NSO Lab 1: NSO Installation on Ubuntu 18.4
NSO Installation on Ubuntu 18.4
In Lab 1: NSO Installation on Ubuntu 18.04, participants typically embark on the initial steps of deploying Cisco's Network Services Orchestrator (NSO) on an Ubuntu 18.04 environment. This lab involves tasks such as preparing the Ubuntu system, ensuring the necessary prerequisites are met, and executing the installation process for NSO. Participants may need to configure user accounts, set environment variables, and run the NSO installation script. The aim of this lab is to provide hands-on experience in the installation and setup of NSO, a powerful network automation and orchestration tool. Successful completion of Lab 1 equips participants with the foundational skills required to deploy NSO on Ubuntu 18.04, setting the stage for further exploration and utilization of this network orchestration platform in subsequent labs.
Lab:
Task 1: Installing NSO on Ubuntu 18.4 Workstation:
Before beginning this lab on your workstation, install a standard set of integrated development applications, tools, and interfaces.
Step 1: Access the browser console of your Linux machine and download the Cisco Network Services Orchestrator (NSO) and required Network Element Drivers (NEDs):
NSO 5.3 Mac: https://developer.cisco.com/fileMedia/download/a7220dd6-e7d2-3c75-8ef4-7fd3fa7bc477
NSO 5.3 Linux: https://developer.cisco.com/fileMedia/download/da6e8ed4-0b65-357a-9cf3-c1b3357a2ad4
Cisco IOS (XE) NED: https://developer.cisco.com/fileMedia/download/1ce0318d-4ce3-34cf-a577-ebdf97a46371
Cisco IOS XR NED: https://developer.cisco.com/fileMedia/download/4c95fe20-9c61-37a2-aa25-c5967f9aefc2
Cisco NXOS NED: https://developer.cisco.com/fileMedia/download/838b1755-64e8-3c62-8527-35ab0069805c
Cisco ASA NED: https://developer.cisco.com/fileMedia/download/017caac8-f711-33fe-9e1a-143fe221b818
For NSO Installation in small networks (less than 10 devices) we only need a single vCPU and 4-8 GB of RAM.
NSO can be a memory intensive application, so if you are encountering issues, try increasing the RAM size. If you use Vagrant or docker to manage local Linux virtual machines, there is a NSO Vagrant file and NSO Docker file for your convenience.
Now let us install Java and ANT, these are prerequisites for NSO. Apache Ant is a Java library and tool for building files and other dependencies:
Step 2: Access the Terminal window of Linux machine and install JRE and ANT, use following command:
$ sudo apt install default-jre
$ sudo apt install ant
NSO Installation
Local vs System Installation
Before you install NSO onto your system, you need to decide whether to do a “System” or “Local” installation. Here’s a simple breakdown of the two.
System Install is used when installing NSO for a centralized, “always-on”, production grade purpose. It is configured as a system daemon that would start and end with the underlying operating system. The default users of admin and oper are not included and the file structure is more distributed.
Local Install is used for development, lab, and evaluation purposes. It unpacks all the application components, including docs and examples, and can be used by the engineer to run multiple, unrelated, instances of NSO for different labs and demos on a single workstation .
For those just getting started, this guide will be using a Local Installation of NSO. The NSO documentation has details on how to handle a system install.
Performing a Local Installation
Once you’ve installed the pre-reqs and downloaded the NSO installation file for your operating system, you are ready to do your installation.
Step 3: Access the Terminal window of Linux machine and navigate to the directory where you downloaded the installer:
Make sure you have the correct installer binary for your OS.
$ cd ~/Downloads
$ ll nso\*.bin
Following output will be displayed.
\-rw-rw-r - - 1 rst rst 208174605 May 3 15:25 nso-5.3.linux.x86\_64.signed.bin
Note: If your file is a signed.bin file, this means that the file you downloaded has been digitally signed by Cisco, and when you execute it you’ll verify the signature and unpack the installer.bin . If you have the installer.bin skip down past the signed steps.
Step 4: Use the sh command to “run” the signed.bin to verify the certificate and extract the installer binary and other files:
$ sudo apt install python
$ sh nso-5.3.linux.x86\_64.signed.bin
Following output will be displayed.
Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of nso-5.3.linux.x86\_64.installer.bin using tailf.cer
Step 5: Check files that are installed
$ ls
Following output will be displayed.
cisco\_x509\_verify\_release.py
nso-5.3.linux.x86\_64.signed.bin
nso-5.3.linux.x86\_64.installer.bin
README.signature
nso-5.3.linux.x86\_64.installer.bin.signature
tailf.cer
The NSO installer nso-VERSION.OS.ARCH.installer.bin
Signature generated for the NSO image nso-VERSION.OS.ARCH.installer.bin.signature
An enclosed Cisco signed tailf.cer x.509 end-entity certificate containing the public key that is used to verify the signature.
README.signature file which briefs you more details on the unpacked content and the steps on “How to run the signature verification program”. If you would like to manually verify the signature, please refer to the steps in this file.
cisco_x509_verify_release.py python program that can be used to verify the 3-tier x.509 certificate chain and signature.
Step 6: Run the installer with the argument –local-install ~/nso-5.3 to install it into your home directory:
$ sh nso-5.3.linux.x86\_64.installer.bin --local-install ~/nso-5.3
Following output will be displayed.
INFO Using temporary directory /tmp/ncs\_installer.10704 to stage NCS installation bundle
INFO Unpacked ncs-5.3 in /home/rst/ns5.3
INFO Found and unpacked corresponding DOCUMENTATION\_PACKAGE
INFO Found and unpacked corresponding EXAMPLE\_PACKAGE
INFO Found and unpacked corresponding JAVA\_PACKAGE
INFO Generating default SSH hostkey (this may take some time)
INFO SSH hostkey generated
INFO Environment set-up generated in /home/rst/nso-5.3/ncsrc
INFO NSO installation script finished
INFO Found and unpacked corresponding NETSIM\_PACKAGE
INFO NCS installation complete
That’s all it is installed.
Step 7: Exploring the Installation:
Before we startup NSO, let’s just look at what we have. Go into the new installation directory and explore:
$ cd ~/nso-5.3
Along with the binaries, NSO installs a full set of documentation in the ‘doc’ folder of ~/nso-5.3 directory:
$ ll doc/
Following output will be displayed.
drwxr-xr-x 5 user staff 160B Nov 29 05:19 api/
drwxr-xr-x 14 user staff 448B Nov 29 05:19 html/
-rw-r--r-- 1 user staff 202B Nov 29 05:19 index.html
drwxr-xr-x 17 user staff 544B Nov 29 05:19 pdf/
Feel free to open up the index.html file in your favorite browser and poke around (you can use the open command in the terminal to open the file). You’ll find installation, admin, user, development, and more guides available for you to jump right into.
Examples
An NSO Local Install also comes with A LOT of examples of a variety of different types of ways you can use NSO. Many of these touch on advanced topics, but there are plenty of basic ones as well. Here is the high level directories of examples in ~/nso-5.3/examples.ncs
$ cd ~/nso-5.3/
$ ll examples.ncs/
Following output will be displayed.
\-rw-r--r-- 1 user staff 1.0K Nov 29 05:17 README
drwxr-xr-x 4 user staff 128B Nov 29 04:50 datacenter/
drwxr-xr-x 3 user staff 96B Nov 29 04:50 generic-ned/
drwxr-xr-x 4 user staff 128B Nov 29 04:50 getting-started/
drwxr-xr-x 7 user staff 224B Nov 29 04:50 service-provider/
drwxr-xr-x 3 user staff 96B Nov 29 04:50 snmp-ned/
drwxr-xr-x 11 user staff 352B Nov 29 05:17 snmp-notification-receiver/
drwxr-xr-x 5 user staff 160B Nov 29 04:50 web-server-farm/
Step 8 : Exploring NEDs or Network Element Drivers:
In order to “talk to” the network, NSO uses NEDs as device drivers for different device types. Cisco has NEDs for hundreds of different devices available for customers, and several are included in the installer in the ~/nso-5.3/packages/neds directory:
$ cd ~/nso-5.3/packages/neds
$ ll
Following output will be displayed.
