Install Cisco Crosswork Network Controller on a Single VM
Introduction
Installation Parameters
Installation Requirements
Install Crosswork Network Controller using the vCenter vSphere UI
Install Crosswork Network Controller via the OVF Tool
Install Crosswork Network Controller using the Docker Installer Tool
- Sample Manifest Template

Install Cisco Crosswork Network Controller on a Single VM

This chapter contains the following topics:

Introduction

This chapter explains the requirements and processes to install Crosswork Network Controller on a single VM or node. Cisco Crosswork Network Controller enables you to proactively manage your end-to-end networks, by providing automation solutions to ensure faster innovation, optimal user experience, and operational excellence.

In the 7.0 release, only the Crosswork Network Controller Essentials package, which includes Element Management Functions, can be used for single VM deployment. In this setup, the Element Management Functions application is integrated with Cisco Crosswork Infrastructure and Embedded Collectors to support the targeted use cases. Here is a brief overview of each component:

The Cisco Crosswork Infrastructure is a microservices-based platform and is the foundation required for running Crosswork applications.
On the single VM installation, as opposed to the cluster based installation, the Embedded Collector that gathers information from managed devices runs on the same VM as a Crosswork application.
Element Management Functions is a library of functions that provides deep inventory collection, zero touch provisioning, performance management, alarm management and image management on the managed devices.

Installation Parameters

This section explains the important parameters that must be specified while installing the Crosswork VM. Kindly ensure that you have relevant information to provide for each of the parameters mentioned in the table.

Attention

Please use the latest template file that comes with the Crosswork build file.

Parameter Name

Description

ClusterIPStack

The IP stack protocol: IPv4 or IPv6

ManagementIPAddress

The Management IP address of the VM (IPv4 or IPv6).

ManagementIPNetmask

The Management IP subnet in dotted decimal format (IPv4 or IPv6).

ManagementIPGateway

The Gateway IP on the Management Network (IPv4 or IPv6). The address must be reachable, otherwise the installation will fail.

ManagementVIP

The Management Virtual IP for the Crosswork VM.

ManagementVIPName

Name of the Management Virtual IP for the Crosswork VM. This is an optional parameter used to reach Crosswork Management VIP via DNS name. If this parameter is used, the corresponding DNS record must exist in the DNS server.

DataIPAddress

The Data IP address of the VM (IPv4 or IPv6).

DataIPNetmask

The Data IP subnet in dotted decimal format (IPv4 or IPv6).

DataIPGateway

The Gateway IP on the Data Network (IPv4 or IPv6). The address must be reachable, otherwise the installation will fail.

DataVIP

The Data Virtual IP for the Crosswork VM.

DataVIPName

Name of the Data Virtual IP for the Crosswork VM. This is an optional parameter used to reach Crosswork Data VIP via DNS name. If this parameter is used, the corresponding DNS record must exist in the DNS server.

DNS

The IP address of the DNS server (IPv4 or IPv6). The address must be reachable, otherwise the installation will fail.

NTP

NTP server address or name. The address must be reachable, otherwise the installation will fail.

DomainName

The domain name used for the VM.

CWusername

Username to log into Cisco Crosswork.

CWPassword

Password to log into Cisco Crosswork.

Use a strong VM Password (8 characters long, including upper & lower case letters, numbers, and at least one special character). Avoid using passwords similar to dictionary words (for example, "Pa55w0rd!") or relatable words. While they satisfy the criteria, such passwords are weak and will be rejected resulting in failure to setup the VM.

VMSize

Size of the VM.

Crosswork Network Controller version 7.0 (major release) only supports the XLarge profile.

Crosswork Network Controller version 7.0.x (patch releases) support both the XLarge and Large profiles.

Important

If you are using Large profile, you must update to the latest 7.0.x patch before device onboarding or configuration.

For more information, see Table 1.

VMName

Name of the VM.

NodeType

Indicates the type of VM. Choose "Hybrid".

IsSeed

Set to "True".

InitNodeCount

Set value to 1.

InitLeaderCount

Set value to 1.

BackupMinPercent

Minimum percentage of the data disk space to be used for the size of the backup partition. The default value is 35 (valid range is from 1 to 80).

Please use the default value unless recommended otherwise.

Note

The final backup partition size will be calculated dynamically. This parameter defines the minimum.

ManagerDataFsSize

Refers to the data disk size for the Crosswork node (in Giga Bytes). This is an optional parameter and the default value is 485 (valid range is from 485 to 8000), if not explicitly specified.

Please use the default value unless recommended otherwise.

ThinProvisioned

Set to "false" for production deployments.

EnableHardReservations

Determines the enforcement of VM CPU and Memory profile reservations. This is an optional parameter and the default value is true, if not explicitly specified.

If set as true, the VM's resources are provided exclusively. In this state, the installation will fail if there are insufficient CPU cores, memory or CPU cycles.

If set as false (only set for lab installations), the VM's resources are provided on best efforts. In this state, insufficient CPU cores can impact performance or cause installation failure.

RamDiskSize

Size of the Ram disk.

