Proxy Minion for Cisco NX-OS Switches
New in version 2016.11.0.
The Cisco NX-OS Proxy Minion is supported on NX-OS devices for the following connection types: 1) Connection Type SSH 2) Connection Type NX-API (If Supported By The Device and Image Version).
new
nxos
SSH uses the built in SSHConnection module in salt.utils.vt_helper
To configure the proxy minion for ssh:
proxy:
  proxytype: nxos
  connection: ssh
  host: 192.168.187.100
  username: admin
  password: admin
  prompt_name: nxos-switch
  ssh_args: '-o PubkeyAuthentication=no'
  key_accept: True
To configure the proxy minion for nxapi:
proxy:
  proxytype: nxos
  connection: nxapi
  host: 192.168.187.100
  username: admin
  password: admin
  transport: http
  port: 80
  verify: False
  save_config: False
(REQUIRED) Use this proxy minion nxos
(REQUIRED) connection transport type. Choices: ssh, nxapi Default: ssh
(REQUIRED) login ip address or dns hostname.
(REQUIRED) login username.
(REQUIRED) login password.
If True, 'copy running-config starting-config' is issues for every configuration command. If False, Running config is not saved to startup config Default: True
The recommended approach is to use the save_running_config function instead of this option to improve performance. The default behavior controlled by this option is preserved for backwards compatibility.
Connection SSH Args:
- prompt_name:
(REQUIRED when connection is ssh) (REQUIRED, this or prompt_regex below, but not both) The name in the prompt on the switch. Recommended to use your device's hostname.
- prompt_regex:
(REQUIRED when connection is ssh) (REQUIRED, this or prompt_name above, but not both) A regular expression that matches the prompt on the switch and any other possible prompt at which you need the proxy minion to continue sending input. This feature was specifically developed for situations where the switch may ask for confirmation. prompt_name above would not match these, and so the session would timeout.
Example:
nxos-switch#.*|\(y\/n\)\?.*This should match
nxos-switch#or
Flash complete. Reboot this switch (y/n)? [n]If neither prompt_name nor prompt_regex is specified the prompt will be defaulted to
.+#$which should match any number of characters followed by a # at the end of the line. This may be far too liberal for most installations.
- ssh_args:
Extra optional arguments used for connecting to switch.
- key_accept:
Whether or not to accept the host key of the switch on initial login. Default: False
Connection NXAPI Args:
- transport:
(REQUIRED) when connection is nxapi. Choices: http, https Default: https
- port:
(REQUIRED) when connection is nxapi. Default: 80
- verify:
(REQUIRED) when connection is nxapi. Either a boolean, in which case it controls whether we verify the NX-API TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Default: True
When there is no certificate configuration on the device and this option is set as
True(default), the commands will fail with the following error:SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581). In this case, you either need to configure a proper certificate on the device (recommended), or bypass the checks setting this argument asFalsewith all the security risks considered.Check https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/programmability/6_x/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_3000_Series_NX-OS_Programmability_Guide_chapter_01.html to see how to properly configure the certificate.
The functions from the proxy minion can be run from the salt commandline using
the salt.modules.nxos execution module.
Helper function for nxos execution module functions that need to retrieve nxos grains using the proxy minion.
Helper function for nxos execution module functions that need to refresh nxos grains using the proxy minion.
Required. Initialize device connection using ssh or nxapi connection type.
Since grains are loaded in many different places and some of those places occur before the proxy can be initialized, return whether the init() function has been called.
Helper function for nxos execution module functions that need to ping the nxos device using the proxy minion.
Helper function for nxos execution module functions that need to configure an nxos device using the proxy minion.
Helper function for nxos execution module functions that need to send commands to an nxos device using the proxy minion.
Not supported. Only used as a place holder to satisfy shutdown function requirement.