The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
![]() Note |
|
To log in to the ESC portal, do the following:
Register an instance of ESC. For more information on registering the ESC instance see, Installing Cisco Elastic Services Controller Using the QCOW Image
Ensure that you have the username and password.
You will be forced to change the default password on first time login. Portal will not let you bypass this step and will keep returning you to this page until you change the default password. After the first time password change, you can change your password using the procedures described in this section. Also, if the user has multiple browsers or tabs or the SAME user is logged on by 2 or more computers and one of the user changes the password then everyone will be logged off and asked to re-enter the new password. The user session has an expiry of 1 hour so if the user is inactive on the portal for an hour then portal will expire the session and the user will have to re-login. If you forgot your password, you can also reset the password.
This section discusses how to change the passwords.
After you install ESC, to change the Confd admin password, do the following:
Step 1 | Log in to
the ESC VM.
$ ssh USERNAME@ESC_IP |
Step 2 | Switch to
the root user.
$ su root |
Step 3 | Load the
ConfD CLI:
$ /opt/confd-5.2.1/bin/confd_cli -u admin |
Step 4 | Set the new
admin password:
$ configure $ set aaa authentication users user admin password <new password> |
Step 5 | Save the
changes.
$ commit |
To change an existing ESC portal password using ESC portal UI, do the following:
After completing the post installation steps in ESC, create OpenStack resources: Tenant, Image, Flavor, Network, and Subnet. For more information see Cisco Elastic Services Controller User Guide
ESC REST API uses http basic access authentication where the ESC client will have to provide a username and password when making ESC REST requests. The user name and password will be encoded with Base64 in transit, but not encrypted or hashed. HTTPS will be used in conjunction with Basic Authentication to provide the encryption.
This section discusses how to enable the REST authentication, change the default password of the REST interface, and how to send authorized REST request from the ESC client.
By default, the REST authentication is disabled. To enable it the pass the argument --enable-auth to ESC bootvmp.py, ESC installation script.
![]() Note | Make sure to pass either --enable-https-rest or --enable-http-rest or both the arguments to the bootvm.py script along with the --enable-auth argument, to enable the authentication. To enable https after ESC VM is booted, run the script /opt/cisco/esc/esc-scripts/enableHttpsRest.sh. |
The REST interface has only one default username/password (admin/cisco123). The password can be updated using escadm tool from the ESC VM CLI. You can also update the password through the REST API.
Step 1 | Log in to ESC VM. |
Step 2 | Switch to the root user. |
Step 3 | To reset to
the default password (admin/cisco123), use the following command:
escadm rest set |
Step 4 | To replace the
existing password with a new one, use one of the below options:
|
To send an authorized request, the ESC client should send the request with the following header:
Authorization: Basic YWRtaW46Y2lzY28xMjM=
where YWRtaW46Y2lzY28xMjM= is the Base64 enconded string of the default username/password (admin:cisco123).
Most libraries and web clients have an interface for providing the username/password and the application will encode the username/password and add the HTTP Basic Auth header.
Example using the default admin/cisco123 credentials:
For HTTP:
http://[ESCVM_IP]:8080/ESCManager/v0/tenants/
For HTTPS:
https://[ESCVM_IP]:8443/ESCManager/v0/tenants/
![]() Note |
Passing VIM credential using Netconf :
<esc_system_config xmlns="http://www.cisco.com/esc/esc"> <vim_connectors> <!--represents a vim--> <vim_connector> <!--unique id for each vim--> <id>my-ucs-30</id> <!--vim type [OPENSTACK|VMWARE|VAGRANT|...]--> <type>OPENSTACK</type> <properties> <property> <name>os_auth_url</name> <value>http://<ip address>:5000/v2.0</value> </property> </properties> <users> <user> <id>admin</id> <credentials> <properties> <property> <name>os_password</name> <value>cisco123</value> </property> <property> <name>os_tenant_name</name> <value>admin</value> </property> </properties> </credentials> </user> </users> </vim_connector> </vim_connectors> </esc_system_config>
Updating VIM Connector using Netconf:
<esc_system_config xmlns="http://www.cisco.com/esc/esc"> <vim_connectors> <vim_connector nc:operation="replace"> <id>example_vim</id> <type>OPENSTACK</type> <properties> <property> <name>os_auth_url</name> <value>http://<ip address>:5000/v2.0</value> </property> </properties> </vim_connector> </vim_connectors> </esc_system_config>
Updating VIM user using Netconf:
<esc_system_config xmlns="http://www.cisco.com/esc/esc"> <vim_connectors> <vim_connector> <id>example_vim</id> <users> <user nc:operation="replace"> <id>my_user</id> <credentials> <properties> <property> <name>os_password</name> <value>cisco123</value> </property> <property> <name>os_tenant_name</name> <value>admin</value> </property> </properties> </credentials> </user> </users> </vim_connector> </vim_connectors> </esc_system_config>
Deleting VIM connector using Netconf:
<esc_system_config xmlns="http://www.cisco.com/esc/esc"> <vim_connectors> <vim_connector nc:operation="delete"> <id>example_vim</id> </vim_connector> </vim_connectors> </esc_system_config>
$/opt/cisco/esc/esc-confd/esc-cli/esc_nc_cli delete-vim-connector <vim connector id
