03-23-2021 10:38 PM
Hi,
I am running nso in docker Container, its generating logs in ncs.log but not in netconf.log file.
ncs.conf file:-
<!-- -*- nxml -*- -->
<!-- Example configuration file for ncs. -->
<ncs-config xmlns="http://tail-f.com/yang/tailf-ncs-config">
<!-- NCS can be configured to restrict access for incoming connections -->
<!-- to the IPC listener sockets. The access check requires that -->
<!-- connecting clients prove possession of a shared secret. -->
<ncs-ipc-access-check>
<enabled>false</enabled>
<filename>${NCS_CONFIG_DIR}/ipc_access</filename>
</ncs-ipc-access-check>
<!-- Where to look for .fxs and snmp .bin files to load -->
<load-path>
<dir>${NCS_RUN_DIR}/packages</dir>
<dir>${NCS_DIR}/etc/ncs</dir>
<!-- To disable northbound snmp altogether -->
<!-- comment out the path below -->
<dir>${NCS_DIR}/etc/ncs/snmp</dir>
</load-path>
<!-- Plug and play scripting -->
<scripts>
<dir>${NCS_RUN_DIR}/scripts</dir>
<dir>${NCS_DIR}/scripts</dir>
</scripts>
<state-dir>${NCS_RUN_DIR}/state</state-dir>
<notifications>
<event-streams>
<!-- This is the builtin stream used by NCS to generate northbound -->
<!-- notifications whenever the alarm table is changed. -->
<!-- See tailf-ncs-alarms.yang -->
<!-- If you are not interested in NCS northbound netconf notifications -->
<!-- remove this item since it does consume some CPU -->
<stream>
<name>ncs-alarms</name>
<description>NCS alarms according to tailf-ncs-alarms.yang</description>
<replay-support>false</replay-support>
<builtin-replay-store>
<enabled>false</enabled>
<dir>${NCS_RUN_DIR}/state</dir>
<max-size>S10M</max-size>
<max-files>50</max-files>
</builtin-replay-store>
</stream>
<!-- This is the builtin stream used by NCS to generate northbound -->
<!-- notifications for internal events. -->
<!-- See tailf-ncs-devices.yang -->
<!-- Required for cluster mode. -->
<stream>
<name>ncs-events</name>
<description>NCS event according to tailf-ncs-devices.yang</description>
<replay-support>true</replay-support>
<builtin-replay-store>
<enabled>true</enabled>
<dir>${NCS_RUN_DIR}/state</dir>
<max-size>S10M</max-size>
<max-files>50</max-files>
</builtin-replay-store>
</stream>
<!-- This is the builtin stream used by NCS to generate northbound -->
<!-- notifications for kicker event stream. -->
<!-- See tailf-kicker.yang -->
<!-- Required for cluster mode. -->
<stream>
<name>kicker-events</name>
<description>NCS event according to tailf-kicker.yang</description>
<replay-support>true</replay-support>
<builtin-replay-store>
<enabled>true</enabled>
<dir>${NCS_RUN_DIR}/state</dir>
<max-size>S10M</max-size>
<max-files>50</max-files>
</builtin-replay-store>
</stream>
<!-- This is the builtin stream used by NCS to generate northbound -->
<!-- notifications forwarded from devices. -->
<!-- See tailf-event-forwarding.yang -->
<stream>
<name>device-notifications</name>
<description>NCS events forwarded from devices</description>
<replay-support>true</replay-support>
<builtin-replay-store>
<enabled>true</enabled>
<dir>${NCS_RUN_DIR}/state</dir>
<max-size>S10M</max-size>
<max-files>50</max-files>
</builtin-replay-store>
</stream>
<!-- This is the builtin stream used by NCS to generate northbound -->
<!-- notifications for plan state transitions. -->
<!-- See tailf-ncs-plan.yang -->
<stream>
<name>service-state-changes</name>
<description>Plan state transitions according to
tailf-ncs-plan.yang</description>
<replay-support>false</replay-support>
<builtin-replay-store>
<enabled>false</enabled>
<dir>${NCS_RUN_DIR}/state</dir>
<max-size>S10M</max-size>
<max-files>50</max-files>
</builtin-replay-store>
</stream>
</event-streams>
</notifications>
<!-- Where the database (and init XML) files are kept -->
<cdb>
<db-dir>${NCS_RUN_DIR}/cdb</db-dir>
<!-- Always bring in the good system defaults -->
<init-path>
<dir>${NCS_DIR}/var/ncs/cdb</dir>
</init-path>
</cdb>
<!--
These keys are used to encrypt values of the types
tailf:des3-cbc-encrypted-string, tailf:aes-cfb-128-encrypted-string
and tailf:aes-256-cfb-128-encrypted-string.
