salt.proxy.nxos module

Proxy Minion for Cisco NX-OS Switches

The Cisco NX-OS Proxy Minion is supported on NX-OS devices for the following connection types: 1) Connection Type SSH 2) Connection Type NX-API (If Supported By The Device and Image Version).


SSH uses the built in SSHConnection module in salt.utils.vt_helper

To configure the proxy minion for ssh:

  proxytype: nxos
  connection: ssh
  username: admin
  password: admin
  prompt_name: nxos-switch
  ssh_args: '-o PubkeyAuthentication=no'
  key_accept: True

To configure the proxy minon for nxapi:

  proxytype: nxos
  connection: nxapi
  username: admin
  password: admin
  transport: http
  port: 80
  verify: False
  no_save_config: True
(REQUIRED) Use this proxy minion nxos
(REQUIRED) connection transport type. Choices: ssh, nxapi Default: ssh
(REQUIRED) login ip address or dns hostname.
(REQUIRED) login username.
(REQUIRED) login password.
If False, 'copy running-config starting-config' is issues for every
configuration command.

If True, Running config is not saved to startup config Default: False

The recommended approach is to use the save_running_config function instead of this option to improve performance. The default behavior controlled by this option is preserved for backwards compatibility.

Conection SSH Args:

(REQUIRED when connection is ssh) (REQUIRED, this or prompt_regex below, but not both) The name in the prompt on the switch. Recommended to use your device's hostname.

(REQUIRED when connection is ssh) (REQUIRED, this or prompt_name above, but not both) A regular expression that matches the prompt on the switch and any other possible prompt at which you need the proxy minion to continue sending input. This feature was specifically developed for situations where the switch may ask for confirmation. prompt_name above would not match these, and so the session would timeout.



This should match



Flash complete.  Reboot this switch (y/n)? [n]

If neither prompt_name nor prompt_regex is specified the prompt will be defaulted to


which should match any number of characters followed by a # at the end of the line. This may be far too liberal for most installations.

Extra optional arguments used for connecting to switch.
Wheather or not to accept the host key of the switch on initial login. Default: False

Connection NXAPI Args:

(REQUIRED) when connection is nxapi. Choices: http, https Default: https
(REQUIRED) when connection is nxapi. Default: 80

(REQUIRED) when connection is nxapi. Either a boolean, in which case it controls whether we verify the NX-API TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Default: True

When there is no certificate configuration on the device and this option is set as True (default), the commands will fail with the following error: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581). In this case, you either need to configure a proper certificate on the device (recommended), or bypass the checks setting this argument as False with all the security risks considered.

Check to see how to properly configure the certificate.

The functions from the proxy minion can be run from the salt commandline using the salt.modules.nxos execution module.


Get grains for minion.


Refresh the grains for the NX-OS device.


Required. Initialize device connection using ssh or nxapi connection type.


Since grains are loaded in many different places and some of those places occur before the proxy can be initialized, return whether the init() function has been called.

Ping the device on the other end of the connection.

salt.proxy.nxos.proxy_config(commands, **kwargs)

Send configuration commands over SSH or NX-API

List of configuration commands
If True, don't save configuration commands to startup configuration. If False, save configuration to startup configuration. Default: False
salt.proxy.nxos.sendline(command, method=u'cli_show_ascii')

Send arbitrary show or config commands to the NX-OS device.

The command to be sent.

cli_show_ascii: Return raw test or unstructured output. cli_show: Return structured output. cli_conf: Send configuration commands to the device. Defaults to cli_show_ascii.

NOTES for SSH proxy minon:
method is ignored for SSH proxy minion. Only show commands are supported and data is returned unstructured. This function is preserved for backwards compatibilty.

Closes connection with the device.