Deleting VIM user using command:
$/opt/cisco/esc/esc-confd/esc-cli/esc_nc_cli delete-vim-user <vim connector id> <vim user id>
POST /ESCManager/v0/vims/ HEADER: content-type, callback <?xml version="1.0"?> <vim_connector xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <!--unique id for each vim--> <id>my-ucs-30</id> <!--vim type [OPENSTACK|VMWARE|VAGRANT|...]--> <type>OPENSTACK</type> <properties> <property> <name>os_auth_url</name> <value>http://10.85.103.37:5000/v2.0</value> </property> </properties> </vim_connector>
Adding VIM user using REST:
POST /ESCManager/v0/vims/{vim_id}/vim_users HEADER: content-type, callback <?xml version="1.0"?> <user xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <id>admin</id> <credentials> <properties> <property> <name>os_password</name> <value>cisco1234</value> </property> <property> <name>os_tenant_name</name> <value>admin</value> </property> </properties> </credentials> </user>
Update VIM using REST:
PUT /ESCManager/v0/vims/{vim_id} HEADER: content-type, callback <?xml version="1.0"?> <vim_connector xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <!--unique id for each vim--> <id>my-ucs-30</id> <!--vim type [OPENSTACK|VMWARE|VAGRANT|...]--> <type>OPENSTACK</type> <properties> <property> <name>os_auth_url</name> <value>http://10.85.103.37:5000/v2.0</value> </property> </properties> </vim_connector>
Update VIM user using REST:
PUT /ESCManager/v0/vims/{vim_id}/vim_users/{user_id} HEADER: content-type, callback <?xml version="1.0"?> <user xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <id>admin</id> <credentials> <properties> <property> <name>os_password</name> <value>cisco1234</value> </property> <property> <name>os_tenant_name</name> <value>admin</value> </property> </properties> </credentials> </user>
Delete VIM using REST:
DELETE /ESCManager/v0/vims/{vim_id}
Delete VIM user using REST:
DELETE /ESCManager/v0/vims/{vim_id}/vim_users/{user_id}
<?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <eventTime>2016-10-06T16:24:05.856+00:00</eventTime> <escEvent xmlns="http://www.cisco.com/esc/esc"> <status>SUCCESS</status> <status_code>200</status_code> <status_message>Created vim connector successfully</status_message> <vim_connector_id>my-ucs-30</vim_connector_id> <event> <type>CREATE_VIM_CONNECTOR</type> </event> </escEvent> </notification>
ESC 2.3 only support one VIM and one VIM user combination per ESC instance. If the VIM and a user is already configured, request to create more will be rejected.
VIM username and password can be updated at anytime. VIM endpoint will not be able to update after a resource is created through ESC.
After VIM is connected and VIM user is authenticated, VIM and VIM user can no longer be deleted, only VIM username and password can be updated.
The name of a VIM property or VIM user credentials property is not case sensitive, e.g. OS_AUTH_URL and os_auth_url is the same to ESC.
Rsyslog parameters are optional. If there is a need for customization after booting an ESC VM, you can edit the files in ESC VM (/etc/rsyslog.d/).
Step 1 | Editing the Rsyslog
file:
For further information on Rsyslog configuration, see the Red Hat documentation. | ||
Step 2 | Configuring the ESC log
file:Configure which ESC log files you want to forward to the rsyslog
server:
| ||
Step 3 | Restart the
rsyslog service
# service rsyslog restart | ||
Step 4 | Configure
the server side to receive forwarded logs.
|
Step 1 | Open the
NTP configuration file /etc/ntp.conf in a text editor such as vi, or create a
new one if it does not already exist:
# vi /etc/ntp.conf |
Step 2 | Add or edit
the list of public NTP servers. If you don't specify the NTP server through the
installation, the file should contain the following default lines, but feel
free to change or expand these according to your needs:
server 0.rhel.pool.ntp.org iburst server 1.rhel.pool.ntp.org iburst server 2.rhel.pool.ntp.org iburst server 3.rhel.pool.ntp.org iburst server <your_ntp_server_ip> iburstThe iburst directive at the end of each line speeds up the initial synchronization. |
Step 3 | Once you
have the list of servers complete, in the same file, set the proper
permissions, giving the unrestricted access to localhost only. Make sure those
lines are there in your configure file.
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 |
Step 4 | Save all
changes, exit the editor, and restart the NTP daemon:
# service ntpd restart |
Step 5 | Make sure
that ntpd is started at boot time:
# chkconfig ntpd on |
Step 1 | The
/etc/resolv.conf file contains the configuration for the DNS client (resolver).
It typically looks something like this:
search domain.com nameserver 8.8.4.4 |
Step 2 | You may
modify the IP address of the "nameserver" item or add new nameserver records.
search domain.com nameserver <your_first_dns_ip> nameserver <your_second_dns_ip> |
Step 3 | Restart
Network Service.
service network restart |
The /etc/hosts file allows you to add, edit, or remove hosts . This file contains IP addresses and their corresponding hostnames. If your network contains computers whose IP addresses are not listed in DNS, it is recommended that you add them to the /etc/hosts file.
For ESC VM, in /etc the file "localtime" is a link to or copy of a file containing information about your time zone. Access your zone information files from /usr/share/zoneinfo. To change the time zone, find your country, your city or a city in the same time zone from zone information files in /usr/share/zoneinfo and link it to the localtime in the /etc file.
$ ln \-sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime