The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter explains the Open Agent Container (OAC) environment and its installation in the following Cisco Nexus Switches:
Cisco Nexus 5600 Switches
Cisco Nexus 6000 Switches
OAC is a 32-bit CentOS 6.7-based container that specifically allows open agents, such as the Chef and Puppet agents to run on these platforms.
Feature Name |
Releases |
Feature Information |
---|---|---|
Open Agent Container (OAC) |
7.3(0)N1(1) |
This feature was introduced in the Cisco Nexus 5600 Switches and the Cisco Nexus 6000 series switches. The following commands were introduced or modified: virtual-service, virtual-service connect, virtual-service install, virtual-service uninstall, virtual-service upgrade, show virtual-service list, and show virtual-service detail. |
From Cisco NX-OS 7.3(0)N1(1) and later releases, Cisco Nexus 5600 Switches and Cisco Nexus 6000 Series Switches support open agents, such as Chef and Puppet.
However, open agents cannot be directly installed on these platforms. Instead, they run in a special environment—a decoupled execution space within a Linux Container (LXC)—called the Open Agent Container (OAC). Decoupling the execution space from the native host system allows customization of the Linux environment to suit the requirements of the applications without impacting the host system or applications running in other Linux containers.
The OAC is a 32-bit CentOS 6.7-based environment that provides a server like experience to users. This means that after installation and first activation, users are responsible for setting up the DNS information in the /etc/resolv.conf or providing host information in /etc/hosts, etc. as is done on any regular Linux system.
By default, networking in the OAC is done in the default routing table instance. Any additional route that is required (for example, a default route) must be configured in the native switch console and should not be configured using the CentOS commands. To use a different routing instance (for example, the management VRF), use the following commands:
To get a bash shell in the management VRF, run the chvrf management command.
Note | The OAC occupies up to 256 MB of RAM and 400 MB of bootflash when enabled. |
Enabling OAC on Your Switch
The Open Agent Container (OAC) application software is packaged into a file with a .ova extension (OVA file, which will be hosted at the same location as the NXOS images in the CCO directory and on GitHub). This package must first be copied to a location on the device using the copy scp:: command before it is installed on the device. The install keyword extracts the OVA file, validates the contents of the file, creates a virtual service instance, and validates the virtual machine definition file in XML. You don't have to copy configurations to the startup-configuration file of the device to preserve the installation of the OVA file. Once you download the oac.ova file on to your device, install and activate the OAC. You can install a different OVA file on the active and standby Route Processors. To install and activate OAC on your device, do the following:
The following example shows how to install and activate the OAC in your Cisco NX-OS device. This is followed by the verification command that displays the details of the installed and configured virtual service.
switch# virtual-service install name oac package bootflash:oac.ova switch# configure terminal switch(config)# feature nxapi switch(config)# virtual-service oac switch(config-virt-serv)# activate switch(config-virt-serv)# end
switch# show virtual-service detail Virtual service oac detail State : Activated Package information Name : oac.ova Path : bootflash:/oac.ova Application Name : OpenAgentContainer Installed version : 1.0 Description : Cisco Systems Open Agent Container Signing Key type : Cisco release key Method : SHA-1 Licensing Name : None Version : None Resource reservation Disk : 400 MB Memory : 256 MB CPU : 1% system CPU Attached devices Type Name Alias --------------------------------------------- Disk _rootfs Disk /cisco/core Serial/shell Serial/aux Serial/Syslog serial2 Serial/Trace serial3
To connect to the virtual service environment, use the virtual-service connect name virtual-service-name console command in privileged EXEC mode. In this case, the virtual environment we previously configured is the OAC.
switch# virtual-service connect name oac console
To access the OAC environment, you must use the following credentials:
username: root, password: oac.
Note | Press Ctrl-C three times to terminate the connection to the OAC and return to the switch console. |
Step 1 | Edit /etc/resolv.conf to point to a DNS server. The default servers are OpenDNS Public DNS (208.67.222.222 and 208.67.220.220). |
Step 2 | Make sure that you set the correct time in the container. You can set up the Network Time Protocol (NTP) on the host inside the VSH. The time from the host will automatically be synchronized with the OAC. |
Step 3 | If your switches are behind a firewall without direct connectivity to the internet you will need to use a proxy server. |
Step 4 | Inside the
container, setup the http_proxy and https_proxy to point to your proxy server.
(This step is optional.)
export http_proxy="<your-http-proxy>" export https_proxy="<your-https-proxy>" |
If there is a new OVA available, you can upgrade the existing installation by using the virtual-service upgrade name virtual-service-name package package-location-media command in privileged EXEC mode. To upgrade to a new OVA, you must first deactivate the existing OVA by using the no activate command in virtual service configuration mode.
Note | Once you upgrade, you will lose all changes and configurations made in old version of the OAC. You will have to start afresh in the new OAC environment. |
The following example shows you how to upgrade to a new OAC.
switch# configure terminal switch(config)# feature nxapi switch(config)# virtual-service oac switch(config-virt-serv)# no activate switch(config-virt-serv)# end switch(config)# virtual-service install name oac package bootflash:oac1.ova switch# configure terminal switch(config)# feature nxapi switch(config)# virtual-service oac switch(config-virt-serv)# activate switch(config-virt-serv)# end
To uninstall the OAC from the NX-OS device, you must deactivate the OAC first.
Step 1 | Enter global
configuration mode and deactivate the virtual service.
switch# configure terminal | ||
Step 2 | Enter virtual
service configuration mode.
switch(config)# virtual-service virutal-service-name | ||
Step 3 | Deactivate the
configured virtual service.
switch(config-virt-serv)# no activate | ||
Step 4 | Exit to global
configuration mode.
switch(config-virt-serv)# exit | ||
Step 5 | Disable the
configured virtual service.
switch(config)# no virtual-service virtual-service-name | ||
Step 6 | Exit to
privileged EXEC mode.
switch(config)# exit | ||
Step 7 | Uninstall the
virtual service.
|
The following example shows you how to deactivate and uninstall the OAC from your NX-OS device.
switch# configure terminal switch(config)# virtual-service oac switch(config-virt-serv)# no activate switch(config-virt-serv)# exit switch(config)# no virtual service oac switch(config)# exit switch# virtual-service uninstall name oac