The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
In addition to the Cisco NX-OS CLI, Cisco Nexus Series switches support access to the Bourne-Again SHell (Bash). Bash interprets commands that you enter or commands that are read from a shell script. Using Bash enables access to the underlying Linux system on the device and to manage the system.
The Bash shell has the following guidelines and limitations:
When you define a link-local address for an interface, Netstack installs a /64 prefix on the net device in the kernel.
When a new link-local address is configured on the kernel, the kernel installs a /64 route in the kernel routing table.
If the peer box's interface is not configured with a link-local address that falls in the same /64 subnet, the ping is not successful from the bash prompt. A Cisco NX-OS ping works fine.
The binaries in the /isan folder are meant to be run in an environment which is set up differently from the environment of the shell that you enter by the run bash command. It is advisable not to use these binaries from the Bash shell as the behavior within this environment isn't predictable.
When importing Cisco Python modules, don't use Python from the Bash shell. Instead use the more recent Python in NX-OS VSH.
Some processes and show commands can cause a large amount of output. If you are running scripts, and need to terminate long-running output, use Ctrl+C (not Ctrl+Z) to terminate the command output. If you use Ctrl+Z, this key command can generate a SIGCONT (signal continuation) message, which can cause the script to halt. Scripts that are halted through SIGCONT messages require user intervention to resume operation.
If the show tech support command is running and you must kill it, don't use the clear tech-support lock command. Use Ctrl+C.
The reason is that clear tech-support lock doesn't kill the background VSH session where the actual collection of tech-support information happens. Instead, clear tech-support lock command kills only the foreground VSH session where the show tech support CLI is called.
To correctly kill the show tech-support session, use Ctrl+C.
If you accidentally used clear tech-support lock, perform the following steps to kill the background VSH process:
Enter the Bash shell.
Locate the VSH session (ps -l | more ) for the show tech support command.
Kill the PID associated with the VSH for the show tech support session, for example, kill -9 PID .
Beginning with Cisco NX-OS Release 10.3(2)F, the consent token for bash access feature provides support for consent token to enable shell access on NX-OS. However, this feature works only in Trust Anchor Module (TAM) based devices. This feature is supported on all Cisco Nexus 9000 Series platform switches except Cisco Nexus 9808 platform switches. The following limitations are applicable:
Write-Erase reload is required to disable this configuration.
ISSD is supported only on a release that has the consent token feature.
When this configuration is enabled, NX-API/Netconf/Restconf do not work and an error indicating the reason appears.
Config-replace is allowed only if the command is present in the new configuration or file.
Changing boot-variable, copying running-config startup-config, and reloading the device is not recommended when consent token is enabled.
To enable the consent token that restricts the Bash access, perform the following command.
system security consent-token shell-access [ <timeout> ] [force]
If you do not provide any value to the timeout parameter, then the default value of 5 minutes is considered. The maximum value for the timeout parameter is 2880 minutes, that is, 2 days.
After the command enables the feature, the device will be in the consent-token secure mode, and access to the shell is granted to the user for the time-period specified in the <timeout> parameter of this command.
By default, the command is interactive. Use the force keyword to enable the consent-token mode forcefully (noninteractive).
 Note |
The no form of this command cannot be used to disable the command (for security reason). Hence, to disable this command, perform write-erase-reload on the device. |
To verify the status of the consent token feature, use the show system security consent-token command.
In Cisco NX-OS, Bash is accessible from user accounts that are associated with the Cisco NX-OS dev-ops role or the Cisco NX-OS network-admin role.
The following example shows the authority of the dev-ops role and the network-admin role:
switch# show role name dev-ops
Role: dev-ops
Description: Predefined system role for devops access. This role
cannot be modified.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
4 permit command conf t ; username *
3 permit command bcm module *
2 permit command run bash *
1 permit command python *
switch# show role name network-admin
Role: network-admin
Description: Predefined network admin role has access to all commands
on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
switch#
Bash is enabled by running the feature bash-shell command.
The run bash command loads Bash and begins at the home directory for the user.
The following examples show how to enable the Bash shell feature and how to run Bash.
switch# configure terminal
switch(config)# feature bash-shell
switch# run?
run Execute/run program
run-script Run shell scripts
switch# run bash?
bash Linux-bash
switch# run bash
bash-4.2$ whoami
admin
bash-4.2$ pwd
/bootflash/home/admin
bash-4.2$
Note |
You can also execute Bash commands with run bash command . For instance, you can run whoami using run bash command : You can also run Bash by configuring the user shelltype : This command puts you directly into the Bash shell upon login. This does not require feature bash-shell to be enabled. |
The privileges of an admin user can escalate their privileges for root access.
The following are guidelines for escalating privileges:
admin privilege user (network-admin / vdc-admin) is equivalent of Linux root privilege user in NX-OS
Only an authenticated admin user can escalate privileges to root, and password is not required for an authenticated admin privilege user *
Bash must be enabled before escalating privileges.
SSH to the switch using root username through a non-management interface will default to Linux Bash shell-type access for the root user. Type vsh to return to NX-OS shell access.
* From Cisco NX-OS Release 9.2(3) onward, if password prompting is required for some use case even for admin (user with role network-admin) privilege user, enter the system security hardening sudo prompt-password command.
NX-OS network administrator users must escalate to root to pass configuration commands to the NX-OS VSH if:
The NX-OS user has a shell-type Bash and logs into the switch with a shell-type Bash.
The NX-OS user that logged into the switch in Bash continues to use Bash on the switch.
Run sudo su 'vsh -c "<configuration commands>"' or sudo bash -c 'vsh -c "<configuration commands>"'.
ssh -l MyUser 1.2.3.4
-bash-4.2$ sudo vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
The following example demonstrates with network administrator user MyUser with default shell type Bash entering the NX-OS and then running Bash on the NX-OS:
ssh -l MyUser 1.2.3.4
-bash-4.2$ vsh -h
Cisco NX-OS Software
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
Nexus 9000v software ("Nexus 9000v Software") and related documentation,
files or other reference materials ("Documentation") are
the proprietary property and confidential information of Cisco
Systems, Inc. ("Cisco") and are protected, without limitation,
pursuant to United States and International copyright and trademark
laws in the applicable jurisdiction which provide civil and criminal
penalties for copying or distribution without Cisco's authorization.
Any use or disclosure, in whole or in part, of the Nexus 9000v Software
or Documentation to any third party for any purposes is expressly
prohibited except as otherwise authorized by Cisco in writing.
The copyrights to certain works contained herein are owned by other
third parties and are used and distributed under license. Some parts
of this software may be covered under the GNU Public License or the
GNU Lesser General Public License. A copy of each such license is
available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
***************************************************************************
* Nexus 9000v is strictly limited to use for evaluation, demonstration *
* and NX-OS education. Any use or disclosure, in whole or in part of *
* the Nexus 9000v Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
***************************************************************************
switch# run bash
bash-4.2$ vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interface eth1/2 brief"
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/2 -- eth routed down Administratively down auto(D) --
Note |
Do not use sudo su - or the system hangs. |
The following example shows how to escalate privileges to root and how to verify the escalation:
switch# run bash
bash-4.2$ sudo su root
bash-4.2# whoami
root
bash-4.2# exit
exit
This section contains examples of Bash commands and output.
The following example displays system statistics:
switch# run bash
bash-4.2$ cat /proc/meminfo
<snip>
MemTotal: 16402560 kB
MemFree: 14098136 kB
Buffers: 11492 kB
Cached: 1287880 kB
SwapCached: 0 kB
Active: 1109448 kB
Inactive: 717036 kB
Active(anon): 817856 kB
Inactive(anon): 702880 kB
Active(file): 291592 kB
Inactive(file): 14156 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 32 kB
Writeback: 0 kB
AnonPages: 527088 kB
Mapped: 97832 kB
<\snip>
The following example runs ps from Bash using run bash command :
switch# run bash ps -el
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1 0 0 80 0 - 528 poll_s ? 00:00:03 init
1 S 0 2 0 0 80 0 - 0 kthrea ? 00:00:00 kthreadd
1 S 0 3 2 0 80 0 - 0 run_ks ? 00:00:56 ksoftirqd/0
1 S 0 6 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/0
1 S 0 7 2 0 -40 - - 0 watchd ? 00:00:00 watchdog/0
1 S 0 8 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/1
1 S 0 9 2 0 80 0 - 0 worker ? 00:00:00 kworker/1:0
1 S 0 10 2 0 80 0 - 0 run_ks ? 00:00:00 ksoftirqd/1
Managing Feature RPMs
Use these procedures to verify that the system is ready before installing or adding an RPM.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# show logging logfile | grep -i "System ready" |
Before running Bash, this step verifies that the system is ready before installing or adding an RPM. Proceed if you see output similar to the following: 2018 Mar 27 17:24:22 switch %ASCII-CFG-2-CONF_CONTROL: System ready |
|
Step 2 |
switch# run bash sudo su Example: |
Loads Bash. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
sudo dnf installed | grep platform |
Displays a list of the NX-OS feature RPMs installed on the switch. |
|
Step 2 |
dnf list available |
Displays a list of the available RPMs. |
|
Step 3 |
sudo dnf -y install rpm |
Installs an available RPM. |
The following is an example of installing the bfd RPM:
bash-4.2$ dnf list installed | grep n9000
base-files.n9000 3.0.14-r74.2 installed
bfd.lib32_n9000 1.0.0-r0 installed
core.lib32_n9000 1.0.0-r0 installed
eigrp.lib32_n9000 1.0.0-r0 installed
eth.lib32_n9000 1.0.0-r0 installed
isis.lib32_n9000 1.0.0-r0 installed
lacp.lib32_n9000 1.0.0-r0 installed
linecard.lib32_n9000 1.0.0-r0 installed
lldp.lib32_n9000 1.0.0-r0 installed
ntp.lib32_n9000 1.0.0-r0 installed
nxos-ssh.lib32_n9000 1.0.0-r0 installed
ospf.lib32_n9000 1.0.0-r0 installed
perf-cisco.n9000_gdb 3.12-r0 installed
platform.lib32_n9000 1.0.0-r0 installed
shadow-securetty.n9000_gdb 4.1.4.3-r1 installed
snmp.lib32_n9000 1.0.0-r0 installed
svi.lib32_n9000 1.0.0-r0 installed
sysvinit-inittab.n9000_gdb 2.88dsf-r14 installed
tacacs.lib32_n9000 1.0.0-r0 installed
task-nxos-base.n9000_gdb 1.0-r0 installed
tor.lib32_n9000 1.0.0-r0 installed
vtp.lib32_n9000 1.0.0-r0 installed
bash-4.2$ dnf list available
bgp.lib32_n9000 1.0.0-r0
bash-4.2$ sudo dnf -y install bfdNote |
Upon switch reload during boot up, use the rpm command instead of dnf for persistent RPMs. Otherwise, RPMs initially installed using dnf bash or install cli shows |
There must be a higher version of the RPM in the dnf repository.
| Command or Action | Purpose |
|---|---|
|
sudo dnf -y upgraderpm |
Upgrades an installed RPM. |
The following is an example of upgrading the bfd RPM:
bash-4.2$ sudo dnf -y upgrade bfd| Command or Action | Purpose |
|---|---|
|
sudo dnf -y downgraderpm |
Downgrades the RPM if any of the dnf repositories has a lower version of the RPM. |
The following example shows how to downgrade the bfd RPM:
bash-4.2$ sudo dnf -y downgrade bfdNote |
The SNMP RPM and the NTP RPM are protected and cannot be erased. You can upgrade or downgrade these RPMs. It requires a system reload for the upgrade or downgrade to take effect. For the list of protected RPMs, see /etc/dnf/protected.d/protected_pkgs.conf. |
| Command or Action | Purpose |
|---|---|
|
sudo dnf -y eraserpm |
Erases the RPM. |
The following example shows how to erase the bfd RPM:
bash-4.2$ sudo dnf -y erase bfdBeginning with NX-OS release 9.3(1), the Cisco NX-OS image supports DME modularity, which interoperates with the switch's RPM manager to enable non-intrusive upgrade or downgrade of DME RPMs. Non-intrusive upgrade or downgrade enables installing RPMs without performing a system restart and prevents disturbing other applications that have their configs in the DME database. DME Modularity enables you to apply model changes to the switch without an ISSU or system reload.
Note |
After loading the DME RPM, you must restart VSH to enable querying the new MOs. |
Beginning with Cisco NX-OS Release 10.3(1)F, DME Infra is supported on the Cisco Nexus 9808 platform switches.
By default, the base DME RPM, which is a mandatory upgradeable RPM package, is installed and active when you upgrade to NX-OS
release 9.3(1). The DME RPM is installed in the default install directory for RPM files, which is /rpms.
If you make code or model changes, you will need to install the DME RPM. To install it, use either the NX-OS RPM manager, which uses the install command, or standard RPM tools, such as dnf . If you use dnf , you will need access to the switch's Bash shell.
|
Step 1 |
copy path-to-dme-rpm bootflash: [//sup-#][ /path] Example:Copies the DME RPM to bootflash through SCP. |
|
Step 2 |
Choose any of the following methods to install or upgrade the DME RPM. To use the NX-OS install command:
To use dnf install :
|
You can verify that the DME RPM is installed by using either the NX-OS show install command or dnf list .
|
Choose the method:
|
You can query the on-switch (local) repo to verify that the RPM is present.
|
Step 1 |
run bash Example:Logs in to the switch's Bash shell. |
|
Step 2 |
ls /bootflash/.rpmstore/patching/localrepo/dme-2.0.1.0-9.3.1.lib32_n9000.rpm Example:When the base DME RPM is installed, it is in |
You can downgrade from a higher version of DME RPM to a lower version through either the NX-OS install command or dnf . By downgrading, you retain the DME Modularity functionality.
The DME RPM is protected, so install deactivate and install remove are not supported.
|
Choose the downgrade method:
In this example, the DME RPM was downgraded to version 2.0.1.0-9.3.1. For dnf , you must run commands in Bash shell as root user (run bash sudo su ):
|
You can downgrade from a higher version of the DME RPM to the base DME RPM by either installing the base DME RPM through the NX-OS install command or using dnf downgrade .
|
Choose the downgrade method:
For dnf , you must run commands in Bash shell as root user (run bash sudo su ):
|
Managing Patch RPMs
Use these procedures to verify that the system is ready before installing or adding an RPM.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# show logging logfile | grep -i "System ready" |
Before running Bash, this step verifies that the system is ready before installing or adding an RPM. Proceed if you see output similar to the following: 2018 Mar 27 17:24:22 switch %ASCII-CFG-2-CONF_CONTROL: System ready |
|
Step 2 |
switch# run bash sudo su Example: |
Loads Bash. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
dnf list --patch-only |
Displays a list of the patch RPMs present on the switch. |
|
Step 2 |
sudo dnf install --add URL_of_patch |
Adds the patch to the repository, where URL_of_patch is a well-defined format, such as bootflash:/patch, not in standard Linux format, such as /bootflash/patch. |
|
Step 3 |
dnf list --patch-only available |
Displays a list of the patches that are added to the repository but are in an inactive state. |
The following is an example of installing the nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 RPM:
bash-4.2# dnf list --patch-only
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
bash-4.2#
bash-4.2# sudo dnf install --add bootflash:/nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000.rpm
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
[############## ] 70%Install operation 135 completed successfully at Tue Mar 27 17:45:34 2018.
[####################] 100%
bash-4.2#
Once the patch RPM is installed, verify that it was installed properly. The following command lists the patches that are added to the repository and are in the inactive state:
bash-4.2# dnf list --patch-only available
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
nxos.CSCab00001-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 patching
bash-4.2#
You can also add patches to a repository from a tar file, where the RPMs are bundled in the tar file. The following example shows how to add two RPMs that are part of the nxos.CSCab00002_CSCab00003-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 tar file to the patch repository:
bash-4.2# sudo dnf install --add bootflash:/nxos.CSCab00002_CSCab00003-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000.tar
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
[############## ] 70%Install operation 146 completed successfully at Tue Mar 27 21:17:39 2018.
[####################] 100%
bash-4.2#
bash-4.2# dnf list --patch-only
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
patching/primary | 942 B 00:00 ...
patching 2/2
thirdparty | 951 B 00:00 ...
nxos.CSCab00003-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 patching
nxos.CSCab00002-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 patching
bash-4.2#
| Command or Action | Purpose | ||
|---|---|---|---|
|
sudo dnf install patch_RPM --nocommit |
Activates the patch RPM, where patch_RPM is a patch that is located in the repository. Do not provide a location for the patch in this step.
|
The following example shows how to activate the nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 patch RPM:
bash-4.2# sudo dnf install nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 --nocommit
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nxos.CSCab00001-n9k_ALL.lib32_n9000 0:1.0.0-7.0.3.I7.3 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================
Package Arch Version Repository Size
===================================================================================
Installing:
nxos.CSCab00001-n9k_ALL lib32_n9000 1.0.0-7.0.3.I7.3 patching 28 k
Transaction Summary
===================================================================================
Install 1 Package
Total download size: 28 k
Installed size: 82 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 1/1
[################## ] 90%error: reading /var/sysmgr/tmp/patches/CSCab00001-n9k_ALL/isan/bin/sysinfo manifest, non-printable characters found
Installed:
nxos.CSCab00001-n9k_ALL.lib32_n9000 0:1.0.0-7.0.3.I7.3
Complete!
Install operation 140 completed successfully at Tue Mar 27 18:07:40 2018.
[####################] 100%
bash-4.2#
Enter the following command to verify that the patch RPM was activated successfully:
bash-4.2# dnf list --patch-only
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
nxos.CSCab00001-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 installed
bash-4.2#
| Command or Action | Purpose |
|---|---|
|
sudo dnf install patch_RPM --commit |
Commits the patch RPM. The patch RPM must be committed to keep it active after reloads. |
The following example shows how to commit the nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 patch RPM:
bash-4.2# sudo dnf install nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 --commit
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
Install operation 142 completed successfully at Tue Mar 27 18:13:16 2018.
[####################] 100%
bash-4.2#
Enter the following command to verify that the patch RPM was committed successfully:
bash-4.2# dnf list --patch-only committed
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
nxos.CSCab00001-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 installed
bash-4.2#
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
sudo dnf erase patch_RPM --nocommit |
Deactivates the patch RPM.
|
||
|
Step 2 |
sudo dnf install patch_RPM --commit |
Commits the patch RPM. You will get an error message if you try to remove the patch RPM without first committing it. |
The following example shows how to deactivate the nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 patch RPM:
bash-4.2# sudo dnf erase nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 --nocommit
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package nxos.CSCab00001-n9k_ALL.lib32_n9000 0:1.0.0-7.0.3.I7.3 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================
Package Arch Version Repository Size
===================================================================================
Removing:
nxos.CSCab00001-n9k_ALL lib32_n9000 1.0.0-7.0.3.I7.3 @patching 82 k
Transaction Summary
===================================================================================
Remove 1 Package
Installed size: 82 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
[###### ] 30%error: reading /var/sysmgr/tmp/patches/CSCab00001-n9k_ALL/isan/bin/sysinfo manifest, non-printable characters found
Erasing : nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 1/1
[################## ] 90%
Removed:
nxos.CSCab00001-n9k_ALL.lib32_n9000 0:1.0.0-7.0.3.I7.3
Complete!
Install operation 143 completed successfully at Tue Mar 27 21:03:47 2018.
[####################] 100%
bash-4.2#
You must commit the patch RPM after deactivating it. If you do not commit the patch RPM after deactivating it, you will get an error message if you try to remove the patch RPM using the instructions in Removing a Patch RPM.
bash-4.2# sudo dnf install nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 --commit
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
Install operation 144 completed successfully at Tue Mar 27 21:09:28 2018.
[####################] 100%
bash-4.2#
Enter the following command to verify that the patch RPM has been committed successfully:
bash-4.2# dnf list --patch-only
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
nxos.CSCab00001-n9k_ALL.lib32_n9000 1.0.0-7.0.3.I7.3 patching
bash-4.2#
| Command or Action | Purpose |
|---|---|
|
sudo dnf install --remove patch_RPM |
Removes an inactive patch RPM. |
The following example shows how to remove the nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000 patch RPM:
bash-4.2# sudo dnf install --remove nxos.CSCab00001-n9k_ALL-1.0.0-7.0.3.I7.3.lib32_n9000
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
[########## ] 50%Install operation 145 completed successfully at Tue Mar 27 21:11:05 2018.
[####################] 100%
bash-4.2#
Note |
If you see the following error message after attempting to remove the patch RPM: Install operation 11 "failed because patch was not committed". at Wed Mar 28 22:14:05 2018 Then you did not commit the patch RPM before attempting to remove it. See Deactivating a Patch RPM for instructions on committing the patch RPM before attempting to remove it. |
Enter the following command to verify that the inactive patch RPM was removed successfully:
bash-4.2# dnf list --patch-only
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching,
: protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
patching/primary | 197 B 00:00 ...
thirdparty | 951 B 00:00 ...
bash-4.2#
Your application should have a startup Bash script that gets installed in /etc/init.d/application_name. This startup Bash script should have the following general format (for more information on this format, see http://linux.die.net/man/8/chkconfig).
#!/bin/bash
#
# <application_name> Short description of your application
#
# chkconfig: 2345 15 85
# description: Short description of your application
#
### BEGIN INIT INFO
# Provides: <application_name>
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Description: Short description of your application
### END INIT INFO
# See how we were called.
case "$1" in
start)
# Put your startup commands here
# Set RETVAL to 0 for success, non-0 for failure
;;
stop)
# Put your stop commands here
# Set RETVAL to 0 for success, non-0 for failure
;;
status)
# Put your status commands here
# Set RETVAL to 0 for success, non-0 for failure
;;
restart|force-reload|reload)
# Put your restart commands here
# Set RETVAL to 0 for success, non-0 for failure
;;
*)
echo $"Usage: $prog {start|stop|status|restart|force-reload}"
RETVAL=2
esac
exit $RETVAL|
Step 1 |
Install your application startup Bash script that you created into /etc/init.d/application_name |
|
Step 2 |
Start your application with /etc/init.d/application_name start |
|
Step 3 |
Enter chkconfig --add application_name |
|
Step 4 |
Enter chkconfig --level 3 application_name on Run level 3 is the standard multi-user run level, and the level at which the switch normally runs. |
|
Step 5 |
Verify that your application is scheduled to run on level 3 by running chkconfig --list application_name and confirm that level 3 is set to on |
|
Step 6 |
Verify that your application is listed in /etc/rc3.d. You should see something like this, where there is an 'S' followed by a number, followed by your application name (tcollector in this example), and a link to your Bash startup script in ../init.d/application_name |
lrwxrwxrwx 1 root root 20 Sep 25 22:56 /etc/rc3.d/S15tcollector -> ../init.d/tcollector
bash-4.2#
Cisco Nexus 9500 platform switches are generally configured with two supervisor modules to provide high availability (one active supervisor module and one standby supervisor module). Each supervisor module has its own bootflash file system for file storage, and the Active and Standby bootflash file systems are generally independent of each other. If there is a need for specific content on the active bootflash, that same content is probably also needed on the standby bootflash in case there is a switchover at some point.
Before the Cisco NX-OS 9.2(2) release, you had to manually manage this content between the Active and Standby supervisor modules. Starting with Cisco NX-OS 9.2(2), certain files and directories on the active supervisor module, or active bootflash (/bootflash), can be automatically synchronized to the standby supervisor module, or standby bootflash (/bootflash_sup-remote), if the standby supervisor module is up and available. You can select the files and directories to be synchronized by loading Bash on your switch, then adding the files and directories that you would like to have synchronized from the active bootflash to the standby bootflash into the editable file /bootflash/bootflash_sync_list.
For example:
switch# run bash
bash-4.2# echo "/bootflash/home/admin" | sudo tee --append /bootflash/bootflash_sync_list
bash-4.2# echo "/bootflash/nxos.7.0.3.I7.3.5.bin" | sudo tee --append /bootflash/bootflash_sync_list
bash-4.2# cat /bootflash/bootflash_sync_list
/bootflash/home/admin
/bootflash/nxos.7.0.3.I7.3.5.bin
When changes are made to the files or directories on the active bootflash, these changes are automatically synchronized to standby bootflash, if the standby bootflash is up and available. If the standby bootflash is rebooted, either as a regular boot, switchover or manual standby reload, a catch-up synchronization of changes to the active bootflash is pushed out to the standby bootflash, once the standby supervisor comes online.
Following are the characteristics and restrictions for the editable /bootflash/bootflash_sync_list file:
The /bootflash/bootflash_sync_list file is automatically created on the first run and is empty at that initial creation state.
Entries in the /bootflash/bootflash_sync_list file follow these guidelines:
One entry per line
Entries are given as Linux paths (for example, /bootflash/img.bin)
Entries must be within the /bootflash file system
The /bootflash/bootflash_sync_list file itself is automatically synchronized to the standby bootflash. You can also manually copy the /bootflash/bootflash_sync_list file to or from the supervisor module using the copy virtual shell (VSH) command.