This parameter is only used for lab installations (value must be at least 2). When a non-zero value is provided for RamDiskSize, the HSDatastore value is not used.

SchemaVersion

The configuration Manifest schema version. This indicates the version of the installer to use with this template.

Schema version should map to the version packaged with the sample template in the installer tool on cisco.com. You should always build a new template from the default template provided with the release you are deploying, as template requirements may change from one release to the next.

LogFsSize

Log partition size (in Giga Bytes). Minimum value is 20 GB and Maximum value is 1000 GB.

If left blank, the default value (20 GB) is selected.

Timezone

Enter the timezone. Input is a standard IANA time zone (for example, "America/Chicago").

If left blank, the default value (UTC) is selected.

This is an optional parameter.

EnableSkipAutoInstallFeature

Any pods marked as skip auto install will not be brought up until a dependent application/pod explicitly asks for it.

Set to "True".

EnforcePodReservations

Enforces minimum resource reservations for the pod. If left blank, the default value ("True") is selected.

K8sServiceNetwork

The network address for the kubernetes service network. By default, the CIDR range is fixed to '/16'.

K8sPodNetwork

The network address for the kubernetes pod network. By default, the CIDR range is fixed to '/16'.

DefaultApplicationResourceProfile

Resource profile for application pods. If left blank, resource profile defaults to the deployment's VM profile (recommended option).

DefaultInfraResourceProfile

Resource profile for infra pods.

In case of the Large profile, set the value to small.
In case of the XLarge profile, leave the field blank. If left blank, the resource profile defaults to the deployment's VM profile.

IsRunDiagnoticsScriptForCheck

Used to enable/disable execution of the diagnostic script. The values are "true" (default value) and "false".

You are recommended to select the default value.

IgnoreDiagnoticsCheckFailure

Used to set the system response in case of a diagnostic check failure.

If set to "true" (default value), the diagnostic check is ignored and installation will continue. If set to "false", the installation is terminated.

You are recommended to select the default value.

Table 2. VMware template parameters
Parameter Name	Description
`VCenterAddress`	The vCenter IP or host name.
`VCenterUser`	The username needed to log into vCenter.
`VCenterPassword`	The password needed to log into vCenter.
`DCname`	The name of the Data Center resource to use. Example: `DCname = "WW-DCN-Solutions"`
`MgmtNetworkName`	The name of the vCenter network to attach to the VM's Management interface. This network must already exist in VMware or the installation will fail.
`DataNetworkName`	The name of the vCenter network to attach to the VM's Data interface. This network must already exist in VMware or the installation will fail.
`Host`	The ESXi host, or ONLY the vcenter VM/resource group name where the VM is to be deployed. The primary option is to use the host IP or name (all the hosts should be under the data center). If the hosts are under a VM in the data center, only provide the VM name (all hosts within the VM will be picked up). The subsequent option is to use a resource group. In this case, a full path should be provided. Example: `Host = "Main infrastructure/Resources/00_trial"`
`Datastore`	The datastore name available to be used by this host or resource group. The primary option is to use host IP or name. The subsequent option is to use a resource group. Example: `Datastore = "SDRS-DCNSOL-prodexsi/bru-netapp-01_FC_Prodesx_ds_15"`
`HSDatastore`	The high speed datastore available for this host or resource group. When not using a highspeed data store, set to same value as Datastore.
`Cw_VM_Image`	The name of Crosswork VM image in vCenter. This value is set as an option when running the installer tool and does not need to be set in the template file.
`HostedCwVMs`	The ID of the VM to be hosted by the ESXi host or resource.

Installation Requirements

Resource Requirements

The following table lists the recommended resources for the Crosswork VM:

Table 3. Recommended Resources for Crosswork VM
VM profile	vCPU	Memory (RAM)	Storage	Latency	Use case
`XLarge`	24	128 GB	1 TB	The VM data store need to have disk access latency < 10 ms and > 5000 IOPS.	Use the `XLarge` VM profile if you intend to upgrade, in the future, to the Crosswork Network Controller Advantage package (which includes Optimization Engine, Active Topology, Service Health, and more).
`Large`¹	12	96 GB	1 TB	The VM data store need to have disk access latency < 10 ms and > 5000 IOPS.	Use the `Large` VM profile if you only plan to use the Crosswork Network Controller Essentials package.

¹ Only supported in Crosswork Network Controller version 7.0.1 onwards.

VMware Requirements

Hypervisor and vCenter supported:
- VMware vCenter Server 8.0 (U2c or later) and ESXi 8.0 (U2b or later)
- VMware vCenter Server 7.0 (U3p or later) and ESXi 7.0 (U3p or later)
Cisco Crosswork VM (Hybrid node) must be hosted on hardware with Hyper Threading disabled.
Ensure that profile-driven storage is enabled by the vCenter admin user. Query permissions for the vCenter user at the root level (for all resources) of the vCenter.
We also recommend you to enable vCenter storage control.
The networks required for the Crosswork Management and Data networks need to be built and configured in the data centers, and must allow low latency L2 communication (latency with RTT <= 10 ms).
Ensure the user account you use for accessing vCenter has the following privileges:
- VM (Provisioning): Clone VM on the VM you are cloning.
- VM (Provisioning): Customize on the VM or VM folder if you are customizing the guest operating system.
- VM (Inventory): Create from the existing VM on the data center or VM folder.
- VM (Configuration): Add a new disk on the data center or VM folder.
- Resource: Assign a VM to a resource pool on the destination host or resource pool.
- Datastore: Allocate space on the destination datastore or datastore folder.
- Network: Assign the network to which the VM will be assigned.
- Profile-driven storage (Query): This permission setting needs to be allowed at the root of the data center tree level.

