr:username baggy {
- }
}
admin@ncs# devices device pycon-iosxr sync-from
result true
admin@ncs#
admin@ncs# show running-config devices device pycon-iosxr
Adding an ios device
devices device pycon-ios address 192.168.56.63 authgroup GROUP01 device-type cli ned-id cisco-ios-cli-3.0 device-type cli protocol ssh state admin-state unlocked top commit devices device pycon-ios ssh fetch-host-keys devices device pycon-ios sync-from
Adding a Junos device
devices device big address 192.168.56.36 authgroup GROUP01 device-type netconf ned-id juniper-junos-nc-3.0 state admin-state unlocked top commit devices device big ssh fetch-host-keys devices device big sync-from
Configuring junos device
In this snippet we will configure an
apply-groupand apply it in the junos device
admin@ncs(config)# devices device big config
admin@ncs(config-config)# junos:configuration groups PYCON
admin@ncs(config-groups-PYCON)# system login
admin@ncs(config-groups-PYCON)# system login class pycon-su
admin@ncs(config-class-pycon-su)# logical-system pycon-junos
admin@ncs(config-class-pycon-su)# permissions all
admin@ncs(config-class-pycon-su)# exit
admin@ncs(config-groups-PYCON)# system login user pycon class pycon-su
admin@ncs(config-user-pycon)# uid 2009
admin@ncs(config-user-pycon)# authentication encrypted-password "$1$bq.XK5AI$33.xHE4FRDm30frQY.9gx0"
admin@ncs(config-user-pycon)# exit
admin@ncs(config-groups-PYCON)# exit
admin@ncs(config-config)# junos:configuration apply-groups PYCON
admin@ncs(config-config)# exit
admin@ncs(config-device-big)# exit
admin@ncs(config)# show configuration devices device big
devices device big
config
junos:configuration apply-groups [ PYCON ]
junos:configuration groups PYCON
system login class pycon-su
logical-system pycon-junos
permissions [ all ]
!
system login user pycon
uid 2009
class pycon-su
authentication encrypted-password $1$bq.XK5AI$33.xHE4FRDm30frQY.9gx0
authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZGRQBprO0LQeiUDW2hR7Yfj3DIF5MbBiG+3/ZyuedS0shbSwxLOMBNhU7MAuXKVuvtzAsFy/IAKN41LhSvq7ppg0Bq+qMsxKJ8U8BY0svM+Hzpe+fJIfJz6R2dp+R79t+EYRR1UdYQO60I2fUdIgazR1AHV1H/6fO/TNXykI2PsqeXSfrTo8Li/WAyRt+1C+U6LPUO5OnkbP+cJxeqtDPkz1I2I7d4izonbmCrIegIGlGpx1ib2/WmqkpX+r0+iqrCQll7TvM73yduC31qMks/g+ncfeuVQPHdLsTlmNWt3MlLCCo+/lVbsMZJuAs38cn4UfpE78qdGY00r4MHIlJ paul@LWBS-STZ-150YNL;"
!
!
!
!
!
admin@ncs(config)#
admin@ncs(config)# show configuration diff
devices device big
config
+ junos:configuration apply-groups [ PYCON ]
+ junos:configuration groups PYCON
+ system login class pycon-su
+ logical-system pycon-junos
+ permissions [ all ]
+ !
+ system login user pycon
+ uid 2009
+ class pycon-su
+ authentication encrypted-password $1$bq.XK5AI$33.xHE4FRDm30frQY.9gx0
+ authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZGRQBprO0LQeiUDW2hR7Yfj3DIF5MbBiG+3/ZyuedS0shbSwxLOMBNhU7MAuXKVuvtzAsFy/IAKN41LhSvq7ppg0Bq+qMsxKJ8U8BY0svM+Hzpe+fJIfJz6R2dp+R79t+EYRR1UdYQO60I2fUdIgazR1AHV1H/6fO/TNXykI2PsqeXSfrTo8Li/WAyRt+1C+U6LPUO5OnkbP+cJxeqtDPkz1I2I7d4izonbmCrIegIGlGpx1ib2/WmqkpX+r0+iqrCQll7TvM73yduC31qMks/g+ncfeuVQPHdLsTlmNWt3MlLCCo+/lVbsMZJuAs38cn4UfpE78qdGY00r4MHIlJ paul@LWBS-STZ-150YNL;"
+ !
