Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 10.6(x)
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
gRPC Network Operations Interface (gNOI) defines a set of gRPC-based micro-services for executing operational commands on
network devices.
gNOI uses Google Remote Procedure Call (gRPC) as the transport protocol and the configuration is same as that of gNMI. For
details on gNMI configuration, see gRPC Agent. To send gNOI RPC requests, user needs a client that implements the gNOI client interface for each RPC. In Cisco NX-OS Release
10.1(1) the gNOI defines Remote Procedure Calls (RPCs) for a limited number of components and some of them are related to
hardware (like optical interfaces).
Proto files are defined for the gRPC micro-services and are available at GitHub.
Table 1. Supported gNOI RPCs
Proto
gNOI RPC
Supported
System
Ping
Yes
Traceroute
Yes
Time
Yes
SetPackage
Yes
SwitchControl Processor
Yes
Reboot
Yes
RebootStatus
Yes
CancelReboot
Yes
OS
Activate
Yes
Verify
Yes
Cert
LoadCertificate
Yes
File
Get
Yes
Put
Yes
Stat
Yes
Remove
Yes
FactoryReset
Start
Yes
Containerz
Deploy
Yes
ListImage
Yes
RemoveImage
Yes
RemoveContainer
Yes
ListContainer
Yes
StartContainer
Yes
StopContainer
Yes
UpdateContainer
Yes
Log
Yes
CreateVolume
Yes
RemoveVolume
Yes
ListVolume
Yes
Guidelines and Limitations for gNOI
The gNOI feature has the following guidelines and limitations:
A maximum of 16 active gNOI RPCs are supported.
The Cisco Nexus 9000 series switches would run one endpoint with one gNMI service and two gNOI microservices.
Note
This document can provide gNOI client examples. The referred client is a python script to illustrate the raw exchange of gNOI
request and response. Users shall use their own clients of interest.
Configuring gNOI
gNMI is a child functionality of the gRPC agent. See gRPC Agent, to enable the gRPC agent. Currently there is no separate configuration for gNOI.
Currently there is no separate config for gNOI.
System .Proto
The System proto service is a collection of operational RPCs that allows the management of a target outside the configuration
and telemetry pipeline.
The following are the RPC support details for System proto:
RPC
Support
Description
Limitation
Ping
ping/ping6 cli command
Executes the ping command on the target and streams back the results. Some targets may not stream any results until all results
are available. If a packet count is not explicitly provided, ping5 is used.
do_not_resolve option is not supported.
Traceroute
traceroute/traceroute6 cli command
Executes the traceroute command on the target and streams back the results. Some targets may not stream any results until
all results are available. Max hop count of 30 is used.
itial_ttl, marx_ttl, wait, do_not_fragment, do_not_resolve and l4protocol options are not supported.
Time
local time
Returns the current time on the target. Typically used to test if the target is responding.
-
SetPackage
install{ add | activate } install all nxos
Execute the install command on the target. This supports to install either the OS image or RPM
Only support RPMs or OS images on the bootflash: filesystem
SwitchControl Processor
system switchover cli command
Switches from the current route processor to the provided route processor. Switchover happens instantly and the response may
not be guaranteed to return to the client.
Switchover occurs instantly. As a result, the response may not be guaranteed to return to the client.
Reboot
cli: reload [module]
Causes the target to reboot.
message option is not supported. Delay option is supported for switch reload, and the path option accepts one module number.
RebootStatus
show version [module] cli command
Returns the status of the reboot for the target.
-
CancelReboot
reload cancel
Cancels any pending reboot request.
-
SetPackage
The gNOI setpackage RPC provides a mechanism by which a software package may be copied to the switch and optionally activated.
The software package may be copied directly from the RPC caller, or a remote download may be specified. In either case, the
package transfer is verified using a hash before the package is installed.
The setpackage RPC and all related messages are fully defined here:
The intended use of this RPC is to install software packages to the switch. A software package is either a RPM or a bootable
NXOS system image. A RPM package is either a Cisco signed RPM or a third-party RPM. For third-party RPMs the following config
is required before installing:
system software allow third-party
Guidelines and Limitations for SetPackage
Following are the guidelines and limitations for SetPackage:
Only standard NXOS system images and RPM packages are supported. Any other file type will be rejected and fail the RPC.
Packages may be copied only to the “bootflash:” filesystem.
No support for bundled images where NXOS system images are combined with third-party application packages
No support for the RemoteDownload.source_address option
The Package.filename must conform to standard NXOS file naming conventions and must only reside on “bootflash:”
The Package.version may be empty or set to a version string. If empty, no check is done. If set, this version string must
match the string of the package being installed.
A remote copy operation that uses SSH/SFTP must use passwordless ssh, which must be configured by the administrator. This
is outside the scope of the RPC operation. A password given in RemoteDownload.credentials will be rejected and fail the RPC.
A remote copy operation that uses HTTP(S) may require the use of a proxy. This requires manual configuration in /etc/.curlrc.
A remote copy assumes the vrf is “default” unless otherwise specified in RemoteDownload.source_vrf
RPC Options
The below table shows the Package message fields and values. Note that this information is client implementation independent,
this is just the format of the protobuf messages and the data they contains. It is up to the client to properly construct
each protobuf message.
Option
Description
Values
string filename
Destination filename of package on switch
A valid NXOS filename on bootflash:.
string version
The package version string
Maybe be empty, or set to the package version
bool activate
Specify whether to install the package only, or additionally activate the install package. The default is ‘'false’
activate = false and OS image
Install the image without reloading the switch
activate = false and RPM
Install the RPM into the repository without enabling it
activate = true and OS image
Install the image and reload the switch
activate = true and RPM
Install and enable the RPM
In caseofNX-OS SMU RPM, then it may or may not reload the switch. This is decided by the impact scope of the SMU. Please refer
to the release information of the SMU RPM.
remote_download
Specifies the package is to be retrieved from another server location
Only non-interactive remote copy supported. Must have passwordless SSH configured. Remote information given in RemoteDownload
message.
The following table showing RemoteDownload message
Option
Description
Values
path
Gives the host and path information to retrieve from. Hostname or IP may be used.
http(s) :
example.com/path/to/package.rpm
sftp/scp:
a.b.c.d:/path/to/package.rpm
protocol
Remote copy protocol
SFTP, SCP, HTTP, HTTPS. Must be passwordless (scp/sftp).
source_address
Not supported
source_vrf
The vrf over which to perform the remote copy.
If not specified “default” will be used
credentials
Credentials to access the remote resource for copying
The username and password, if required
username
The username to use for the copy operation on remote server
Mandatory for remote copy operations
password
The password if required, may be cleartext or hashed
If password is required (http(s)). Not required for scp/sftp as this requires passwordless ssh keys.
Note
Proxy - For remote downloads through http/https, there exist scenarios where the download is only possible through a proxy. In
such case, the user needs to update the curl proxy information.
Please refer to the below example.
This would allow the remote download to go through the specified proxy, and such config would be persisted across switch reload.
# feature bash
# run bash sudo su -
# <edit> /etc/.curlrc
--proxy http://<proxy>:<proxy-port>
# ln -s /etc/.curlrc /etc/curlrc
Note
Timing of response and switch reload - When SetPackage reloads the switch, in some cases the switch may reload immediately which disrupts the network connectivity.
It is expected that the client might not be able to receive the gnoi response.
Below are example interactions of clients using the setpackage RPC to install software on the switch. These are just examples
using different clients to illustrate how the RPC is used. Other clients would use similar options but the details would differ.
n9k_pi2# show install active
Active Packages:
gnxi-console --host <ip> --port 50051 --cafile /tmp/grpc.pem --hostnameoverride ems.cisco.com -u admin -p <passwd> --operation gnoi.system.setpackage --arg local_file=/auto/mtx-dev/sanity/images/valgrind-3.14.0-r0.corei7_64.rpm,package.filename=bootflash:valgrind-3.14.0-r0.corei7_64.rpm,chunk_size=64000,hash.method=3,checksum=02cb0e6a9b41229db1d560dbe83ecce6,package.activate=true
### [gnoi.system.setpackage]-------------------------------
SetPackageRequest
package {
filename: "bootflash:valgrind-3.14.0-r0.corei7_64.rpm"
activate: true
}
Sent 65 content RPC messages
End>>
hash {
method: MD5
hash: "\002\313\016j\233A\"\235\261\325`\333\350>\314\346"
}
Hex coded checksum: 02cb0e6a9b41229db1d560dbe83ecce6
[RESP] : 0
n9k_pi2# show install active
Active Packages:
valgrind-3.14.0-r0.corei7_64
OS .Proto
The OS service provides an interface for OS installation on a Target. The OS package file format is platform dependent. The
platform must validate that the OS package that is supplied is valid and bootable. This must include a hash check against
a known good hash. It is recommended that the hash is embedded in the OS package.
The Target manages its own persistent storage, and OS installation process. It stores a set of distinct OS packages, and always
proactively frees up space for incoming new OS packages. It is guaranteed that the Target always has enough space for a valid
incoming OS package. The currently running OS packages must never be removed. The Client must expect that the last successfully
installed package is available.
The following are the RPC support details for OS proto:
RPC
Support
Description
Limitation
Activate
install all nxos bootflash:///img_name
Sets the requested OS version as the version that is used at the next reboot. This RPC reboots the Target.
Cannot rollback or recover if the reboot fails.
Verify
show version
Verify checks the running OS version. This RPC may be called multiple times while the Target boots until it is successful.
-
Note
The Install RPC is not supported.
Cert .Proto
The certificate management service is exported by targets. Rotate, Install and other Certificate Proto RPCs are not supported.
RPC
Support
Description
Limitation
LoadCertificate
crypto ca import <trustpoint>
pkcs12 <file> <passphrase>
Loads a bundle of CA certificates.
-
File .Proto
The file proto streams messages based on the features of the file.proto RPCs.
Get, Stat, and Remove RPCs support file systems such as - bootflash, bootflash://sup-remote, logflash, logflash://sup-remote,
usb, volatile, volatile://sup-remote and debug. Put RPC only supports bootflash.
The following are the RPC support details for File proto:
RPC
Support
Description
Limitation
Get
Get reads and streams the contents of a file from the target. The file is streamed by sequential messages, each containing
up to 64 KB of data. A final message is sent prior to closing the stream that contains the hash of the data sent. An error
is returned if the file does not exist or there was an error reading the file.
Maximum file size limit is 32 MB.
Put
Upload a file to the target switch. Destination of the file follows the NXOS naming syntax . There is no restriction on the
file type.
Maximum file size 3.5GB
Only bootflash: supported
Stat
Stat returns metadata about a file on the target. An error is returned if the file does not exist or if there is an error
in accessing the metadata.
-
Remove
Remove removes the specified file from the target. An error is returned if the file does not exist, if it is a directory,
or the remove operation encounters an error.
-
Put
The Put operation allows the user to upload a file to the switch. The “remote_file” field shall follow the naming convention
required by the NX-OS “copy” command, for example “bootflash:example.txt”. The following limitations are applied to files
copied to the switch:
Maximum file size of 3.5GB
Target filesystem must be local bootflash:
RPC user must have write permissions for the target file
factory-reset module all [bypass-secure-erase] preserve-image force
Executes the factory-rest command on the target.
See below for detail.
FactoryReset
The gNOI factory reset operation erases all persistent storage on the specified module. This includes configuration, all log
data, and the full contents of flash and (Solid State Drives) SSDs. The reset boots to the last boot image, erases all storage
including license. gNOI factory reset supports two modes:
A fast erase which can reformat and repartition only.
A secure erase which can erase securely and wipe the data which is impossible to recover.
Option
Description
Values
factory_os
Specifies to rollback to the OS version as shipped from factory.
Setting to true on NX-OS is not supported, and it is mandatory to preserve the current boot image.
zero_fill
Specifies whether to perform more time consuming and comprehensive secure erase.
zero_fill = true: Specifies factory-reset module all preserve-image force.
zero_fill = false: Specifies factory-reset module all bypass-secure-erase preserve-image force.
This gNOI containerz further provides the GRPC-ish wrapper interface around the existing NX-OS docker functionality. To leverage
the containerz API interface, the user first needs to first start and provision the docker service per the above guideline.
Once the native docker service is running and accessible via the NX-OS bash shell, then the user can use containerz client
to manage the docker service. When NX-OS receives a containerz request, it then translates the given gnoi request to the corresponding
docker command and invoke it. The docker command output would be translated back to the respective containerz response format,
and then deliver back to the client.
Figure 1.
