CISCO Fetola Automation NSO Function Pack
Litlhaloso
- Product: Cisco Crosswork Change Automation NSO Function Pack
- Phetolelo: 7.0.2
Tlhahisoleseding ya Sehlahiswa
The Cisco Crosswork Change Automation NSO Function Pack is designed to facilitate the installation, configuration, and management of Cisco Crosswork Change Automation on Cisco Network Services Orchestrator (NSO). It includes features for creating special access users, configuring DLM in Cisco Crosswork, and troubleshooting functionalities.
Selelekela
Tokomane ena e hlalosa mokhoa oa ho jarolla, ho kenya, le ho lokisa pakete ea tšebetso ea Cisco Crosswork Change Automation (CA) ho Cisco Network Services Orchestrator (NSO). Ho feta moo, tokomane e hlalosa tlhophiso e hlokahalang bakeng sa Crosswork Change Automation ho Cisco Crosswork.
Morero
Tataiso ena e hlalosa:
- Installing the nca-7.0.3-nso-6.1.16.3.20250509.dbe70d0.tar.gz 6.1.16.3 and the associated configurations for the function pack on Cisco NSO.
- The authgroup configurations for creating a unique usermap (umap) for Change Automation.
- DLM configurations and the Change Automation application settings required in Cisco Crosswork 7.0.2
Litlhoko tsa pele
The list below shows the minimum versions of the Cisco NSO and Cisco Crosswork with which the Crosswork Change Automation function pack v7.0 is compatible:
- Cisco NSO: v6.1.16.3 system install.
- Cisco Crosswork: v7.0.2
Ho kenya/Ntlafatsa le ho Hlophisa
Likarolo tse ka tlase li bonts'a mokhoa oa ho kenya pakete ea ts'ebetso ea cw-device-auth ho sistimi e kenya Cisco NSO 6.1.11.2 kapa ho feta.
Ho kenya / ho ntlafatsa Function Pack
- Khoasolla cw-device-auth v7.0.0 ho tloha sebakeng sa polokelo ho ea ho Cisco NSO ea hau.
- Kopitsa polokelo ea tar.gz e jarollotsoeng ea pakete ea ts'ebetso sebakeng sa polokelo ea sephutheloana sa hau.
Hlokomela: The package directory can be different based on the selected settings at the time of installation. For most system-installed Cisco NSO, the package directory is located at “/var/opt/ncs/packages” by default. Check the ncs.conf on your installation to find your package directory. - Launch NCS CLI and run the following commands:
- admin@nso1:~$ ncs_cli -C -u admin
- admin connected from 2003:10:11::50 using ssh on nso1
- admin@ncs# packages reload
- Verify that the package has been successfully installed once the reload is complete.
- admin@ncs# bonts'a liphutheloana cw-device-auth
- liphutheloana sephutheloana cw-device-auth
- phetolelo ea sephutheloana 7.0.0
- description “Crosswork device authorization actions pack”
- ncs-min-version [ 6.1]
- python-package vm-name cw-device-auth
- directory /var/opt/ncs/state/packages-in-use/1/cw-device-auth
- ketso ya karolo
- kopo ea python-class-name cw_device_auth.action.App
- kopo qala-mohato phase2
- boemo ba boemo bo holimo
Ho theha Mosebelisi ea Khethehileng oa phihlello ho Cisco NSO
Cisco Crosswork Change Automation e sebelisa mochine o khethehileng oa ho fihlella ho hokahanya le Cisco NSO bakeng sa liphetoho tsohle tsa tlhophiso. Sena se bolela hore o ke ke oa sebelisa mosebelisi ea tšoanang le DLM kapa litšebeletso tsa pokello ho fihlella Cisco NSO. Karolo ena e bua ka litlhokahalo tsa pele tse hlokahalang bakeng sa ho theha basebelisi.
Tlhokomeliso: Mehato e ka tlase e nka hore Cisco NSO e sebetsa ho Ubuntu VM. Haeba ts'ebetso ea Cisco NSO ea hau e sebetsa ho sistimi e fapaneng ea ts'ebetso, ka kopo fetola mehato ka nepo.
- Theha mosebelisi e mocha oa sudo ho Ubuntu VM ea hau. Example mona. Mehato e ka tlase e bonts'a mokhoa oa ho theha "cwuser" ho Ubuntu VM ea hau. Lebitso lena le lecha e ka ba eng kapa eng eo u e ratang.
root@nso:/home/admin# adduser cwuser- Adding user `cwuser’ …
- Adding new group `cwuser’ (1004) …
- Adding new user `cwuser’ (1002) with group `cwuser’ … Creating home directory `/home/cwuser’ …
- Ho kopitsa files from `/etc/skel’ …
- Enter new UNIX password:
- Ngola hape password e ncha ea UNIX:
- passwd: password updated successfully
- Changing the user information for cwuser
- Enter the new value, or press ENTER for the default
- Full Name []:
- Room Number []:
- Work Phone []:
- Home Phone []:
- Other []:
- Is the information correct? [Y/n] y
- root@nso:/home/admin# usermod -aG sudo cwuser
- root@nso:/home/admin# usermod -a -G ncsadmin cwuser
- Add cwuser to the nacm group
- Hlokomela:
The nacm rule should be configured with cwuser even though you do not have admin as a user on server. - * nacm lihlopha tsa sehlopha sa ncsadmin lebitso la mosebelisi cwuser
- nacm groups group ncsadmin
- user-name [ admin cwuser private ]
- * Litumello tsa kamehla li bonts'oa joalo ka tlase.