+ !
+ !
!
!
admin@ncs(config)#
admin@ncs(config)# devices device big check-sync
result out-of-sync
info got: 2019-12-24 20:07:03 UTC expected: 2019-12-24 19:24:50 UTC
admin@ncs(config)# commit no-out-of-sync-check
Commit complete.
admin@ncs(config)# devices device big check-sync
result unknown
admin@ncs(config)# devices device big sync-to
result true
admin@ncs(config)# devices device big check-sync
result in-sync
You will notice the config flow is not exactly what we are used to with a junos device
however it follows the same hierarchy with junos:configuration being the top level of the config
from which we can go to any other sub stanza and get a corresponding prompt for that
for example the command junos:configuration groups PYCON gets us to the (config-groups-PYCON) prompt
same as edit groups PYCON would take us to [edit groups PYCON] on the JunoS CLI.
We now logon to the junos device and check the config that's been pushed from the nso
fisi@big> show system commit | match ^0
0 2019-12-24 20:07:57 UTC by fisi via netconf
fisi@big> show configuration groups
PYCON {
system {
login {
class pycon-su {
logical-system pycon-junos;
permissions all;
}
user pycon {
uid 2009;
class pycon-su;
authentication {
encrypted-password "$1$bq.XK5AI$33.xHE4FRDm30frQY.9gx0"; ## SECRET-DATA
ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZGRQBprO0LQeiUDW2hR7Yfj3DIF5MbBiG+3/ZyuedS0shbSwxLOMBNhU7MAuXKVuvtzAsFy/IAKN41LhSvq7ppg0Bq+qMsxKJ8U8BY0svM+Hzpe+fJIfJz6R2dp+R79t+EYRR1UdYQO60I2fUdIgazR1AHV1H/6fO/TNXykI2PsqeXSfrTo8Li/WAyRt+1C+U6LPUO5OnkbP+cJxeqtDPkz1I2I7d4izonbmCrIegIGlGpx1ib2/WmqkpX+r0+iqrCQll7TvM73yduC31qMks/g+ncfeuVQPHdLsTlmNWt3MlLCCo+/lVbsMZJuAs38cn4UfpE78qdGY00r4MHIlJ paul@LWBS-STZ-150YNL;"; ## SECRET-DATA
}
}
}
}
}
fisi@big> show configuration apply-groups
## Last commit: 2019-12-24 20:07:57 UTC by fisi
apply-groups PYCON;
fisi@big>
From the above example we see the confiuration has indeed taken effect on the device. This operation was done via the ncs CLI but we can achieve the same effect via the web frontend as well.
Netsim
Netsim offers emulated devices that can be used with the NSO mainly for testing and development.Creating an emulated device
basondole@netbox:~/nso/ncs-run$ ls packages/ cisco-ios-cli-3.8 cisco-iosxr-cli-3.5 juniper-junos-nc-3.0 cisco-ios-cli-3.0 cisco-iosxr-cli-3.0 cisco-nx-cli-3.0 basondole@netbox:~/nso/ncs-run$ cd myownnetsim/ basondole@netbox:~/nso/ncs-run/myownnetsim$ basondole@netbox:~/nso/ncs-run/myownnetsim$ mkdir iosxr basondole@netbox:~/nso/ncs-run/myownnetsim$ cd iosxr basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr$ ncs-netsim create-device cisco-iosxr-cli-3.5 iosxr DEVICE iosxr CREATED basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/$ ls netsim
To start the emulated device
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ cd netsim/ basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ls iosxr README.netsim basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs-netsim start DEVICE iosxr OK STARTED
To check if the device is running
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs-netsim is-alive iosxr DEVICE iosxr OK basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$
To get the port being used by device
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs-netsim list ncs-netsim list for /home/basondole/nso/ncs-run/myownnetsim/iosxr/netsim name=iosxr netconf=12022 snmp=11022 ipc=5010 cli=10022 \ dir=/home/basondole/nso/ncs-run/myownnetsim/iosxr/netsim/iosxr/iosxr basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs-netsim get-port iosxr cli 10022 basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$
Connecting to the device
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs-netsim cli-i iosxr admin connected from 192.168.56.1 using ssh on netbox netbox> enable netbox# show version Cisco IOS XR Software, NETSIM netbox# exit basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$
Adding the device to the nso
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ ncs_cli -C basondole connected from 192.168.56.1 using ssh on netbox basondole@ncs# config Entering configuration mode terminal basondole@ncs(config)# devices device netsim address 127.0.0.1 port 10022 basondole@ncs(config-device-netsim)# device-type cli ned-id cisco-iosxr-cli-3.5 protocol ssh basondole@ncs(config-device-netsim)# authgroup default state admin-state unlocked basondole@ncs(config-device-netsim)# commit basondole@ncs(config-device-netsim)# top basondole@ncs(config)# devices device netsim ssh fetch-host-keys result failed info internal error basondole@ncs(config)# exit basondole# exit
We have run into an error when fetching the host key.
