Administration

See the NSO Installation Guide for more information. There are two kinds of NSO installations:

This guide is intended for evaluation and development scenarios so local install is briefly covered here. Local Install of NSO is performed in a single, user specified directory. For example in your home directory $HOME. The user has to stop and start NSO manually when using local install.

        rm -rf $HOME/ncs-VERSION

NSO needs a deployment/runtime directory where the database files, logs etc are stored. An "empty" default such directory can be created using the ncs-setup command:

$ ncs-setup --dest /home/ncs

In this User Guide we will refer to examples in $NCS_DIR/examples.ncs. All of them have ready-made runtime directories. So the above step is not needed for running the examples.

When you start NSO, make sure you are located in the deployment dir since NSO will look for its runtime directories and configuration file in ./. In the same way as you can have several parallel NSO installations you can have as many deployment directories you like. All of the with different packages, configuration files, and database contents. This is exactly how the examples are structured, every NSO example is a self-contained directory.

$ cd .../ncs-2.3.1
$ . ncsrc
$ cd .../ncs-2.3.2/examples.ncs/datacenter-qinq
$ ncs

Since the runtime directory is self-contained, this is also the way can move between examples:

$ cd $NCS_DIR/examples.ncs/data-center-qinq
$ ncs
$ ncs --stop
$ cd $NCS_DIR/examples.ncs/getting-started/1-simulated-cisco-ios
$ ncs
$ ncs --stop

Since the run-time directory is self-contained including also the database files. You can just compress a complete directory and distribute it. Unpacking that directory and starting NSO from there will give an exact copy of all instance data.

Whenever we start (or reload) the NSO daemon it reads its configuration from ./ncs.conf or ${NCS_DIR}/etc/ncs/ncs.conf or from the file specified with the -c option.

$ ncs
$ ncs --stop
$ ncs -h
...

The command ncs -h shows various options when starting NSO. By default, NSO starts in the background without an associated terminal. It is recommended to add NSO to the /etc/init scripts of the deployment hosts. See more information in the Reference Guide and man ncs.

Users are configured at the path aaa authentication users

admin@ncs(config)# show full-configuration aaa authentication users user
aaa authentication users user admin
 uid        1000
 gid        1000
 password   $1$GNwimSPV$E82za8AaDxukAi8Ya8eSR.
 ssh_keydir /var/ncs/homes/admin/.ssh
 homedir    /var/ncs/homes/admin
!
aaa authentication users user oper
 uid        1000
 gid        1000
 password   $1$yOstEhXy$nYKOQgslCPyv9metoQALA.
 ssh_keydir /var/ncs/homes/oper/.ssh
 homedir    /var/ncs/homes/oper
!...

Access control, including group memberships, is managed using the NACM model (RFC 6536).

admin@ncs(config)# show full-configuration nacm
nacm write-default permit
nacm groups group admin
 user-name [ admin private ]
!
nacm groups group oper
 user-name [ oper public ]
!
nacm rule-list admin
 group [ admin ]
 rule any-access
  action permit
 !
!
nacm rule-list any-group
 group [ * ]
 rule tailf-aaa-authentication
  module-name       tailf-aaa
  path              /aaa/authentication/users/user[name='$USER']
  access-operations read,update
  action            permit
 !

So, adding a user includes the following steps:

It is likely that the new user also needs access to work with device configuration. The mapping from NSO users and corresponding device authentication is configured in authgroups.

admin@ncs(config)# show full-configuration devices authgroups
devices authgroups group default
 umap admin
  remote-name     admin
  remote-password $4$wIo7Yd068FRwhYYI0d4IDw==
 !
 umap oper
  remote-name     oper
  remote-password $4$zp4zerM68FRwhYYI0d4IDw==
 !
!

So the user needs to be added here as well. If the last step is forgotten you will see the following error:

jim@ncs(config)# devices device c0 config ios:snmp-server community fee
jim@ncs(config-config)# commit
Aborted: Resource authgroup for jim doesn't exist

NSO Packages contain data-models and code for a specific function. It might be a NED for a specific device, a service application like MPLS VPN, a WebUI customization package etc. Packages can be added, removed and upgrade in run-time. A common task is to add a package to NSO in order to support a new device-type, or upgrade an existing package when the device is upgraded.

(We assume you have the example up and running from previous section). Current installed packages can be viewed with the following command:

admin@ncs# show packages
packages package cisco-ios
 package-version 3.0
 description     "NED package for Cisco IOS"
 ncs-min-version [ 3.0.2 ]
 directory       ./state/packages-in-use/1/cisco-ios
 component upgrade-ned-id
  upgrade java-class-name com.tailf.packages.ned.ios.UpgradeNedId
 component cisco-ios
  ned cli ned-id  cisco-ios
  ned cli java-class-name com.tailf.packages.ned.ios.IOSNedCli
  ned device vendor Cisco
NAME      VALUE
---------------------
show-tag  interface

 oper-status up

So the above command shows that NSO currently have one package, the NED for Cisco IOS.

NSO reads global configuration parameters from ncs.conf. More on NSO configuration later in this guide. By default it tells NSO to look for packages in a packages directory where NSO was started. So in this specific example:

$ pwd
.../examples.ncs/getting-started/using-ncs/1-simulated-cisco-ios
$ ls packages/
cisco-ios
$ ls packages/cisco-ios
doc
load-dir
netsim
package-meta-data.xml
private-jar
shared-jar
src

As seen above a package is a defined file structure with data-models, code and documentation. NSO comes with a couple of ready-made packages: $NCS_DIR/packages/. Also there is a library of packages available from Tail-f especially for supporting specific devices.

$ ncs-netsim stop

$ cd $NCS_DIR/examples.ncs/getting-started/using-ncs/1-simulated-cisco-ios/packages
$ ln -s $NCS_DIR/packages/neds/cisco-nx
$ ls -l
... cisco-nx -> .../packages/neds/cisco-nx

  admin@ncs# show packages packages package
  cisco-ios ...  admin@ncs# packages reload

>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has
completed.
>>> System upgrade has completed successfully.
reload-result {
    package cisco-ios
    result true
}
reload-result {
    package cisco-nx
    result true
}

$ ncs-netsim add-to-network cisco-nx 2 n
$ ncs-netsim list
ncs-netsim list for  /Users/stefan/work/ncs-3.2.1/examples.ncs/getting-started/using-ncs/1-simulated-cisco-ios/netsim

name=c0 ...
name=c1 ...
name=c2 ...
name=n0 ...
name=n1 ...


$ ncs-netsim start
DEVICE c0 OK STARTED
DEVICE c1 OK STARTED
DEVICE c2 OK STARTED
DEVICE n0 OK STARTED
DEVICE n1 OK STARTED
$ ncs-netsim cli-c n0
n0#show running-config
no feature ssh
no feature telnet
fex 101
 pinning max-links 1
!
fex 102
 pinning max-links 1
!
nexus:vlan 1
!
...

admin@ncs(config)# devices device n0 device-type cli ned-id cisco-nx
admin@ncs(config-device-n0)# port 10025
admin@ncs(config-device-n0)# address 127.0.0.1
admin@ncs(config-device-n0)# authgroup default
admin@ncs(config-device-n0)# state admin-state unlocked
admin@ncs(config-device-n0)# commit
admin@ncs(config-device-n0)# top
admin@ncs(config)# devices device n0 sync-from
result true

Use the command ncs --status to get runtime information on NSO.

All parts of the NSO installation, can be backed up and restored with standard file system backup procedures.

The most convenient way to do backup and restore is to use the ncs-backup command (this only works if NSO is installed using the --system-install option). In that case the following procedure is used.