cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

42
Views
3
Helpful
4
Replies
Highlighted
Cisco Employee

Question about configuring nso 4.1(system install) via CLI

 

Hi Team,

 

 

I had a quick question on nso 4.1 system install. I know by default local auth is disabled and PAM auth is to be used. I have reconfigured the ncs.conf to allow local auth and enabled webui to work with our product. But I am not able to config anything from cli. All I see is exit command. Looks like some role based access control is present ?

 

 

Is there any specific configuration so that I can use the cli with system install ?

 

 

Thanks

 

Georgy

 

Everyone's tags (4)
4 REPLIES 4
Cisco Employee

Re: Question about configuring nso 4.1(system install) via CLI

 

Georgy, I just posted a similar query a short while ago.

 

I had the same issue this afternoon and in my case, CLI started to work after I restarted my Ubuntu 14.04 VM. Merely stopping/starting NSO did not help. Have you tried rebooting your VM ?

 

Are you able to login to the Web UI ?

 

Thanks & Regards,
Nick Khemani

Cisco Employee

Re: Question about configuring nso 4.1(system install) via CLI

 

Georgy,

 

I just did the following to make the 4.1.1 system-install behave as ‘usual' (using PAM auth) by creating a user ‘admin’ with password ‘admin’.

 

If you want to then switch to using local auth you’ll need to explicitly add users in NCS config aaa/authentication/users.

 

-Larry

 

[root@CentOS7-1 NCS]# ./nso-4.1.1.linux.x86_64.installer.bin --system-install

INFO  Using temporary directory /tmp/ncs_installer.12292 to stage NCS installation bundle

INFO  Using /opt/ncs/ncs-4.1.1 for static files

INFO  Using /etc/ncs for configuration files

INFO  Using /var/opt/ncs for run-time state files

INFO  Using /var/log/ncs for log files

INFO  Unpacked ncs-4.1.1 in /opt/ncs/ncs-4.1.1

INFO  Found and unpacked corresponding DOCUMENTATION_PACKAGE

INFO  Found and unpacked corresponding EXAMPLE_PACKAGE

INFO  Generating default SSH hostkey (this may take some time)

INFO  SSH hostkey generated

INFO  Environment set-up generated in /opt/ncs/ncs-4.1.1/ncsrc

INFO  NCS installation script finished

INFO  Found and unpacked corresponding NETSIM_PACKAGE

INFO  Configuring installation for PAM authentication

INFO  Using PAM service system-auth for authentication

INFO  Generating self-signed certificates for HTTPS

INFO  Installed init script /etc/init.d/ncs

INFO  Installed user profile script ncs.sh in /etc/profile.d

INFO  Installed user profile script ncs.csh in /etc/profile.d

INFO  Installed 'logrotate' configuration file ncs in /etc/logrotate.d

INFO  The installation has been configured for PAM authentication,

INFO  with group assignment based on the OS group database

INFO  (e.g. /etc/group file). Users that need access to NCS must

INFO  belong to either the 'ncsadmin' group (for unlimited access

INFO  rights) or the 'ncsoper' group (for minimal access rights).

INFO  To create the 'ncsoper' group, use OS shell command:

  groupadd ncsoper

INFO  To add an existing user to one of these groups, use OS shell command:

  usermod -a -G <groupname> <username>

INFO  NCS installation complete

[root@CentOS7-1 NCS]#

[root@CentOS7-1 NCS]# adduser admin -G ncsadmin

[root@CentOS7-1 NCS]# passwd admin

Changing password for user admin.

New password: admin

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: admin

passwd: all authentication tokens updated successfully.

[root@CentOS7-1 NCS]# groups admin

admin : admin ncsadmin

[root@CentOS7-1 NCS]# /etc/init.d/ncs start

Starting ncs (via systemctl):                              [  OK  ]

[root@CentOS7-1 NCS]# su admin

[admin@CentOS7-1 NCS]$ ncs_cli -u admin

admin connected from 127.0.0.1 using console on CentOS7-1

admin@ncs> ?

