NSO Lab 2: Adding Device in NSO using NSO CLI Mode

Adding Device in NSO using NSO CLI Mode

In Lab 2: Adding Device in NSO using NSO CLI Mode, participants typically focus on integrating network devices into the Cisco Network Services Orchestrator (NSO) environment through the Command Line Interface (CLI) mode. This lab involves tasks such as accessing the NSO CLI, defining device parameters, and configuring the necessary device-specific settings. Participants may employ NSO CLI commands to establish connectivity with network devices and ensure proper synchronization with the NSO platform. The lab aims to provide hands-on experience in utilizing NSO's CLI mode for device integration, allowing participants to familiarize themselves with the command set required to efficiently manage and orchestrate network devices using NSO. Successful completion of Lab 2 equips participants with practical skills in adding and configuring devices within the NSO environment, a crucial aspect of network automation and orchestration.


Task 1: Adding the first device in NSO using CLI

Step 1: Access the Bash terminal of linux machine and log into the NSO CLI using following command:

**rst@rst-nso:~$** cd nso-5.3/packages/neds/nso-instance/
**rst@rst-nso:~/nso-5.3/packages/neds/nso-instance$** source $HOME/nso-5.3/ncsrc
**rst@rst-nso:~/nso-5.3/packages/neds/nso-instance$** ncs
**rst@rst-nso:~/nso-5.3/packages/neds/nso-instance$** ncs\_cli -C -u admin

First we need to create an authgroup and provide passwords for remote devices to be managed. This authgroup is basically a secure password manager within the NSO application.

Step 2: Access the NSO CLI console and enter configuration mode. Create an authgroup named XR and provide passwords for remote devices to be managed using following command:

**admin@ncs#** conf
devices authgroups group XR 
default-map remote-name cisco
default-map remote-password cisco
default-map remote-secondary-password cisco

Note: We have a new authgroup with a login username, default password and a backup enable password. Every network device will have an authgroup associated with it, if you have a new set of devices that need a different login, simply create another authgroup.

Before we configure our first device, let us understand the key pieces of information required by NSO to connect to a device.

Following are the details required for a device to be added into the NSO:

  • The Device Name, which is a name to identify the device (typically the hostname though it does not have to be the hostname).
  • The IP address or DNS resolvable hostname.
  • The Device-type, which specifies whether it is a NETCONF device or a CLI device.
  • If it is a CLI device (which is commonly the case), specify the Network Element Driver (NED) that NSO should use to translate the commands into the application (ned-id, cisco-ios, cisco-nx, and so on).
  • An Authgroup, which is previously explained has an username/password/enable password.
  • The SSH keys for the network connection.
  • The device needs to start out in admin state unlocked in order to sync-from the config and get a snapshot of the running config and HW/SW version. By default, when a device is added to the NSO list of devices, it is in admin state locked state. It is best to lock the devices again after finishing, to avoid any accidental configuration.
  • NSO needs to pull the SSH keys from the device, which is done only after the commit has occurred on the device.
  • Finally you need to tell it to grab a local copy of the device’s running config. NSO calls this process sync-from where NSO logs into the device and captures the running-config to parse it into NSO’s local XML database.
  • This local copy of the config will only be updated upon a request of sync-from. It does not automatically update. You can do a check-sync to quickly find out if the NSO local config version is the same as the one currently on the device. We will cover this shortly.

Now let us add a device in NSO by providing a device name, an address, an authgroup that we created earlier, a device-type and a ned-id that will be used for this device. Use the ned-id based on your device (IOS, Nexus, IOS-XR, etc.).

Step 3: Access the NSO CLI console and Add a device (Cisco IOS-XR router) using following command:

**admin@ncs(config-group-XR)#** top
**admin@ncs(config)#** devices device RSTXR-1 
authgroup XR
device-type cli ned-id cisco-iosxr-cli-7.18
device-type cli protocol telnet
ssh host-key-verification none
no ssh host-key ssh-rsa
state admin-state unlocked

We have specified that the device is a CLI-based device, and it should use the cisco-ios NED for XR

Note: For other vendors, we should select vendor specific NED ID.

We have selected ‘admin-state unlocked’ so that we can sync-from the configuration of the device into the NSO database and finally, We commit these changes.

Now that the basic information for the device is in NSO and committed, let us sync-from the configuration from the device into the NSO.

**admin@ncs(config-device-RSTXR-1)#** sync-from    
**admin@ncs#** devices device RSTXR-1 sync-form


result true

Note: NSO also allows adding devices through the Web GUI, and Northbound APIs (Python, Java, REST, and others), but creating them in the CLI is a good learning exercise.

Some additional commands for practice:

The first step after logging into NSO CLI console is to force a reload of the packages so that Cisco IOS XR packages are available to the running instance of NSO.

Step 4: Access the NSO CLI console and force a reload of all packages:

**admin@ncs#** packages reload force

>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully.
reload-result {
    package cisco-ios
    result true
reload-result {
    package cisco-iosxr
    result true
reload-result {
    package cisco-nx
    result true

Now Let us verify if all required NEDs are installed

Step 5: Access the NSO CLI console and verify that all packages are installed:

**admin@ncs#** show packages package description

cisco-ios    NED package for the Cisco IOS
cisco-iosxr  NED package for the Cisco IOS XR
cisco-nx     NED package for the Cisco Nexus

Next step is to check the operational status of packages

Step 6: Access the NSO CLI console and verify the operational status of packages:

**admin@ncs#** show packages package oper-status

packages package cisco-iosxr-cli-7.18
oper-status up

If you get below error:

reload-result {
    package cisco-iosxr
    result false

Solution is:

**rst@rst-nso:~$** cd nso-5.3/bin/
**rst@rst-nso:~/nso-5.3/bin$** nano ncs-start-java-vm

add following line below opts="${NCS\_JAVA\_VM\_OPTIONS}"

opts=\`add\_if\_not\_contains "${opts}" "-Xmx" "" "1G"\`

To save file:
press Cntrl o 
To exit from nano tool:
press Cntrl x

All Commits are saved for rollback in directory


**rst@rst-nso:~/nso-5.3/packages/neds/nso-instance/logs$** ls r\*
rollback10001  rollback10011  rollback10021  rollback10031  rollback10041
rollback10002  rollback10012  rollback10022  rollback10032  rollback10042
rollback10003  rollback10013  rollback10023  rollback10033  rollback10043
rollback10004  rollback10014  rollback10024  rollback10034  rollback10044
rollback10005  rollback10015  rollback10025  rollback10035  rollback10045
rollback10006  rollback10016  rollback10026  rollback10036  rollback10046
rollback10007  rollback10017  rollback10027  rollback10037  rollback10047
rollback10008  rollback10018  rollback10028  rollback10038
rollback10009  rollback10019  rollback10029  rollback10039
rollback10010  rollback10020  rollback10030  rollback10040

If you don’t want these rollbacks and start fresh then yo can delete these files.

Step 7: Access the Bash console of Linux and type following command:

**rst@rst-nso:~/nso-5.3/packages/neds/nso-instance/logs$** rm -f roll\*