Cisco MultiSite Orchestrator on Cisco Nexus Dashboard

In a previous article,  I had introduced and guided on how to install Cisco Nexus Dashboard.  In this post I will discuss and do a short guidance on installing Cisco MSO on Cisco ND.

Installation is really simple as you will see in a bit.  It’s really not much more involved than going to ND Service Catalog / APP Store and then download and install the MSO Application.   Before we go there let’s quickly discuss some of the main items that you should know about MSO on ND.

Items you should know about MSO on ND:

  • MSO version 3.2.x or above will be able to run on ND.  Currently ND release is version 2.0.x and runs only on hardware platform only.  For running MSO on ND, vND (Virtual ND on vmWare), will be out soon and you should be able to also run MSO on vND.  Soon you should be able to also run ND on Cloud (AWS) at which time you could run MSO on ND on Cloud. 
  • MSO version 3.2.x is the first version for MSO on ND and currently this version does not have cloud site (AWS/Azure) support.  Recall from the ND article that Sites are on-boarded from ND and not from MSO.   ND release 2.0 does not allow Cloud Site onboarding.   The next release of MSO  (3.3) and ND (2.1) will have cloud support.
    • Implications:   If you have cloud ACI Sites or hybrid ACI Fabric, please wait for the next release of MSO and ND to come out.  If you have only physical fabrics, you should not have any issues.
  • As mentioned in the ND article, ND and Apps running on ND are tightly integrated.
    • Implications:
      • Sites are onboarded on ND  On MSO the sites that you onboarded from ND will show up.  All you have to do is Enable the Sites and configure the Infra.  If you were going to backup from an older release of MSO and intended to restore to the MSO/ND release, it is imperative that you name the sites in ND just like the Sites were named in the older MSO, otherwise the restore on the ND/MSO will fail complaining about unknown sites. 
      • User Creation (local or remote ( radius/tacacs)) are not an option in MSO any more.  The users local or remote are the ones that are defined from ND.  Remote Users can do cross launch (SSO) for APIC controllers without need to enter username password again. 
      • API:  Because of the tight integration of ND and it’s apps,  some of the APIs that were previously available directly on MSO are not available from MSO any more, i.e. depricated.  However orchestration and getting information from MSO using API is fully supported.  In other words, you can use API calls with json encapsulation using Postman, bash with curl, Python, etc, etc to do what you need to do.   Later in this article, I will show an example of a  simple Bash script with curl to demonstrate this.
      • Ansible:   Ansible in the current release 3.2 does not work.  This is being addressed and will soon be available.  Ofcourse you could modify the underlying Ansible Python code and make it work, but this will be a 1 off.  I would suggest waiting till this is fixed in the publicly released version of MSO Ansible modules.
      • Terraform:   Terraform in MSO has not worked till now unless you are using Terraform MSO Raw modules (i.e. send Json encapsulated payload).  However in my opinion this defeats the purpose of using Terraform since Terraform State is not kept.  This is being addressed and will soon get fixed.  I will update the post when this starts working in Terraform with Native MSO Modules.
  • Upgrading MSO from previous releases.  This has not changed.  You can backup from an older release and restore the backup on this release. Please read article Upgrading ACI Fabrics and MSO.  If you were going to backup from an older release of MSO and intended to restore to the MSO/ND release, it is imperative that you name the sites in ND just like the Sites were named in the older MSO, otherwise the restore on the MSO/ND will fail complaining about unknown sites.  

Short guidance on installing Cisco MSO on Cisco ND.

As discussed earlier,  installing any app on ND is really simple.  If you wanted to download the MSO software on a http server or locally, and then install from there you can Click on Service Catalog and click on Install Apps

Figure 1

At that point, you can choose Remote or Local and install the App from there as shown below

Figure 2

Alternatively ( the preferred method), is to click on the APP Store tab and choose the MSO App from there and install it from there as shown below

Figure 3

Click on Agree and Download

Figure 4

You will see the state change from Uploading to Installing to Installed. 

Figure 5

At this point, click on Enable.

Figure 6

Next, you are going to be presented with a “Deployment Profile”.   The Deployment Profile is nothing but a K8s CRD (Custom Resource Definition).  At this point there are 2 different CRDs that are defined and you can use any of those.  In the future you will be able to define your own CRDs depending on the App and your needs.  

Figure 7

It will take a little bit of time for the app to deploy and get ready for use.   When it’s ready, you can open up the MSO app by clicking on the “Open” button.

Figure 8

Once you open it, you will be greeted with the familiar Welcome Banner

Figure 9

From here, you can either configure it as a new MSO,  by changing the Sites to Managed (remember the Sites came directly from ND). and then configure the Infra.

Figure 10
Figure 11

Or, if you are upgrading from an older MSO to this release,  restore the backup from the older MSO to this MSO.

If you were going to backup from an older release of MSO and intended to restore to the MSO/ND release, it is imperative that you name the sites in ND just like the Sites were named in the older MSO, otherwise the restore on the MSO/ND will fail complaining about unknown sites

Figure 12
Figure 13

As discussed earlier,  please notice that from 3.2 MSO does not have “Add Site” option and there is no “Add User” Option.

Figure 14

Example Bash Script to send Json encapsulated API calls to MSO

As discussed above API calls to MSO/ND work just like they used to in previous release of MSO.   Below is a sample bash script that you can use to send json encapsulated API calls to MSO

#!/bin/sh
# Make sure to have jq installed. ubuntu: "sudo apt update && sudo apt install jq -y "
# MSO 3.1.1g / SE
# USER=someUser # only needed for Option 1
# Password=somePassword # only needed for Option 1
# HOST=10.0.0.3

# MSO 3.2.1f / ND
# USER=someUser # only needed for Option 1
# Password=somePassword # only needed for Option 1
HOST=10.0.0.5

# POST
CURL_OPTS_POST='-v -k -X POST'

# GET
CURL_OPTS_GET='-s -k -X GET'


### Option 1. Login & Get Token, credentials come from variables
#AUTHPAYLOAD={\"username\":\"$USER\",\"password\":\"$PASS\"}
#TOKEN=$(curl $CURL_OPTS_POST -H "Content-Type: application/json" https://$HOST/api/v1/auth/login -d $AUTHPAYLOAD | jq -r .token)
#echo $TOKEN

### Option 2. Login & Get Token, credentials come from file like example creds.json
## make a creds.json file like so: {"username" : "someUser" , "password": "somePassword"}
TOKEN=$(curl $CURL_OPTS_POST -H "Content-Type: application/json" https://$HOST/api/v1/auth/login -d "@creds.json" | jq -r .token)
#echo $TOKEN


# Get Tenants
echo "Tenant Info"
echo "----------"
curl $CURL_OPTS_GET -H "Content-Type: application/json" https://$HOST/api/v1/tenants -H "Authorization: Bearer ${TOKEN}" | jq

# Get Schemas and extract Contract Relationships
echo " Contract Relationship"
echo "----------------------"
curl $CURL_OPTS_GET -H "Content-Type: application/json" https://$HOST/api/v1/schemas -H "Authorization: Bearer ${TOKEN}" | jq '.schemas[].templates[].anps[].epgs[] | {name, contractRelationships}'

The Output gives me the Contract Relationships as you can see below:

Figure 15

References:

Cisco Multi-Site Configuration Guide for ACI Fabrics, Release 3.2(x)


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.