SevOne SDN Collector Configuration and Advanced Configuration Guide
This document offers detailed instructions for executing advanced configurations of the APIC devices for SDN in SevOne NMS by utilizing configuration variables.
Installation Steps
Device Onboarding
To configure APIC in SevOne NMS, execute the following steps.
- Using a web browser of your choice, enter the URL for the SevOne NMS appliance. Enter the credentials and click Login.
- From the navigation bar, click the Devices menu and select Device Manager.
- Click Add Device to create a new device.
- On the New Device page, add the following details.
- In the Name field, enter the device name.
- In the Alternate Name field, enter an alternative device name. You can search for a device by its alternative name.
- In the Description field, enter the device description. You can use this to provide additional information about the function, location, or any other pertinent information about the device.
- In the IP Address field, enter the device IP address.
- Click the plugin drop-down menu. By default, it is set to SNMP. Select SDN.
- Select the Enable Cisco API Integration checkbox as shown below.
Note:
You can also refer to SDN Plugin in SevOne NMS User Guide for the APIC Connectivity details to configure the Cisco ACI solution.
- Please ignore the MSO Enabled field.
- In the APIC URL field, enter the relevant URL.
- In the Certification Authentication field, if the checkbox is unchecked, then the user needs to enter the Username and Password.
- In the Certification Authentication field, if the checkbox is checked as shown below, then
- In the Username field, enter a desired user name.
- In the Upload Certificate (.crt file) field, browse and select the .crt file and then click on Upload Cert button.
- Now, the Certificate Name field is updated automatically with .crt file.
Note:SevOne NMS users can now use digital certificates that are generated on the APIC instead of passwords to authenticate and manage SDN enabled devices.
Please refer to Cisco APIC Basic Configuration Guide release version 4.0 and above for more details.
- Select the Enable Cisco API Integration checkbox as shown below.
- Once the APIC is configured, click Save to save the current changes. This device is then queued for discovery.
- Again, click the Devices menu and select Discovery Manager. Now, you will see that the device is in the discovery queue.
- After the discovery process is completed, APIC devices are now visible on the Device Manager screen.
-
After you configure the plugin and save the configuration, an advance-<device-name>.yaml file is created in /config/SDN folder.
Here, the device name is APIC. So, after the device is configured with SDN plugin, an advance-Apic.yaml file will be created in th /config/SDN folder.
Important:Based on SDN plugin configuration and the values that are entered in the fields to configure the plugin, advance-<device-name>.yaml file is created. If you want to set or modify any configuration field, you must edit the advance-Apic.yaml.
The list of SDN plugin variables can be found in Configuration Variables table below.
Log rotations are performed automatically and the log path is /var/log/SDN. For example, /var/log/SDN/<site name>/<v8.0.x>/ where <site-name> is the name provided when adding the SDN device.
Log_level: info page_size: 10000 timeout: "30" dn_order: true do_nodes_traffic: true fault_prefix: " " do_pod_traffic: true do_virtual_traffic: false do_bytes: true do_packets: false skip_tunnel_if: true skip_off_vm: true skip_bad_nic: true nms_timeout: 60 nms_insecure_tls_connection: true distribution_peer_list: [] fault_config: filter: [] granular_fault_filter: [] severity_mapping: [] - Metadata features have been enhanced to allow retrieval and editing of Device and Location attributes for existing SDN devices. Please follow the steps as shown to edit the metadata attributes.
- Choose a device from the list to view the metadata.
- Click
in the Actions column to open the Edit Metadata pop-up. - In the Edit Metadata pop-up, locate the Device section to find the metadata fields related to the device.
Example
-
In the Edit Metadata pop-up, locate the Location section to find the metadata fields that are related to the location.
Example
Advanced Configuration
Certificate Transfer after Device Mover Operation
- Certificate Transfer - Post device mover operation, user needs to manually transfer the certificate from the source peer to the destination peer, by running the command as shown below.
scp /config/SDN/<site_name>/<certificate_filename> support@<destination_peer_ip>:/config/SDN/<site_name>/Example
If the certificate is at /config/SDN/site1/developer.crt and the destination peer IP is 192.168.1.123 and site name is site1, the command is as shown below.scp /config/SDN/site1/developer.crt support@192.168.1.123:/config/SDN/site1/Important:- Certificates must be placed in the same directory structure on the destination peer, /config/SDN/<site_name>/.
