While trying to figure out how best to built a lab environment for Cisco Network Services Orchestrator (NSO) one of the options I pursued was building a Docker Container.
First, I must give credit to NSO-Developer examples on GitHub: https://github.com/NSO-developer/container-examples/tree/master/nso-docker. These Examples served as a starting point that I have expanded on.
At this time I have not posted my docker container to a public repository. While NSO is free for non-production use, it does require you to login with a Cisco CCO account to be able to download the software. For this reason I will not share the docker image with the software included. Instead, I have posted my Dockerfile to GitHub, and documented instructions below on how to build your own Docker Container.
Creating the Docker Image
The Steps below are tested for creating and running the container on a Ubuntu host, if using a different OS your syntax and results my vary
- Download the required files
Download Dockerfile, and run-nso.sh files from https://github.com/dpnetca/nso-docker
Optionally download build.sh from https://github.com/dpnetca/nso-docker
Download NSO install files for Linux: https://developer.cisco.com/docs/nso/#!getting-nso/downloads
- Extract the NSO installer file
Run the ‘nso-188.8.131.52.linux.x86_64.signed.bin’. This will extract several files, the ‘nso-184.108.40.206.linux.x86_64.installer.bin’ file will be required for the docker build
- Ensure your dockerfile, nso installer.bin file, and run-nso.sh file are all in the same directory
- Build your docker image
This can be completed in one of two ways:
build docker image from with CLI command:
docker build --build-arg NSOVER=220.127.116.11 -t dpnetca/nso-base:latest .
make sure the value for NSOVER matches the NSO version you downloaded (18.104.22.168 for me)
make sure your Tag (after the -t) uses your desired name (i.e. replace dpnetca with your name)
If you downloaded the build.sh file. Edit the version number (VER) and container name (CONT) as appropriate and run
- Start you Container
Once the Docker Build completed, you can run docker image:
docker run -d -p 2022:2022 -p 2024:2024 -p 8080:8080 dpnetca/nso-base:latest
Make sure to replace the container name with the name you used in the build, the output be the container id hash
Alternatively, if you run
docker run -d -P dpnetca/nso-base:latestdocker will automatically map the expose ports to random high port values
Exposing Docker Container Ports
At the time of creating this post, there are three ports exposed in the dockerfile: 8080, 2022, and 2024. As I explore the usage of NSO I may change which ports are exposed. I believe these are the ports used by NSO that I will need. This ports used can be found and changed in the ncs.conf file within the project folder:
Exposed Ports: 2022 - Northbound SSH Netconf interface 2024 - built in SSH server 8080 - HTTP port for the WebUI, as well as REST and RESTCONF Not Exposed Ports: 2023 - Northbound TCP Netconf interface (disabled by default) 4334 - Netconf Call Home 8088 - HTTPS port for the WebUI, as well as REST and RESTCONF (disabled by default)
Using The Docker Image
NSO WebUI Access
Once the Docker container loads you can access the webpage from your host machine at http://localhost:8080 default credentials are admin/admin
Docker Container Bash Shell Access
If you wish to access the console of the container, run
docker exec -it <container-id> bash where the container-id is the first few characters of the hash, and you will be placed into the container bash shell.
If you do not know the container ID, you can see it by running
NSO CLI Access
There are two ways to access the NSO CLI, via the bash shell, or via built in ssh.
Bash Shell Access to NSO CLI
From the the bash shell use the ncs_cli application. The default interface is a Juniper style CLI, to use a Cisco XR style CLI specify the -C flag. The -u <username> flag is also required.
SSH Access to NSO CLI
SSH to localhost (127.0.0.1) on port 2024 to access the built-in NSO SSH. This will connect to the juniper style CLI interface. To switch to the Cisco XR style interface use the
switch cli command
There are some HTML and PDF administration documents on docker
container in the NSO install directory at /root/nso/doc/ to copy these
to your local machine, with the docker container running, from the host
machine use the command
docker cp <container-id>:/root/nso/doc .
In this post showed how to create a Docker Image for Cisco Network Services Orchestrator (NSO). I also provided basic instructions for how to connect to the NSO container. For more information on how this container can be used look for other posts with the NSO-Docker tag.