Cisco NSO Local Installation
This topic will guide you through the Cisco NSO installation procedure, using the local installation option for development and testing purposes.
Cisco NSO has two installation types:
Local installation
System installation
A local Installation can be described as follows:
Intended for development and testing in labs and on desktops.
NSO can run as user.
Simple for you to switch between NSO instances (versions).
Everything is installed in two directories.
Installation directory: all static files (binaries, libraries, scripts, tools)
Running directory: all dynamic files (CDB, logs, configuration, packages)
Use the local installation option for development, evaluation, proof of concept, and private lab purposes. All the NSO examples and README steps provided with the installation are based on local installation only. You should always use local installation for evaluation and development purposes. Local installation is possible on a Linux operating system and OS X.
A system installation can be described as follows:
Intended for production environment and preproduction verification lab.
NSO can run as root or as a specific user.
System is integrated with the Linux operating system:
Installation directory: /opt/ncs/ncs-5.3.2 (linked to by /opt/ncs/current)
Running directory: /var/opt/ncs
Log directory: /var/log/ncs
Configuration directory: /etc/ncs
Use the system installation option for production and system-wide deployment in a central location. You need root privileges for the system installation procedure and administration of the installed NSO. As part of the system installation, the NSO daemon is started at boot time. System installation should be used only for production deployment. For all other purposes, use the local installation procedure.
Local installation is used when you want to test-drive the Cisco NSO solution, or when you want to use it for proof-of-concept development and testing in your private labs. With local installation, you can run Cisco NSO as any user on the machine, as opposed to system installation where you need to have root access to the machine. Using local installation for development environments is also a more flexible approach because it enables you to easily switch between separate NSO instances, even running different versions. The installation is simplified also when you look at how the installation procedure uses the filesystem.
Everything is installed in one or two directories:
Installation directory: all static files (for example, binaries, libraries, scripts, and tools)
Running directory: all dynamic files (for example, CDB, logs, configuration, and packages)
The Cisco NSO local installation requires only a handful of steps and can be completed in minutes.
The Cisco NSO local installation procedure is as follows:
Check the system requirements.
Install NSO.
Create the running environment for NSO.
Start NSO.
Duration: less than 1 minute
The Cisco NSO installation file contents are as follows:
NSO software, examples, and documentation
Lab-grade Network Element Drivers (NEDs)
Network simulator (ncs-netsim)
NSO is distributed as a signed binary (nso-5.3.2.linux.x86_64.signed.bin)
Verify the integrity of NSO installation binary (/home/cisco)
NSO is distributed as a signed binary. The first step in the installation procedure is verification of the integrity of NSO installation before execution, avoiding tampered software by an attacker. The verification is done automatically after you run the shipped signed binary as an executable. This procedure is shown in the following figure.
You can install Cisco NSO in seconds after the binaries have been unpacked and verified. You need the self-extract archive that is suitable for your operating system and CPU which was unpacked before, and then you need to decide where Cisco NSO should be installed. For training purposes, you should install Cisco NSO in your home directory—for example, as ~/nso-5.3.2. The installation procedure is shown in the following figure.
The installation procedure has installed all the required files in the destination folder. Besides the Cisco NSO software, you can find examples, documentation, lab-grade NEDs and the network simulator (ncs-netsim) inside the installation folder.
When working with Cisco NSO, you should be aware of two distinct directory types. The first is the installation directory itself, which contains all the Cisco NSO components. It is a good practice to run Cisco NSO projects outside the actual installation directory. This action avoids future problems when upgrading Cisco NSO to a newer version, and it clearly separates the Cisco NSO installation from its production or project-specific settings. The following figure, which shows the directory structure of the Cisco NSO installation.