Crosswork VM Requirements

Table 4. Network Requirements

Requirement

Description

Network Connections

For production deployments, we recommend that you use dual interfaces, one for the Management network and one for the Data network.

For optimal performance, the Management and Data networks should use links configured at a minimum of 10 Gbps with a latency of less than 10 milliseconds.

IP Addresses

4 IPv4 or IPv6 addresses: A management and data IP address for the Hybrid node being deployed, and two additional IP addresses to be used as the Virtual IP (VIP) address (one for the Management network and one for the Device network).

Note

Crosswork does not support dual-stack configurations for single VM deployment. Therefore, all addresses for the environment must be either IPv4 or IPv6.
The IP addresses must be able to reach the gateway address for the network, or the installation will fail.
When deploying with IPv6, the installation needs to run on an IPv6 enabled container/VM.
At this time, your IP allocation is permanent and cannot be changed without re-deployment. For more information, contact the Cisco Customer Experience team.

Interfaces

Crosswork is deployed on a single VM with 2 interfaces.

No. of NICs: 2
vNIC0: Management Traffic (for accessing the interactive console and passing the Control/Data information between servers).
vNIC1: Device Access Traffic (for device access and data collection).

Note

Due to security policies, traffic from subnets of a vNIC received on other vNICs is dropped. For example, in a setup with two vNICs, all device traffic (incoming and outgoing) must be routed through the default vNIC1.

NTP Server

The IPv4 or IPv6 addresses or host names of the NTP server you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize the Crosswork application VM clock, devices, clients, and servers across your network.

Ensure that the NTP servers are reachable on the network before attempting installation. The installation will fail if the servers cannot be reached.

DNS Servers

The IPv4 or IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.

Ensure that the DNS servers are reachable on the network before attempting installation. The installation will fail if the servers cannot be reached.

DNS Search Domain

The search domain you want to use with the DNS servers, for example, cisco.com. You can have only one search domain.

Backup Server

Cisco Crosswork will back up the configuration of the system to an external server using SCP. The SCP server storage requirements will vary slightly but you must have at least 25 GB of storage.

FQDN (Optional)

The installation process supports using either a VIP (Virtual IP address) or an FQDN (Fully Qualified Domain Name) to access the VM.

If you choose to use the FQDN, you will need one for the Management and one for the Data network.

Crosswork deployed on a single VM does not support dual-stack configurations. Therefore, all FQDN addresses configured for the deployment environment must be either IPv4 or IPv6.

Note

If you choose to supply the FQDNs during the initial installation, the DNS server must be populated with them before the VM is powered on; otherwise, the installation script will fail to complete the environment setup.

Port Requirements

Table 5. Ports used by Crosswork Single VM deployment on the Management Network
Port	Protocol	Used for	Direction
30602	TCP	Monitoring the installation (Crosswork Network Controller)	Inbound
30603	TCP	Crosswork Network Controller Web user interface (NGINX server listens for secure connections on port 443)	Inbound
30604	TCP	Classic Zero Touch Provisioning (Classic ZTP) on the NGINX server	Inbound
30617	TCP	Secure Zero Touch Provisioning (Secure ZTP) on the ZTP server	Inbound
30620	TCP	Receiving plug-and-play HTTP traffic on the ZTP server	Inbound
7	TCP/UDP	Discovering endpoints using ICMP	Outbound
22	TCP	Initiating SSH connections with managed devices	Outbound
22	TCP	Remote SSH connection	Inbound
53	TCP/UDP	Connecting to DNS	Outbound
123	UDP	Network Time Protocol (NTP)	Outbound
830	TCP	Initiating NETCONF	Outbound

When configuring the ports for Embedded Collectors, ensure that the ports mentioned in the following tables are configured on the device. For example, in case the port used for sending traps was previously set to 1062, change it to a port that is within the acceptable range for deploying a single virtual machine. The acceptable range is provided with the port number in Table.

