Isine ndhelikake
1 CISCO Ngganti Automation NSO Fungsi Pack
2 Informasi produk
3 Pambuka
4 Nginstal / Nganyarke lan Konfigurasi
5 Konfigurasi DLM ing Cisco Crosswork
6 Ngatasi masalah
7 FAQ
8 Dokumen / Sumber Daya
8.1 Referensi

CISCO-logo

CISCO Ngganti Automation NSO Fungsi Pack

CISCO-Change-Automation-NSO-Function-Pack-product

Spesifikasi

  • Product: Cisco Crosswork Change Automation NSO Function Pack
  • Versi: 7.0.2

Informasi produk

The Cisco Crosswork Change Automation NSO Function Pack is designed to facilitate the installation, configuration, and management of Cisco Crosswork Change Automation on Cisco Network Services Orchestrator (NSO). It includes features for creating special access users, configuring DLM in Cisco Crosswork, and troubleshooting functionalities.

Pambuka

Dokumen iki njlèntrèhaké carane ngundhuh, nginstal, lan ngatur Cisco Crosswork Change Automation (CA) fungsi Pack ing Cisco Network Services Orchestrator (NSO). Tambahan, document njlèntrèhaké konfigurasi sing dibutuhake kanggo Crosswork Ganti Automation ing Cisco Crosswork.

tujuane
Pandhuan iki nerangake:

  • Installing the nca-7.0.3-nso-6.1.16.3.20250509.dbe70d0.tar.gz 6.1.16.3 and the associated configurations for the function pack on Cisco NSO.
  • The authgroup configurations for creating a unique usermap (umap) for Change Automation.
  • DLM configurations and the Change Automation application settings required in Cisco Crosswork 7.0.2

Prasyarat
The list below shows the minimum versions of the Cisco NSO and Cisco Crosswork with which the Crosswork Change Automation function pack v7.0 is compatible:

  • Cisco NSO: v6.1.16.3 system install.
  • Cisco Crosswork: v7.0.2

Nginstal / Nganyarke lan Konfigurasi

Bagean ing ngisor iki nuduhake carane nginstal cw-device-auth fungsi Pack ing sistem nginstal Cisco NSO 6.1.11.2 utawa luwih.

Instal / upgrade Paket Fungsi

  1. Download cw-device-auth v7.0.0 saka gudang kanggo Cisco NSO Panjenengan.
  2. Nyalin arsip tar.gz sing diundhuh saka paket fungsi menyang gudang paket sampeyan.
    Cathetan: The package directory can be different based on the selected settings at the time of installation. For most system-installed Cisco NSO, the package directory is located at “/var/opt/ncs/packages” by default. Check the ncs.conf on your installation to find your package directory.
  3. Launch NCS CLI and run the following commands:
    • admin@nso1:~$ ncs_cli -C -u admin
    • admin connected from 2003:10:11::50 using ssh on nso1
    • admin@ncs# packages reload
  4. Verify that the package has been successfully installed once the reload is complete.
    • admin@ncs# nuduhake paket paket cw-device-auth
    • paket paket cw-device-auth
    • paket-versi 7.0.0
    • description “Crosswork device authorization actions pack”
    • ncs-min-versi [6.1]
    • python-paket vm-jeneng cw-device-auth
    • directory /var/opt/ncs/state/packages-in-use/1/cw-device-auth
    • tumindak komponen
    • aplikasi python-class-name cw_device_auth.action.App
    • fase wiwitan aplikasi 2
    • status oper munggah

Nggawe Pangguna Akses Khusus ing Cisco NSO
Cisco Crosswork Change Automation nggunakake pangguna akses khusus kanggo nyambung menyang Cisco NSO kanggo kabeh owah-owahan konfigurasi. Iki tegese sampeyan ora bisa nggunakake pangguna padha DLM utawa layanan koleksi kanggo akses Cisco NSO. Bagean iki mbahas prasyarat sing dibutuhake kanggo nggawe pangguna.
Cathetan: Langkah-langkah ing ngisor iki nganggep yen Cisco NSO mlaku ing VM Ubuntu. Yen instalasi Cisco NSO sampeyan mlaku ing sistem operasi sing beda, mangga ngowahi langkah-langkah kasebut.

