09-07-2016 08:37 AM - edited 03-01-2019 04:31 AM
Deploying/Enabling SSH during device turn up is an interactive process at the moment.
Can APIC-EM REST API configure SSH via the API? This same use case can be applied to any configuration that is interactive in nature...the IOS asks you questions or to confirm a change/selected.
Thank You,
Dan
09-07-2016 09:52 AM
Currently APIC-EM does not provide for arbitrary CLI automation. That's where something like Prime Infrastructure fits today. PI will allow you to create a template to perform all kinds of CLI changes (including interactive commands). PI also offers a northbound REST API so that you can upload templates and trigger them to run.
That said, the PnP process can bootstrap a device with SSHv2, including keys so that the device goes from zero (i.e., out of the box) to fully manageable by APIC-EM and Prime Infra.
09-07-2016 10:24 AM
To clarify with PnP you can import the keys and commands without having to go through the interactive prompt? Would this mean using a predefined RSA key pair and not having the device generate their own? I ask the second question as importing a key may work but it would not be unique to the device it sounds.
Thank you again as your earlier reply was quite helpful!
Dan
09-07-2016 10:34 AM
Hmmm, maybe I was confused on what keys you're talking about. I was referring to a private key in order to enable SSH. That said, PnP deals with the config of the device, so if you're talking about users' SSH public keys, then, yes. You can have a config template that has the fingerprints of public keys. I have successfully generated those in a config template that I've pushed to APIC-EM in order to PnP-provision a device.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community