The following are the RPC support details for Containerz proto:
RPC
Support
Description
Limitation
Deploy
docker image load
Upload a docker image tar and install into the repository
is_plugin option is not supported
ListImage
docker image ls
List the deployed images
RemoveImage
docker image rm
Remove an image
RemoveContainer
docker container rm
Remove a container
ListContainer
docker container ls
List containers
StartContainer
docker container run
docker container start
Start a new or stopped container
StopContainer
docker container stop
docker container restart
Stop or restart a container
UpdateContainer
docker container stop
docker container start
Update container
Log
docker container logs
Fetch the container logs
CreateVolume
docker volume create
Create docker volume
Only supports “Local” driver
“Local mount option” is not suppored
RemoveVolume
docker volume rm
Remove docker volume
“Force” option is not supported
ListVolume
Docker volume ls
List docker volume
Note
The StartPlugin, StopPlugin, ListPlugin and RemovePlugin RPC are not supported.
<Deploy>
The Deploy operation allows the user to upload a docker image (either “tar” or “tar.gz” format) to the switch and register
to the switch’s repository.
The purpose of the deploy RPC is to load an image archive into the docker image registry. The deploy RPC provides equivalent
functionality to the “"docker load” command line. The image archive file is expected to be a GZIP or TAR file and contain
a valid docker image.
Guidelines and Limitations for <Deploy>
Following are guidelines and limitations for deploy operation.
The file being deployed must be a valid Docker image in a Gzip or TAR format
Plugins are not supported
Only non-interactive remote copy can be done, meaning for SCP/SFTP the administrator must have setup passwordless SSH before
the RPC is executed.
For remote download case, the switch will not send an ImageTransferReady and it is assumed the client will not send a ImageTransferEnd.
RPC Options
The following protobuf messages are exchanged during the RPC execution (refer to RPC proto definition for complete details).
These messages are sent by the client to the switch.
The ImageTransfer message is the first message sent from the client to the switch to initiate the deploy operation.
Message option
Description
Value
string name
The name to give the installed image
A valid docker image name
string tag
The tag applied to the image once installed
A valid docker image tag
Unit64 image_size
Size (bytes) of the installed image. This will be check to ensure there is enough free space to load the image.
The user must provide the image size. This value can be found with “docker inspect <image> | grep Size” . The image must not
be larger than 80% of free docker partition space.
Bool is_plugin
Not supported
False
RemoteDownload remote_download
Optional if switch is copying from remote server. Only non-interactive remote copy supported. Must have passwordless SSH configured.
Remote information given in RemoteDownload message.
Table showing RemoteDownload message
Option
Description
Values
path
Gives the host and path information to retrieve from. Hostname or IP may be used.
http(s) :
example.com/path/to/package.rpm
sftp/scp:
a.b.c.d:/path/to/package.rpm
protocol
Remote copy protocol
SFTP, SCP, HTTP, HTTPS. Must be passwordless (scp/sftp).
source_address
Not supported
source_vrf
The vrf over which to perform the remote copy.
If not specified “default” will be used
credentials
Credentials to access the remote resource for copying
The username and password, if required
username
The username to use for the copy operation on remote server
Mandatory for remote copy operations
password
The password if required, may be cleartext or hashed
If password is required (http(s)). Not required for scp/sftp as this requires passwordless ssh keys.
Bytes Message
Option
Description
Values
content
This message carries the data if doing a direct copy to the switch
Raw bytes of the image archive file being copied.
ImageTransferEnd Message
Option
Description
Values
<none>
This is an empty message signaling the end of the bytes transfer to the switch.
No data in this message.
The following protobuf messages are sent from the switch to the client.in the form of a DeployResponse message.
ImageTransferReady -- switch is ready to receive data
ImageTransferProgress – indicates to client the number of bytes received so far
ImageTransferSuccess -- indicates to client the transfer was successful
Google.rpc.Status -- RPC status code
ImageTransferReady Message
Option
Description
Values
chunk_size
Indicates to client who much data to carry in each content message
Will always request 64KB
ImageTransferProgress Message
Option
Description
Values
Bytes_received
The number of bytes successfully transferred to switch so far in data copy
The total number of byes received, sent every 2MB of received data.. This message is not sent when doing a remote copy.
ImageTransferSuccess Message
Option
Description
Values
name
The name of the image as loaded in the registry
Docker name as string.
tag
The tag that was used for this image
Docker tag as string
image_size
The loaded image size
unit64 value in bytes
Example Client RPC Interaction
The below examples illustrate the usage of the deploy RPC using one particular client. Other clients will differ in the details
but this illustrates the basic interaction.