  1. Gawe pangguna sudo anyar ing Ubuntu VM sampeyan. Example kene. Langkah-langkah ing ngisor iki nuduhake carane nggawe pangguna "cwuser" ing VM Ubuntu sampeyan. Jeneng pangguna anyar iki bisa dadi pilihan sampeyan.
    root@nso:/home/admin# adduser cwuser
    • Adding user `cwuser’ …
    • Adding new group `cwuser’ (1004) …
    • Adding new user `cwuser’ (1002) with group `cwuser’ … Creating home directory `/home/cwuser’ …
    • Nyalin files from `/etc/skel’ …
    • Enter new UNIX password:
    • Ketik maneh sandi UNIX anyar:
    • passwd: password updated successfully
    • Changing the user information for cwuser
    • Enter the new value, or press ENTER for the default
    • Full Name []:
    • Room Number []:
    • Work Phone []:
    • Home Phone []:
    • Other []:
    • Is the information correct? [Y/n] y
    • root@nso:/home/admin# usermod -aG sudo cwuser
    • root@nso:/home/admin# usermod -a -G ncsadmin cwuser
  2. Add cwuser to the nacm group
    • Cathetan:
      The nacm rule should be configured with cwuser even though you do not have admin as a user on server.
    • * klompok nacm klompok ncsadmin jeneng panganggo cwuser
    • nacm groups group ncsadmin
    • user-name [ admin cwuser private ]
    • * Ijin standar ditampilake kaya ing ngisor iki.
    • admin @ ncs # nuduhake running-config nacm
    • nacm read-default deny
    • nacm write-default deny
    • nacm exec-default deny
    • nacm cmd-maca-standar nolak
    • nacm cmd-exec-default nolak
  3. Ensure that the new user that you created has HTTP and HTTPS access to the Cisco NSO server. This can be done by using a simple RESTCONF API as shown below.
    • curl -u <USERNAME>:<PASSWORD> –location –request GET ‘https://<IP>:8888/restconf/data/tailf-ncs:packages/package=cw-device-auth’ \
    • –header ‘Accept: application/yang-data+json’ \
    • –header ‘Content-Type: application/yang-data+json’ \
    • -data-mentah"
    • Nalika nelpon curl printah ndhuwur, sampeyan kudu nampa respon minangka kapacak ing ngisor iki. Tanggapan liyane bakal nuduhake yen siji utawa luwih setelan sadurunge ora bisa digunakake.
    • {
    • “tailf-ncs:package”: [
    • {
    • “name”: “cw-device-auth”,
    • “package-version”: “7.0.0”,
    • “description”: “Crosswork device authorization actions pack”,
    • “ncs-min-version”: [“6.1”],
    • “python-package”: {
    • “vm-name”: “cw-device-auth”
    • },
    • “directory”: “/var/opt/ncs/state/packages-in-use/1/cw-device-auth”,
    • “component”: [
    • {
    • “name”: “action”,
    • “application”: {
    • “python-class-name”: “cw_device_auth.action.App”,
    • “start-phase”: “phase2”
    • }
    • }
    • ],
    • “oper-status”: {
    • “up”: [null]
    • }
    • }
    • ]
    • }

Nambahake usermap (umap) kanggo Cisco NSO authgroup
Cisco NSO ngidini pangguna kanggo nemtokake authgroups kanggo nemtokake credential kanggo akses piranti southbound. Authgroup bisa ngemot default-map utawa usermap (umap). Kajaba iku, umap bisa ditetepake ing authgroup kanggo ngatasi kredensial standar saka peta standar utawa umap liyane.
Fitur Crosswork Change Automation "override credentials passthrough" nggunakake umap iki. Kanggo nggunakake Crosswork Change Automation, konfigurasi umap kudu digawe ing authgroup kanggo piranti kasebut.
Kanggo example, nimbang sampeyan duwe piranti "xrv9k-1" dipuntampi ing Cisco NSO. Piranti iki nggunakake authgroup, "crosswork".

  • cwuser@ncs# nuduhake piranti mlaku-config piranti xrv9k-1 piranti authgroup piranti xrv9k-1
  • authgroup crosswork
  • !

Lan konfigurasi authgroup "crosswork" kaya ing ngisor iki:

  • cwuser@ncs# show running-config devices authgroups group crosswork devices authgroups group crosswork
  • mpun admin
  • remote-name cisco
  • sandi-remote $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
  • !
  • !
  • Tambah umap kanggo pangguna anyar sing wis digawe (cwuser ing example). Iki bisa ditindakake kaya ing ngisor iki:
  • cwuser@ncs# config
  • cwuser@ncs(config)# devices authgroups group crosswork umap cwuser callback-node /cw-creds-get action-name get
  • cwuser@ncs(config-umap-cwuser)# commit dry-run
  • cli {
  • simpul lokal {
  • piranti data {
  • authgroups {
  • kerja kelompok {
  • + umap cwuser {
  • + callback-node /cw-creds-get;
  • + action-name get;
  • +}
  • }
  • }
  • }
  • }
  • }
  • cwuser@ncs(config-umap-cwuser)# commit
  • Komit lengkap.

Sawise konfigurasi, authgroup kudu katon kaya iki:

  • cwuser@ncs# nuduhake running-config devices authgroups group crosswork
  • piranti authgroups klompok crosswork
  • mpun admin
  • remote-name cisco
  • sandi-remote $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
  • !
  • umap cwuser
  • callback-node / cw-creds-get
  • tumindak-jeneng njaluk
  • !
  • !