drwxr-xr-x 13 user staff 416B Nov 29 05:17 a10-acos-cli-3.0/
drwxr-xr-x 12 user staff 384B Nov 29 05:17 alu-sr-cli-3.4/
drwxr-xr-x 13 user staff 416B Nov 29 05:17 cisco-asa-cli-6.6/
drwxr-xr-x 12 user staff 384B Nov 29 05:17 cisco-ios-cli-3.0/
drwxr-xr-x 12 user staff 384B Nov 29 05:17 cisco-ios-cli-3.8/
drwxr-xr-x 13 user staff 416B Nov 29 05:17 cisco-iosxr-cli-3.0/
drwxr-xr-x 13 user staff 416B Nov 29 05:17 cisco-iosxr-cli-3.5/
drwxr-xr-x 13 user staff 416B Nov 29 05:17 cisco-nx-cli-3.0/
drwxr-xr-x 13 user staff 416B Nov 29 05:17 dell-ftos-cli-3.0/
drwxr-xr-x 10 user staff 320B Nov 29 05:17 juniper-junos-nc-3.0/
Here you can see there are NEDs for Cisco ASA, IOS, IOS XR, and NX-OS. Also included are NEDs for other vendors including Juniper JunOS, A10, ALU and Dell.
Note: The NEDs included in the installer are intended for evaluation, demonstration, and use with the examples.ncs that are also included. These are not the latest versions available, and often don’t have all the features available in production NEDs.
Task 2: Installing New NED Versions:
Note: Evaluation copy has been provided under the terms of the Cisco NSO Evaluation License. You can download from the link provided below:
Cisco IOS (XE) NED: https://developer.cisco.com/fileMedia/download/1ce0318d-4ce3-34cf-a577-ebdf97a46371
Cisco IOS XR NED: https://developer.cisco.com/fileMedia/download/4c95fe20-9c61-37a2-aa25-c5967f9aefc2
Cisco NXOS NED: https://developer.cisco.com/fileMedia/download/838b1755-64e8-3c62-8527-35ab0069805c
Cisco ASA NED: https://developer.cisco.com/fileMedia/download/017caac8-f711-33fe-9e1a-143fe221b818
Alternatively, we can down load the NEDs from following URL: https://developer.cisco.com/docs/nso/#!getting-nso/downloads
NOTE: the specific file names and versions you download maybe different from this guide. Update the paths appropriately.
Like the NSO installer, the NEDs are signed.bin files that need to be run to validate the download and extract the new code.
Step 1: Access the Terminal window of your Linux machine and find the downloaded files, use following command:
Note: the filenames indicate which version of NSO the NEDs are pre-compiled for (in this case NSO 5.3), and the version of the NED.
$ cd ~/Downloads/
$ ls -l ncs\*.bin
Following output will be seen on the screen of your terminal window:
\-rw-r--r--@ 1 user staff 9708091 Dec 18 12:05 ncs-5.3-cisco-asa-6.7.7.signed.bin
-rw-r--r--@ 1 user staff 51233042 Dec 18 12:06 ncs-5.3-cisco-ios-6.42.1.signed.bin
-rw-r--r--@ 1 user staff 8400190 Dec 18 12:05 ncs-5.3-cisco-nx-5.13.1.1.signed.bin
-rw-r--r--@ 1 user staff 8400190 Dec 18 12:05 ncs-5.3-cisco-iosxr-7.18.2.signed.bin
Step 2: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:
$ sh ncs-5.3-cisco-iosxr-7.18.2.signed.bin
Following output will be seen on the screen of your terminal window:
Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-iosxr-7.18.2.tar.gz using tailf.cer
Step 3: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:
$ sh ncs-5.3-cisco-ios-6.42.1.signed.bin
Following output will be seen on the screen of your terminal window:
Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-ios-6.42.1.tar.gz using tailf.cer
Step 4: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:
$ sh ncs-5.3-cisco-asa-6.7.7.signed.bin
Following output will be seen on the screen of your terminal window:
Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-asa-6.7.7.tar.gz using tailf.cer
Step 5: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:
$ sh ncs-5.3-cisco-nx-5.13.1.1.signed.bin
Following output will be seen on the screen of your terminal window:
Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-nx-5.13.1.1.tar.gz using tailf.cer
Step 6: You now have 4 tarballs (.tar.gz) files. These are compressed versions of the NEDs.
$ ls -l ncs\*.tar.gz
Following output will be seen on the screen of your terminal window:
\-rw-r--r-- 1 rst rst 9704896 Dec 13 07:41 ncs-5.3-cisco-asa-6.7.7.tar.gz
-rw-r--r-- 1 rst rst 51508674 Jan5 14:47 ncs-5.3-cisco-ios-6.42.1.tar.gz
-rw-r--r-- 1 rst rst 39339975 Dec 28 01:26 ncs-5.3-cisco-iosxr-7.18.2.tar.gz
-rw-r--r-- 1 rst rst8409288 Dec 18 19:39 ncs-5.3-cisco-nx-5.13.1.1.tar.gz
Step 7: Navigate to the packages/neds directory for your local-install:
$ cd ~/nso-5.3/packages/neds
While in ~/nso-5.3/packages/neds directory, extract the tarballs into this directory using the tar command with the path to where the compressed NED is located:
Step 8: Update the path and file name for the NED versions you downloaded:
$ tar -zxvf ~/Downloads/ncs-5.3-cisco-nx-5.13.1.1.tar.gz
$ tar -zxvf ~/Downloads/ncs-5.3-cisco-ios-6.42.1.tar.gz
$ tar -zxvf ~/Downloads/ncs-5.3-cisco-asa-6.7.7.tar.gz
$ tar -zxvf ~/Downloads/ncs-5.3-cisco-iosxr-7.18.2.tar.gz
Here is a sample list of the newer NEDs extracted along with the ones bundled with the installation:
$ ls -al
Following output will be seen on the screen of your terminal window:
drwxr-xr-x 16 rst rst 4096 May 3 17:35 .
drwxr-xr-x 6 rst rst 4096 Nov 29 15:47 ..
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 a10-acos-cli-3.0
drwxr-xr-x 7 rst rst 4096 Nov 29 15:47 alu-sr-cli-3.4
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 cisco-asa-cli-6.6
drwxr-xr-x 8 rst rst 4096 Dec 13 07:41 cisco-asa-cli-6.7
drwxr-xr-x 7 rst rst 4096 Nov 29 15:47 cisco-ios-cli-3.0
drwxr-xr-x 7 rst rst 4096 Nov 29 15:47 cisco-ios-cli-3.8
drwxr-xr-x 8 rst rst 4096 Jan 5 14:47 cisco-ios-cli-6.42
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 cisco-iosxr-cli-3.0
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 cisco-iosxr-cli-3.5
drwxr-xr-x 9 rst rst 4096 Dec 28 01:26 cisco-iosxr-cli-7.18
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 cisco-nx-cli-3.0
drwxr-xr-x 9 rst rst 4096 Dec 18 19:39 cisco-nx-cli-5.13
drwxr-xr-x 8 rst rst 4096 Nov 29 15:47 dell-ftos-cli-3.0
drwxr-xr-x 5 rst rst 4096 Nov 29 15:47 juniper-junos-nc-3.0
And now you have the newer NED versions available, as well as the demo/evaluation versions included with NSO itself!
NCSRC
The last thing to note are the files ncsrc and ncsrc.tsch . These are shell scripts for bash and tsch that setup your PATH and other environment variables for NSO. Depending on your shell, you will need source this file before starting your NSO work.
# NOTE your path may be different, double check!
$ source $HOME/nso-5.3/ncsrc
Most users add source ~/nso-5.3/ncsrc to their ~/.bash_profile , but you can just do it manually when you want it. Once it has been “sourced” you have access to all the NSO executable commands – which start with ncs
BASH
$ ncs {TAB} {TAB}
Following output will be seen on the screen of your terminal window:
ncs ncs-maapi ncs-project ncs-start-python-vm ncs\_cmd ncs\_load
ncs-backup ncs-make-package ncs-setup ncs-uninstall ncs\_conf\_tool ncsc
ncs-collect-tech-report ncs-netsim ncs-start-java-vm ncs\_cli ncs\_crypto\_keys
Task 3: Creating an Instance of NSO:
A NSO Local Install unpacks and prepares your system to run NSO, but doesn’t actually start it up . A Local Install allows the engineer to create an NSO “instance” tied to a project, which you have not done yet.
If you are familiar with Python, you can think of this like creating a Python virtual environment after installing Python. Within this NSO instance, you will have different inventory, configuration, and code.
Using ncs-setup to Create an NSO Instance
One of the included scripts with an NSO installation is ncs-setup , which makes it very easy to create instances of NSO from a Local Install. You can look at the –help for full details, but the two options we need to know are: * –dest defines the directory where you want to setup NSO (if the directory does not exist, it will be created) * –package defines the NEDs you want to this NSO instance to have installed. You can specify this option multiple times.
Note: NCS is the original name of the NSO product, so many the commands and application features will be prefaced with ncs. Think of ncs as another name for NSO.
Go ahead and run this command to setup an NSO instance in the current directory with the IOS, NX-OS, IOS-XR and ASA NEDs, you only need one NED per platform that you want NSO to manage (even though you may have multiple versions in your installer neds directory).
You will want to use the name of the NED folder in ${NCS_DIR}/packages/neds for the latest NED version you’ve got installed for the target platform. You can use tab complete after you start typing a path (or just copy and paste, though double check the NED version numbers below match what is currently on the system to avoid a syntax error):
Step 1: Type the command as seen below, it is a single command:
ncs-setup --package ~/nso-5.3/packages/neds/cisco-ios-cli-6.42 \\
--package ~/nso-5.3/packages/neds/cisco-nx-cli-5.13 \\
--package ~/nso-5.3/packages/neds/cisco-iosxr-cli-7.18 \\
--package ~/nso-5.3/packages/neds/cisco-asa-cli-6.7 \\
--dest nso-instance
OR
ncs-setup --package ~/nso-5.3/packages/neds/cisco-ios-cli-6.42 --package ~/nso-5.3/packages/neds/cisco-nx-cli-5.13 --package ~/nso-5.3/packages/neds/cisco-iosxr-cli-7.18 --package ~/nso-5.3/packages/neds/cisco-asa-cli-6.7 --dest nso-instance
If you checkout the nso-instance directory now, you’ll find several new files and folders have been created. This guide won’t go through them all in detail now, but a couple are handy to know about.
ncs.conf is the NSO application configuration file. Used to customize aspects of the NSO instance (change ports, enable / disable features, etc.). The defaults are often perfect for projects like this.
packages/ is the directory that has symlinks to the NEDs that we referenced in the –package arguments at setup.
logs/ is the directory that contains all the logs from NSO. This directory is useful when troubleshooting.
$ ls nso-instance/
logs ncs-cdb ncs.conf packages README.ncs scripts state
$ cd nso-instance/packages/
$ ls -al
total 12
drwxr-xr-x 3 rst rst 4096 May 3 18:17 .
drwxr-xr-x 7 rst rst 4096 May 3 18:04 ..
lrwxrwxrwx 1 rst rst 49 May 3 18:06 cisco-asa-cli-6.7 -> /home/rst/nso-5.3/packages/neds/cisco-asa-cli-6.7
lrwxrwxrwx 1 rst rst 50 May 3 18:06 cisco-ios-cli-6.42 -> /home/rst/nso-5.3/packages/neds/cisco-ios-cli-6.42
lrwxrwxrwx 1 rst rst 52 May 3 18:06 cisco-iosxr-cli-7.18 -> /home/rst/nso-5.3/packages/neds/cisco-iosxr-cli-7.18
lrwxrwxrwx 1 rst rst 49 May 3 18:06 cisco-nx-cli-5.13 -> /home/rst/nso-5.3/packages/neds/cisco-nx-cli-5.13
drwxr-xr-x 7 rst rst 4096 May 3 18:17 nso-instance
Now you need to “start” your NSO instance. Navigate to the nso-instance directory and type the command ncs . It will take a few seconds to run, and you won’t get any explicit output unless there is a problem.
Note: you need to be in the nso-instance directory each time you want to start or stop NSO. If you have multiple instances, you need to navigate to each one to use the ncs command to start or stop each one.
$ ncs
This will take some time
You can verify that NSO is running by using the ncs –status | grep status command, which has a large amount of information, so we use grep to just search for the status:
$ ncs --status | grep status
status: started
db=running id=31 priority=1 path=/ncs:devices/device/live-status-protocol/device-type
Now you should add either some netsim devices ( ncs-netsim -h ) or lab devices to NSO and get automating!
Getting Started
We recommend that you start with the Getting Started guide in the doc directory $HOME/nso-VERSION/doc/pdf/nso_getting_started-VERSION.pdf
There are a lot of examples in the $HOME/nso-VERSION/examples.ncs directory. Each example has a README file that explains how to run it.
Sandboxes
If you do not want to download and install Cisco NSO, please check out the NSO Reservable Sandbox on DevNet . There is also an associated tutorial called Learn NSO the Easy Way
Still Need help?
There is a lot of material on the NSO Developer Hub
This is also where you can ask questions about anything NSO-related.