Example – Direct upload
./gnxi-console --host 172.22.244.142 --port 50051 --cafile /tmp/grpc.pem --hostnameoverride ems.cisco.com -u admin -p <passwd>
--operation gnoi.containerz.deploy --arg image_transfer.name=alpine_dev,image_transfer.tag="DEV-1.0.1",image_transfer.image_size=3309581,
image_transfer.is_plugin=false,local_file=/auto/mtx-dev/sanity/docker/docker_alpine_latest.tar.gz
### [gnoi.containerz.deploy]-------------------------------
Transfer>>
image_transfer {
name: "alpine_dev"
tag: "DEV-1.0.1"
image_size: 3309581
}
[RESP] : 0
image_transfer_ready {
chunk_size: 64000
}
Sent 52 chunks
End>>
image_transfer_end {
}
[RESP] : 0
image_transfer_progress {
bytes_received: 2112000
}
[RESP] : 0
image_transfer_success {
name: "alpine_dev"
tag: "DEV-1.0.1"
image_size: 3309581
}
The state of docker on n9k:
bash-5.1# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest af4709625109 5 months ago 4.27MB
alpine_dev DEV-1.0.1 2c64cf60f6f0 6 months ago 7.35MB
The ListImage operation would return the list of images in the switch’s local repository. Each image would include the information
such as image id, name, and tag.
The ListImage operation supports the following options.
Option
Description
Values
Limit
The “limit” would restrict the number of image entries returned in the response, following the same display order of the “docker
image list” command.
Valid number of image entries as int32
Filter
{key:value}
ListImage operation would return all images that match with the filter
Valid string for key and value
The following example illustrates the usage of ListImage operation.
The RemoveImage operation would remove a docker container identified by the name.
By default, the operation would fail if the image is used by some containers. The “force” option may be used to force to stop
and remove the image. However, in this case, docker only untags the image.
The RemoveImage operation supports the following options.
Option
Description
Values
Name
Image name to be removed
Valid image name as string
Tag
Tag to be removed
Valid tag as string
Force
If “force=True”, the image would be removed/untagged forcibly
True/False. Default value is set to false.
following example illustrates the usage of RemoveImage operation
> gnoi-client --host <ip> --port <port> -u admin -p <pass> containerz.removeimage
--arg name=alpine
[REQ]
name: "alpine"
[RESP]
code: UNKNOWN
detail: "Error response from daemon: conflict: unable to remove repository reference \"alpine\" (must force) - container 21e718a3bf52 is using its referenced image 2c64cf60f6f0\n"
Following example illustrates force removal (untag only).
The StartContainer operation could be used to either start a new container or restart a previously stopped container. The
decision is based on the following conditions.
If the the container does not exist, then start a new container
Otherwise
If the container is already running, then return an error.
If the container is stopped but the request includes more fields than just the instance name, then return an error.
If the container is stopped and the request contains only the instance name, then start the container.
The StartContainer supports the following options
Option
Description
Values
image_name
Image name to start container
Valid image name as string
tag
Image tag to start container
Valid tag as string
cmd
Command to run in a new container
Valid command string
instance_name
Identifier for a new container
Valid instance_name as string
port
-internal
-external
List of internal ports to be exposed outside the container
Valid internal and external ports
Ex. Internal port = 2001
External port = 1001
environment =<VAR1>:<value>
Set environment variables in the container
Environment variables as string. It can be just value or key value pair
Ex. VAR1 or VAR1=val
network
Network to attach this container to
Valid network string
This could be 'host', 'bridged' or any other network available in the runtime.
Set the user and group this container should run as
Valid UID and GID as string
Label
<key>:<val>
A key-value pair to set the metadata to container
String labels. It can be just a key or key value pair.
Ex. my-label or com.example.foo=bar
Limits.max_cpu
Set number of max CPUs this container can use
A valid number of CPUs.
Ex. a value of 0.5 means this container can use a maximum of
half a cpu.
Limits.soft_mem_bytes
Set memory soft limit
A valid memory limit in bytes. This limit must be smaller than the available max memory.
Ex limits.soft_mem_bytes=7000000
Limits.hard_mem_bytes
Set memory hard limit
A valid memory limit in bytes.
