cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
202
Views
0
Helpful
5
Replies
Cisco Employee

APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

I was hoping i could get some clarification on adding devices and using NEDs. 

NSO-5.2 system install / RHEL7

NED: ncs-5.2-cisco-apicdc-3.1.7

APIC: Version: 4.1(1i) 

 

I created an authgroup:

devices authgroups group ACI_AUTHGROUP
default-map remote-name NSO
default-map remote-password xxxxxxx

 

I added the APIC as a device:

devices device APIC
address x.x.x.x
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
state admin-state unlocked

 

when i try to connect or sync-from APIC i get the following error:

connection refused: ned-settings/cisco-apicdc/user-name can not be empty

 

I found this post here which has some more settings under the device:

"devices device APIC1
address 192.168.1.2
port 443
authgroup cisco
device-type generic ned-id cisco-apicdc-id
ned-settings cisco-apicdc config-path /tmp/apic
ned-settings cisco-apicdc host 192.168.1.1
ned-settings cisco-apicdc user-name apic
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked"

 

However, this is a production APIC. Since i dont know what they are saying in that post, i cant just apply these settings to see if it would work without knowing exactly what and why im doing it. 

 

My main question is, what is causing the error?

But also:

are there ned-settings that i need to configure for NSO to communicate with an APIC?

if so what did i miss in the documentation that should have said that?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them. 

 

For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.

5 REPLIES 5
Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them. 

 

For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.

Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

To follow up with anyone reading this later, here is what is going on.

To use the APIC NED you need to set the ned-settings under the device in NSO.
here was my final configuration:

devices device APIC
address x.x.x.x
! used for NSO to communicate to the APIC
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
! temp file path for the APIC to SCP its config it. APIC NED will wipe out the directory once the sync-from is complete
ned-settings cisco-apicdc config-path /tmp/apic
! host ip where the APIC will SCP its configuration to
ned-settings cisco-apicdc host 192.168.1.1
! Username for the APIC to use for the SCP connection
ned-settings cisco-apicdc user-name apic
! Password for the APIC to use for the SCP connection(password is encrypted once the command is entered)
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked

if i find official documentation that states this circle back around and update this post.
but i haven't found any yet

Edit: formatting


Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

There is a README file distributed with each NED that is supposed to contain the appropriate special documentation, it should be inside the tar-file that you get. I don't know if this NED has a file that is detailed enough though.
Highlighted
Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

The README.signature file is the only file i noticed. Nothing in there mentions how to use the NED.
Is there another one i should be looking for?
Cisco Employee

Re: APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

Okay, I downloaded the NED that started the thread. When you extract the signed file you get both README.signature and a file called ncs-5.2-cisco-apicdc-3.1.7.tar.gz. Inside ncs-5.2-cisco-apicdc-3.1.7.tar.gz is a file named cisco-apicdc-gen-3.1/README. That file contains some brief instructions on how to use the NED.

.