Prerequisites and Preparations
Installing ConfD
ConfD (a product from Tail-f, which is part of Cisco) is used as an intermediary between the Paragon Active Assurance system and NETCONF. ConfD connects Paragon Active Assurance configuration and operational data to the NETCONF & YANG API.
ConfD must be installed after Control Center has been installed.
Do as follows:
-
Get the Paragon Active Assurance NETCONF & YANG tarball:
export CC_VERSION=<enter version number here> paa-netconf-yang_${CC_VERSION}.tar.gz -
Verify the integrity of the tar file against the checksum provided by Paragon Active Assurance:
Get the filepaa-netconf-yang_${CC_VERSION}.sha256.sumRun this command:
shasum -c paa-netconf-yang_${CC_VERSION}.sha256.sumThe response should be "OK".
-
Unpack the tarball:
tar -xzf paa-netconf-yang_${CC_VERSION}.tar.gz -
Install the
paa-netconf-yangpackage:sudo apt-get install ./paa-netconf-yang_${CC_VERSION}/*.deb -
Add permissions to the ConfD user in the Paragon Active Assurance account that will be managed by ConfD. This can be done either in the Control Center web GUI or from the command line. In the latter case, give the following command:
ncc user-permission confd@netrounds.com <account> admin
-
To enable access from NETCONF, a user and password need to be set up. Run this command:
sudo /opt/netrounds-confd/ncc-netconf user create --username=<user name> --password=<password>
Here,
<user name>and<password>are unrelated to your Control Center user name and password. A simple expedient is to use "confd" for both.
Verifying That ConfD Is Running
To verify that the ConfD installation has succeeded and that ConfD is up and running, run the command
ssh -s <user name>@localhost -p 830 netconf
netconf user create
In the output, verify that the Control Center module is included. The output should contain a line like the following:
<capability>http://ncc.netrounds.com?module=netrounds-ncc&revision=2017-06-15</capability>
Synchronizing the Configuration Database with Control Center
Finally, we need to update the configuration database through NETCONF. We will do so here by means of a Python library called ncclient (NETCONF Client). However, the task could also be accomplished in a different programming language as long as it uses the NETCONF/YANG protocol.
The role of ncclient is to act as a client towards the ConfD server that hosts the NETCONF/YANG API.
It is worth pointing out that ncclient is not related in any way to Control Center (previously "Netrounds Control Center"), although the name happens to begin with "ncc".
Here is how to install ncclient:
- Download the software from https://github.com/ncclient/ncclient.
- Run this command:
pip install ncclient
We can now perform the synchronization as follows. Note carefully that this needs to be done on a separate computer, and not on the Control Center server itself:
#
# NOTE:
# This script acts as a client towards ConfD running on the NCC server.
# It will use the NETCONF/YANG API for communication.
#
# The script is not meant to run on the NCC server!
# Run it on a separate client computer.
#
from ncclient import manager
from ncclient.xml_ import to_ele
# NETCONF server
host = '<host IP>' # Replace with server IP of Control Center
port = 830
user = '<user name>' # Replace with user name defined in "netconf user create" command
password = '<password>' # Replace with password defined in "netconf user create" command
# Product account
netrounds_account = '<account>' # Replace with account name
with manager.connect(host=host, port=port, username=user, password=password,
hostkey_verify=False) as m:
# Update config database
xml = """<sync-from-ncc xmlns="http://ncc.netrounds.com"/>"""
# Convert to ElementTree Element
elem = to_ele(xml)
print m.dispatch(elem)This procedure is also required whenever Test Agents have been installed and registered independently of NETCONF. See the note in the section Overview of Test Agent Orchestration for more information.
Setting Up Multiple NETCONF-controlled Paragon Active Assurance Accounts
The steps below are required only if you wish to set up further Paragon Active Assurance accounts to be controlled by NETCONF, in addition to the account configured in this way in the section Installing ConfD.
For each such account, proceed as follows:
- In Control Center, log in to the account and navigate to Account > Permissions.
- Add the user "confd@netrounds.com", and grant this ConfD user admin permission in the GUI by clicking the Invite button.
- Synchronize the configuration database with Control Center as described in the section Synchronizing the Configuration Database with Control Center.
You should now be able to control multiple Paragon Active Assurance accounts with the same ConfD user.
Once you start controlling a Paragon Active Assurance account via ConfD, you must NOT make changes to this account through the web GUI with respect to any Paragon Active Assurance features that are "config" (see the chapter Supported Features in Paragon Active Assurance). If you do, loss of sync will result.