There can be multiple versions of Cisco NSO installed on your system. Each installation has its own system binaries, libraries that Cisco NSO uses and which you use for development with NSO, and documentation with examples is included in every installation directory. Besides the installation directory, in your local installation, you will need to create a running directory, which will contain all your packages and runtime information for working with NSO. You can create multiple running directories, but with the default settings, only a single instance of Cisco NSO can run on a single machine.
The first step in creating a running environment is to source the ncsrc file located in your installation folder—for example, ~/nso-5.3.2. This action sets up paths and environment variables in order to run NSO. You must do this each time that you are about to run NSO, so we recommend that you put this command into a profile file such as .bashrc or .zshrc, so that the file gets sourced every time that you open a shell environment. Notice the sourcing of the ncsrc file in the following figure.
The “source” line ensures that the Cisco NSO executable and associated tools will be in your PATH. By setting the source, you can refer to the location where Cisco NSO is installed by using the environment variable $NCS_DIR.
To make it easy for you to get started, Cisco NSO includes a script called ncs-setup. The ncs-setup script will create the running directory, all sub-directories and files necessary to run the Cisco NSO (by default, in the current working directory). The following figure shows the usage of the ncs-setup command for setting up a running directory in a home folder called nso-run.
The created running directory will include a database directory named ncs-cdb, a log directory that will hold system logs, the logs from the services, device trace logs, and others, and an empty directory where you will be able to add your packages. The location of directories is stored in a configuration file, usually called ncs.conf. Unless supplied as an argument (using the -c option), the Cisco NSO daemon will look for the configuration file in the current directory (./ncs.conf) and, if it does not find it, the daemon will look for etc/ncs/ncs.conf in the Cisco NSO installation directory.
Starting Cisco NSO
After the initial setup, you are ready to start an instance of Cisco NSO. In a local installation, you can do this by initiating the ncs command inside one of the running directories (you can have multiple running directories). Optionally, you can provide the configuration file as an argument—for example, -c ./ncs.conf.
The Cisco NSO daemon is now running. You can make sure that it is running by issuing the command ncs -status.
Next, start the CLI by using the ncs_cli command. By default, you start the CLI as the user you are running the shell as. Most examples will use a default built-in user called admin. To start the CLI as a user admin, use the ncs_cli -u admin command.
The Cisco NSO CLI provides a unified CLI toward the complete network. It comes in two options: Juniper style and Cisco IOS XR style. Note that the Cisco NSO CLI is a northbound interface to the Cisco NSO representation of the network devices and network services; do not confuse this with a cut-through CLI that reaches the devices directly. So, although the network might be a mix of vendors and device interfaces like various CLI flavors, Cisco NSO provides one northbound CLI.
You can also selectively start the CLI in Cisco IOS XR or Juniper style for example, ncs_cli -C -u admin or ncs_cli -J -u admin.
Inspect the commands again in the following figure.
By default, Cisco NSO also starts its built-in Secure Shell (SSH) server, listening on port 2024. So, you can also use SSH for logging in to the CLI remotely, with the ssh -l admin -p 2024 localhost command.
The default password for the admin user is admin. Type exit to exit the CLI.
cisco@linux:~$ ssh admin@localhost -p 2024 admin@localhost's password: admin connected from 127.0.0.1 using ssh on host.example.org admin@host> exit Connection to localhost closed.
Cisco NSO also starts a web server, listening on port 8080, by default. By directing a browser to http://<hostname>:8080/, you can log in using the web browser user interface (WebUI) with the user admin again.
Stop the Cisco NSO daemon by using the --stop option:
ncs --stop. You do not have to be located inside the running directory when issuing this command as it is the case with starting the daemon.
NSO will now have many logs in the logs directory. The main system log is logs/ncs.log. Look at the log to see when it was started, what files were loaded during start, and so on using the more logs/ncs.log command.
To wipe all log files, restore all settings configured in NSO, and revert to the “empty” factory default configuration, use the --reset option—for example, ncs-setup --reset.
❯ sh nso-6.0-freetrial.darwin.x86_64.signed.bin
Unpacking...
