Network Change & Configuration Management

Reply

ConfigBlockCheck Overrun
JFaustermann
Authority
Posts: 27

‎10-01-2015 09:41 AM

4827     0

Hello,

   I am trying to check all my tunnel interfaces to see if a QOS policy is enabled on the ingresss, and if found, throw a fail message. ScriptXML is working great, until it hits the last block. When it hits the last block, it is searchign the entire config file and finding an ingress policy on another interface that isn't a tunnel, and failing the last block. I searched the forums and cannot find an answer. The code I am using is below:

 

<PolicyRuleLogic xmlns="http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml" editor="raw-xml">

<Assign variable='pass-count'>

  <Expr value='0/'>

</Assign>

<Assign variable='fail-count'>

  <Expr value='0'/>

</Assign>

<ConfigFileCheck block-end="^!$" block-start="^interface Tunnel" boundary-method="regexp">

  <If>

  <ConfigFileCheck op='contains-all"> service-policy input</ConfigFileCheck>

  <Then>

  <Assign variable="fail-count">

  <Expr op="+">

   <Expr variable="fail-count">

  <Expr value="1">

   </Expr>

</Assign>

</Then>

<Else>

  <Assign variable="pass-count">

   <Expr op="+">

   <Expr variable="pass-count">

   <Expr value="1">

   </Expr>

</Assign>

</Else>

</If>

</ConfigBlockCheck>

<If>

<Expr variable="fail-count"/>

<Then>

    <PolicyRuleFail>FAIL MESSSAGE</PolicyRuleFail>

</Then>

<Else>

   <PolicyRulePass/>

</Else>

</If>

</PolicyRuleLogic>

 

 

Any help would be greatly appreciated. Again, it checks each blocked interface that is a tunnel interface, however, when it hits the last block, it seems to check outside the blocks because it finds the ingress policy on the control plane and fails the last block.

 

Thank you,

Jerry

Reply
0 Kudos

Re: ConfigBlockCheck Overrun
JBelamaric
Adviser
Posts: 353

‎10-01-2015 10:21 AM

4828     0

Can you upload a segment of the config (sanitized as needed) that it is running against?

 

Did you try the debug function?

 

Reply
0 Kudos

Re: ConfigBlockCheck Overrun

[ Edited ]
JFaustermann
Authority
Posts: 27

‎10-01-2015 11:14 AM - edited ‎10-01-2015 11:15 AM

4828     0

Hello Sir,

    Thank you for the reply. I live by that debug button. That is how I found it was failing on the last block, no matter how many blocks I had, and/or what I put inside that block. A shortened version of the config file I am running is as follows:

 

!

control-plane

  service-policy input SOMEPOLICY

!

<removed to shorten>

!

interface TunnelSomeTunnel1

 description SomeDescription

 bandwidth 1111

 ip mtu 1111

 delay 1111

 keepalive 1 1

 tunnel source 1111

 tunnel destination 9999

 service-policy output QOSPOLICY1

!

interface TunnelSomeTunnel2

 description SomeDescription

 bandwidth 2222

 ip mtu 2222

 delay 2222

 keepalive 2 2

 tunnel source 2222

 tunnel destination 8888

 service-policy output QOSPOLICY2

!

interface TunnelSomeTunnel3

 description SomeDescription

 bandwidth 3333

 ip mtu 3333

 delay 3333

 keepalive 3 3

 tunnel source 3333

 tunnel destination 7777

 service-policy input QOSPOLICY3

!

interface TunnelSomeTunnel4

 description SomeDescription

 bandwidth 4444

 ip mtu 4444

 delay 4444

 keepalive 4 4

 tunnel source 4444

 tunnel destination 6666

 service-policy output QOSPOLICY4

!

<removed to shorten>

 

What happens when I run the previous XML script is it will pass the first 2, fail the 3rd one, and fail the last one because it is looping back and seeing the control plane policy says 'service-policy input' and applies it to that block.

 

I have a temporary work around were I changed 'op='contains-all'' in configfilecheck, to 'op='contains-block'' and then put int /^interface Tunnel\S+\n(?:\s[^\n]+\n)*(?:\sservice-policy input \S+\n)/m. However, I am concerned that the CheckBlockConfig isn't working the way I thought (by finding the starting regex, matching it, and creating a block until it reaches the block-end regex, then when I use configfilecheck, it only checks those blocks).

 

 

Reply
0 Kudos

Re: ConfigBlockCheck Overrun
JBelamaric
Adviser
Posts: 353

‎10-01-2015 12:10 PM

4828     0

The description of how it works that you give above is correct.

 

I tried the XML you provided and it had some syntax problems. I cleaned it up and I also added the list of failing interfaces to the failure message. It did work OK for me.

 

I stuck some stuff in there like a basically useless "Expr" element:

 

  <Expr variable='_start_match'/>

 

I did that because then you will see the value in the debug output, which can be really helpful to see where it is in its execution.

 

Try the attached XML - if that doesn't work, then you'll need to open a support case.

 

 

Reply
0 Kudos

Re: ConfigBlockCheck Overrun
JFaustermann
Authority
Posts: 27

‎10-02-2015 06:32 AM

4828     0

Hello,

     I apologize for replying late. I was pulled away from my desk until the end of the day  yesterday. I have tried that code this morning, and it is doing the same thing: failing the last block because it is finding the Control Plane Policy. I appreciate your help and will open a support case.

 

Thank you,

Jerry

Reply
0 Kudos

Re: ConfigBlockCheck Overrun

[ Edited ]
JBelamaric
Adviser
Posts: 353

‎10-06-2015 07:03 PM - edited ‎10-07-2015 07:41 AM

4828     0

-

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community