Table 6. Ports used by Crosswork Single VM deployment on the Device Network
Port	Protocol	Used for	Direction
161	UDP	SNMP Collector	Outbound
31062 Accepted range of ports is 30160–31560	UDP	SNMP Collector	Inbound
22	TCP	CLI Collector	Outbound
30614 Accepted range of ports is 30160–31560	TLS	Syslog Collector This is the default value. You can change this value after installation from the Cisco Crosswork UI.	Inbound
30898 Accepted range of ports is 30160–31560	TCP
30514 Accepted range of ports is 30160–31560	UDP
30621	TCP	FTP (available on data interface only). The additional ports used for file transfer are 31121 (TCP), 31122 (TCP), and 31123 (TCP). This port is available only when the supported application is installed on Cisco Crosswork and the FTP settings are enabled.	Inbound
30622	TCP	SFTP (available on data interface only) This port is available only when the supported application is installed on Cisco Crosswork and the SFTP settings are enabled.	Inbound
Site Specific ²	TCP	gNMI collector	Outbound
Site Specific ³	Site Specific	Kafka and gRPC destination	Outbound

For default port information of a device, see the platform-specific documentation.

Ensure that port number on the device is the same as that configured on Device Management > Network Devices > Edit Device.

You cannot modify the port numbers of system-created destinations as they are created with predefined ports.

To modify the user-defined destination ports, edit the port number from Administration > Data Collector(s) Global Settings > Data destinations > Edit destination.

Install Crosswork Network Controller using the vCenter vSphere UI

This topic explains how to deploy Crosswork Network Controller on a single VM using the vCenter user interface.

This is the recommended method for installing Crosswork Network Controller on a single VM.

Important

In the 7.0 release, only the Crosswork Network Controller Essentials package, which includes Element Management Functions, can be used for single VM deployment.

Procedure

Step 1

Download the latest available Cisco Crosswork platform image file (*.ova) to your system.

Step 2

With VMware ESXi running, log into the VMware vSphere Web Client. On the left navigation pane, choose the ESXi host where you want to deploy the VM.

Step 3

In the vSphere UI, go to Host > Configure > Networking > Virtual Switches and select the virtual switch for the Management Network that will be used to access the UI of the VM. In the virtual switch, select Edit > Security, and configure the following DVS port group properties:

Set Promiscuous mode as Reject
Set MAC address changes as Reject

Confirm the settings and repeat the process for the virtual switch that will be used for the Data Network.

Step 4

Review and confirm that your network settings meet the requirements.

Ensure that the networks that you plan to use for Management Network and Data network are connected to the host. Contact your Cisco Experience team for assistance.

Step 5

Choose Actions > Deploy OVF Template.

Caution

The default VMware vCenter deployment timeout is 15 minutes. If vCenter times out during deployment, the resulting VM will not be bootable. To prevent this, we recommend that you document the choices (such as IP address, gateway, DNS server, etc.) so that you can enter the information quickly and avoid any issues with the VMware configuration.

Step 6

The VMware Deploy OVF Template window appears, with the first step, 1 - Select an OVF template, highlighted. Click Choose Files to navigate to the location where you downloaded the OVA image file and select it. Once selected, the file name is displayed in the window.

Step 7

Click Next. The Deploy OVF Template window is refreshed, with 2 - Select a name and folder now highlighted. Enter a name and select the respective data center for the Cisco Crosswork VM you are creating.

We recommend that you include the Cisco Crosswork version and build number in the name, for example: Cisco Crosswork 7.0 Build 152.

Step 8

Click Next. The Deploy OVF Template window is refreshed, with 3 - Select a compute resource highlighted. Select the host for your Cisco Crosswork VM.

Step 9

Click Next. The VMware vCenter Server validates the OVA. Network speed will determine how long validation takes. After the validation is complete, the Deploy OVF Template window is refreshed, with 4 - Review details highlighted.

Step 10

Review the OVF template that you are deploying. This information is gathered from the OVF, and cannot be modified.

Note

You may see alerts regarding the OVF package containing advanced configuration options and/or about trusted certificates. These are common and you can safely select the "Ignore" option.

Step 11

Click Next. The Deploy OVF Template window is refreshed, with 5 - License agreements highlighted. Review the End User License Agreement and if you agree, click the I accept all license agreements checkbox. Otherwise, contact your Cisco Experience team for assistance.

Step 12

Click Next The Deploy OVF Template window is refreshed, with 6 - Configuration highlighted. Choose the desired deployment configuration.

Important

For single VM deployment, the supported configurations are IPv4 Network and IPv6 Network using two NICs.

Figure 1. Select a deployment configuration

Step 13

Click Next. The Deploy OVF Template window is refreshed, with 7 - Select Storage highlighted. Choose the relevant option from the Select virtual disk format drop-down list. From the table, choose the datastore you want to use, and review its properties to ensure there is enough available storage.

Note

For production deployment, choose the Thick Provision Eager Zeroed option because this will preallocate disk space and provide the best performance. For lab purposes, we recommend the Thin Provision option because it saves disk space.

Step 14

Click Next. The Deploy OVF Template window is refreshed, with 8 - Select networks highlighted. From the Destination Network drop-down list, select the proper networks for the Management Network and the Data Network.

Important

Keep Admin Network and NBI Network at default values.

Step 15

Click Next. The Deploy OVF Template window is refreshed, with 9 - Customize template highlighted.

Expand the Management Network settings. Provide information for the IPv4 or IPv6 deployment (as per your selection).
Expand the Data Network settings. Provide information for the IPv4 or IPv6 deployment (as per your selection).

Figure 4. Customize template settings

Expand the Deployment Credentials settings. Enter relevant values for the VM Username and Password.

Note

Avoid using passwords that resemble dictionary words (for example, 'Pa55w0rd!') or easily guessable patterns. While such passwords might meet the initial criteria, they are considered weak and could cause the VM setup to fail without a clear explanation. To ensure a successful installation, use a complex password with a minimum of 8 characters that combines uppercase and lowercase letters, numbers, and special characters in a non-predictable sequence.

Expand the DNS and NTP Servers settings. According to your deployment configuration (IPv4 or IPv6), the fields that are displayed are different. Provide information in the following three fields:

DNS IP Address: The IP addresses of the DNS servers you want the Cisco Crosswork server to use. Separate multiple IP addresses with spaces.
DNS Search Domain: The name of the DNS search domain.
NTP Servers: The IP addresses or host names of the NTP servers you want to use. Separate multiple IPs or host names with spaces.

Note

The DNS and NTP servers must be reachable using the network interfaces you have mapped on the host. Otherwise, the configuration of the VM will fail.

The default Disk Configuration settings should work for most environments. Change the settings only if you are instructed to by the Cisco Customer Experience team.
Expand Crosswork Configuration and enter your legal disclaimer text (users will see this text if they log into the CLI).
Expand Crosswork Cluster Configuration. Provide relevant values for the following fields:
- VM Type: Choose Hybrid.
- Cluster Seed node: Choose True.
- Crosswork Management Cluster Virtual IP: Enter the Management Virtual IP address and Management Virtual IP DNS name.
- Crosswork Data Cluster Virtual IP: Enter the Data Virtual IP address. and the Data Virtual IP DNS name.
- Initial node count: Set to 1.
- Initial leader node count: Set to 1.
- Location of VM: Enter the location of VM.
- Installation type: Not applicable to single VM deployment. Do not select any checkbox.
- Enable Skip Auto Install Feature: Set to True.
- Ignore Diagnose Failure?: Use the default value (True).
- Enable Diagnostics Script Check Run?: Use the default value (True).
- Default Application Resource Profile: Use the default value (Empty).
- Default Infra Resource Profile: In case of the Large profile, set the value to small. In case of the XLarge profile, use the default value (Empty).
- Auto Action Manifest Definition: Use the default value (Empty).

Step 16

Click Next. The Deploy OVF Template window is refreshed, with 10 - Ready to Complete highlighted.

Step 17

Review your settings and then click Finish if you are ready to begin deployment. Wait for the deployment to finish before continuing. To check the deployment status:

Open a VMware vCenter client.
In the Recent Tasks tab of the host VM, view the status of the Deploy OVF template and Import OVF package jobs.

Step 18

Once the deployment is completed, right-click on the VM and select Edit Settings. The Edit Settings dialog box is displayed. Under the Virtual Hardware tab, update these attributes:

CPU: change to 12 (for Large profile), or 24 (for XLarge profile).
Memory: change to 96 GB (for Large profile), or 128 GB (for XLarge profile).

For more information, see Table 1.

Click OK to save the changes.

Step 19

Power on the Crosswork VM. To power on, expand the host’s entry, click the Cisco Crosswork VM, and then choose Actions > Power > Power On.

The time taken to create the VM can vary based on the size of your deployment profile and the performance characteristics of your hardware.

Install Crosswork Network Controller via the OVF Tool

This topic explains how to deploy Crosswork Network Controller on a single VM using the OVF tool. You must modify the list of mandatory and optional parameters in the script as per your requirements and run the OVF tool.

Important

In the 7.0 release, only the Crosswork Network Controller Essentials package, which includes Element Management Functions, can be used for single VM deployment.

Follow these steps to log in to the Cisco Crosswork VM from SSH:

Before you begin

In your vCenter data center, go to Host > Configure > Networking > Virtual Switches and select the virtual switch. In the virtual switch, select Edit > Security, and ensure that the following DVS port group properties are as shown:
- Set Promiscuous mode as Reject
- Set MAC address changes as Reject
Confirm the settings and repeat the process for each virtual switch used by Crosswork.
Ensure you are using the OVF tool version 4.4 or higher.

Procedure

Step 1

On the machine where you have the OVF tool installed, use the following command to confirm that you have OVF tool version 4.4:

ovftool --version

Step 2

Create the script file (see example in this step) and provide relevant information as per your target environment (such as IP addresses, gateway, netmask, password, and VCENTER_PATH, etc.).

Note

The file names mentioned in this topic are sample names and may differ from the actual file names on cisco.com.

Important

This is a sample script for deploying an XLarge VM profile. If you need to deploy a Large VM profile, please replace the XLarge values with those appropriate for the Large profile.

