Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2060
Views
0
Helpful
5
Replies

APIC and NSO: connection refused: ned-settings/cisco-apicdc/user-name can not be empty

Go to solution
bschuste
Cisco Employee
Cisco Employee

‎07-15-2019 01:34 PM

I was hoping i could get some clarification on adding devices and using NEDs. 

NSO-5.2 system install / RHEL7

NED: ncs-5.2-cisco-apicdc-3.1.7

APIC: Version: 4.1(1i) 

 

I created an authgroup:

devices authgroups group ACI_AUTHGROUP
default-map remote-name NSO
default-map remote-password xxxxxxx

 

I added the APIC as a device:

devices device APIC
address x.x.x.x
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
state admin-state unlocked

 

when i try to connect or sync-from APIC i get the following error:

connection refused: ned-settings/cisco-apicdc/user-name can not be empty

 

I found this post here which has some more settings under the device:

"devices device APIC1
address 192.168.1.2
port 443
authgroup cisco
device-type generic ned-id cisco-apicdc-id
ned-settings cisco-apicdc config-path /tmp/apic
ned-settings cisco-apicdc host 192.168.1.1
ned-settings cisco-apicdc user-name apic
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked"

 

However, this is a production APIC. Since i dont know what they are saying in that post, i cant just apply these settings to see if it would work without knowing exactly what and why im doing it. 

 

My main question is, what is causing the error?

But also:

are there ned-settings that i need to configure for NSO to communicate with an APIC?

if so what did i miss in the documentation that should have said that?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tcragg1
Cisco Employee
Cisco Employee

‎07-16-2019 03:18 AM

The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them. 

 

For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
tcragg1
Cisco Employee
Cisco Employee

‎07-16-2019 03:18 AM

The APIC NED works a little differently to other NEDs. Instead of reading the configuration from CLI commands or REST responses directly, NSO triggers the APIC to SCP its XML configuration files to a remote location from which NSO can read them. 

 

For it to work correctly, you don't just need to have NSO be able to authenticate into the APIC, you also need the APIC to be able to SCP its configuration files using the APIC's configuration export policies. In the section of configuration you have quoted, the "ned-settings cisco-apicdc" commands are defining where and how the APIC needs to deposit its configuration. Without having the "ned-settings cisco-apicdc" commands defined, NSO has no way to trigger the SCP of the APIC configuration, and therefore no way to read the configuration, so a sync-from won't be possible without the ned-settings being in place.

0 Helpful

Go to solution
bschuste
Cisco Employee
Cisco Employee
In response to tcragg1

‎07-16-2019 08:24 AM - edited ‎07-16-2019 08:30 AM 

To follow up with anyone reading this later, here is what is going on.

To use the APIC NED you need to set the ned-settings under the device in NSO. 
here was my final configuration:

devices device APIC
address x.x.x.x
! used for NSO to communicate to the APIC
authgroup APIC_AUTHGROUP
device-type generic ned-id cisco-apicdc-gen-3.1
! temp file path for the APIC to SCP its config it. APIC NED will wipe out the directory once the sync-from is complete
ned-settings cisco-apicdc config-path /tmp/apic
! host ip where the APIC will SCP its configuration to
ned-settings cisco-apicdc host 192.168.1.1
! Username for the APIC to use for the SCP connection
ned-settings cisco-apicdc user-name apic
! Password for the APIC to use for the SCP connection(password is encrypted once the command is entered)
ned-settings cisco-apicdc user-password cisco
ned-settings cisco-apicdc port 22
ned-settings cisco-apicdc protocol scp
state admin-state unlocked

if i find official documentation that states this circle back around and update this post.
but i haven't found any yet

Edit: formatting

0 Helpful

Go to solution
vleijon
Cisco Employee
Cisco Employee
In response to bschuste

‎07-16-2019 08:34 AM

There is a README file distributed with each NED that is supposed to contain the appropriate special documentation, it should be inside the tar-file that you get. I don't know if this NED has a file that is detailed enough though.
0 Helpful

Go to solution
bschuste
Cisco Employee
Cisco Employee
In response to vleijon

‎07-16-2019 08:43 AM

The README.signature file is the only file i noticed. Nothing in there mentions how to use the NED.
Is there another one i should be looking for?
0 Helpful

Go to solution
vleijon
Cisco Employee
Cisco Employee
In response to bschuste

‎07-16-2019 08:54 AM

Okay, I downloaded the NED that started the thread. When you extract the signed file you get both README.signature and a file called ncs-5.2-cisco-apicdc-3.1.7.tar.gz. Inside ncs-5.2-cisco-apicdc-3.1.7.tar.gz is a file named cisco-apicdc-gen-3.1/README. That file contains some brief instructions on how to use the NED.

.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community:

Customers Also Viewed These Support Documents