Basic NSO Template Service

Load blank.ssh.enabled.cfg

#IOS-XE
config replace flash:blank.ssh.enabled.cfg
 
#IOS-XR
configure
load bootflash:blank.ssh.enabled.cfg
commit replace
y

Task 1. Create a template service

Create two template services in nso-instance which configure an SNMP v2 community string. The templates must use a variable for the community. Create one template for XE and one for XR.

If you are starting this lab without doing the previous one, you can add all devices to NSO with this config:

Initial NSO Configuration

devices global-settings ssh-algorithms public-key [ ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-512 rsa-sha2-256 ssh-rsa ssh-dss  ]

devices device r1
address 10.254.0.101
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked

devices device r2
address 10.254.0.102
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r3
address 10.254.0.103
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r4
address 10.254.0.104
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r5
address 10.254.0.105
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r6
address 10.254.0.106
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r7
address 10.254.0.107
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r8
address 10.254.0.108
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r9
address 10.254.0.109
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device r10
address 10.254.0.110
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device xr1
address 10.254.0.111
authgroup default
device-type cli ned-id cisco-iosxr-cli-7.49
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device xr2
address 10.254.0.112
authgroup default
device-type cli ned-id cisco-iosxr-cli-7.49
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device xr3
address 10.254.0.113
authgroup default
device-type cli ned-id cisco-iosxr-cli-7.49
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device xr4
address 10.254.0.114
authgroup default
device-type cli ned-id cisco-iosxr-cli-7.49
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked


devices device-group XE
device-name r1
device-name r2
device-name r3
device-name r4
device-name r5
device-name r6
device-name r7
device-name r8
device-name r9
device-name r10

devices device-group XR
device-name xr1
device-name xr2
device-name xr3
device-name xr4

devices device-group ALL
device-group XE
device-group XR

Task 1 Answer

# Exit NSO and create a new skeleton service in the nso-instance directory
cd ~/nso-instance/packages
ncs-make-package --service-skeleton template snmpv2-xe
ncs-make-package --service-skeleton template snmpv2-xr

# Gather a template XML config by going back into NSO and staging the change,
# committing dry-run in XML native format, and then aborting.
devices device r1 config
snmp-server community MYCOMM
top

devices device xr1 config
snmp-server community MYCOMM
top

commit dry-run outformat xml
# Copy the <config> .. </config> section of each device type

abort
exit

# Edit the skeleton-generated template to use this config
# Replace the community string with {/comm}
nano ~/nso-instance/packages/snmpv2-xe/templates/snmpv2-xe-template.xml
nano ~/nso-instance/packages/snmpv2-xr/templates/snmpv2-xr-template.xml

# Edit the YANG model to use a variable of comm and type of string
nano ~/nso-instance/packages/snmpv2-xe/src/yang/snmpv2-xe.yang
nano ~/nso-instance/packages/snmpv2-xr/src/yang/snmpv2-xr.yang

# Make both of the packages
cd ~/nso-instance/packages/snmpv2-xe/src/
make

cd ~/nso-instance/packages/snmpv2-xr/src/
make

Task 2. Load packages and apply

Load the packages into NSO, and apply it to all routers

Task 2 Answer

# Go back to the nso-instance dir and launch NSO CLI
cd ~/nso-instance
ncs_cli -C -u admin

# Reload packages
packages reload

# If the packages don't show up in "show packages package ?"
# then you can stop and restart nso
#
# Note, the NSO docs say to stop ncs first before making the packages.
# Perhaps this is why I sometimes had to do this.
ncs --stop
ncs --with-package-reload-force

# Apply service to each device
snmpv2-xe DEFAULT
device [ r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 ]
comm MY_COMMUNITY_STRING

snmpv2-xr DEFAULT
device [ xr1 xr2 xr3 xr4 ]
comm MY_COMMUNITY_STRING_XR

top

# Commit
commit

The drawback I notice so far with these basic template services is:

• A separate service template appears to be necessary per-device.

• Multiple devices can belong to a service, but only one variable value for that service. We cannot assign a “comm” value per-XE device on the “DEFAULT” service.

Task 3. Create config drift and re-apply service

Change community-string on R3 manually and then re-sync from all devices in NSO.

Re-deploy the service to fix the config drift.

Task 3 Answer

#R3
no snmp-server community MY_COMMUNITY_STRING RO
snmp-server community NEW_COMM

# In NSO, resync from devices
devices device-group ALL sync-from

# Re-apply the service
snmpv2-xe DEFAULT re-deploy dry-run
snmpv2-xe DEFAULT re-deploy

# The re-deploy automatically includes a commit

Note that NSO did not remove the additional community, it just added the first one back in:

3. Answer