XLarge


--numberOfCpus:"*"=24 --viCpuResource=:50000: \
--memorySize:"*"=131072 --viMemoryResource=:131072: \

Large


--numberOfCpus:"*"=12  --memorySize:"*"=98304 \
--viCpuResource=-1:18000:-1 --viMemoryResource=-1:98304:-1 \

cat svm_install.sh
#!/usr/bin/env bash
Host="X.X.X.X"
DM="thick"
DS="DS36"
Deployment="cw_ipv4"
DNSv4="10.10.0.99"
NTP="ntp.cisco.com"
Timezone="US/Pacific"
EnforcePodReservations="True"
EnableSkipAutoInstallFeature="True"
Domain="cisco.com"
Disclaimer="ACCESS IS MONITORED"
VM_NAME="svmEMS"
DataNetwork="DataNet"
ManagementNetwork="MgmtNet"
DataIPv4Address="x.x.x.x"
DataIPv4Gateway="x.x.x.x"
DataIPv4Netmask="x.x.x.x"
ManagementIPv4Address="x.x.x.x"
ManagementIPv4Gateway="x.x.x.x"
ManagementIPv4Netmask="x.x.x.x"
K8sServiceNetworkV4="10.75.0.0"
K8sPodNetworkV4="10.225.0.0"
Password="CLI Password"
Username="cw-admin"
ManagementVIP="x.x.x.x"
DataVIP="x.x.x.x"
VMType="Hybrid"
IsSeed="True"
InitNodeCount="1"
InitMasterCount="1"
 
SVM_OVA_PATH=$1
 
VCENTER_LOGIN="Administrator%40vsphere%2Elocal:Password%40123%21@x.x.x.x"
VCENTER_PATH="DC1/host"
 
ovftool --version
ovftool --acceptAllEulas --skipManifestCheck --X:injectOvfEnv -ds=$DS \
--numberOfCpus:"*"=24 --viCpuResource=:50000: \
--memorySize:"*"=131072 --viMemoryResource=:131072: \
--diskMode=$DM --overwrite --powerOffTarget --powerOn --noSSLVerify \
--allowExtraConfig \
--deploymentOption=$Deployment \
--prop:"DNSv4=${DNSv4}" \
--prop:"NTP=${NTP}" \
--prop:"Timezone=${Timezone}" \
--prop:"EnforcePodReservations=${EnforcePodReservations}" \
--prop:"EnableSkipAutoInstallFeature=${EnableSkipAutoInstallFeature}" \
--prop:"Domain=${Domain}" \
--prop:"Disclaimer=${Disclaimer}" \
--name=$VM_NAME \
--net:"Data Network=${DataNetwork}" \
--net:"Management Network=${ManagementNetwork}" \
--prop:"DataIPv4Address=${DataIPv4Address}" \
--prop:"DataIPv4Gateway=${DataIPv4Gateway}" \
--prop:"DataIPv4Netmask=${DataIPv4Netmask}" \
--prop:"ManagementIPv4Address=${ManagementIPv4Address}" \
--prop:"ManagementIPv4Gateway=${ManagementIPv4Gateway}" \
--prop:"ManagementIPv4Netmask=${ManagementIPv4Netmask}" \
--prop:"K8sServiceNetworkV4=${K8sServiceNetworkV4}" \
--prop:"K8sPodNetworkV4=${K8sPodNetworkV4}" \
--prop:"CWPassword=${Password}" \
--prop:"CWUsername=${Username}" \
--prop:"ManagementVIP=${ManagementVIP}" \
--prop:"DataVIP=${DataVIP}" \
--prop:"VMType=${VMType}" \
--prop:"IsSeed=${IsSeed}" \
--prop:"InitNodeCount=${InitNodeCount}" \
--prop:"InitMasterCount=${InitMasterCount}" \
$SVM_OVA_PATH \
vi://$VCENTER_LOGIN/$VCENTER_PATH/$Host

Step 3

Download the OVA and install scripts from cisco.com. For the purpose of these instructions, we use the file name as signed-cw-na-unifiedems-7.0.0-85-release700-240823.ova.

Use the following command to extract the files from the tar bundle:

tar -xvzf signed-cw-na-unifiedems-7.0.0-85-release700-240823.ova

The OVA is extracted:

svm]# ls -al
-rw-r--r--   1 root root 15416145920 Mar 28 11:12 cw-na-unifiedems-7.0.0-85-release700-240823.ova
-rwxr-xr-x   1 root root        2324 Apr  2 14:06 svm_install.sh

Step 4

Use the following command to make the scripts executable:

chmod +x {filename}

For example:

chmod +x svm_install.sh

Step 5

Execute the script with the OVA file name as parameter:

svm]# ./svm_install.sh cw-na-unifiedems-7.0.0-85-release700-240823.ova
VMware ovftool 4.4.0 (build-16360108)
Opening OVA source: cw-na-unifiedems-7.0.0-85-release700-240823.ova
<Removed some output >
Completed successfully

The time taken to create the VM can vary based on the size of your deployment profile and the performance characteristics of your hardware.

Install Crosswork Network Controller using the Docker Installer Tool

This section explains the procedure to install Crosswork Network Controller on a single VM using the docker installer tool. This method is less recommended compared to using the vCenter UI or the OVF tool for installation.

Important

In the 7.0 release, only the Crosswork Network Controller Essentials package, which includes Element Management Functions, can be used for single VM deployment.