Verifying signature...
Retrieving CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully retrieved and verified crcam2.cer.
Retrieving SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully retrieved and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of nso-6.0.darwin.x86_64.installer.bin using tailf.cer
❯ brew install ant
❯ ll
total 826344
-rw-r--r-- 1 basharaziz staff 4.0K Oct 3 16:14 README.signature
-rw-r--r-- 1 basharaziz staff 15K Mar 9 2021 cisco_x509_verify_release.py
-rw-r--r-- 1 basharaziz staff 15K Mar 9 2021 cisco_x509_verify_release.py3
-rw-r--r--@ 1 basharaziz staff 194M Dec 17 17:09 nso-6.0-freetrial.darwin.x86_64.signed.bin
-rwxr-xr-x 1 basharaziz staff 194M Oct 3 16:14 nso-6.0.darwin.x86_64.installer.bin
-rw-r--r-- 1 basharaziz staff 256B Oct 3 16:14 nso-6.0.darwin.x86_64.installer.bin.signature
-rw-r--r-- 1 basharaziz staff 1.4K Mar 9 2021 tailf.cer
~/abc
❯ sh nso-6.0.darwin.x86_64.installer.bin --help
This is the NCS installation script.
Usage: nso-6.0.darwin.x86_64.installer.bin [--local-install] LocalInstallDir
Installs NCS in the LocalInstallDir directory only.
This is convenient for test and development purposes.
Usage: nso-6.0.darwin.x86_64.installer.bin --system-install [--install-dir InstallDir]
[--config-dir ConfigDir] [--run-dir RunDir] [--log-dir LogDir]
[--run-as-user User] [--keep-ncs-setup] [--non-interactive]
Does a system install of NCS, suitable for deployment.
Static files are installed in InstallDir/ncs-<vsn>.
The first time --system-install is used, the ConfigDir,
RunDir, and LogDir directories are also created and
populated for config files, run-time state files, and log files,
respectively, and an init script for start of NCS at system boot
and user profile scripts are installed. Defaults are:
InstallDir - /opt/ncs
ConfigDir - /etc/ncs
RunDir - /var/opt/ncs
LogDir - /var/log/ncs
By default, the system install will run NCS as the root user.
If the --run-as-user option is given, the system install will
instead run NCS as the given user. The user will be created if
it does not already exist.
If the --non-interactive option is given, the installer will
proceed with potentially disruptive changes (e.g. modifying or
removing existing files) without asking for confirmation.
~/abc
nso-6.0.darwin.x86_64.installer.bin --local-install nso6-run
❯ sh nso-6.0.darwin.x86_64.installer.bin --local-install ~/nso6
INFO Using temporary directory /var/folders/3g/07_1s8d54cz5d4d99rxgc9jw0000gn/T//ncs_installer.67440 to stage NCS installation bundle
INFO Unpacked ncs-6.0 in /Users/basharaziz/nso6
INFO Found and unpacked corresponding DOCUMENTATION_PACKAGE
INFO Found and unpacked corresponding EXAMPLE_PACKAGE
INFO Found and unpacked corresponding JAVA_PACKAGE
INFO Generating default SSH hostkey (this may take some time)
INFO SSH hostkey generated
INFO Generating self-signed certificates for HTTPS
INFO Environment set-up generated in /Users/basharaziz/nso6/ncsrc
INFO NSO installation script finished
INFO Found and unpacked corresponding NETSIM_PACKAGE
INFO NCS installation complete
❯ ncs-setup --package ~/nso6/packages/neds/cisco-ios-cli-3.8 --dest ~/nso6-run
❯ cd
❯ cd nso6-run
~/nso6-run
❯ source ~/nso6/ncsrc
❯ ncs
❯ ncs --status | grep status
status: started
db=running id=34 priority=1 path=/ncs:devices/device/live-status-protocol/device-type
~/nso6-run
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.