CISCO Change Automation NSO Function Pack Installation Guide

Cov ntsiab lus zais

1 CISCO Change Automation NSO Function Pack

2 Cov ntaub ntawv khoom

3 Taw qhia

4 Installing/Upgrade thiab Configuring

5 Configuring DLM hauv Cisco Crosswork

6 Kev daws teeb meem

7 FAQ

8 Cov ntaub ntawv / Cov ntaub ntawv

8.1 Cov ntaub ntawv

CISCO Change Automation NSO Function Pack

Specifications

Khoom: Cisco Crosswork Hloov Automation NSO Function Pob
Version: 7.0.2

Cov ntaub ntawv khoom

Cisco Crosswork Change Automation NSO Function Pack yog tsim los pab txhawb kev teeb tsa, teeb tsa, thiab kev tswj hwm ntawm Cisco Crosswork Hloov Automation ntawm Cisco Network Services Orchestrator (NSO). Nws suav nrog cov yam ntxwv los tsim cov neeg siv tshwj xeeb, teeb tsa DLM hauv Cisco Crosswork, thiab kev daws teeb meem ua haujlwm.

Taw qhia

Cov ntaub ntawv no piav qhia yuav ua li cas rub tawm, nruab, thiab teeb tsa Cisco Crosswork Change Automation (CA) muaj nuj nqi pob ntawm Cisco Network Services Orchestrator (NSO). Tsis tas li ntawd, cov ntaub ntawv piav qhia txog kev teeb tsa uas xav tau rau Crosswork Hloov Automation hauv Cisco Crosswork.

Lub hom phiaj
Phau ntawv no piav txog:

Txhim kho cov ncab-7.0.3-nso-6.1.16.3.20250509.dbe70d0.tar.gz 6.1.16.3 thiab cov kev teeb tsa cuam tshuam rau cov haujlwm pob ntawm Cisco NSO.

Lub authgroup configurations rau tsim ib tug tshwj xeeb usermap (umap) rau Hloov Automation.
DLM configurations thiab Hloov Automation daim ntawv thov teeb tsa xav tau hauv Cisco Crosswork 7.0.2

Yam yuavtsum tau kawm uantej
Cov npe hauv qab no qhia qhov tsawg kawg nkaus versions ntawm Cisco NSO thiab Cisco Crosswork uas Crosswork Hloov Automation muaj nuj nqi pob v7.0 yog sib xws:

Cisco NSO: v6.1.16.3 system install.
Cisco Crosswork v7.0.2

Installing/Upgrade thiab Configuring

Cov ntu hauv qab no qhia yuav ua li cas rau nruab cw-device-auth function pack ntawm system nruab Cisco NSO 6.1.11.2 lossis siab dua.

Txhim kho / txhim kho Function Pack

Rub tawm cw-device-auth v7.0.0 los ntawm qhov chaw cia rau koj Cisco NSO.
Luam the downloaded tar.gz archive of the function pack to your package repository.
Nco tseg: Daim ntawv teev cov pob tuaj yeem sib txawv raws li cov kev xaiv xaiv thaum lub sijhawm teeb tsa. Rau feem ntau qhov system-installed Cisco NSO, pob ntawv teev npe nyob ntawm "/var/opt/ncs/packages" los ntawm lub neej ntawd. Txheeb xyuas ncs.conf ntawm koj qhov kev teeb tsa kom pom koj cov npe pob.

Tua tawm NCS CLI thiab khiav cov lus txib hauv qab no:
- admin@nso1:~$ ncs_cli -C -u admin
- admin txuas los ntawm 2003: 10: 11:: 50 siv ssh ntawm nso1
- admin@ncs# packages reload
Xyuas kom tseeb tias lub pob tau ua tiav tiav thaum lub reload tiav.
- admin@ncs# qhia cov pob khoom cw-device-auth
- pob khoom pob cw-device-auth
- pob-version 7.0.0
- piav qhia "Crosswork device tso cai ua pob"
- ncs-min-version [6.1]
- python-pob vm-name cw-device-auth
- directory /var/opt/ncs/state/packages-in-use/1/cw-device-auth
- tiv thaiv kev ua haujlwm
- daim ntawv thov python-class-name cw_device_auth.action.App
- daim ntawv thov pib-theem theem 2
- oper-status nce

