Proxy Minion to manage Cisco Nexus Switches (NX-OS) over the NX-API
New in version 2019.2.0.
Proxy module for managing Cisco Nexus switches via the NX-API.
codeauthor: | Mircea Ulinic <ping@mirceaulinic.net> |
---|---|
maturity: | new |
platform: | any |
Note
To be able to use this module you need to enable to NX-API on your switch,
by executing feature nxapi
in configuration mode.
Configuration example:
switch# conf t
switch(config)# feature nxapi
To check that NX-API is properly enabled, execute show nxapi
.
Output example:
switch# show nxapi
nxapi enabled
HTTPS Listen on port 443
Note
NX-API requires modern NXOS distributions, typically at least 7.0 depending on the hardware. Due to reliability reasons it is recommended to run the most recent version.
The nxos_api
proxy configuration requires the following parameters in order
to connect to the network switch:
https
http
, and https
.localhost
admin
80
for http
, or 443
for https
).60
True
Either a boolean, in which case it controls whether we verify the NX-API
TLS certificate, or a string, in which case it must be a path to a CA bundle
to use. Defaults to True
.
When there is no certificate configuration on the device and this option is
set as True
(default), the commands will fail with the following error:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
.
In this case, you either need to configure a proper certificate on the
device (recommended), or bypass the checks setting this argument as False
with all the security risks considered.
Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/programmability/6_x/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide_chapter_01.html to see how to properly configure the certificate.
All the arguments may be optional, depending on your setup.
proxy:
proxytype: nxos_api
host: switch1.example.com
username: example
password: example
salt.proxy.nxos_api.
get_conn_args
()¶Returns the connection arguments of the Proxy Minion.
salt.proxy.nxos_api.
init
(opts)¶Open the connection to the Nexsu switch over the NX-API.
As the communication is HTTP based, there is no connection to maintain,
however, in order to test the connectivity and make sure we are able to
bring up this Minion, we are executing a very simple command (show clock
)
which doesn't come with much overhead and it's sufficient to confirm we are
indeed able to connect to the NX-API endpoint as configured.
salt.proxy.nxos_api.
initialized
()¶Connection finished initializing?
salt.proxy.nxos_api.
ping
()¶Connection open successfully?
salt.proxy.nxos_api.
rpc
(commands, method='cli', **kwargs)¶Executes an RPC request over the NX-API.
salt.proxy.nxos_api.
shutdown
(opts)¶Closes connection with the device.
Docs for previous releases are available on readthedocs.org.
Latest Salt release: latest_release