To fix this we have to make sure the right keys are existing in the emulated device ssh directory.
The easy fix is to copy the keys from $NCS_DIR/netsim/confd/etc/confd/ssh/ to our emulated device ssh directory
basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ cp $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key.pub iosxr/iosxr/ssh/ssh_host_rsa_key.pub basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ diff $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key.pub iosxr/iosxr/ssh/ssh_host_rsa_key.pub basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ cp $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key iosxr/iosxr/ssh/ssh_host_rsa_key basondole@netbox:~/nso/ncs-run/myownnetsim/iosxr/netsim$ diff $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key iosxr/iosxr/ssh/ssh_host_rsa_key
Then we restart the nso and the emulated device then fetch the keys again
basondole@netbox:~/nso/ncs-run$ ncs --stop
basondole@netbox:~/nso/ncs-run$ ncs-netsim stop --dir myownnetsim/iosxr/netsim
DEVICE iosxr STOPPED
basondole@netbox:~/nso/ncs-run$ ncs
basondole@netbox:~/nso/ncs-run$ ncs-netsim start --dir myownnetsim/iosxr/netsim
DEVICE iosxr OK STARTED
basondole@netbox:~/nso/ncs-run$ ncs_cli -C -u admin
admin connected from 192.168.56.1 using ssh on netbox
admin@ncs# conf
Entering configuration mode terminal
admin@ncs(config)# devices device netsim ssh fetch-host-keys
result updated
fingerprint {
algorithm ssh-rsa
value ff:18:c0:6b:8b:fa:04:d4:8c:ed:91:ce:25:66:e9:df
}
admin@ncs(config)#
Adding multiple devices
Verifying the NEDs available
basondole@netbox:~/nso/ncs-run$ ls logs ncs-cdb ncs.conf packages README.ncs scripts state storedstate target basondole@netbox:~/nso/ncs-run$ ls packages/ cisco-ios-cli-3.8 cisco-iosxr-cli-3.5 juniper-junos-nc-3.0 cisco-ios-cli-3.0 cisco-iosxr-cli-3.0 cisco-nx-cli-3.0 basondole@netbox:~/nso/ncs-run$
Creating the devices
basondole@netbox:~/nso/ncs-run$ ncs-netsim create-device cisco-ios-cli-3.8 netsim-ios-00 DEVICE netsim-ios-00 CREATED basondole@netbox:~/nso/ncs-run$ ncs-netsim add-device cisco-iosxr-cli-3.5 netsim-xr-00 DEVICE netsim-xr-00 CREATED basondole@netbox:~/nso/ncs-run$ ncs-netsim add-device juniper-junos-nc-3.0 netsim-junos-00 DEVICE netsim-junos-00 CREATED basondole@netbox:~/nso/ncs-run$ ls logs ncs-cdb ncs.conf netsim packages README.ncs scripts state storedstate target basondole@netbox:~/nso/ncs-run$Note:
We initially created one device using
create-device. The following devices were added using add-device
Starting the devices
basondole@netbox:~/nso/ncs-run$ cd netsim basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim start netsim-ios-00 DEVICE netsim-ios-00 OK STARTED basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim start netsim-xr-00 DEVICE netsim-xr-00 OK STARTED basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim start netsim-junos-00 DEVICE netsim-junos-00 OK STARTED basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim list ncs-netsim list for /home/basondole/nso/ncs-run/netsim name=netsim-ios-00 netconf=12022 snmp=11022 ipc=5010 cli=10022 dir=/home/basondole/nso/ncs-run/netsim/netsim-ios-00/netsim-ios-00 name=netsim-xr-00 netconf=12023 snmp=11023 ipc=5011 cli=10023 dir=/home/basondole/nso/ncs-run/netsim/netsim-xr-00/netsim-xr-00 name=netsim-junos-00 netconf=12024 snmp=11024 ipc=5012 cli=10024 dir=/home/basondole/nso/ncs-run/netsim/netsim-junos-00/netsim-junos-00 basondole@netbox:~/nso/ncs-run/netsim$