Tsim Tus Neeg Siv Khoom Tshwj Xeeb hauv Cisco NSO
Cisco Crosswork Hloov Automation siv tus neeg siv tshwj xeeb nkag mus rau Cisco NSO rau txhua qhov kev hloov pauv. Qhov no txhais tau tias koj tsis tuaj yeem siv tib tus neeg siv li DLM lossis cov kev pabcuam sau los nkag rau Cisco NSO. Tshooj lus no tham txog cov kev xav tau ua ntej uas yuav tsum tau muaj rau cov neeg siv tsim.
Nco tseg: Cov kauj ruam hauv qab no xav tias Cisco NSO tab tom khiav ntawm Ubuntu VM. Yog tias koj Cisco NSO kev teeb tsa tab tom khiav ntawm qhov kev ua haujlwm sib txawv, thov hloov cov kauj ruam raws li.

Tsim tus neeg siv sudo tshiab ntawm koj lub Ubuntu VM. Exampli no. Cov kauj ruam hauv qab no qhia yuav ua li cas los tsim cov neeg siv "cwuser" ntawm koj lub Ubuntu VM. Tus neeg siv lub npe tshiab no tuaj yeem yog txhua yam ntawm koj xaiv.
root@nso:/home/admin# adduser cwuser
- Ntxiv cov neeg siv 'cwuser'…
- Ntxiv pab pawg tshiab 'cwuser' (1004)…
- Ntxiv cov neeg siv tshiab 'cwuser' (1002) nrog pab pawg 'cwuser'… Tsim cov npe tsev `/home/cwuser'…
- Luam tawm files los ntawm `/etc/skel'…
- Sau tus password tshiab UNIX:
- Rov ntaus tus password tshiab UNIX:
- passwd: lo lus zais hloov tshiab tiav
- Hloov cov ntaub ntawv siv rau cwuser
- Nkag mus rau tus nqi tshiab, lossis nias ENTER rau lub neej ntawd
- Lub Npe []:
- Room Number []:
- Xov tooj ua haujlwm []:
- Xov tooj hauv tsev []:
- Lwm yam []:
- Cov ntaub ntawv puas yog? [Y/n] y
- root@nso:/home/admin# usermod -aG sudo cwuser
- root@nso:/home/admin# usermod -a -G ncsadmin cwuser

Ntxiv cwuser rau pawg nacm
- Nco tseg:
  Txoj cai nacm yuav tsum tau teeb tsa nrog cwuser txawm tias koj tsis muaj admin ua tus neeg siv ntawm server.
- * nacm pawg pab pawg ncsadmin user-name cwuser
- nacm group ncsadmin
- username [admin cwuser private]
- * Cov kev tso cai ua ntej tau pom zoo li hauv qab no.
- admin@ncs# show run-config nacm
- nacm nyeem-default deny
- nacm sau-default deny
- nacm exec-default deny
- nacm cmd-read-default deny
- nacm cmd-exec-default deny

Xyuas kom meej tias tus neeg siv tshiab uas koj tsim muaj HTTP thiab HTTPS nkag mus rau Cisco NSO server. Qhov no tuaj yeem ua tiav los ntawm kev siv RESTCONF API yooj yim raws li qhia hauv qab no.
- curl - ua : –location –request GET 'https:// :8888/restconf/data/tailf-ncs:packages/package=cw-device-auth' \
- -header 'Accept: application/yang-data+json' \
- -header 'Cov Ntsiab Lus Hom: daim ntawv thov / yang-data + json' \
- -data-raws”
- Thaum hu rau curl hais kom ua saum toj no, koj yuav tsum tau txais cov lus teb raws li qhia hauv qab no. Lwm cov lus teb yuav qhia tau tias ib lossis ntau qhov kev teeb tsa yav dhau los tsis ua haujlwm.
- {
- "tailf-ncs: pob": [
- {
- "name": "cw-device-auth",
- "package-version": "7.0.0",
- "description": "Crosswork device tso cai ua pob",
- "ncs-min-version": ["6.1"],
- "python-package": {
- "vm-name": "cw-device-auth"
- },
- "directory": "/var/opt/ncs/state/packages-in-use/1/cw-device-auth",
- "component": [
- {
- "npe": "ua",
- "application": {
- "python-class-name": "cw_device_auth.action.App",
- "start-phase": "phase 2"
- }
- }
- ],
- "oper-status": {
- "up": [null]
- }
- }
- ]
- }

