Proxy Minion to manage Cisco Nexus Switches (NX-OS) over the NX-API
New in version 2019.2.0.
Proxy module for managing Cisco Nexus switches via the NX-API.
Mircea Ulinic <email@example.com>
To be able to use this module you need to enable to NX-API on your switch,
feature nxapi in configuration mode.
switch# conf t switch(config)# feature nxapi
To check that NX-API is properly enabled, execute
switch# show nxapi nxapi enabled HTTPS Listen on port 443
NX-API requires modern NXOS distributions, typically at least 7.0 depending on the hardware. Due to reliability reasons it is recommended to run the most recent version.
Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/programmability/guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide_chapter_0101.html for more details.
nxos_api proxy configuration requires the following parameters in order
to connect to the network switch:
Specifies the type of connection transport to use. Valid values for the
The IP address or DNS host name of the connection device.
The username to pass to the device to authenticate the NX-API connection.
The password to pass to the device to authenticate the NX-API connection.
The TCP port of the endpoint for the NX-API connection. If this keyword is
not specified, the default value is automatically determined by the
transport type (
Time in seconds to wait for the device to respond. Default: 60 seconds.
Either a boolean, in which case it controls whether we verify the NX-API
TLS certificate, or a string, in which case it must be a path to a CA bundle
to use. Defaults to
When there is no certificate configuration on the device and this option is
True (default), the commands will fail with the following error:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581).
In this case, you either need to configure a proper certificate on the
device (recommended), or bypass the checks setting this argument as
with all the security risks considered.
Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/programmability/6_x/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide_chapter_01.html to see how to properly configure the certificate.
All the arguments may be optional, depending on your setup.
proxy: proxytype: nxos_api host: switch1.example.com username: example password: example
Returns the connection arguments of the Proxy Minion.
Open the connection to the Nexsu switch over the NX-API.
As the communication is HTTP based, there is no connection to maintain,
however, in order to test the connectivity and make sure we are able to
bring up this Minion, we are executing a very simple command (
which doesn't come with much overhead and it's sufficient to confirm we are
indeed able to connect to the NX-API endpoint as configured.
Connection finished initializing?
Connection open successfully?
rpc(commands, method='cli', **kwargs)¶
Executes an RPC request over the NX-API.
Closes connection with the device.