Before you begin

Make sure that your environment meets all the vCenter requirements specified in Installation Requirements.
The edited template in the /data directory contains sensitive information (VM passwords and the vCenter password). The operator needs to manage access to this content. Store the templates used for your install in a secure environment or edit them to remove the passwords.
The install.log, install_tf.log, and .tfstate files will be created during the install and stored in the /data directory. If you encounter any trouble with the installation, provide these files to the Cisco Customer Experience team when opening a case.
The install script is safe to run multiple times. Upon error, input parameters can be corrected and re-run. You must remove the install.log, install_tf.log, and tfstate files before each re-run. Running the installer tool multiple times may result in the deletion and re-creation of VMs.
In case you are using the same installer tool for multiple Crosswork installations, it is important to run the tool from different local directories, allowing for the deployment state files to be independent. The simplest way for doing so is to create a local directory for each deployment on the host machine and map each one to the container accordingly.
Docker version 19 or higher is required while using the installer tool. For more information on Docker, see https://docs.docker.com/get-docker/.
In order to change install parameters or to correct parameters following installation errors, it is important to distinguish whether the installation has managed to deploy the VM or not. Deployed VM is evidenced by the output of the installer similar to:
vsphere_virtual_machine.crosswork-IPv4-vm["1"]: Creation complete after 2m50s [id=4214a520-c53f-f29c-80b3-25916e6c297f]

Known limitations:

The vCenter host VMs defined must use the same network name (vSwitch) across all hosts in the data center.
The vCenter storage folders or datastores organized under a virtual folder structure, are not currently supported. Ensure that the datastores referenced are not grouped under a folder.

Procedure

Step 1

In your Docker-capable machine, create a directory where you will store everything you will use during this installation.

Note

If you are using a Mac, ensure that the directory name is in lower case.

Step 2

Download the installer bundle (.tar.gz file) and the OVA file from cisco.com to the directory you created previously. For the purpose of these instructions, we will use the file name as signed-cw-na-unifiedems-installer-7.0.0-85-release700-240823.tar.gz and signed-cw-na-unifiedems-7.0.0-85-release700-240823.ova.

Attention

The file names mentioned in this topic are sample names and may differ from the actual file names in cisco.com.

Step 3

Use the following command to extract the installer bundle:

tar -xvf signed-cw-na-unifiedems-installer-7.0.0-85-release700-240823.tar.gz

The contents of the installer bundle is extracted (e.g. signed-cw-na-unifiedems-installer-7.0.0-85-release700-240823-release). The extracted files will contain the installer image (cw-na-unifiedems-installer-7.0.0-85-release700-240823.tar.gz) and files necessary to validate the image.

Step 4

Review the contents of the README file to understand everything that is in the package and how it will be validated in the following steps.

Step 5

Use the following command to verify the signature of the installer image:

Note

Use python --version to find out the version of python on your machine.

If you are using Python 2.x, use the following command to validate the file:

python cisco_x509_verify_release.py -e <.cer file> -i <.tar.gz file> -s <.tar.gz.signature file>
-v dgst -sha512

If you are using Python 3.x, use the following command to validate the file:

python3 cisco_x509_verify_release.py3 -e <.cer file> -i <.tar.gz file> -s <.tar.gz.signature file>
-v dgst -sha512

Note

If you do not have Python installed, go to python.org and download the version of Python that is appropriate for your work station.

Step 6

Use the following command to load the installer image file into your Docker environment.

docker load -i <.tar.gz file>

For example:

docker load -i cw-na-unifiedems-installer-7.0.0-85-release700-240823.tar.gz

Step 7

Run the Docker image list or Docker images command to get the "image ID" (which is needed in the next step).

For example:

docker images

The result will be similar to the following: (section we will need is underlined for clarity)

My Machine% docker images
REPOSITORY                        TAG                                                 IMAGE ID             CREATED        SIZE
dockerhub.cisco.com/cw-installer  cw-na-unifiedems-7.0.0-85-release700-240823   a4570324fad30  7 days ago     276MB

Note

Pay attention to the "CREATED" time stamp in the table presented when you run docker images, as you might have other images present from the installation of prior releases. If you wish to remove these, the docker image rm {image id} command can be used.

Step 8

Launch the Docker container using the following command:

docker run --rm -it -v `pwd`:/data {image id of the installer container}

To run the image loaded in our example, use the following command:

docker run --rm -it -v `pwd`:/data a4570324fad30

Note

You do not have to enter that full value. In this case, "docker run --rm -it -v `pwd`:/data a45" was adequate. Docker requires enough of the image ID to uniquely identify the image you want to use for the installation.
In the above command, we are using the backtick (`). Do not use the single quote or apostrophe (') as the meaning to the shell is very different. By using the backtick (recommended), the template file, and OVA will be stored in the directory where you are on your local disk when you run the commands, instead of inside the container.
When deploying a IPv6 setup, the installer needs to run on an IPv6 enabled container/VM. This requires additionally configuring the Docker daemon before running the installer, using the following method:
- Linux hosts (ONLY): Run the Docker container in host networking mode by adding the "–network host" flag to the Docker run command line.
```
docker run --network host <remainder of docker run options>
```
Centos/RHEL hosts, by default, enforce a strict SELinux policy which does not allow the installer container to read from or write to the mounted data volume. On such hosts, run the Docker volume command with the Z option as shown below:
```
docker run --rm -it -v `pwd`:/data:Z <remainder of docker options>
```

Note

The Docker command provided will use the current directory to read the template and the ova files, and to write the log files used during the install. If you encounter either of the following errors you should move the files to a directory where the path is in lowercase (all lowercase, no spaces or other special characters). Then navigate to that directory and rerun the installer.

Error 1:

% docker run --rm -it -v `pwd`:/data a45
docker: invalid reference format: repository name must be lowercase.
See 'docker run --help'

Error 2:

docker: Error response from daemon: Mounts denied: approving /Users/Desktop: file does not exist
ERRO[0000] error waiting for container: context canceled

Step 9

Navigate to the directory with the VMware template.

cd /opt/installer/deployments/7.0.0/vcentre

Step 10

Copy the template file found under /opt/installer/deployments/7.0.0/vcentre/deployment_template_tfvars to the /data folder using a different name.

For example: cp deployment_template_tfvars /data/deployment.tfvars

For the rest of this procedure, we will use deployment.tfvars in all the examples.

Step 11

Edit the template file located in the /data directory in a text editor, to match your planned deployment (for reference, see Sample Manifest Template). The <sample manifest template> includes an example that you can reference for proper formatting. The example is more compact due to the removal of descriptive comments:

Step 12

From the /opt/installer directory, run the installer.

./cw-installer.sh install -m /data/<template file name> -o /data/<.ova file>

For example:

./cw-installer.sh install -m /data/deployment.tfvars -o /data/signed-cw-na-unifiedems-7.0.0-85-release700-240823.ova

Step 13

Read, and then enter "yes" if you accept the End User License Agreement (EULA). Otherwise, exit the installer and contact your Cisco representative.

Step 14

Enter "yes" when prompted to confirm the operation.

Note

It is not uncommon to see some warnings like the following during the install:

Warning: Line 119: No space left for device '8' on parent controller '3'.
Warning: Line 114: Unable to parse 'enableMPTSupport' for attribute 'key' on element 'Config'.

If the install process proceeds to a successful conclusion (see sample output below), these warnings can be ignored.

Sample output:

cw_vms = <sensitive>
INFO: Copying day 0 state inventory to CW
INFO: Waiting for deployment status server to startup on 10.90.147.66. Elapsed time 0s, retrying in 30s
Crosswork deployment status available at http://{VIP}:30602/d/NK1bwVxGk/crosswork-deployment-readiness?orgId=1&refresh=10s&theme=dark 
Once deployment is complete login to Crosswork via: https://{VIP}:30603/#/logincontroller 
INFO: Cw Installer operation complete.

Note

If the installation fails, open a case with Cisco and provide the .log files that were created in the /data directory (and the local directory where you launched the installer Docker container), to Cisco for review. The two most common reasons for the install to fail are: (a) password that is not adequately complex, and (b) errors in the template file. If the installer fails for any errors in the template (for example, mistyped IP address), correct the error and rerun the install script.

Sample Manifest Template

This topic presents the manifest template example for deploying Crosswork on a single VM:

Cw_VM_Image = ""    # Line added automatically by installer.
ClusterIPStack        = "IPv4"
ManagementVIP         = "10.78.103.198"
ManagementIPNetmask   = "255.255.255.0"
ManagementIPGateway   = "10.78.103.1"
DataVIP               = "192.168.100.198"
DataIPNetmask         = "255.255.255.0"
DataIPGateway         = "0.0.0.0"
DNS                   = "72.163.128.140"
DomainName            = "cisco.com"
CWPassword            = "*****!"
VMSize                = "XLarge"
NTP                   = "ntp.esl.cisco.com"
Timezone              = "Asia/Calcutta"
EnableSkipAutoInstallFeature = "True"
CwVMs = {
    "0" = {
      VMName              = "SVM198",
      ManagementIPAddress = "10.78.103.197",
      DataIPAddress       = "192.168.100.197",
      NodeType            = "Hybrid"
    }
}
VCentreDC = {
  VCentreAddress = "10.64.80.220",
  VCentreUser = "<your-username>",
  VCentrePassword = "******",
  DCname = "Crosswork-Single-VM",
  MgmtNetworkName = "VM Network",
  DataNetworkName = "CW-7.0-VLAN21",
  VMs = [
      {
        HostedCwVMs = ["0"],
        Host = "10.78.103.62",
        Datastore = "5.2TB-SSD-62-2",
        HSDatastore="5.2TB-SSD-62-2"
      }
  ]
}
SchemaVersion = "7.0.0"

Cisco Crosswork Network Controller 7.0 Installation Guide

Bias-Free Language

Book Title

Cisco Crosswork Network Controller 7.0 Installation Guide

Chapter Title