07-15-2019 01:34 PM
I was hoping i could get some clarification on adding devices and using NEDs.
NSO-5.2 system install / RHEL7
NED: ncs-5.2-cisco-apicdc-3.1.7
APIC: Version: 4.1(1i)
I created an authgroup:
devices authgroups group ACI_AUTHGROUP
default-map remote-name NSO
default-map remote-password xxxxxxx
I added the APIC as a device:
devices device APIC
address x.x.x.x
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
state admin-state unlocked
when i try to connect or sync-from APIC i get the following error:
connection refused: ned-settings/cisco-apicdc/user-name can not be empty
I found this post here which has some more settings under the device:
"devices device APIC1
address 192.168.1.2
port 443
authgroup cisco
device-type generic ned-id cisco-apicdc-id
ned-settings cisco-apicdc config-path /tmp/apic
ned-settings cisco-apicdc host 192.168.1.1
ned-settings cisco-apicdc user-name apic
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked"
However, this is a production APIC. Since i dont know what they are saying in that post, i cant just apply these settings to see if it would work without knowing exactly what and why im doing it.
My main question is, what is causing the error?
But also:
are there ned-settings that i need to configure for NSO to communicate with an APIC?
if so what did i miss in the documentation that should have said that?
Thanks
Solved! Go to Solution.
07-16-2019 03:18 AM
The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them.
For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.
07-16-2019 03:18 AM
The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them.
For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.
07-16-2019 08:24 AM - edited 07-16-2019 08:30 AM
To follow up with anyone reading this later, here is what is going on.
To use the APIC NED you need to set the ned-settings under the device in NSO.
here was my final configuration:
devices device APIC
address x.x.x.x
! used for NSO to communicate to the APIC
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
! temp file path for the APIC to SCP its config it. APIC NED will wipe out the directory once the sync-from is complete
ned-settings cisco-apicdc config-path /tmp/apic
! host ip where the APIC will SCP its configuration to
ned-settings cisco-apicdc host 192.168.1.1
! Username for the APIC to use for the SCP connection
ned-settings cisco-apicdc user-name apic
! Password for the APIC to use for the SCP connection(password is encrypted once the command is entered)
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked
if i find official documentation that states this circle back around and update this post.
but i haven't found any yet
Edit: formatting
07-16-2019 08:34 AM
07-16-2019 08:43 AM
07-16-2019 08:54 AM
Okay, I downloaded the NED that started the thread. When you extract the signed file you get both README.signature and a file called ncs-5.2-cisco-apicdc-3.1.7.tar.gz. Inside ncs-5.2-cisco-apicdc-3.1.7.tar.gz is a file named cisco-apicdc-gen-3.1/README. That file contains some brief instructions on how to use the NED.
.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide