Discovery of Spine and Leaf is failing

Dears

Driver discovery for Cisco APIC primary controller has completed and snapshot completed.

However when we try to discover Spine and Leaf switches from APIC primary controller it is failing with below error,

Failed to execute command: Error: URL: http://127.0.0.1:7777/api//mo/topology/pod-/node-/sys/ch.xml?query-target=self

I had enabled HTTP/HTTPS for APIC and enabled the special variable get_all to true.

Please note from NNM if we want to discover Spine and leaf switches from APIC, we do below,

Import APIC certificate in NNM.
Create an web service user in APIC and use that user to connect to APIC and discover Spine and Leaf switches.

Do we need to follow the same or is it different.

  • 0  

    Hi,

    You shouldn't need to do a discover driver on leaf or spines. When the controller adds them in to NA, they will get assigned the driver needed.  

    Were you able to follow the steps I provided in your prior leaf / spine post from a week or two ago?  

    Key question: how are these getting added to NA?  

    thanks,

    Chris

  • 0 in reply to   

    Chris

    We are populating APIC primary controller from NNM into NA and trying to discover APIC Fabric information including Spine and Leaf switches in NA using Diagnostic task

    Diagnostic details I am trying to run is,

    ACI Fabric Node Information of Leaf and Spine
    ACI Fabric Nodes information

    and it is failing with the error as posted.

    Please note we had not populating Spine and Leaf switches using NNM and NA integration.

    Yes, I had gone through your earlier post.

  • Suggested Answer

    0   in reply to 

    OK, bit of a recap from the prior post but think this may be useful just to re-check the contexts you are working with....

    Controller #1 will run a mod diag task

                    This will collect the contexts (leaf and spine switches)

                                    If they don't already exist, they will get added in NA

                                                    Each context will show two events you should be looking for:

                                                                    Device Added  - NA adds the context into Inventory

                                                                    Device Edited - NA will assign the driver

                                                                                    Added By             Network Automation

                                                                                    Summary             Device Edited

                                                                                    Description         DriverName: None => Cisco APIC controllers, OS version 1.x, 2.x, 3.x, 4.x & 5.x; Nexus leaf & spine switches, NX-OS version 12.x, 13.x, 14.x & 15.x

     

    Let's pause here and please check one of the contexts you are troubleshooting to make sure that:

    * it was added from the controller (not NNMi)

    * You see the two events I mention

    If that looks good, continue and check:

    For a context (leaf or spine switch):

    1)            Edit / Edit Device Managed IP Addresses

                                    Port IP                                              Used To Access Device                         Type

                                    APIC Controller #1's IP                    yes                                                         Internal Through

     If you don't see the above, something is wrong, it wasn't added as expected, someone tried to "fix" it, etc. 

     

     2)            Edit Device

                                    Expand Password Information

                                                    It mostly likely will show:

                                                                    * Use device-specific password information

                                                                                    username            whatever worked for controller #1

                                                                                    password            whatever worked for controller #1

                                                                                    confirm password            whatever worked for controller #1

                                                                                    .....

                                    Expand Connection Information

                                                    Make sure HTTP or HTTPS is checked (yes, you say you enabled it, but just want to make sure this is enabled here)

     

    Notes:

    * If the contexts need to use a different set of credentials, I'm going to suggest you open a support case (this is possible, but not simple and will involve a HF).   

    * If the contexts need to use a certificate, I'll suggest you work with support, again, that's not going to be an easy fix. 

    * If you / someone is trying to manually add contexts, while technically it's possible, I can't suggest it.  The amount of customization and DB work that would be involved is quite large.  Let NA do what NA does and you'll be ahead of the game.  :-)

     Let's say everything above is fine, but snapshots are failing for a context...

    (there will be a follow up, but let's start here)

    Run a take snapshot task on just the one context you looked at above (make sure you don't have other tasks running at the same time for the controller - so no other contexts) - this is key.  

                    Enable session logging.

                                    Let task run and fail.

                                                    When it is done, look at the session log.

                                                                    Does it connect to controller #1?

                                                                    Does it log in to controller #1 successfully?

                                                                    Does it issue the commands on controller #1 successfully?

                                                                                    (example) Send: show running-config leaf 999\r\n (leaf will say spine if you're doing a spine and the number will be different for you)

                                                                    Does it connect to the context?

                                                                    Does it log into the context successfully?

                                                                              If not, did it try to use the expected credentials that you saw in Edit Device (above)?

                                                                    Does it issue the commands on the context successfully (CLI and HTTP / HTTPS)?                                                          

    In the list of questions above, what works and what does NOT work? 

                    This will determine what we do next....

     Also, two other questions:

    1) How many contexts are managed by a controller?

    2) What is the build number of your APIC driver?  

    Good luck,

    Chris