top of page

Create NSO Docker Environments

In this activity, you will learn how to set up and create the NSO in Docker environment to use for development and production purposes. The main reason for using Docker for NSO lies in ensuring a consistent, customizable, portable environment, that can be used for both development, testing, and production purposes.

First, you will build two Docker images—base and dev. The former is used as a production NSO image and contains the bare necessities that the NSO needs to operate, and the latter is used as a development image and contains various tools and compilers. You will then use these base images to create a dedicated NSO in a Docker-based project for which you will develop, deploy, and automatically test a simple NSO service.

In addition to the project's Docker image, you will also learn how to create netsim Docker images that can be used as simulated virtual devices for your NSO in the Docker environment.

After completing this activity, you will be able to meet these objectives:

  • Build NSO Docker images.

  • Add dependencies for NSO Docker images.

  • Develop and deploy packages with NSO in Docker.

  • Create tests for packages using NSO in Docker.

  1. Connect to the Student-VM server by clicking the icon labelled NSO in the topology.


3 .Make sure that Docker is installed on the system, using the docker -v command.

The command should display your Docker version.

student@student-vm:~$ docker -v
Docker version 19.03.5, build 633a0ea838

4.List the contents of your home directory with the ls command. Make sure that both the NSO installer and the nso-docker project are present.

student@student-vm:~$ ls
Desktop                            nso-docker         snap
GNUstep                            packages           solutions
lab                                Pictures           thinclient_drives
nso300                             scripts            vscode-server.tgz

5.Unpack the NSO installer.

This installer will be used to install NSO on Docker images.

student@student-vm:~$ ./nso-5.3.2.linux.x86_64.signed.bin
Verifying signature...
Downloading CA certificate from ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of nso-5.3.2.linux.x86_64.installer.bin using tailf.cer

6. Copy the NSO installer into your no-docker repository.

student@student-vm:~$ cp nso-5.3.2.linux.x86_64.installer.bin nso-docker/nso-install-files/

7- Set the environmental variables. Set the DOCKER_REGISTRY, IMAGE_PATH and NSO_IMAGE_PATH to "nso300.gitlab.local/" and the NSO_VERSION to "5.3.2".

These variables are used to build and tag the NSO docker images. Usually, they are set within project-specific Makefiles, because multiple versions and locations of images can be used on a single machine.

student@student-vm:~$ export DOCKER_REGISTRY=nso300.gitlab.local/
student@student-vm:~$ export IMAGE_PATH=nso300.gitlab.local/
student@student-vm:~$ export NSO_IMAGE_PATH=nso300.gitlab.local/
student@student-vm:~$ export NSO_VERSION=5.3.2

8- Enter the nso-docker directory and build the two NSO images using the make command. This command takes some time to complete.

The make command executes a set of commands listed in the Makefile, that builds the base NSO image. The image should be built successfully.

student@student-vm:~$ cd nso-docker
student@student-vm:~/nso-docker$ make
The default make target will build Docker images out of all the NSO
versions found in nso-install-files/. To also run the test
suite for the built images, run 'make test-all'
make build-all

< … Output Omitted … > 

Successfully built 3147c6c654aa
Successfully tagged nso300.gitlab.local/cisco-nso-base:5.3.2-student

< … Output Omitted … > 

Successfully built 238ff3c386d7
Successfully tagged nso300.gitlab.local/cisco-nso-dev:5.3.2-student

rm -f *.bin
make[3]: Leaving directory '/home/student/nso-docker/docker-images'
make[2]: Leaving directory '/home/student/nso-docker'
make[1]: Leaving directory '/home/student/nso-docker'

9- Verify that your local Docker registry now contains a base and a dev image by using the docker images command.