Ex. limits.hard_mem_bytes=9000000
Guidelines and Limitations
The StartContainer operation is achieved via “docker run” CLI. The maximum supported length for this CLI is 2500 bytes.
In the case of RunAs, current docker only supports UID and GID. Container starts with any value of UID and GID and fails when
username and group names are provided.
In case of any warning while starting the container, NXOS would start the container without sending the warning back.
The following example illustrates the usage of StartContainer operation
The RemoveContainer operation would remove a docker container identified by the name.
By default, the operation would fail if the container is still running. The force option can be used to force to stop and remove the container.
The RemoveContainer operation supports the following options.
Option
Description
Values
Name
Container name to be removed
Valid container name as string
Force
If “force=True”, the container would be stopped and removed forcibly
True/False. Default value is set to false.
It is important to know that containers may continue to exist even if the underlying image has been removed, as there is a
certain degree of independence before the docker images and containers. The user should remove the images and containers with
caution.
Example
> gnoi-client --host <ip> --port <port> -u admin -p <pass> containerz.removecontainer
[REQ]
name: "foo"
[RESP]
code: RUNNING
detail: "Error response from daemon: You cannot remove a running container 706723d4ae83e3fa7b5dcfe4edbb8edd570ea8af690c3eef2526f9c603bfba97. Stop the container before attempting removal or force remove\n"
The ListContainer operation would return the list of containers in the switch’s local repository.
Each container would include the information such as the image name, container id, name, running status, metadata which includes
the labels and image hash computed by the container runtime.
The ListContainer operation supports the following options
Option
Description
Values
All
The “all” option can be used to return all running and non-running containers. By default, ListContainer operation only returns
the running containers.
True/False. Default value is set to false.
Limit
The “limit” would restrict the number of container entries returned in the response, following the same display order of the
“docker container list” command.
Valid number of container entries as int32
Filter
{key:value}
ListImage operation would return all images that match with the filter
The StopContainer operation would stop a docker container identified by the name, and is achieved via the “docker container
stop” command. When the “restart” option is specified, It would also restart the docker container using “docker container
restart” command.
StopContainer operation supports the following options
Option
Description
Values
Instance_name
Container instance to be stopped
Valid instance_name as string
force
If this option is true, container would be stopped forcibly
True/False. The default value is set to false.
restart
If this option is true, container would be restarted using “docker container restart”
True/False. The default value is set to false.
Limitations and Caveats
When the running container is stopped using StopContainer operation, it would take 10s to stop the container without returning
error.
When the running container is stopped with the “force” option, the container will stop after 5s.
The following example illustrates the usage of StopContainer operation.
The UpdateContainer operation would update a container instance with a new image and arguments. If the update fails, it shall
restore the container back to its previous status.
Note that currently the native docker does not support this operation, and thus NX-OS would achieve this functionality via
a sequence docker operation
Stop the given container if it is currently running
Rename the container to a temporary name as the backup
Start a new container with the same container name, using the given new image and arguments
If the new container succeeds to run, then remove the backup container
If the new container fails to run, then try to restore
Stop and remove the new container
Rember the backup back to its original container name
Start the container if it was running
The UpdateContainer operation supports the following option
Option
Description
Values
instance_name
The name of the running container to update.
A valid instance name as string
image_name
The image to update the container to.
A valid image name as string
image_tag
The tag to update the container to.
A valid tag as string
async
Run this operation asynchronously or not
True/False. The default value is set as false.
All options supported by startContainer operation to run the container with.
The Log operation allows to client to fetch the container logs, similar to the “docker container logs” command. The operation
can choose whether to “follow” the log.
If follow=False, the switch would fetch and return the current logs
If follow=True, the switch would return the current logs, and stream the new logs until the RPC is canceled by the client,
or when the container stops.
The Log operation supports the following option
Option
Description
Values
instance_name
Container name
Valid container identifier as string
follow
If set, the stream remains open until the client cancels it.
True/False. The default value is set to False.