-
Certificate Re-upload - In case of failure of APIC authentication after certificate transfer, the user needs to access SevOne NMS user interface, navigate to the destination peer's Certification Authentication field on New Device page and re-upload the transferred certificate file to apply the certificate for authentication again and complete the process.
Filter Alerts
- SSH to SevOne NMS appliance as support user.
ssh support@<NMS appliance> - Change the directory to /config/SDN.
cd /config/SDN - You will see an advance-<device-name>.yaml file for the device that is created through the SDN plugin. For example,
lsadvance-Apic.yaml where, Apic is the device name of the device created in the example above.
-
Note: If you are configuring the alerts for the first time, the fault-config values in /config/SDN/advance-<device-name>.yaml file will be blank.
Using a text editor of your choice, edit and save /config/SDN/advance-<device-name>.yaml file. Please refer to the table below for details on the variables in the .yaml file.
Example
vi /config/SDN/advance-Apic.yamlfault_config: filter: - filter_on: aci_severity filter_value: - aci-severity-1 - aci-severity-2 - filter_on: aci_fault_code filter_value: - fault-code-1 - fault-code-2 granular_fault_filter: - code: fault-code-3 aci_severity: - aci-severity-3 - aci-severity-4 - code: fault-code-4 aci_severity: - aci-severity-4 - aci-severity-5 severity_mapping: - code: - fault-code-1 - fault-code-2 severity: nms-severity-1 - code: - fault-code-3 - fault-code-4 - fault-code-5 severity: nms-severity-2Save the /config/SDN/advance-Apic.yaml file.
| Variable | Description |
|---|---|
| aci_severity | This sheet is used to provide attributes of a fault to filter on.
code: Contains ACI severities to create SevOne NMS alerts on. Important:
|
| fault_code | This sheet is used to provide attributes of a fault to filter on.
code: Contains fault codes to create SevOne NMS Alerts on. To learn more about the fault codes, please refer to https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/all/syslog/guide/b_ACI_System_Messages_Guide.html Important:
|
| granular | This sheet is used to provide attributes of a fault to filter on.
code: Contains fault codes to create SevOne NMS Alerts on. To learn more about the fault codes, please refer to https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/all/syslog/guide/b_ACI_System_Messages_Guide.html aci_severity: ACI severities that the faults with the above-mentioned fault codes need to be mapped to. Important:
|
| severity_mapping | This sheet is used if the severity of faults with certain codes needs to be mapped to a particular SevOne NMS severity.
code: Contains fault codes that are mapped to the severity mentioned in severity. severity: SevOne NMS severity that the faults with the above-mentioned fault codes need to be mapped to. Accepted keywords are emergency, alert, critical, error, warning, notice, info, or debug. Important:
|
Configuration Variables
| YAML Setting | Default Value | Description | Status in Version 8.0.x and Later |
|---|---|---|---|
| log.level | debug | Log output minimum level. May be one of: debug, info, warning, error. | Retained for editing |
| timeout | 30s | The number of seconds to wait before timing out on attempting to connect to the APIC. | Retained for editing |
| page_size | 10000 | The page size to use for paginating API requests. | Retained for editing |
| dn_order | TRUE | Request objects to be sorted by DN in the APIC API query. | Retained for editing |
| do_nodes_traffic | TRUE | Enable Node device's network statistics. | Retained for editing |
| fault_prefix | "" | Used to specify a prefix text in the summary field of alerts that are created from ACI faults. | Retained for editing |
| do_pod_traffic | TRUE | Enable POD device's network statistics. | Retained for editing |
| do_bytes | TRUE | Collect statistics in bytes. | Retained for editing |
| do_packets | FALSE | Collect statistics in packets. | Retained for editing |
| do_virtual_traffic | FALSE | Poll for network statistics of VMs and HVs. | Retained for editing |
| skip_tunnel_if | TRUE | Skip polling the POD for Tunnel Interfaces. | Retained for editing |
| skip_off_vm | TRUE | Skip VMs that have been powered off. | Retained for editing |
| skip_bad_nic | TRUE | Skip VM network interfaces with an IP address of 0.0.0.0. | Retained for editing |
