Nexus 7000 Series Switches Open Agent Container

Product Information

Specifications

• Product Name: Open Agent Container (OAC)

• Supported Platforms: Cisco Nexus 7000 Series Switches and Cisco
  Nexus 7700 Switches

• Operating System: 32-bit CentOS 6.7

• RAM Usage: Up to 256 MB

• Bootflash Usage: Up to 400 MB

Feature History

Feature Information

This feature is deprecated. The use of virtual-service commands
will result in notifications about the deprecation.

Enabling OAC on your Switch

To enable OAC on your switch, follow these steps:

1. 1. Add a virtual environment to the device:

switch# virtual-service name virtual-service-name package package-location-media

Note: The package location media can be bootflash or any other
media, including a USB device.

1. 1. Use the show virtual-service list command to view the progress  

   of the installation. After the installation is complete, a message
   will be displayed on the console informing you about the successful
   installation of the virtual service.

2. Return to privileged EXEC mode:

switch(config-virt-serv)# end

Connecting to the Open Agent Container

To connect to the Open Agent Container, follow these steps:

1. 1. Install and activate the OAC in your Cisco NX-OS device:

switch# virtual-service install name oac package bootflash:oac.ova
switch# configure terminal
switch(config)# feature nxapi
switch(config)# virtual-service oac
switch(config-virt-serv)# activate
switch(config-virt-serv)# end

1. 1. Verify the installation by using the show virtual-service  

   detail command to display the details of the installed and
   configured virtual service:

switch# show virtual-service detail

FAQ

Q: What platforms are supported by Open Agent Container?

A: Open Agent Container is supported on Cisco Nexus 7000 Series
Switches and Cisco Nexus 7700 Switches.

Q: How much RAM and bootflash does OAC occupy when

enabled?

A: OAC occupies up to 256 MB of RAM and 400 MB of bootflash when
enabled.

Q: Is OAC still supported?

A: No, this feature is deprecated. The use of virtual-service
commands will result in notifications about the deprecation.

Open Agent Container

· Open Agent Container (OAC), on page 1

Open Agent Container (OAC)
This chapter explains the Open Agent Container (OAC) environment and its installation in Cisco Nexus 7000 Series Switches. OAC is a 32-bit CentOS 6.7-based container that specifically allows open agents, such as the Puppet to run on these platforms.

Feature History for the Open Agent Container
This table lists the release history for this feature.
Table 1: Feature History for Open Agent Container

Feature Name Open Agent Container (OAC)

Releases 8.4(1)

Open Agent Container (OAC) 7.3(0)D1(1)

Feature Information
This feature is deprecated. Use of the virtual-service commands result in notifications about the deprecation.
This feature was introduced in the Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Switches.
The following commands were introduced or modified: virtual-service, virtual- service connect, virtual-service install, virtual-service uninstall, virtual- service upgrade, show virtual-service list, and show virtual-service detail.

Open Agent Container 1

Information About Open Agent Container

Open Agent Container

Information About Open Agent Container
Beginning with Cisco NX-OS Release 8.4(1), the Open Agent Container support is deprecated. This featue was added in the Cisco NX-OS Release 7.3(0)D1(1) with the purpose of providing and execution space for configuration management. It is recommended to use agent-less configuration management systems such as Puppet or Ansible with the Cisco Nexus 7000 Series switches. Open agents cannot be directly installed on these platforms. Instead, they run in a special environment–a decoupled execution space within a Linux Container (LXC)–called the Open Agent Container (OAC). Decoupling the execution space from the native host system allows customization of the Linux environment to suit the requirements of the applications without impacting the host system or applications running in other Linux containers. The OAC is a 32-bit CentOS 6.7-based environment that provides a server-like experience to users. This means that after installation and first activation, users are responsible for setting up the DNS information in the /etc/resolv.conf or providing host information in the /etc/hosts, etc. as is done on any regular Linux system.
Note At a given point in time, OAC is supported in only one VDC.
By default, networking in the OAC is performed in the default routing table instance. Any additional route that is required (for example, a default route) must be configured in the native switch console and should not be configured using the CentOS commands. To use a different routing instance (for example, the management VRF), use the following commands: To get a bash shell in the management VRF, run the chvrf management command. To pass the VRF context to the specific command without changing the VRF instance in the shell, run the chvrf management cmd command.
Note The OAC occupies up to 256 MB of RAM and 400 MB of bootflash when enabled.
From within the OAC, the network administrator can perform the following functions: · Access the network over Linux network interfaces. · Access the device’s volatile tmpfs. · Access the device CLI using the dohost command. · Access Cisco NX-API. · Install and run Python scripts. · Install and run 32-bit Linux applications.

Open Agent Container 2

Open Agent Container

Enabling OAC on your Switch

Enabling OAC on your Switch
Installing and Activating Open Agent Container
The Open Agent Container (OAC) application software is packaged into a file with a .ova extension (OVA file, which will be hosted at the same location as the Cisco NX-OS images in the CCO directory and on GitHub). This package must first be copied to a location on the device using the copy scp:: command before it is installed on the device. The install keyword extracts the OVA file, validates the contents of the file, creates a virtual service instance, and validates the virtual machine definition file in XML. You do not have to copy configurations to the startup configuration file of the device to preserve the installation of the OVA file. After you download the oac.ova file to your device, install and activate the OAC. You can install a different OVA file on the active and standby route processors. To install and activate OAC on your device, perform the following.