For a deployment install it is highly recommended to change
these numbers to something random (done by NCS "system install")
-->
<encrypted-strings>
<external-keys>
<command>${NCS_DIR}/bin/ncs_crypto_keys</command>
<command-argument>${NCS_CONFIG_DIR}/ncs.crypto_keys</command-argument>
</external-keys>
</encrypted-strings>
<logs>
<syslog-config>
<facility>daemon</facility>
</syslog-config>
<ncs-log>
<enabled>true</enabled>
<file>
<name>${NCS_LOG_DIR}/ncs.log</name>
<enabled>true</enabled>
</file>
<syslog>
<enabled>true</enabled>
</syslog>
</ncs-log>
<developer-log>
<enabled>true</enabled>
<file>
<name>${NCS_LOG_DIR}/devel.log</name>
<enabled>true</enabled>
</file>
</developer-log>
<developer-log-level>info</developer-log-level>
<audit-log>
<enabled>true</enabled>
<file>
<name>${NCS_LOG_DIR}/audit.log</name>
<enabled>true</enabled>
</file>
</audit-log>
<netconf-log>
<enabled>true</enabled>
<file>
<name>${NCS_LOG_DIR}/netconf.log</name>
<enabled>true</enabled>
</file>
</netconf-log>
<netconf-trace-log>
<enabled>true</enabled>
<filename>${NCS_LOG_DIR}/netconf.trace</filename>
<format>pretty</format>
</netconf-trace-log>
<snmp-log>
<enabled>true</enabled>
<file>
<name>${NCS_LOG_DIR}/snmp.log</name>
<enabled>true</enabled>
</file>
</snmp-log>
<webui-access-log>
<enabled>true</enabled>
<dir>${NCS_LOG_DIR}</dir>
</webui-access-log>
<!-- This log is disabled by default if ncs is installed using -->
<!-- the 'system-install' flag. It consumes a lot of CPU power -->
<!-- to have this log turned on, OTOH it is the best tool to -->
<!-- debug must expressions in YANG models -->
<xpath-trace-log>
<enabled>false</enabled>
<filename>${NCS_LOG_DIR}/xpath.trace</filename>
</xpath-trace-log>
<error-log>
<enabled>true</enabled>
<filename>${NCS_LOG_DIR}/ncserr.log</filename>
</error-log>
<progress-trace>
<enabled>true</enabled>
<dir>${NCS_LOG_DIR}</dir>
</progress-trace>
</logs>
<aaa>
<ssh-server-key-dir>${NCS_CONFIG_DIR}/ssh</ssh-server-key-dir>
<!-- Depending on OS - and also depending on user requirements -->
<!-- the pam service value value must be tuned. -->
<pam>
<enabled>true</enabled>
<service>common-auth</service>
</pam>
<external-authentication>
<enabled>false</enabled>
<executable>my-test-auth.sh</executable>
</external-authentication>
<local-authentication>
<enabled>false</enabled>
</local-authentication>
<expiration-warning>prompt</expiration-warning>
</aaa>
<!-- Hash algorithm used when setting leafs of type ianach:crypt-hash, -->
<!-- e.g. /aaa/authentication/users/user/password -->
<crypt-hash>
<algorithm>sha-512</algorithm>
</crypt-hash>
<!-- Disable this for performance critical applications, enabling -->
<!-- rollbacks means additional disk IO for each transaction -->
<rollback>
<enabled>true</enabled>
<directory>${NCS_RUN_DIR}/rollbacks</directory>
<history-size>500</history-size>
</rollback>
<cli>
<enabled>true</enabled>
<!-- Use the builtin SSH server -->
<ssh>
<enabled>false</enabled>
<ip>0.0.0.0</ip>
<port>2024</port>
</ssh>
<prompt1>\u@ncs> </prompt1>
<prompt2>\u@ncs% </prompt2>
<c-prompt1>\u@ncs# </c-prompt1>
<c-prompt2>\u@ncs(\m)# </c-prompt2>
<restricted-file-access>true</restricted-file-access>
<show-log-directory>${NCS_LOG_DIR}</show-log-directory>
<show-commit-progress>true</show-commit-progress>
<suppress-commit-message-context>maapi</suppress-commit-message-context>
<suppress-commit-message-context>system</suppress-commit-message-context>
</cli>
<webui>
<enabled>true</enabled>
<transport>
<tcp>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<port>8080</port>
</tcp>
<ssl>
<enabled>false</enabled>
<ip>0.0.0.0</ip>
<port>8888</port>
<key-file>${NCS_CONFIG_DIR}/ssl/cert/host.key</key-file>
<cert-file>${NCS_CONFIG_DIR}/ssl/cert/host.cert</cert-file>
</ssl>
</transport>
<cgi>
<enabled>true</enabled>
<php>
<enabled>false</enabled>
</php>
</cgi>
</webui>
<restconf>
<enabled>true</enabled>
</restconf>
<netconf-north-bound>
<enabled>true</enabled>
<transport>
<ssh>
<enabled>false</enabled>
<ip>0.0.0.0</ip>
<port>2022</port>
</ssh>
<tcp>
<enabled>false</enabled>
<ip>127.0.0.1</ip>
<port>2023</port>
</tcp>
</transport>
</netconf-north-bound>
<netconf-call-home>
<enabled>false</enabled>
<transport>
<tcp>
<ip>0.0.0.0</ip>
<port>4334</port>
</tcp>
</transport>
</netconf-call-home>
<!-- <ha> -->
<!-- <enabled>true</enabled> -->
<!-- </ha> -->
<large-scale>
<lsa>
<!-- Enable Layered Service Architecture, LSA. This requires
a separate Cisco Smart License.