Connecting to the devices via ssh
basondole@netbox:~/nso/ncs-run/netsim$ ssh admin@127.0.0.1 -p 10022 admin@127.0.0.1's password: admin connected from 127.0.0.1 using ssh on netbox netsim-ios-00> exit Connection to 127.0.0.1 closed. basondole@netbox:~/nso/ncs-run/netsim$ ssh admin@127.0.0.1 -p 10023 admin@127.0.0.1's password: admin connected from 127.0.0.1 using ssh on netbox netbox# exit Connection to 127.0.0.1 closed. basondole@netbox:~/nso/ncs-run/netsim$ ssh admin@127.0.0.1 -p 10024 admin@127.0.0.1's password: admin connected from 127.0.0.1 using ssh on netbox admin@netsim-junos-00>exit Connection to 127.0.0.1 closed. basondole@netbox:~/nso/ncs-run/netsim$
Bulk export of devices to the nso
When we have multiple emulated devices we can easily export them to the nso easing the urden of addin the devices one by one
basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim ncs-xml-init > devices.xml
/home/basondole/nso/nso-5.1.0.1/bin/ncs-netsim: line 895: xsltproc: command not found
/home/basondole/nso/nso-5.1.0.1/bin/ncs-netsim: line 895: xsltproc: command not found
/home/basondole/nso/nso-5.1.0.1/bin/ncs-netsim: line 895: xsltproc: command not found
/home/basondole/nso/nso-5.1.0.1/bin/ncs-netsim: line 895: xsltproc: command not found
basondole@netbox:~/nso/ncs-run/netsim$ ls
devices.xml netsim-ios-00 netsim-junos-00 netsim-nx-00 netsim-xr-00 README.netsim
basondole@netbox:~/nso/ncs-run/netsim$ ncs_load -l -m devices.xml
ncs_load: 690: maapi_apply_trans_flags(sock, tid, 0, aflags) failed: Unsatisfied must constraint (41): \
/ncs:devices/device{netsim-ios-00}/device-type : must configure one of: snmp, cli, generic, netconf
basondole@netbox:~/nso/ncs-run/netsim$
To uderstand the error we have to check the contents of the created file devices.xml
basondole@netbox:~/nso/ncs-run/netsim$ less devices.xml
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>netsim-ios-00</name>
<address>127.0.0.1</address>
<port>10022</port>
<ssh>
<host-key>
<algorithm>ssh-rsa</algorithm>
<key-data>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/23... basondole@netbox</key-data>
</host-key>
</ssh>
<state>
<admin-state>unlocked</admin-state>
</state>
<authgroup>default</authgroup>
<device-type>
<cli>
</cli>
</device-type>
</device>
We see the device-type is not defined. We therefore have to edit it manually. To get the device type you can add the device manully to the nso
basondole@netbox:~/nso/ncs-run/netsim$ ncs_cli -C
basondole@ncs(config)# show configuration | exclude no
devices device test
address test
authgroup default
device-type cli ned-id cisco-nx-cli-3.0
device-type cli protocol ssh
config
!
