salt.proxy.nxos_api

Proxy Minion to manage Cisco Nexus Switches (NX-OS) over the NX-API

New in version 2019.2.0.

Proxy module for managing Cisco Nexus switches via the NX-API.

codeauthor:

Mircea Ulinic <ping@mirceaulinic.net>

maturity:

new

platform:

any

Usage

Note

To be able to use this module you need to enable to NX-API on your switch, by executing feature nxapi in configuration mode.

Configuration example:

switch# conf t
switch(config)# feature nxapi

To check that NX-API is properly enabled, execute show nxapi.

Output example:

switch# show nxapi
nxapi enabled
HTTPS Listen on port 443

Note

NX-API requires modern NXOS distributions, typically at least 7.0 depending on the hardware. Due to reliability reasons it is recommended to run the most recent version.

Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/programmability/guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide_chapter_0101.html for more details.

Pillar

The nxos_api proxy configuration requires the following parameters in order to connect to the network switch:

transport: https

Specifies the type of connection transport to use. Valid values for the connection are http, and https.

host: localhost

The IP address or DNS host name of the connection device.

username: admin

The username to pass to the device to authenticate the NX-API connection.

password

The password to pass to the device to authenticate the NX-API connection.

port

The TCP port of the endpoint for the NX-API connection. If this keyword is not specified, the default value is automatically determined by the transport type (80 for http, or 443 for https).

timeout: 60

Time in seconds to wait for the device to respond. Default: 60 seconds.

verify: True

Either a boolean, in which case it controls whether we verify the NX-API TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Defaults to True.

When there is no certificate configuration on the device and this option is set as True (default), the commands will fail with the following error: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581). In this case, you either need to configure a proper certificate on the device (recommended), or bypass the checks setting this argument as False with all the security risks considered.

Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/programmability/6_x/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide_chapter_01.html to see how to properly configure the certificate.

All the arguments may be optional, depending on your setup.

Proxy Pillar Example

proxy:
  proxytype: nxos_api
  host: switch1.example.com
  username: example
  password: example
salt.proxy.nxos_api.get_conn_args()

Returns the connection arguments of the Proxy Minion.

salt.proxy.nxos_api.init(opts)

Open the connection to the Nexsu switch over the NX-API.

As the communication is HTTP based, there is no connection to maintain, however, in order to test the connectivity and make sure we are able to bring up this Minion, we are executing a very simple command (show clock) which doesn't come with much overhead and it's sufficient to confirm we are indeed able to connect to the NX-API endpoint as configured.

salt.proxy.nxos_api.initialized()

Connection finished initializing?

salt.proxy.nxos_api.ping()

Connection open successfully?

salt.proxy.nxos_api.rpc(commands, method='cli', **kwargs)

Executes an RPC request over the NX-API.

salt.proxy.nxos_api.shutdown(opts)

Closes connection with the device.