Possible completions:

  clear      - Clear parameter

  compare    - Compare running configuration to another configuration or a file

  configure  - Manipulate software configuration information

  describe   - Display transparent command information

  exit       - Exit the management session

  file       - Perform file operations

  help       - Provide help information

  id         - Show user id information

  monitor    - Real-time debugging

  ping       - Ping a host

  ping6      - Ping an ipv6 host

  quit       - Exit the management session

  request    - Make system-level requests

  script     - Script actions

  set        - Set CLI properties

  set-path   - Set relative show path

  show       - Show information about the system

  source     - File to source

  switch     - Change CLI style

  top        - Exit to top level and optionally run command

  traceroute - Trace the route to a remote host

  up         - Exit one level of configuration

admin@ncs> exit

==> SSH is not enabled by default:

[admin@CentOS7-1 NCS]$ ssh admin@127.0.0.1 -p 2024

ssh: connect to host 127.0.0.1 port 2024: Connection refused

[admin@CentOS7-1 NCS]$ netstat -anp | grep tcp | grep LISTEN

(No info could be read for "-p": geteuid()=1001 but you should be root.)

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                  

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                  

tcp        0      0 127.0.0.1:4569          0.0.0.0:*               LISTEN      -                  

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                  

tcp6       0      0 127.0.0.1:9901          :::*                    LISTEN      -                  

tcp6       0      0 127.0.0.1:9902          :::*                    LISTEN      -                  

tcp6       0      0 :::22                   :::*                    LISTEN      -                  

tcp6       0      0 ::1:631                 :::*                    LISTEN      -                  

tcp6       0      0 ::1:25                  :::*                    LISTEN      -      

[admin@CentOS7-1 NCS]$ exit

exit

==> Edit ncs.conf to enable SSH:

[root@CentOS7-1 NCS]# vi /etc/ncs/ncs.conf

<cli>

    <enabled>true</enabled>

    <!-- Use the builtin SSH server -->

    <ssh>

      <enabled>true</enabled>

      <ip>0.0.0.0</ip>

      <port>2024</port>

    </ssh>

[root@CentOS7-1 NCS]# /etc/init.d/ncs restart 

Restarting ncs (via systemctl):                            [  OK  ]

[root@CentOS7-1 NCS]# su admin

[admin@CentOS7-1 NCS]$ ssh admin@127.0.0.1 -p 2024

The authenticity of host '[127.0.0.1]:2024 ([127.0.0.1]:2024)' can't be established.

DSA key fingerprint is 64:c0:83:c1:81:0f:58:9e:c5:ca:18:0e:8c:c8:c7:9a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[127.0.0.1]:2024' (DSA) to the list of known hosts.

admin@127.0.0.1's password: <admin>

admin connected from 127.0.0.1 using ssh on CentOS7-1
admin@ncs> ?
Possible completions:
  clear      - Clear parameter
  compare    - Compare running configuration to another configuration or a file
  configure  - Manipulate software configuration information
  describe   - Display transparent command information
  exit       - Exit the management session
  file       - Perform file operations
  help       - Provide help information
  id         - Show user id information
  monitor    - Real-time debugging
  ping       - Ping a host
  ping6      - Ping an ipv6 host
  quit       - Exit the management session
  request    - Make system-level requests
  script     - Script actions
  set        - Set CLI properties
  set-path   - Set relative show path
  show       - Show information about the system
  source     - File to source
  switch     - Change CLI style
  top        - Exit to top level and optionally run command
  traceroute - Trace the route to a remote host
  up         - Exit one level of configuration

Cisco Employee

Re: Question about configuring nso 4.1(system install) via CLI

 

Nick,

 

 

I enabled webui tcp transport

 

  <webui>

    <enabled>true</enabled>

    <transport>

      <tcp>

        <enabled>true</enabled>

        <ip>0.0.0.0</ip>

        <port>8080</port>

      </tcp>

 

and reloaded the NCS config:

 

[root@CentOS7-1 NCS]# /etc/init.d/ncs reload

Reloading ncs configuration (via systemctl):               [  OK  ]

 

And can log into the Webui as admin/admin.

 

 

-Larry

 

Cisco Employee

Re: Question about configuring nso 4.1(system install) via CLI

 

Thanks Larry, I was trying to login to NSO as root account, basically issued "ncs_cli –u admin" as root account. Switched to admin account and I can see the commands.

 

Nick, Yes I was able to access the UI after enabling webui, port 8080  in ncs.conf

 

Thanks

Georgy

 

Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.