Skip to content

External Interactions

This app communicates with network devices via pyntc device drivers. Most connections are via SSH, though some platforms use API. These connections are required in order to gather pre/post change operational data and to execute the upgrade.

File Transfers

Changed in version 5.0.0

Software images are transferred using a pull-based mechanism. Rather than pushing files from Nautobot to the device, the app instructs the device to download the image from a remote URL. Each Software Image File in Nautobot must have a download_url, hashing_algorithm, and image_file_checksum configured. The device uses this information to pull and verify the file.

For Juniper/Junos devices, download credentials (if available from the Software Image File's External Integration Secrets Group) are embedded directly into the download URL. Files are placed in /var/tmp/ on Juniper devices. For Cisco IOS/NXOS devices, the filesystem is determined automatically by the platform driver.

Download Credentials via External Integration

When your file server requires authentication (FTP, SFTP, etc.), you must configure an External Integration with a Secrets Group and associate it with the Software Image File. The file transfer job retrieves the download credentials from this Secrets Group at runtime.

To set this up:

  1. Create Secrets for the file server username and password (or token) in Nautobot. Use the Generic access type with Username and Password (or Token) secret types.
  2. Create a Secrets Group and assign the secrets created above.
  3. Create an External Integration and assign the Secrets Group to it.
  4. Edit the Software Image File and set the External Integration field to the integration created above.

The file transfer job looks up the credentials as follows:

  • Username: Retrieved from the Secrets Group using access type Generic and secret type Username.
  • Password: Retrieved from the Secrets Group using access type Generic and secret type Password. If no password is found, it falls back to secret type Token.

Cisco IOS FTP Configuration

Some versions of Cisco IOS require the ip ftp username and ip ftp password commands to be configured on the device before FTP-based file transfers will work. If your download URL uses the ftp:// scheme and file transfers are failing, verify that the device has these commands configured:

ip ftp username <username>
ip ftp password <password>

These commands set the FTP credentials that the device uses when initiating FTP connections. Without them, the device may fail to authenticate to the FTP server even if credentials are provided via the External Integration Secrets Group.

Device Management

SSH and/or API connections are used for device management operations including saving configurations, installing the OS, and rebooting devices. Pre/post operational state checks (when the optional Nautobot Operational Compliance app is installed) also use these connections to collect command output from devices.