!
basondole@ncs(config)# commit dry-run outformat xml
result-xml {
local-node {
data <devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>test</name>
<address>test</address>
<authgroup>default</authgroup>
<device-type>
<cli>
<ned-id xmlns:cisco-nx-cli-3.0="http://tail-f.com/ns/ned-id/cisco-nx-cli-3.0">cisco-nx-cli-3.0:cisco-nx-cli-3.0</ned-id>
<protocol>ssh</protocol>
</cli>
</device-type>
</device>
</devices>
}
}
basondole@ncs(config)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] no
basondole@ncs# exit
We then copy the device-type and paste in the corresponding section in the device.xml file
which then becomes
basondole@netbox:~/nso/ncs-run/netsim$ less devices.xml
devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>netsim-ios-00</name>
<address>127.0.0.1</address>
<port>10022</port>
<ssh>
<host-key>
<algorithm>ssh-rsa</algorithm>
<key-data>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/23... basondole@netbox</key-data>
</host-key>
</ssh>
<state>
<admin-state>unlocked</admin-state>
</state>
<authgroup>default</authgroup>
<device-type>
<cli>
<ned-id xmlns:cisco-ios-cli-3.8="http://tail-f.com/ns/ned-id/cisco-ios-cli-3.8">cisco-ios-cli-3.8:cisco-ios-cli-3.8</ned-id>
<protocol>ssh</protocol>
</cli>
</device-type>
</device>
Loading the devices to the nso
basondole@netbox:~/nso/ncs-run/netsim$ ncs_load -l -m devices.xml basondole@netbox:~/nso/ncs-run/netsim$ ncs_cli -C basondole connected from 192.168.56.1 using ssh on netbox basondole@ncs# show devices brief NAME ADDRESS DESCRIPTION NED ID netsim-ios-00 127.0.0.1 - cisco-ios-cli-3.8 netsim-junos-00 127.0.0.1 - juniper-junos-nc-3.0 netsim-nx-00 127.0.0.1 - cisco-nx-cli-3.0 netsim-xr-00 127.0.0.1 - cisco-iosxr-cli-3.5 basondole@ncs#
Adding devices to a group
basondole@netbox:~/nso/ncs-run/netsim$ ncs_cli -C -u admin
admin connected from 192.168.56.1 using ssh on netbox
admin@ncs# config
admin@ncs(config)# devices device-group netsim
admin@ncs(config-device-group-netsim)# device-name netsim-ios-00
admin@ncs(config-device-group-netsim)# device-name netsim-xr-00
admin@ncs(config-device-group-netsim)# device-name netsim-nx-00
admin@ncs(config-device-group-netsim)# device-name netsim-junos-00
admin@ncs(config-device-group-netsim)# top
admin@ncs(config)# show configuration
devices device-group netsim
device-name [ netsim-ios-00 netsim-junos-00 netsim-nx-00 netsim-xr-00 ]
!
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)# do show devices device-group member
NAME MEMBER
---------------------------------------------------------------------
netsim [ netsim-ios-00 netsim-junos-00 netsim-nx-00 netsim-xr-00 ]
admin@ncs(config)# do devices device-group netsim sync-from
sync-result {
device netsim-ios-00
result true
}
sync-result {
device netsim-junos-00
result true
}
sync-result {
device netsim-nx-00
result true
}
sync-result {
device netsim-xr-00
result true
}
admin@ncs(config)#
Baseconfig template
This template will configure below parameters- domain name
- ntp server
- syslog server
- username fisi
The template models ios, iosxr, nxos and junos syntax
admin@ncs(config)# show configuration
devices template baseconf
ned-id cisco-ios-cli-3.8
config
ios:ip domain name basondole.org
ios:username fisi
privilege 15
secret secret fisi123
!
ios:logging host 10.10.1.100
!
ios:ntp server ip peer-list 10.10.1.100
!
!
!
ned-id cisco-iosxr-cli-3.5
config
cisco-ios-xr:logging host 10.10.1.100
!
cisco-ios-xr:domain name basondole.org
cisco-ios-xr:ntp server server-list 10.10.1.100
!
cisco-ios-xr:username fisi
privilege 15
secret password fisi123
!
!
!
ned-id juniper-junos-nc-3.0
config
junos:configuration system domain-name basondole.org
junos:configuration system login user fisi
class super-user
authentication plain-text-password-value fisi123
!
junos:configuration system syslog host 10.10.1.100
!
junos:configuration system ntp server 10.10.1.100
!
