This guide introduces how to use the Golden Services application and provides additional detail about the application through use cases. For this application, it is assumed the reader has familiarity with the Itential Automation Platform (IAP) as well as basic device configuration concepts using Network Services Orchestrator (NSO).
Dependencies
When installing Golden Services, Smart Templates must also be installed. Golden Services provides the UI, while Smart Templates handles the back end.
Accessing the Application
The primary ways to access the Golden Services application UI are listed below.
From the home screen, locate the Golden Services application card.
Navigate to the Applications menu and select Golden Services.
Golden Services Catalog
The Golden Services Catalog maintains a list of all created Service Templates. As shown in the table below, the catalog allows the user to perform several template functions.
| UI Label | Function |
|---|---|
| 1 | Filter existing templates. |
| 2 | Create a new template. |
| 3 | Edit an existing template. |
| 4 | Publish an existing template to NSO. |
| 5 | Delete a template. |
Filter Existing Templates
Standard filtering is available based on:
- Name - Template name.
- ID - The object id for the template in the
smart_templatescollection. - Created By - Username of the author.
- Last Updated By - Username of the last user to update.
The following fields are not filtered:
- Created - Date when template was created.
- Last updated - Date when the template was last updated.
- Action - Standard actions available for each template.
Create a New Template
To create a new template:
Click the New Template button. The new template input form displays.
Select the Configuration Type.
The Configuration Type translates to the Network Element Driver (NED) that will be used to validate the configuration. The NED list is generated spontaneously; therefore, it may take a few seconds for the list to populate.
In the configuration section, type the configuration in native format.
Note: Indentations are important in processing a config because it lets the interpreter know if the line of config is dependent on the previous line or not. Thus, when entering a config, remember these guidelines:
- Do not indent the initial line of config.
- Indent subsequent dependent lines.
Click Create.
If there are challenges with processing the native configuration, an error message will display showing the configuration command line where the error occurred.
In this example, a
bgpwas left out of the native config, and the error message specifies the error is found in the follow-up line, where it was expecting something else.
Click OK to close the error message.
Go back to the Native Configuration section and troubleshoot the issue.
In the example shown below, an extra
4was added to the native config in a place where it is not expecting a configuration item.
Correct the error.
Click Update. If the config processes successfully, the Save Template form displays.
Enter a name for the new template.
- At this point, the configuration has been validated against the NED and the configuration items are identified in a tree structure format.
- The Container field indicates there is another level of the configuration tree.
Navigate through the tree structure to validate the configuration.
Note: Although the fields can be modified, these are for data presentation only, not for configuration. Configuration changes should be made in the interpreter input area, not in the template form.
In the example shown below, the
neighborand descriptive config items are located under thedevice>alu:router>groupcontainers
Depending on the NED and the configuration tree, NED default values are returned as part of the configuration form. The NED defaults can show up at any level across the configuration tree.
In the image below, see the various defaults at the
alu:routerlevel. In this example, the Container groups are at the bottom of the branch.
Note: If you expect the default values to be different, the appropriate configuration should be included in the interpreter.
In the example below, a
no shutdownwas added to the configuration (shutdown = false).
Click Save. The new template will be added to the
smart_templatescollection. You will automatically return to the Golden Services Catalog page.
Edit a Template
Editing a template has the same look and feel as creating a new template, but with some differences.
- The Configuration Type is read only.
- The Update button regenerates the template with any updated configuration in the interpreter.
- The Edit Properties button allows the user to view the template form tree.
Publish a Template
Publishing allows a Golden Services template to be published to the orchestrator.
To publish a template:
Select the destination.
Click Publish. A modal notification will display the success or failure state of the action.
To display the template configuration via NSO from the CLI:
- Enter the configuration mode.
- Run the
show devices template <template_name>configuration.
admin@ncs% show devices template UserGuide Possible completions: UserGuideDemoTemplate - The name of a specific template configuration. UserGuideExample4 - The name of a specific template configuration. admin@ncs% show devices template UserGuideDemoTemplate config { alu:router bgp { bgp { group ROUTERREFLECTOR { shutdown true; neightbor 1.2.3.4 { description UserGuideDemo: ...