| nms_timeout | 60s | The number of seconds to wait before timing out on attempting to connect to the NMS. | Retained for editing |
| distribution_peer_list | [ ] | List of peer IDs to receive data distribution. If the list is empty, data is shared with all peers. | Retained for editing |
| nms_insecure_tls_connection | TRUE | Set true to enable insecure TLS connection by skipping certification verification. | System Managed |
| msp_name | ORGANIZATION | Managed Service Provider name configuration | Status not specified |
| deployment_name | "" | Name identifier for the deployment instance | System Managed |
| version | <current_version> | Version configuration setting | Deprecated |
| run_agents_immediately_and_exit_collector | TRUE | Flag to run agents immediately and exit the collector process | System Managed |
| agent.include |
|
Configuration to include specific agents | System Managed |
| vendor.site.name | (required) - <enter value> | Name of the vendor site | Moved to GUI |
| vendor.site.apic_URL | (required) - <enter value> | URL of the APIC controller | Moved to GUI |
| vendor.site.apic_uid | (required) - <enter value> | User ID for APIC authentication | Moved to GUI |
| vendor.site.apic_password | (required) - <enter value> | Password for APIC authentication | Moved to GUI |
| vendor.site.device_name_prefix | Site Name | Prefix to use for device names | Moved to GUI |
| vendor.site.timeout | 30s | Timeout for vendor site connections | Retained for editing |
| vendor.is_multi_site_mode | FALSE | Flag to enable multi-site mode | Moved to GUI, deprecated in config file |
| vendor.cert_name | N/A | Certificate name for authentication | Moved to GUI |
| vendor.no_prefix | FALSE | Flag to disable device name prefix | Moved to GUI |
| vendor.page_size | 10000 | Page size for vendor API requests | Retained for editing |
| vendor.sleep_time | 200 | Sleep time between vendor operations | System Managed |
| vendor.dn_order | TRUE | Sort vendor objects by DN | Retained for editing |
| vendor.do_nodes_traffic | TRUE | Enable vendor node traffic statistics | Retained for editing |
| vendor.fault_prefix | "" | Prefix for vendor fault alerts | Retained for editing |
| vendor.do_pod_traffic | TRUE | Enable vendor POD traffic statistics | Retained for editing |
| vendor.do_bytes | TRUE | Collect vendor statistics in bytes | Retained for editing |
| vendor.do_packets | FALSE | Collect vendor statistics in packets | Retained for editing |
| vendor.do_virtual_traffic | FALSE | Poll vendor virtual machine traffic | Retained for editing |
| vendor.skip_tunnel_if | TRUE | Skip vendor tunnel interfaces | Retained for editing |
| vendor.skip_off_vm | TRUE | Skip powered-off virtual machines | Retained for editing |
| vendor.skip_bad_nic | TRUE | Skip network interfaces with invalid IPs | Retained for editing |
| vendor.pod_agent.schedule | "" | Schedule for POD agent execution | System Managed |
| vendor.node_agent.schedule | "" | Schedule for Node agent execution | System Managed |
| vendor.pod_extended_agent.schedule | "" | Schedule for extended POD agent execution | System Managed |
| vendor.node_interface_agent.schedule | "" | Schedule for Node interface agent execution | System Managed |
| vendor.node_extended_agent.schedule | "" | Schedule for extended Node agent execution | System Managed |
| vendor.external_switch_agent.schedule | "" | Schedule for external switch agent execution | System Managed |
| vendor.hypervisor_and_virtual_machine_agent.schedule | "" | Schedule for hypervisor and VM agent execution | System Managed |
| vendor.topology_agent.schedule | "" | Schedule for topology agent execution | System Managed |
| vendor.object_group_agent.schedule | "" | Schedule for object group agent execution | System Managed |
| nms.api.host | "" | NMS API host address | System Managed |
| nms.api.v2_api_key | "" | API key for NMS v2 authentication | Deprecated |
| nms.api.v3_api_key | "" | API key for NMS v3 authentication | Deprecated |
| nms.api.insecure_tls_connection | TRUE | Enable insecure TLS for NMS connections | System Managed |
| nms.api.distribution_peer_list | [ ] | List of peers for data distribution | Retained for editing |
| nms.api.timeout | 60s | Timeout for NMS API connections | Retained for editing |
| nms.api.m2m_client_id | N/A | Machine-to-machine client ID for authentication | Newly added, System Managed |
| nms.api.m2m_client_secret | N/A | Machine-to-machine client secret for authentication | Newly added, System Managed |