!
!
ned-id cisco-nx-cli-3.0
config
nx:username fisi
password password fisi123
!
nx:ip domain-name basondole.org
nx:ntp server 10.10.1.100
!
nx:logging server host 10.10.1.100
!
!
!
admin@ncs(config)# commit
Applying the template to devices
admin@ncs(config)# devices device-group netsim apply-template template-name baseconf
apply-template-result {
device netsim-junos-00
result ok
}
apply-template-result {
device netsim-nx-00
result ok
}
apply-template-result {
device netsim-xr-00
result ok
}
admin@ncs(config)# show configuration
devices device netsim-junos-00
config
junos:configuration system domain-name basondole.org
junos:configuration system login user fisi
class super-user
authentication plain-text-password-value fisi123
!
junos:configuration system syslog host 10.10.1.100
!
junos:configuration system ntp server 10.10.1.100
!
!
!
devices device netsim-nx-00
config
nx:username fisi password fisi123
nx:ip domain-name basondole.org
nx:ntp server 10.10.1.100
nx:logging server 10.10.1.100
!
!
devices device netsim-xr-00
config
cisco-ios-xr:logging 10.10.1.100
cisco-ios-xr:domain name basondole.org
cisco-ios-xr:ntp
server 10.10.1.100
exit
cisco-ios-xr:username fisi
privilege 15
exit
!
!
admin@ncs(config)# commit dry-run outformat native
native {
device {
name netsim-junos-00
data <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="1">
<edit-config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<target>
<candidate/>
</target>
<test-option>test-then-set</test-option>
<error-option>rollback-on-error</error-option>
<with-inactive xmlns="http://tail-f.com/ns/netconf/inactive/1.0"/>
<config>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm">
<system>
<syslog>
<host>
<name>10.10.1.100</name>
</host>
</syslog>
<domain-name>basondole.org</domain-name>
<login>
<user>
<name>fisi</name>
<class>super-user</class>
<authentication>
<plain-text-password-value>fisi123</plain-text-password-value>
</authentication>
</user>
</login>
<ntp>
<server>
<name>10.10.1.100</name>
</server>
</ntp>
</system>
</configuration>
</config>
</edit-config>
</rpc>
}
device {
name netsim-nx-00
data username fisi password fisi123
ip domain-name basondole.org
ntp server 10.10.1.100
logging server 10.10.1.100
}
device {
name netsim-xr-00
data logging 10.10.1.100
domain name basondole.org
ntp
server 10.10.1.100
exit
username fisi
privilege 15
exit
}
}
admin@ncs(config)# commit
Commit complete.
Services
Creating service for deploying radius server
Creating an Yang Module using NSO Bash commands
basondole@netbox:~/nso/ncs-run/packages$ ncs-make-package --service-skeleton template simple_radius --augment /ncs:services
basondole@netbox:~/nso/ncs-run/packages$ cd simple_radius/
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ nano src/yang/simple_radius.yang
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ cat src/yang/simple_radius.yang
module simple_radius {
namespace "http://com/example/simple_radius";
prefix simple_radius;
import ietf-inet-types {
prefix inet;
}
import tailf-ncs {
prefix ncs;
}
<b>import tailf-common { prefix tailf; }</b>
augment /ncs:services {
list simple_radius {
tailf:info "deploy radius server config for iosrx nxos junos";
key server-ip;
uses ncs:service-data;
ncs:servicepoint "simple_radius";
leaf server-ip {
tailf:info "ipv4 address of the radius server";
type inet:ipv4-address;
}
leaf-list device {
tailf:info "device to deploy the service to";
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
}
leaf-list secret {
tailf:info "secret key";
type string;
}
}
} // augment /ncs:services {
}
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ cd src/
basondole@netbox:~/nso/ncs-run/packages/simple_radius/src$ make
/home/basondole/nso/nso-5.1.0.1/bin/ncsc `ls simple_radius-ann.yang > /dev/null 2>&1 && echo "-a simple_radius-ann.yang"` \
-c -o ../load-dir/simple_radius.fxs yang/simple_radius.yang
basondole@netbox:~/nso/ncs-run/packages/simple_radius/src$
Creating xml template
We will create device template based on the actual CLI configuration. Below are the configuration options- server ip
- authentication port
- accounting port
- key
We configure this on the NSO and then we produce the xml formatted config.