Note: The publish feature is valid on a standalone NSO.
Delete a Template
To delete a template:
Select the Golden Services template from the catalog (use the checkbox to the left of the template item).
Click Delete. A confirmation message will display.
Use Cases
Golden Services is intended to implement a standard configuration for all devices. It works like a catalog of configurations that can be deployed based on the device configuration type. Golden Services is designed for configuration changes that are not managed as part of a life cycle (NSO Service).
Use cases for the Golden Services application include:
- Syslog/SNMP Configuration - All devices need to send their SNMP traps to a central device.
- Access Lists - Access lists on all edge routers will be the same.
- Password Reset - Changing passwords on a small number of devices after a security threat.
- NTP/DNS Server - Update a network service as devices are onboarded, or when addressing a network vulnerability.
Implementing these use cases can be done in a variety of ways to meet the user's environment and policy requirements. The two example workflows demonstrated in the following section depict how changes can be made individually through the UI and as part of an overall automation flow.
Workflows
To deploy your newly created template, build a simple workflow.
Workflow 1: IAP Implementation
The workflow will present the user with the template form that was generated when the configuration was created. This form will allow the user to set the device to receive the configuration and alter any default values, if needed. Once the form is submitted, a dry run of the template will be generated and then executed.
Build Configuration Template in Golden Services
In the example below, a simple CISCO-IOS template was built to change a device's host name.
Build the Workflow
The configurations for each task are demonstrated in the following screenshots.
Note: All tasks come from the back-end application of the IAP Smart Template.
From Workflow Builder, configure the Smart Template Form.
- Use the name of the configuration template from Golden Services as a reference variable.
Note: This is a manual task. You must set Group permissions for the user to interact with this task.
For the DryRunST and ProvisionST tasks, set the input to be the output of the form. Use the configuration examples shown below.
Click Update to save the workflow in the Workflow Builder app.
Validate Test Devices are Available
Open Configuration Manager.
Locate the device slated for testing.
Make note of the host name and any other initial values.
Run the Workflow
Click the run icon (play button) on the Workflow Builder screen.
Complete the Description field to enter a Job Description.
Click Start.
A Job Initiated toast will confirm if the job initiated.
Open Job Manager.
Open the job via Active Jobs.
Click Work Task to open the form.
Open the device container.
Update the default host name value, if needed.
Replace
TEMP_DEVICEwith the test device name, e.g.,csr02-atl.
Click Submit. You will automatically return to Job Manager details. The task results will display.
View the output results of the DryRun task.
View the output results of the Provision task. The result indicates the task was implemented successfully.
Confirm Results for Test Devices
Go to Configuration Manager.
Click Reload Configuration to confirm the results.
Workflow 2: IAP-NSO Implementation
This workflow accomplishes the same objective as Workflow 1, but the implementation is different. It utilizes the publishing feature.
Export Template to NSO
Click the export icon (up arrow).
Select the destination for publishing (e.g., NSO Adapter).
Click Publish.
Validate the template was exported to NSO.
admin@ncs% show devices template IOS-ChangeHostname config ios:hostname newhostname; [ok][2019-03-27 18:52:42] [edit]
Build the Workflow
Below are configurations for the New Job Variable and Apply Template tasks.
The New Job Variable task (from the Workflow Engine application) creates the array of objects format that is needed for the follow-up task.
The Apply Templates task (from NSO Manager) indicates which NSO adapter to use, the template information from the previous task, and any additional objects.
Run the Workflow
Click the run icon (play button) on the Workflow Builder screen.
Enter a Job Description.
Click Start. A modal notification will display to confirm if the job initiated.
Note: This workflow requires no manual tasks.
Validate the results via Configuration Manager.
Authorization
For user access to the application, use Authorization Manager to assign your user to the Golden Services engineering or admin roles.