Example
> gnoi-client --host <ip> --port <port> -u admin -p <pass> containerz.log
--arg instance_name=test
[REQ]
instance_name: "test"
[RESP] : 1
msg: "Wed Jun 11 20:21:05 UTC 2025\nWed Jun 11 20:21:06 UTC 2025\nWed Jun 11 20:21:07 UTC 2025\nWed Jun 11 20:21:08 UTC 2025\nWed Jun 11 20:21:09 UTC 2025\nWed Jun 11 20:21:10 UTC 2025\nWed Jun 11 20:21:11 UTC 2025\nWed Jun 11 20:21:12 UTC 2025\n
Wed Jun 11 20:21:13 UTC 2025\nWed Jun 11 20:21:14 UTC 2025\nWed Jun 11 20:21:15 UTC 2025\nWed Jun 11 20:21:16 UTC 2025\nWed Jun 11 20:21:17 UTC 2025\nWed Jun 11 20:21:18 UTC 2025\nWed Jun 11 20:21:19 UTC 2025\nWed Jun 11 20:21:20 UTC 2025\nWed Jun 11 20:21:21 UTC 2025\nWed Jun 11 20:21:22 UTC 2025\nWed Jun 11 20:21:23 UTC 2025\nWed Jun 11 20:21:24 UTC 2025\n"
[RESP] : 2
msg: "Wed Jun 11 20:21:25 UTC 2025\n
Example – Follow the logs
> gnoi-client --host <ip> --port <port> -u admin -p <pass> containerz.log
--arg instance_name=test,follow=True
[REQ]
instance_name: "test"
…
[RESP] : 16
msg: "Wed Jun 11 20:26:06 UTC 2025\nWed Jun 11 20:26:07 UTC 2025\nWed Jun 11 20:26:08 UTC 2025\nWed Jun 11 20:26:09 UTC 2025\nWed Jun 11 20:26:10 UTC 2025\nWed Jun 11 20:26:11 UTC 2025\nWed Jun 11 20:26:12 UTC 2025\nWed Jun 11 20:26:13 UTC 2025\n"
[RESP] : 17
msg: "Wed Jun 11 20:26:14 UTC 2025\n"
[RESP] : 18
msg: "Wed Jun 11 20:26:15 UTC 2025\n"
…
<CreateVolume>
The CreateVolume operation would create a docker volume identified by the name.
The user can mount this volume into multiple containers.
The CreateVolume operation supports the following options
Option
Description
Values
name
Name of the volume
A valid volume name as string
driver
The volume driver
NXOS only supports the “LOCAL” driver
options
Options for the driver. The actual option keys and values are driver specific.
NXOS does not support this option
labels
Labels to apply to the volume. Labels are metadata for the the volume.
String labels. It can be just a key or key value pair.
Ex. my-label or com.example.foo=bar
Guideines and Limitations
NXOS only supports “LOCAL” driver ro create volume.
The RemoveVolume operation would remove a docker volume identified by the name.
The RemoveVolume operation supports the following options
Option
Description
Values
name
Name of volume to be removed
Valid volume name s string
force
Force the volume removal
Not supported by NXOS
Guidelines and Limitations
The “force” option is not supported by docker, and thus please make sure to detach the volume from all containers to allow
the volume to remove successfully
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest af4709625109 8 months ago 4.27MB
alpine latest 2c64cf60f6f0 9 months ago 7.35MB
docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@nxosv-104#docker container list -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9bd2156dd341 busybox:latest "sh" 5 days ago Exited (255) 3 days ago stupefied_euclid
c8d945cfc5f6 busybox:latest "/bin/bash" 5 days ago Created determined_lehmann
7463c28fd039 busybox "sh -c 'while true; …" 5 days ago Exited (255) 3 days ago busy_test
26dc68f0e4d2 alpine:latest "/bin/bash" 5 days ago Created admiring_raman
0f5de1376925 alpine:latest "/bin/bash" 5 days ago Created vigilant_keller
4ac6c84be9f1 alpine:latest "/bin/bash" 5 days ago Created optimistic_dirac
e5b43676fc98 alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_183038_7
d912c55525ae alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_183028_6
0360fcde5af4 alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_183019_5
53f2e94399ca alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_182049_4
35130a5e3f86 alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_182039_3
5d6dbe0dc904 alpine "sh -c 'sleep 100'" 3 weeks ago Exited (0) 3 weeks ago gnoi_docker_container_20250519_181102_2
Gathering Debug Logs
gNOI is a child service of the gRPC agent. For more information, see gRPC Agent chapter.
Docker log
In particular for containerz, please investigate the log at the below location. This file maintains the debug messages for
the docker daemon. Please refer to https://docs.docker.com/engine/daemon/logs/ for the details.