basondole@netbox:~/ncs-run/packages/simple_radius/src$ ncs_cli -C
basondole@ncs# config
Entering configuration mode terminal
basondole@ncs(config)# devices device pycon-iosxr config cisco-ios-xr:radius-server host 10.10.1.100 auth-port 1812 acct-port 1813
basondole@ncs(config-radius-host)# commit dry-run outformat xml
result-xml {
local-node {
data <devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>pycon-iosxr</name>
<config>
<radius-server xmlns="http://tail-f.com/ned/cisco-ios-xr">
<host>
<id>10.10.1.100</id>
<auth-port>1812</auth-port>
<acct-port>1813</acct-port>
</host>
</radius-server>
</config>
</device>
</devices>
}
}
basondole@ncs(config-radius-host)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] no
basondole@ncs#basondole@ncs# exit
We repeat the above procedure to get xml config for all our devices ios, iosxr, nxos and junos
then we edit the xml template by adding the xml config from above process
basondole@netbox:~/nso/ncs-run/packages/simple_radius/src$ cd ../
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ nano templates/simple_radius-template.xml
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ cat templates/simple_radius-template.xml
<config-template xmlns="http://tail-f.com/ns/config/1.0"
servicepoint="simple_radius">
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<!--
Select the devices from some data structure in the service
model. In this skeleton the devices are specified in a leaf-list.
Select all devices in that leaf-list:
-->
<name>{/device}</name>
<config>
<!--
Add device-specific parameters here.
-->
<radius-server xmlns="http://tail-f.com/ned/cisco-nx">
<host>
<id>{/server-ip}</id>
<key>
<encryption>0</encryption>
<password>{/secret}</password>
</key>
</host>
</radius-server>
<radius-server xmlns="http://tail-f.com/ned/cisco-ios-xr">
<host>
<id>{/server-ip}</id>
<auth-port>1812</auth-port>
<acct-port>1813</acct-port>
<key>
<key-container>
<key>{/secret}</key>
</key-container>
</key>
</host>
</radius-server>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm">
<system>
<radius-server>
<name>{/server-ip}</name>
<port>1812</port>
<accounting-port>1813</accounting-port>
<secret>{/secret}</secret>
</radius-server>
</system>
</configuration>
</config>
</device>
</devices>
</config-template>
Adding the service to nso
basondole@netbox:~/ncs-run/packages/simple_radius$ ncs_cli -C
basondole connected from 192.168.56.1 using ssh on netbox
basondole@ncs# packages reload
>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully
.
.
reload-result {
package simple_radius
result true
}
Deploying the service on the router
admin@ncs# conf
Entering configuration mode terminal
admin@ncs(config)# services simple_radius 10.10.1.100 device netsim-junos-00 secret fisi321
admin@ncs(config-simple_radius-10.10.1.100)# exit
admin@ncs(config)# services simple_radius 10.10.1.100 device netsim-nx-00 secret fisi321
admin@ncs(config-simple_radius-10.10.1.100)# exit
admin@ncs(config)# services simple_radius 10.10.1.100 device netsim-xr-00 secret fisi321
admin@ncs(config-simple_radius-10.10.1.100)# exit
admin@ncs(config)#
admin@ncs(config)# commit dry-run
cli {
local-node {
data devices {
device netsim-junos-00 {
config {
junos:configuration {
system {
+ # first
+ radius-server 10.10.1.100 {
+ port 1812;
+ accounting-port 1813;
+ secret fisi321;
+ }
}
}
}
}
device netsim-nx-00 {
config {
nx:radius-server {
+ host 10.10.1.100 {
+ key {
+ encryption 0;
+ password fisi321;
+ }
+ }
}
}
}
device netsim-xr-00 {
config {
cisco-ios-xr:radius-server {
+ host 10.10.1.100 {
+ auth-port 1812;
+ acct-port 1813;
+ key {
+ key-container {