These images can be used as a base for NSO development and/or production.

student@student-vm:~/nso-docker$ docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
nso300.gitlab.local/cisco-nso-base   5.3.2-student       eded19b9090b        About an hour ago   534MB
<none>                               <none>              ba882f85d30e        About an hour ago   706MB
nso300.gitlab.local/cisco-nso-dev    5.3.2-student       d97b14f50ee8        About an hour ago   1GB
<none>                               <none>              2a633be1d096        About an hour ago   706MB
debian                               buster              1b686a95ddbf        4 weeks ago         114MB

10-Re-tag the images using the make tag-release command. This action prepares the image for general use, not just for the current user.

student@student-vm:~/nso-docker$ make tag-release
docker tag nso300.gitlab.local/cisco-nso-dev:5.3.2-student nso300.gitlab.local/cisco-nso-dev:5.3.2
docker tag nso300.gitlab.local/cisco-nso-base:5.3.2-student nso300.gitlab.local/cisco-nso-base:5.3.2
student@student-vm:~/nso300$ docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
nso300.gitlab.local/cisco-nso-base   5.3.2               eded19b9090b        2 hours ago         534MB
nso300.gitlab.local/cisco-nso-base   5.3.2-student       eded19b9090b        2 hours ago         534MB
<none>                               <none>              ba882f85d30e        2 hours ago         706MB
nso300.gitlab.local/cisco-nso-dev    5.3.2               d97b14f50ee8        2 hours ago         1GB
nso300.gitlab.local/cisco-nso-dev    5.3.2-student       d97b14f50ee8        2 hours ago         1GB
<none>                               <none>              2a633be1d096        2 hours ago         706MB
debian                               buster              1b686a95ddbf        4 weeks ago         114MB

11- Enter the nso300 folder in the home directory. This directory is used as the home directory for your NSO Docker project.

student@student-vm:~/nso-docker$ cd ~/nso300

12- Copy the contents of the nso-system project skeleton from the nso-docker project into your nso300 directory.

This is how the directory structure should appear:

student@student-vm:~/nso300$ cp -r ~/nso-docker/skeletons/system/* .
student@student-vm:~/nso300$ ls  includes  nid 
extra-files    Makefile  packages      test-packages

13-Open the Makefile.

The Makefile from this project skeleton is used to set up, start, and test your project-specific NSO Docker environment. Now it contains nothing relevant. Most of the complexity is hidden in the pre-built library.

The following output shows how the file should appear when you open it for the first time:

student@student-vm:~/nso300$ vi Makefile
# You can set the default NSO_IMAGE_PATH & PKG_PATH to point to your docker
# registry so that developers don't have to manually set these variables.
# Similarly for NSO_VERSION you can set a default version. Note how the ?=
# operator only sets these variables if not already set, thus you can easily
# override them by explicitly setting them in your environment and they will be
# overridden by variables in CI.
# TODO: uncomment and fill in values for your environment
# Default variables:
#export NSO_IMAGE_PATH ?=
#export PKG_PATH ?=
#export NSO_VERSION ?= 5.4

# Include standard NID (NSO in Docker) system Makefile that defines all standard
# make targets

# The rest of this file is specific to this repository.

# For development purposes it is useful to be able to start a testenv once and
# then run the tests, defined in testenv-test, multiple times, adjusting the
# code in between each run. That is what a normal development cycle looks like.
# There is usually some form of initial configuration that we want to apply
# once, after the containers have started up, but avoid applying it for each
# invocation of testenv-test. Such configuration can be placed at the end of
# testenv-start-extra. You can also start extra containers with
# testenv-start-extra, for example netsims or virtual routers.

# TODO: you should modify the make targets below for your package
# TODO: clean up your Makefile by removing comments explaining how to do things