Ntxiv usermap (umap) rau Cisco NSO authgroup
Cisco NSO tso cai rau cov neeg siv los txheeb xyuas cov pab pawg rau kev qhia cov ntaub ntawv pov thawj rau kev nkag mus rau cov cuab yeej sab qab teb. Ib pab pawg neeg tuaj yeem muaj daim ntawv qhia ua ntej lossis siv daim ntawv qhia (umap). Tsis tas li ntawd, umap tuaj yeem txhais tau rau hauv pawg auth rau overriding cov ntaub ntawv pov thawj los ntawm default-daim ntawv qhia lossis lwm yam umaps.
Lub Crosswork Hloov Automation "override credentials passthrough" feature siv no umap. Txhawm rau siv Crosswork Hloov Automation, umap configuration yuav tsum tau tsim nyob rau hauv authgroup rau cov khoom siv.
Rau example, xav tias koj muaj lub cuab yeej "xrv9k-1" rau npe hauv Cisco NSO. Cov cuab yeej no siv cov pab pawg, "crosswork".

cwuser@ncs# qhia run-config li device xrv9k-1 authgroup li device xrv9k-1

authgroup crosswork
!

Thiab lub configuration ntawm authgroup "crosswork" yog raws li nram no:

cwuser@ncs# qhia run-config devices authgroups group crosswork devices authgroups group crosswork

pab admin
remote-name cisco
tej thaj chaw deb-password $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
!
!
Ntxiv umap rau tus neeg siv tshiab uas koj tau tsim (cwuser hauv no example). Qhov no tuaj yeem ua tau raws li hauv qab no:
cwuser@ncs# config
cwuser@ncs(config)# devices authgroups group crosswork umap cwuser callback-node /cw-creds-get action-name get

cwuser@ncs(config-umap-cwuser)# commit dry-run
cli {
local-node {
cov ntaub ntawv {
authgroups {
pab pawg crosswork {
+ umap cwuser {
+ callback-node /cw-creds-get;
+ ua-npe tau txais;
+}
}
}
}
}
}
cwuser@ncs(config-umap-cwuser)# ua
Ua tiav.

Tom qab configuration, authgroup yuav tsum zoo li no:

cwuser@ncs# qhia khiav-config li authgroups pawg crosswork
cov cuab yeej authgroups pab pawg crosswork
pab admin
remote-name cisco
tej thaj chaw deb-password $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
!
pab cwuser
callback-node /cw-creds-get
action-npe tau
!
!

Xyuas kom meej tias

umap yog ntxiv rau ib pab pawg neeg uas twb muaj lawm ntawm cov cuab yeej ntawm kev txaus siab.
umap siv tus username kom raug.

Yog hais tias ib qho ntawm cov kev teeb tsa saum toj no tsis raug, cov teeb meem runtime yuav tshwm sim.

Configuring DLM hauv Cisco Crosswork

Tom qab txhim kho thiab teeb tsa lub pob muaj nuj nqi hauv Cisco NSO, koj yuav tsum teeb tsa qhov teeb tsa hauv DLM hauv Cisco Crosswork. Cov kev teeb tsa kev teeb tsa no yuav tso cai rau Hloov Automation nkag mus rau Cisco NSO los ntawm cov neeg siv tsim tshiab thiab teeb tsa siv cov ntawv pov thawj hla dhau thaum xav tau.

Tsim ca_device_auth_nso Credential Profile
Tsim ib daim ntawv pov thawj tshiabfile hauv Cisco NSO rau cov neeg siv tshwj xeeb uas koj tau tsim hauv ntu Tsim Tus Neeg Siv Khoom Siv Tshwj Xeeb hauv NSO ntawm phau ntawv qhia no. Ntxiv HTTP thiab HTTPS daim ntawv pov thawj rau tus neeg siv hauv daim ntawv pov thawj nofile. Cov duab hauv qab no qhia txog tus neeg siv thiab tus password tshwj xeeb rau cov neeg siv, "cwuser".