+ key fisi321;
+ }
+ }
+ }
}
}
}
}
services {
+ simple_radius 10.10.1.100 {
+ device [ netsim-junos-00 netsim-nx-00 netsim-xr-00 ];
+ }
}
}
}
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)#
Verification
basondole@netbox:~/nso/ncs-run/packages/simple_radius$ ncs_cli -u admin admin connected from 192.168.56.1 using ssh on netbox admin@ncs> configure [edit] admin@ncs% show services simple_radius | tab SERVER IP DEVICE SECRET ------------------------------------------------------------------------- 10.10.1.100 [ netsim-junos-00 netsim-nx-00 netsim-xr-00 ] [ fisi321 ] [ok][2019-12-28 18:31:01] [edit]
Switching to the netsim directory so as to access the emulated devicesbasondole@netbox:~/nso/ncs-run/packages/simple_radius$ cd ../../netsim/
ios xr
basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim cli-i netsim-xr-00 admin connected from 192.168.56.1 using ssh on netbox netbox> enable netbox# show run logging 10.10.1.100 domain name basondole.org radius-server host 10.10.1.100 auth-port 1812 acct-port 1813 key fisi321 exit ntp server 10.10.1.100 exit username fisi privilege 15 exit netbox# exit
nx os
basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim cli-i netsim-nx-00 admin connected from 192.168.56.1 using ssh on netbox netbox> enable netbox# show run no feature ssh no feature telnet username fisi password fisi123 ip domain-name basondole.org ! ntp server 10.10.1.100 logging server 10.10.1.100 radius-server host 10.10.1.100 key 0 fisi321 netbox# exit
junos
basondole@netbox:~/nso/ncs-run/netsim$ ncs-netsim cli netsim-junos-00
admin connected from 192.168.56.1 using ssh on netbox
admin@netsim-junos-00>show configuration configuration system
host-name netsim-junos-00;
domain-name basondole.org;
radius-server 10.10.1.100 {
port 1812;
accounting-port 1813;
secret fisi321;
}
login {
user fisi {
class super-user;
authentication {
plain-text-password-value fisi123;
}
}
}
syslog {
host 10.10.1.100;
}
ntp {
server 10.10.1.100;
}
[ok][2019-12-28 17:54:53]
admin@netsim-junos-00>exit
basondole@netbox:~/nso/ncs-run/netsim$
Using the nso with junos-like cli to deploy service
basondole@netbox:~/nso/ncs-run/netsim$ ncs_cli -u admin
admin connected from 192.168.56.1 using ssh on netbox
admin@ncs> configure
Entering configuration mode private
[ok][2019-12-28 18:22:15]
[edit]
admin@ncs% set services simple_radius 10.1.1.1 device pycon-iosxr secret fisi123
[ok][2019-12-28 18:23:36]
[edit]
admin@ncs% show | compare
services {
+ simple_radius 10.1.1.1 {
+ device [ pycon-iosxr ];
+ secret [ fisi123 ];
+ }
}
[ok][2019-12-28 18:23:42]
[edit]
admin@ncs% commit check
Validation complete
[ok][2019-12-28 18:24:01]
[edit]
admin@ncs% commit
[edit]
admin@ncs%
Un-deploying and re-ploying service
Un-deploying the service
basondole@netbox:~/nso/ncs-run/netsim$ ncs_cli -u admin admin connected from 192.168.56.1 using ssh on netbox admin@ncs> configure Entering configuration mode private [ok][2019-12-28 19:09:51] [edit] admin@ncs% edit services simple_radius 10.10.1.100 [ok][2019-12-28 19:09:56] [edit services simple_radius 10.10.1.100] admin@ncs% request un-deploy [ok][2019-12-28 19:10:05] [edit services simple_radius 10.10.1.100] admin@ncs% request check-sync in-sync false [ok][2019-12-28 19:10:11]
Re-deploying the service
[edit services simple_radius 10.10.1.100] admin@ncs% request re-deploy [ok][2019-12-28 19:10:19] [edit services simple_radius 10.10.1.100] admin@ncs% System message at 2019-12-28 19:10:19... Commit performed by admin via ssh using cli. admin@ncs% request check-sync in-sync true [ok][2019-12-28 19:10:22] [edit services simple_radius 10.10.1.100] admin@ncs%