# Start extra containers or place things you want to run once, after startup of
# the containers, in testenv-start-extra.
        @echo "\n== Starting repository specific testenv"
# Start extra things, for example a netsim container by doing:
# docker run -td --name $(CNT_PREFIX)-my-netsim --network-alias mynetsim1 $(DOCKER_ARGS) $(IMAGE_PATH)my-ned-repo/netsim:$(DOCKER_TAG)
# Use --network-alias to give it a name that will be resolvable from NSO and
# other containers in our testenv network, i.e. in NSO, the above netsim should
# be configured with the address 'mynetsim1'.
# Make sure to include $(DOCKER_ARGS) as it sets the right docker network and
# label which other targets, such as testenv-stop, operates on. If you start an
# extra NSO container, use $(DOCKER_NSO_ARGS) and give a unique name but
# starting with '-nso', like so:
# docker run -td --name $(CNT_PREFIX)-nsofoo --network-alias nsofoo $(DOCKER_NSO_ARGS) $(IMAGE_PATH)$(PROJECT_NAME)/nso:$(DOCKER_TAG)
# Add things to be run after startup is complete. If you want to configure NSO,
# be sure to wait for it to start, using e.g.:
#docker exec -t $(CNT_PREFIX)-nso bash -lc 'ncs --wait-started 600'
# For example, to load an XML configuration file:
# docker cp test/initial-config.xml $(CNT_PREFIX)-nso:/tmp/initial-config.xml
#       $(MAKE) testenv-runcmdJ CMD="configure\n load merge /tmp/initial-config.xml\n commit"

# Place your tests in testenv-test. Feel free to define a target per test case
# and call them from testenv-test in case you have more than a handful of cases.
# Sometimes when there is a "setup" or "preparation" part of a test, it can be
# useful to separate into its own target as to make it possible to run that
# prepare phase and then manually inspect the state of the system. You can
# achieve this by further refining the make targets you have.
        @echo "\n== Running tests"
        @echo "TODO: Fill in your tests here"
# Some examples for how to run commands in the ncs_cli:
#       $(MAKE) testenv-runcmdJ CMD="show packages"
#       $(MAKE) testenv-runcmdJ CMD="request packages reload"
# Multiple commands in a single session also works - great for configuring stuff:
#       $(MAKE) testenv-runcmdJ CMD="configure\n set foo bar\n commit"
# We can test for certain output by combining show commands in the CLI with for
# example grep:
#       $(MAKE) testenv-runcmdJ CMD="show configuration foo" | grep bar

14-Locate the environmental variables section and replace them with the variables that are required for this project. Set the NSO_VERSION to the NSO version that you are using (5.3.2) and set the NSO_IMAGE_PATH and IMAGE_PATH to that of your local Docker image registry.

To make the file easier to work with, remove all the comment

export NSO_VERSION=5.3.2
export NSO_IMAGE_PATH=nso300.gitlab.local/
export IMAGE_PATH=nso300.gitlab.local/


        @echo "\n== Starting repository specific testenv"

        @echo "\n== Running tests"
        @echo "TODO: Fill in your tests here"
Save the file and exit the file editor.

Build the NSO project image using the make build command.

student@student-vm:~/nso300$ make build
Checking NSO in Docker images are available...
-- Generating Dockerfile
cp Dockerfile
for DEP_NAME in $(ls includes/); do export DEP_URL=$(awk '{ print "echo", $0 }' includes/${DEP_NAME} | /bin/sh -); awk "/DEP_END/ { print \"FROM ${DEP_URL} AS ${DEP_NAME}\" }; /DEP_INC_END/ { print \"COPY --from=${DEP_NAME} /var/opt/ncs/packages/ /var/opt/ncs/packages/\" }; 1" Dockerfile > Dockerfile.tmp; mv Dockerfile.tmp Dockerfile; done
docker build --target nso -t nso300.gitlab.local/nso300/nso:5.3.2-student --build-arg NSO_IMAGE_PATH=nso300.gitlab.local/ --build-arg NSO_VERSION=5.3.2 --build-arg PKG_FILE=nso300.gitlab.local/nso300/package:5.3.2-student .
Sending build context to Docker daemon  57.86kB

< ... Output Omitted ... >

Successfully built 20a0e3a3eb84
Successfully tagged nso300.gitlab.local/nso300/nso:5.3.2-student
  1. Save the file and exit the file editor.

4 views0 comments

Recent Posts

See All

Web Filter Fortinet firewall

Web filtering is an effective way to prevent outbound communication to known malicious URLs and reduce the risk of infection from dangerous websites. FortiGate Firewall is an ideal solution for web fi


bottom of page