You can edit the /bootflash/bootflash_sync_list file directly on the supervisor module with the following command:
run bash vi /bootflash/bootflash_sync_list
All output from the synchronization event is redirected to the log file /var/tmp/bootflash_sync.log. You can view or tail this log file using either of the following commands:
run bash less /var/tmp/bootflash_sync.log
run bash tail -f /var/tmp/bootflash_sync.log
The synchronization script will not delete files from the standby bootflash directories unless it explicitly receives a delete event for the corresponding file on the active bootflash directories. Sometimes, the standby bootflash might have more used space than the active bootflash, which results in the standby bootflash running out of space when the active bootflash is synchronizing to it. To make the standby bootflash an exact mirror of the active bootflash (to delete any extra files on the standby bootflash), enter the following command:
run bash sudo rsync -a --delete /bootflash/ /bootflash_sup-remote/
The synchronization script should continue to run in the background without crashing or exiting. However, if it does stop running for some reason, you can manually restart it using the following command:
run bash sudo /isan/etc/rc.d/rc.isan-start/S98bootflash_sync.sh start
In Cisco NX-OS release 9.3(1) and later, file copy operations have the option of running through a different network stack by using the use-kstack option. Copying files through use-kstack enables faster copy times. This option can be beneficial when copying files from remote servers that are multiple hops from the switch. The use-kstack option work with copying files from, and to, the switch though standard file copy features, such as scp and sftp.
Note |
The use-kstack option does not work when the switch is running the FIPS mode feature. If the switch has FIPS mode that is enabled, the copy operation is still successful, but through the default copy method. |
To copy through use-kstack , append the argument to the end of an NX-OS copy command. Some examples:
switch-1# copy scp://test@10.1.1.1/image.bin . vrf management use-kstack
switch-1#
switch-1# copy scp://test@10.1.1.1/image.bin bootflash:// vrf management use-kstack
switch-1#
switch-1# copy scp://test@10.1.1.1/image.bin . use-kstack
switch-1#
switch-1# copy scp://test@10.1.1.1/image.bin bootflash:// vrf default use-kstack
switch-1#The use-kstack option is supported for all NX-OS copy commands and file systems. The option is OpenSSL (Secure Copy) certified.
The following example demonstrates an application in the Native Bash Shell:
bash-4.2# cat /etc/init.d/hello.sh
#!/bin/bash
PIDFILE=/tmp/hello.pid
OUTPUTFILE=/tmp/hello
echo $$ > $PIDFILE
rm -f $OUTPUTFILE
while true
do
echo $(date) >> $OUTPUTFILE
echo 'Hello World' >> $OUTPUTFILE
sleep 10
done
bash-4.2#
bash-4.2#
bash-4.2# cat /etc/init.d/hello
#!/bin/bash
#
# hello Trivial "hello world" example Third Party App
#
# chkconfig: 2345 15 85
# description: Trivial example Third Party App
#
### BEGIN INIT INFO
# Provides: hello
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Description: Trivial example Third Party App
### END INIT INFO
PIDFILE=/tmp/hello.pid
# See how we were called.
case "$1" in
start)
/etc/init.d/hello.sh &
RETVAL=$?
;;
stop)
kill -9 `cat $PIDFILE`
RETVAL=$?
;;
status)
ps -p `cat $PIDFILE`
RETVAL=$?
;;
restart|force-reload|reload)
kill -9 `cat $PIDFILE`
/etc/init.d/hello.sh &
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|status|restart|force-reload}"
RETVAL=2
esac
exit $RETVAL
bash-4.2#
bash-4.2# chkconfig --add hello
bash-4.2# chkconfig --level 3 hello on
bash-4.2# chkconfig --list hello
hello 0:off 1:off 2:on 3:on 4:on 5:on 6:off
bash-4.2# ls -al /etc/rc3.d/*hello*
lrwxrwxrwx 1 root root 15 Sep 27 18:00 /etc/rc3.d/S15hello -> ../init.d/hello
bash-4.2#
bash-4.2# rebootAfter reload
bash-4.2# ps -ef | grep hello
root 8790 1 0 18:03 ? 00:00:00 /bin/bash /etc/init.d/hello.sh
root 8973 8775 0 18:04 ttyS0 00:00:00 grep hello
bash-4.2#
bash-4.2# ls -al /tmp/hello*
-rw-rw-rw- 1 root root 205 Sep 27 18:04 /tmp/hello
-rw-rw-rw- 1 root root 5 Sep 27 18:03 /tmp/hello.pid
bash-4.2# cat /tmp/hello.pid
8790
bash-4.2# cat /tmp/hello
Sun Sep 27 18:03:49 UTC 2015
Hello World
Sun Sep 27 18:03:59 UTC 2015
Hello World
Sun Sep 27 18:04:09 UTC 2015
Hello World
Sun Sep 27 18:04:19 UTC 2015
Hello World
Sun Sep 27 18:04:29 UTC 2015
Hello World
Sun Sep 27 18:04:39 UTC 2015
Hello World
bash-4.2#
Feedback