10-01-2015 09:41 AM
I am trying to check all my tunnel interfaces to see if a QOS policy is enabled on the ingresss, and if found, throw a fail message. ScriptXML is working great, until it hits the last block. When it hits the last block, it is searchign the entire config file and finding an ingress policy on another interface that isn't a tunnel, and failing the last block. I searched the forums and cannot find an answer. The code I am using is below:
<PolicyRuleLogic xmlns="http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml" editor="raw-xml">
<ConfigFileCheck block-end="^!$" block-start="^interface Tunnel" boundary-method="regexp">
<ConfigFileCheck op='contains-all"> service-policy input</ConfigFileCheck>
Any help would be greatly appreciated. Again, it checks each blocked interface that is a tunnel interface, however, when it hits the last block, it seems to check outside the blocks because it finds the ingress policy on the control plane and fails the last block.
10-01-2015 10:21 AM
Can you upload a segment of the config (sanitized as needed) that it is running against?
Did you try the debug function?
10-01-2015 11:14 AM - edited 10-01-2015 11:15 AM
Thank you for the reply. I live by that debug button. That is how I found it was failing on the last block, no matter how many blocks I had, and/or what I put inside that block. A shortened version of the config file I am running is as follows:
service-policy input SOMEPOLICY
<removed to shorten>
ip mtu 1111
keepalive 1 1
tunnel source 1111
tunnel destination 9999
service-policy output QOSPOLICY1
ip mtu 2222
keepalive 2 2
tunnel source 2222
tunnel destination 8888
service-policy output QOSPOLICY2
ip mtu 3333
keepalive 3 3
tunnel source 3333
tunnel destination 7777
service-policy input QOSPOLICY3
ip mtu 4444
keepalive 4 4
tunnel source 4444
tunnel destination 6666
service-policy output QOSPOLICY4
<removed to shorten>
What happens when I run the previous XML script is it will pass the first 2, fail the 3rd one, and fail the last one because it is looping back and seeing the control plane policy says 'service-policy input' and applies it to that block.
I have a temporary work around were I changed 'op='contains-all'' in configfilecheck, to 'op='contains-block'' and then put int /^interface Tunnel\S+\n(?:\s[^\n]+\n)*(?:\sservice-policy input \S+\n)/m. However, I am concerned that the CheckBlockConfig isn't working the way I thought (by finding the starting regex, matching it, and creating a block until it reaches the block-end regex, then when I use configfilecheck, it only checks those blocks).
10-01-2015 12:10 PM
The description of how it works that you give above is correct.
I tried the XML you provided and it had some syntax problems. I cleaned it up and I also added the list of failing interfaces to the failure message. It did work OK for me.
I stuck some stuff in there like a basically useless "Expr" element:
I did that because then you will see the value in the debug output, which can be really helpful to see where it is in its execution.
Try the attached XML - if that doesn't work, then you'll need to open a support case.
10-02-2015 06:32 AM
I apologize for replying late. I was pulled away from my desk until the end of the day yesterday. I have tried that code this morning, and it is doing the same thing: failing the last block because it is finding the Control Plane Policy. I appreciate your help and will open a support case.