Priksa manawa

  • umap is added to an existing authgroup of the device(s) of interest.
  • umap nggunakake jeneng panganggo sing bener.

Yen salah siji saka konfigurasi ing ndhuwur ora bener, masalah runtime bisa kedadeyan.

Konfigurasi DLM ing Cisco Crosswork

Sawise nginstal lan ngatur paket fungsi ing Cisco NSO, sampeyan kudu nyetel konfigurasi ing DLM ing Cisco Crosswork. Setelan konfigurasi iki bakal ngidini Otomasi Ganti kanggo ngakses Cisco NSO liwat pangguna sing mentas digawe lan ngatur nggunakake kapercayan override yen perlu.

Nggawe ca_device_auth_nso Credential Profile
Nggawe pro credential anyarfile ing Cisco NSO kanggo pangguna akses khusus sing digawe ing bagean Nggawe Pangguna Akses Khusus ing NSO saka pandhuan iki. Tambahake kredensial HTTP lan HTTPS kanggo pangguna ing pro kredensial ikifile. Gambar ing ngisor iki nuduhake spesifikasi pangguna lan sandhi kanggo pangguna, "cwuser".

CISCO-Change-Automation-NSO-Function-Pack- (1)

PENTING
Bebarengan karo pro credential ca_device_auth_nsofile, sampeyan bakal duwe pro credential liyanefile ing DLM kang bakal nemtokake jeneng panganggo / informasi sandhi kanggo Cisco NSO kanggo kabeh komponen liyane Cisco Crosswork. Ing mantanample ngisor, pro credential ikifile diarani "nso-creds".
Penting: Priksa manawa jeneng panganggo kanggo pro kredensial DLM biasafile beda karo jeneng panganggo ing ca_device_auth_nso profile.

CISCO-Change-Automation-NSO-Function-Pack- (2)

Tambah Properti Panyedhiya DLM
Sawise sampeyan wis nggawe credential profile ing DLM, sampeyan kudu nambah properti kanggo kabeh panyedhiya Cisco NSO ing DLM kang bakal digunakake ing Crosswork CA. Gambar ing ngisor iki nuduhake spesifikasi properti.

CISCO-Change-Automation-NSO-Function-Pack- (3)

Ngatasi masalah

Tabel ing ngisor iki nampilake kesalahan umum sing bisa sampeyan temoni.

Ora. Kesalahan Substring Masalah Resolusi
1. pangguna nso umap uga kudu dadi pro credential nsofile panganggo jeneng panganggo ca_device_auth_nso ora cocog karo pangguna umap.
  1. Tambah / ndandani umap.
  2. Sunting cred pro ca_device_auth_nso sampeyanfile.
2. grup auth kosong umap saka nso Ora ana umap ditemokake ing Cisco NSO authgroup. Tambah umap.
3. failed to retrieve RESTCONF resource root. please verify NSO <IP> is reachable via RESTCONF Crosswork CA gagal kanggo nyambung menyang Cisco NSO liwat RESTCONF. Ensure that the username/password as specified in cw_device_auth_nso cred profile bisa nyambung menyang Cisco NSO liwat RESTCONF.

Set dokumentasi kanggo produk iki ngupayakake nggunakake basa bebas bias. Kanggo tujuan kumpulan dokumentasi iki, bebas bias ditetepake minangka basa sing ora nyatakake diskriminasi adhedhasar umur, cacat, jender, identitas ras, identitas etnis, orientasi seksual, status sosial ekonomi, lan intersectionality. Pangecualian bisa uga ana ing dokumentasi amarga basa sing digawe hardcode ing antarmuka pangguna piranti lunak produk, basa sing digunakake adhedhasar dokumentasi standar, utawa basa sing digunakake dening produk pihak katelu sing dirujuk. Cisco lan logo Cisco iku merek dagang utawa merek dagang kadhaptar saka Cisco lan / utawa afiliasi ing AS lan negara liyane. Kanggo view dhaftar merek dagang Cisco, menyang iki URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Merek dagang pihak katelu sing kasebut minangka properti saka pamilike. Panganggone tembung partner ora ateges hubungan kemitraan antarane Cisco lan perusahaan liyane. (1721R)

FAQ

What version of Cisco NSO is compatible with this function pack?

The function pack is compatible with Cisco NSO 6.1.11.2 or higher.

Dokumen / Sumber Daya

CISCO Ngganti Automation NSO Fungsi Pack [pdf] Pandhuan Instalasi
Ganti Paket Fungsi NSO Otomatisasi, Paket Fungsi NSO Otomatis, Paket Fungsi NSO, Paket Fungsi

Referensi

Ninggalake komentar

Alamat email sampeyan ora bakal diterbitake. Kolom sing dibutuhake ditandhani *