TSEEM CEEB
Nrog rau ca_device_auth_nso credential profile, koj yuav muaj lwm daim ntawv pov thawj profile nyob rau hauv DLM uas yuav qhia tus username/password cov ntaub ntawv rau Cisco NSO rau tag nrho lwm yam Cheebtsam ntawm Cisco Crosswork. Hauv example hauv qab no, daim ntawv pov thawj nofile hu ua "nso-creds".
Tseem ceeb: Xyuas kom meej tias tus username rau DLM daim ntawv pov thawj profile yog txawv ntawm tus username hauv ca_device_auth_nso profile.

Ntxiv DLM Tus Muab Khoom Khoom
Thaum koj tau tsim daim ntawv pov thawj profile hauv DLM, koj yuav tsum tau ntxiv cov cuab yeej rau tag nrho Cisco NSO cov chaw muab kev pabcuam hauv DLM uas yuav raug siv hauv Crosswork CA. Daim duab hauv qab no qhia txog cov khoom tshwj xeeb.

Kev daws teeb meem

Cov lus hauv qab no teev cov kev ua yuam kev uas koj tuaj yeem ntsib.

Tsis muaj.	yuam kev Substring	Teeb meem	Kev daws teeb meem
1.	nso umap tus neeg siv kuj yuav tsum yog tus neeg siv daim ntawv pov thawjfile neeg siv	ca_device_auth_nso username tsis phim ib tus neeg siv umap.	Ntxiv/kho lub umap. Kho koj ca_device_auth_nso cred profile.
2.	npliag auth group umap los ntawm nso	Tsis pom umap hauv Cisco NSO authgroup.	Add the umap.
3.	ua tsis tiav los muab RESTCONF cov peev txheej hauv paus. thov txheeb xyuas NSO tuaj yeem ncav cuag los ntawm RESTCONF	Crosswork CA ua tsis tau tejyam txuas rau Cisco NSO ntawm RESTCONF.	Xyuas kom meej tias tus username/password raws li tau teev tseg hauv cw_device_auth_nso cred uafile tuaj yeem txuas rau Cisco NSO ntawm RESTCONF.

Cov ntaub ntawv teev rau cov khoom no siv zog siv cov lus tsis muaj kev tsis ncaj ncees. Rau lub hom phiaj ntawm cov ntaub ntawv no, tsis muaj kev tsis ncaj ncees yog txhais tau tias yog hom lus uas tsis hais txog kev ntxub ntxaug raws li hnub nyoog, kev tsis taus, poj niam txiv neej, haiv neeg, haiv neeg, kev coj noj coj ua, kev sib deev, kev noj qab haus huv, thiab kev sib tshuam. Kev zam tuaj yeem muaj nyob rau hauv cov ntaub ntawv vim hais tias cov lus uas yog hardcoded nyob rau hauv cov neeg siv interfaces ntawm cov khoom software, cov lus siv raws li cov qauv ntaub ntawv, los yog cov lus uas yog siv los ntawm ib tug thib peb cov khoom siv. Cisco thiab Cisco logo yog cov cim lag luam lossis cov cim lag luam ntawm Cisco thiab / lossis nws cov koom tes hauv Asmeskas thiab lwm lub tebchaws. Rau view ib daim ntawv teev npe ntawm Cisco trademarks, mus rau qhov no URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Cov khoom lag luam thib peb tau hais tseg yog cov cuab yeej ntawm lawv cov tswv. Kev siv lo lus tus khub tsis hais txog kev sib koom tes ntawm Cisco thiab lwm lub tuam txhab. (1721R)

FAQ

Dab tsi version ntawm Cisco NSO tau sib xws nrog cov khoom siv no?

Lub pob muaj nuj nqi yog sib xws nrog Cisco NSO 6.1.11.2 lossis siab dua.

Cov ntaub ntawv / Cov ntaub ntawv

CISCO Change Automation NSO Function Pack [ua pdf] Daim ntawv qhia kev teeb tsa
Change Automation NSO Function Pack, Automation NSO Function Pack, NSO Function Pack, Function Pack

Cov ntaub ntawv

Cov neeg siv phau ntawv