
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
01-07-2015 07:40 AM - edited 03-01-2019 06:32 AM
Task Name | Custom SSH |
Description | Custom SSH with enhancements |
Prerequisites |
|
Category | Workflow |
Components | |
User Inputs |
|
Output |
|
1 Custom SSH Task
1.1 Introduction
The OOTB SSH command execution custom task have some limitations that made the real usage almost impossible. To avoid this limitations the following Custom SSH task has been created.
1.2 OOTB SSH Limitations
1.2.1 IP Address and Hostname
An IP address is mandatory due Input type. Most of the time the customer are askin to use an IP or a Hostname. The custom task allows that.
1.2.2 Credentials
The username and password has to be entered on the SSH, with the Custom SSH it takes the credentials from the Credentials Policy, this make easier the maintenance and usage of the flows, because most of the time the Customer changes the admin credentials for security reasons. This Custom SSH uses the credentials from the policy, if the credentials are changed there is no need to change the credentials on the workflows.
1.2.3 Finish execution of each command
The OOTB SSH does not wait for each command to be finished, it launch the command and finish without result waiting. This Custom SSH will wait for the finish of each command.
1.2.4 STDOUT and STDERR
The custom SSH will get all the STDOUT and STDERR from all the commands executed on the SSH.
1.2.5 Highest Return Code
The custom SSH will return the highest return code of all commands, so you will be able to check if the execution was successful or not.
1.2.6 Rollback
The custom SSH includes an option for the rollback, using the same features explained above.
1.3 Usage
1.3.1 Import the custom task using the portal
First import the custom tasks from the portal using the standard procedure:
- Extract the file on the Appendix A to your local computer
- Log in into the UCSD portal
- Go to Policies --> Orchestration
- Select Import
- Select the file extracted from the document and click Upload
- Click OK
- Check that the custom task is selected
- Click Import
- After finishing the import go to Custom Workflows Tasks tab
- Check the existence of the Custom SSH Task.
1.3.2 Using Custom Task
To be able to execute the task the following inputs has to be filled.
The Undo Commands are optional, so if you don’t enter undo commands then the task will not generate any rollback task.
Task Inputs
|
The Account Name Input has to match the Credential Name for the credential Policy.
To create a credential policy:
- Go to Policies > Physical Infrastructure Policies > Credential Policies
- Click on Add
- Enter the information for the Credentials
- The Policy Name should match the Account Name on the task Input.
- Click Submit
- The Custom Task Flow will use the Username, Password and Port for the connection.
Task Outputs
|
Just tested and created new workflow on UCSD 6.0.1.0:
Used a Nexus Cred policy
Did not change the original task.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Alex,
I'm running UCSD 5.2.0.1. In this release, the credential policy needs to be of a type of infrastructure component and not as generic as it was in your example.
Which credential policy should be used for your task?
Thanks!!

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
You are right, the credential type should be network device. I need to invest some time to fine tune the 5.2 version.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Alex,
is there any option to add my User Inputs as a variable in the SSH script?
e.g. I need to setup a VLAN on a N5K as Fabricpath. So I want to reach this with a SSH script which simply sets up my newly created VLAN in "mode fabricpath".
You or someone have any idea how I can achieve this?
Thanks in advance!

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
You can add variables to any task using the ${variablename} format.
That only works with workflow defined variables, for variables coming from other tasks on the workflow it should be like:
${TASKNAME.OUTPUTNAME}
so your script look like:
mode fabbricpath ${mytaskname.myoutputname}

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi!
Thanks for the really quick reply.
That was obviously too easy for you
Now it works - thank you very much!

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Nothing but a thing. Let me know if you need any other help.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I have a Asa example on the community site take a look at that. Thx.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
For the SSH Part all is looking fine now. I would have had a question about UCSD and UCS, but I dont want to Hijack this thread... where should I place it correctly?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Ogelbric@cisco.com
-
Orf Gelbrich
Check out UCS Director Workflow INDEX<https://communities.cisco.com/docs/DOC-56419> on Cisco Communities Site

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I've been using this task for å long time, and its really great.
But now after UCSD upgrade to 6.x it stoppet working, giving the following error in the log
Jan 18, 2017 08:53:20 UTC Error occured at line # 49
Jan 18, 2017 08:53:20 UTC [Line#49] throw e;
Jan 18, 2017 08:53:20 UTC Task: getF5ActiveVCMP (custom_Custom SSH) failed with error - com.maverick.ssh.SshException: com.maverick.ssh.SshException in <eval> at line number 49 at column number 21, selectedContext=<None>
Jan 18, 2017 08:53:20 UTC Task #3 (getF5ActiveVCMP (custom_Custom SSH)) failed after 5 seconds
Any idea what might be wrong ?
I've test with both ipv4 and ipv6 devices,

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Just tested on UCSD 6.0.1.0 and it works. Did not change the custom task at all. Only added workflow around it.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I found the error. For some odd reason my F5 credential policy had changed from port 22 to port 443.
Not sure if this happened during the upgrade, or if some other technician have been trying to do something, and not been aware of what they changed (most likely the last is the answer).
Anyway, Putting it back to port 22, and the problem was solved.
Thanks for testing Orf.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I have a ticket in place to be able to create cred pol. for new devices vs. hijacking existing ones.