Step 1
Step 2 Step 3 Step 4 Step 5 Step 6

Add a virtual environment to the device: switch# virtual-service name virtual- service-name package package-location-media Note The media in which the package is located can be bootflash or any media, including a USB device.
Note Use the show virtual-service list command to view the progress of the installation. After the installation is complete, a message is displayed on the console informing you about the successful installation of the virtual service.
After the installation is complete, enter global configuration mode and activate the virtual service: switch# configure terminal Enable the NX-API feature: switch(config)# feature nxapi Communication between the Puppet agents and the Cisco Nexus devices is achieved using the NX-APIs. Configure the virtual service and enter virtual service configuration mode: switch(config)# virtual-service name Activate the configured virtual service: switch(config- virt-serv)# activate Note To deactivate the virtual service, use the no activate command in virtual service configuration mode.
Return to privileged EXEC mode: switch(config-virt-serv)# end

Open Agent Container 3

Connecting to the Open Agent Container

Open Agent Container

Example
The following example shows how to install and activate the OAC in your Cisco NX-OS device. This is followed by the verification command that displays the details of the installed and configured virtual service.
switch# virtual-service install name oac package bootflash:oac.ova switch# configure terminal switch(config)# feature nxapi switch(config)# virtual- service oac switch(config-virt-serv)# activate switch(config-virt-serv)# end
switch# show virtual-service detail

Virtual service oac detail

State

: Activated

Package information

Name

: oac.ova

Path

: bootflash:/oac.ova

Application

Name

: OpenAgentContainer

Installed version : 1.0

Description

: Cisco Systems Open Agent Container

Signing

Key type

: Cisco release key

Method

: SHA-1

Licensing

Name

: None

Version

: None

Resource reservation

Disk

: 400 MB

Memory

: 256 MB

CPU

: 1% system CPU

Attached devices

Type

Name

Alias

———————————————

Disk

_rootfs

Disk

/cisco/core

Serial/shell

Serial/aux

Serial/Syslog

serial2

Serial/Trace

serial3

Connecting to the Open Agent Container
To connect to the virtual service environment, use the virtual-service connect name virtual-service-name console command in privileged EXEC mode. In this case, the virtual environment we previously configured is the OAC.
switch# virtual-service connect name oac console
To access the OAC environment, use the following credentials: username: root,
password: oac.

Open Agent Container 4

Open Agent Container

Verifying the Networking Environment Inside the Open Agent Container

When you access the OAC environment for the first time, you will be prompted to reset your password immediately. Follow the instructions to reset your password. After you reset your password, you will have access to the OAC environment.

Note Press Ctrl-C thrice times to terminate the connection to the OAC and return to the switch console.

Verifying the Networking Environment Inside the Open Agent Container
To ensure that you can install open agents on your switch directly from the Internet, verify the networking environment within the configured OAC.

Step 1
Step 2 Step 3 Step 4

Edit the /etc/resolv.conf to point to a DNS server. The default servers are OpenDNS Public DNS (208.67.222.222 and 208.67.220.220).
Make sure that you set the correct time in the container. You can set up the Network Time Protocol (NTP) on the host inside the VSH. The time from the host will automatically be synchronized with the OAC. If your switches are behind a firewall without direct connectivity to the internet use a proxy server. (Optional) Inside the container, set up http_proxy and https_proxy to point to your proxy server. export http_proxy= export https_proxy =

Upgrading Open Agent Container
If there is a new OVA available, you can upgrade the existing installation by using the virtual-service upgrade name virtual-service-name package package- location-media command in privileged EXEC mode. To upgrade to a new OVA, you must first deactivate the existing OVA by using the no activate command in virtual service configuration mode.
Caution After you upgrade, you will lose all the changes and configurations made in the earlier version of the OAC. You will have to start afresh in the new OAC environment.
Example
The following example shows you how to upgrade to a new OAC:
switch# configure terminal switch(config)# feature nxapi switch(config)# virtual-service oac switch(config-virt-serv)# no activate switch(config-virt- serv)# end switch(config)# virtual-service install name oac package bootflash:oac1.ova switch# configure terminal switch(config)# feature nxapi switch(config)# virtual-service oac

Open Agent Container 5

Uninstalling Open Agent Container

Open Agent Container

switch(config-virt-serv)# activate switch(config-virt-serv)# end
Uninstalling Open Agent Container
To uninstall the OAC, perform the .
Before you begin To uninstall the OAC from the Cisco NX-OS device, deactivate the OAC first.

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7

Enter global configuration mode and deactivate the virtual service: switch# configure terminal
Enter virtual service configuration mode: switch(config)# virtual-service virutal-service-name
Deactivate the configured virtual service: switch(config-virt-serv)# no activate
Exit to global configuration mode: switch(config-virt-serv)# exit
Disable the configured virtual service: switch(config)# no virtual-service virtual-service-name
Exit to privileged EXEC mode: switch(config)# exit
Uninstall the virtual service: switch# virtual-service uninstall name virtual- service-name Note Use the show virtual-service list command to view the progress of the uninstallation. After the uninstallation
is complete, you will see a message on the console about the successful uninstallation of the virtual service.

Example:
The following example shows you how to deactivate and uninstall the OAC from your Cisco NX-OS device:
switch# configure terminal switch(config)# virtual-service oac switch(config- virt-serv)# no activate switch(config-virt-serv)# exit switch(config)# no virtual service oac switch(config)# exit switch# virtual-service uninstall name oac

Open Agent Container 6

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>