-->
<enabled>false</enabled>
</lsa>
</large-scale>
<!-- Override parameters in the submodules of the tailf-ncs.yang module,
preventing setting of those parameters via northbound interfaces
from having any effect, even if the NACM access rules allow it. -->
<java-vm>
<start-command>DEFAULT</start-command>
<run-in-terminal>
<terminal-command>DEFAULT</terminal-command>
</run-in-terminal>
<stdout-capture>
<enabled>true</enabled>
<file>${NCS_LOG_DIR}/ncs-java-vm.log</file>
</stdout-capture>
</java-vm>
<python-vm>
<start-command>DEFAULT</start-command>
<run-in-terminal>
<terminal-command>DEFAULT</terminal-command>
</run-in-terminal>
<logging>
<log-file-prefix>${NCS_LOG_DIR}/ncs-python-vm</log-file-prefix>
</logging>
</python-vm>
<smart-license>
<smart-agent>
<java-executable>DEFAULT</java-executable>
<java-options>DEFAULT</java-options>
<production-url>DEFAULT</production-url>
<alpha-url>DEFAULT</alpha-url>
<override-url>
<url>DEFAULT</url>
</override-url>
<proxy>
<url>DEFAULT</url>
</proxy>
</smart-agent>
</smart-license>
</ncs-config>
Dockerfile:-
FROM dockerhub.cisco.com/cisco-onc-docker/dev/cisco-nso-base:5.4.1
#RUN mkdir -p /log && useradd -g ncsadmin admin -p admin
ENV HTTP_ENABLE=true ADMIN_PASSWORD=admin
COPY ./neds /nso/run/packages/
COPY ./ncs.conf /etc/ncs/ncs.conf
COPY ./cs_trans_load.beam $NCS_DIR/lib/ncs/patches
COPY ./cs_trans_load.beam /opt/ncs/current/lib/ncs/patches
COPY run-task-post-nso.sh /etc/ncs/post-ncs-start.d/
COPY rotateLogFile.conf /etc/logrotate.d/
COPY logrotate /etc/cron.d/
RUN apt-get update && apt-get -y install logrotate
RUN apt-get install vim -y && apt-get remove nano -y
SHELL ["/bin/sh", "-lc"]
ENTRYPOINT ["/enter-shell.sh"]
EXPOSE 22 80 443 830 4334
HEALTHCHECK --start-period=60s --interval=5s --retries=3 --timeout=5s CMD /opt/ncs/current/bin/ncs_cmd -c get_phase
CMD ["/run-nso.sh"]
Can someone help here?
Did i miss anything ?
03-24-2021 02:06 AM
You are exposing port 830, which is the 'default' port for Netconf over SSH. But the ports used in your ncs.conf are different - 2022 and 2023. More importantly, both "/netconf-north-bound/transport/ssh/enabled" and "/netconf-north-bound/transport/tcp/enabled" are false - so, I think nothing is listening for Netconf, as per your config.
Port 4334 seems to be exposed for netconf-call-home, but that is also not enabled in ncs.conf.
/Ram
03-24-2021 02:07 AM
netconf.log is used to log netconf access via the northbound netconf interface, but in ncs.conf I see that both possible transports for netconf northbound are disabled, so there would be nothing to log. What kind of errors are you seeing when accessing NSO from the netconf interface? I expect you would see connection refused, which means NSO is not listening on the port.
03-24-2021 09:47 PM
We want to log south bound device netconf interactions, which is not happening
03-24-2021 09:49 PM
03-24-2021 09:54 PM
we r doing it by script and can see in UI as well
#!/bin/bash
ncs_cli <<EOF -C -u admin
config
devices global-settings trace pretty
commit
EOF
still its not happening
03-24-2021 09:59 PM
03-24-2021 11:44 PM
if i change trace to pretty or raw for individual device,
getting below error
<INFO> 22-Mar-2021::10:03:44.029 onc-deployerengine-service-866fc64dfc-8df55 ncs[76]: netconf error from netconf agent :undefined: transport closed
03-24-2021 11:31 PM
i am able to do all the operation by a netconf interface but only logs is not happening,
03-24-2021 11:43 PM
i am able to do all the operation by a netconf interface but only logs is not happening, but if i change trace to pretty ,
getting below error
<INFO> 22-Mar-2021::10:03:44.029 onc-deployerengine-service-866fc64dfc-8df55 ncs[76]: netconf error from netconf agent :undefined: transport closed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide