Change Virtual Service Global Configuration

To enable the Guest Shell using a previously exported Guest Shell rootfs, the system needs to be configured to allow unsigned virtual service packages.

Configuring the Virtual Service Signing Policy to Allow Unsigned Packages

Configuring the Virtual Service Signing Policy to Allow Unsigned Packages

POST http://<IP_address>/api/mo/sys/virtualservice.json

{
  "virtualServiceVirtualServiceTop": {
    "children": [
      {
        "virtualServiceGlobalConfig": {
          "attributes": {
            "signingLevel": "unsigned"
}}}]}}

{
    imdata:[]
}

<System>
  <virtualservice-items>
    <global-items>
      <signingLevel>unsigned</signingLevel>
    </global-items>
  </virtualservice-items>
</System>

Note: This example was added in Release 9.3(3).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

virtual-service
signing level unsigned

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
virtualServiceVirtualServiceTop	sys/virtualservice
virtualServiceGlobalConfig	sys/virtualservice/global

virtualServiceGlobalConfig Properties

The following table contains information about the virtualServiceGlobalConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
signingLevel	virtualService:SigningLevel (scalar:Enum8)	Signing level for allowed for virtual-service packages	SELECTION: 1 - none 2 - cisco 3 - unsigned DEFAULT: cisco

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Virtual Service Signing Policy Configuration

Deleting the Unsigned Virtual Service Configuration

POST http://<IP_address>/api/mo/sys/virtualservice.json

{
  "virtualServiceVirtualServiceTop": {
    "children": [
      {
        "virtualServiceGlobalConfig": {
          "attributes": {
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <virtualservice-items>
    <global-items nc:operation="delete">
    </global-items>
  </virtualservice-items>
</System>

Deleting the virtual service global configuration will revert the virtual service signing level configuration back to the default behavior of only allowing Cisco signed packages. This command will fail if the current instance of the Guest Shell requires unsigned packages.