- admin@ncs# bonts'a run-config nacm
- nacm read-default deny
- nacm write-default deny
- nacm exec-default deny
- nacm cmd-bala-default hana
- nacm cmd-exec-default hana
- Hlokomela:
- Ensure that the new user that you created has HTTP and HTTPS access to the Cisco NSO server. This can be done by using a simple RESTCONF API as shown below.
- curl -u <USERNAME>:<PASSWORD> –location –request GET ‘https://<IP>:8888/restconf/data/tailf-ncs:packages/package=cw-device-auth’ \
- –header ‘Accept: application/yang-data+json’ \
- –header ‘Content-Type: application/yang-data+json’ \
- - data-raw ”
- Ha a bitsa curl taelo e ka holimo, o lokela ho fumana karabo joalokaha ho bontšitsoe ka tlase. Karabo efe kapa efe e 'ngoe e tla bontša hore litlhophiso tse le 'ngoe kapa tse ling tse fetileng ha lia sebetsa.
- {
- “tailf-ncs:package”: [
- {
- “name”: “cw-device-auth”,
- “package-version”: “7.0.0”,
- “description”: “Crosswork device authorization actions pack”,
- “ncs-min-version”: [“6.1”],
- “python-package”: {
- “vm-name”: “cw-device-auth”
- },
- “directory”: “/var/opt/ncs/state/packages-in-use/1/cw-device-auth”,
- “component”: [
- {
- “name”: “action”,
- “application”: {
- “python-class-name”: “cw_device_auth.action.App”,
- “start-phase”: “phase2”
- }
- }
- ],
- “oper-status”: {
- “up”: [null]
- }
- }
- ]
- }
E kenyelletsa 'mapa oa basebelisi (umapa) ho sehlopha sa authgroup sa Cisco NSO
Cisco NSO e lumella basebelisi ho hlalosa lihlopha tsa li-authgroups bakeng sa ho hlakisa lintlha bakeng sa phihlello ea sesebelisoa se ka boroa. Authgroup e ka ba le 'mapa oa kamehla kapa 'mapa oa mosebelisi (mapa). Ho feta moo, umap e ka hlalosoa sehlopheng sa authgroup bakeng sa ho fetisa lintlha tsa kamehla ho tsoa ho 'mapa oa kamehla kapa umaps tse ling.
Sebopeho sa Crosswork Change Automation "ho fetisa lintlha tsa ho feta" se sebelisa umap ona. Ho sebelisa Crosswork Change Automation, tlhophiso ea umap e hloka ho theoa sehlopheng sa authgroup bakeng sa lisebelisoa.
Bakeng sa mohlalaample, nka hore u na le sesebelisoa "xrv9k-1" se ngolisitsoeng ho Cisco NSO. Sesebelisoa sena se sebelisa sehlopha sa authgroup, "crosswork".
- cwuser@ncs# bonts'a lisebelisoa tse sebetsang tsa lisebelisoa tsa xrv9k-1 sesebelisoa sa lisebelisoa tsa xrv9k-1
- authgroup crosswork
- !
'Me tlhophiso ea "crosswork" ea sehlopha sa authgroup e tjena:
- cwuser@ncs# show running-config devices authgroups group crosswork devices authgroups group crosswork
- umap admin
- remote-name cisco
- remote-password $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
- !
- !
- Kenya umap bakeng sa mosebelisi e mocha eo u mo entseng (cwuser ho example). Sena se ka etsoa ka tsela e latelang:
- cwuser@ncs# config
- cwuser@ncs(config)# devices authgroups group crosswork umap cwuser callback-node /cw-creds-get action-name get
- cwuser@ncs(config-umap-cwuser)# etsa dry-run
- tlanya {
- sebaka sa lehae {
- lisebelisoa tsa data {
- lihlopha tsa bangoli {
- mosebetsi oa ho kopanya sehlopha {
- + umap cwuser {
- + callback-node /cw-creds-get;
- + action-name get;
- + }
- }
- }
- }
- }
- }
- cwuser@ncs(config-umap-cwuser)# itlama
- Boitlamo bo phethiloe.
Kamora ho hlophisoa, sehlopha sa authgroup se lokela ho shebahala tjena:
- cwuser@ncs# bonts'a lisebelisoa tse sebetsang tsa li-authgroups tsa lihlopha tse fapaneng
- disebediswa authgroups sehlopha crosswork
- umap admin
- remote-name cisco
- remote-password $9$LzskzrvZd7LeWwVNGZTdUBDdKN7IgVV/UkJebwM1eKg=
- !
- umap cwuser
- callback-node /cw-creds-get
- ketso-lebitso fumana
- !
- !
Netefatsa seo
- umap is added to an existing authgroup of the device(s) of interest.
- umap e sebelisa lebitso la mosebelisi le nepahetseng.
Haeba e 'ngoe ea litlhophiso tse ka holimo e fosahetse, mathata a nako ea ho sebetsa a ka hlaha.
Ho lokisa DLM ho Cisco Crosswork
Kamora ho kenya le ho lokisa pakete ea ts'ebetso ho Cisco NSO, o hloka ho theha tlhophiso ho DLM ho Cisco Crosswork. Litlhophiso tsena tsa tlhophiso li tla lumella Change Automation ho fihlella Cisco NSO ka mosebelisi ea sa tsoa bōptjoa le ho hlophisa ho sebelisa lintlha tse fetang ha ho hlokahala.
Theha ca_device_auth_nso Credential Profile
Theha setsebi se secha sa mangolofile ho Cisco NSO bakeng sa mosebelisi ea khethehileng oa phihlello eo u e entseng karolong ea Ho theha Mosebelisi oa Phihlello e Khethehileng ho NSO ea tataiso ena. Kenya mangolo-tsoibila a HTTP le HTTPS bakeng sa mosebelisi ho setsebi sena sa mangolofile. Setšoantšo se ka tlase se bontša lintlha tsa mosebelisi le password bakeng sa mosebelisi, "cwuser".
BOHLOKOA
Hammoho le ca_device_auth_nso credential profile, o tla ba le setsebi se seng sa bopakifile ho DLM e ka hlakisang lebitso la mosebelisi / password ho Cisco NSO bakeng sa likarolo tse ling tsa Cisco Crosswork. Ka mohlalaample ka tlase, setsebi sena sa mangolofile e bitsoa "nso-creds".
Bohlokoa: Netefatsa hore lebitso la mosebelisi bakeng sa litsebi tsa kamehla tsa DLMfile e fapane le lebitso la mosebelisi ho ca_device_auth_nso profile.
Kenya Thepa ea Mofani oa DLM
Hang ha u se u thehile "credential pro".file DLM, o hloka ho eketsa thepa ho bafani bohle ba Cisco NSO ba DLM e tla sebelisoa Crosswork CA. Setšoantšo se ka tlase se bontša lintlha tsa thepa.
Ho batle phoso
Tafole e latelang e thathamisa liphoso tse tloaelehileng tseo u ka kopanang le tsona.
| Che. | Phoso ea Substring | Bothata | Qeto |
| 1. | nso umap mosebelisi le eena e tlameha ho ba setsebi se tsebahalangfile mosebedisi | ca_device_auth_nso lebitso la mosebedisi ha le tsamaisane le basebedisi ba umap. |
|
| 2. | empty auth group umap from nso | Ha ho umap e fumanoeng sehlopheng sa bongoli sa Cisco NSO. | Kenya umap. |
| 3. | failed to retrieve RESTCONF resource root. please verify NSO <IP> is reachable via RESTCONF | Crosswork CA e hlotsoe ho hokela Cisco NSO ka RESTCONF. | Ensure that the username/password as specified in cw_device_auth_nso cred profile e ka hokela ho Cisco NSO ka RESTCONF. |
Litokomane tse behiloeng bakeng sa sehlahisoa sena li leka ka matla ho sebelisa puo e se nang leeme. Bakeng sa morero oa litokomane tsena, ho se be le leeme ho hlalosoa e le puo e sa boleleng khethollo e ipapisitseng le lilemo, kholofalo, bong, boitsebahatso ba morabe, boitsebahatso ba morabe, maikutlo a ho kopanela liphate, maemo a moruo sechabeng, le ho arohana. Mekhelo e ka 'na ea e-ba teng litokomaneng ka lebaka la puo e thatafalitsoeng ke li-interfaces tsa software ea sehlahisoa, puo e sebelisoang ho ipapisitse le litokomane tsa maemo, kapa puo e sebelisoang ke sehlahisoa sa batho ba bang. Cisco le logo ea Cisco ke matšoao a khoebo kapa matšoao a ngolisitsoeng a Cisco le/kapa mafapha a eona a US le linaheng tse ling. Ho view lethathamo la matšoao a khoebo a Cisco, e ea ho sena URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Matshwao a kgwebo a motho wa boraro a boletsweng ke thepa ya beng ba ona. Tšebeliso ea lentsoe molekane ha e bolele kamano ea tšebelisano pakeng tsa Cisco le k'hamphani efe kapa efe. (1721R)
LBH
What version of Cisco NSO is compatible with this function pack?
The function pack is compatible with Cisco NSO 6.1.11.2 or higher.
Litokomane / Lisebelisoa
 |
CISCO Fetola Automation NSO Function Pack [pdf] Tlhophiso Tataiso Fetola Sephutheloana sa Mosebetsi oa Automation NSO, Automation NSO Function Pack, NSO Function Pack, Function Pack |