- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
ConfigBlockCheck Overrun
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 09:41 AM
Hello,
I am trying to check all my tunnel interfaces to see if a QOS policy is enabled on the ingresss, and if found, throw a fail message. ScriptXML is working great, until it hits the last block. When it hits the last block, it is searchign the entire config file and finding an ingress policy on another interface that isn't a tunnel, and failing the last block. I searched the forums and cannot find an answer. The code I am using is below:
<PolicyRuleLogic xmlns="http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml" editor="raw-xml">
<Assign variable='pass-count'>
<Expr value='0/'>
</Assign>
<Assign variable='fail-count'>
<Expr value='0'/>
</Assign>
<ConfigFileCheck block-end="^!$" block-start="^interface Tunnel" boundary-method="regexp">
<If>
<ConfigFileCheck op='contains-all"> service-policy input</ConfigFileCheck>
<Then>
<Assign variable="fail-count">
<Expr op="+">
<Expr variable="fail-count">
<Expr value="1">
</Expr>
</Assign>
</Then>
<Else>
<Assign variable="pass-count">
<Expr op="+">
<Expr variable="pass-count">
<Expr value="1">
</Expr>
</Assign>
</Else>
</If>
</ConfigBlockCheck>
<If>
<Expr variable="fail-count"/>
<Then>
<PolicyRuleFail>FAIL MESSSAGE</PolicyRuleFail>
</Then>
<Else>
<PolicyRulePass/>
</Else>
</If>
</PolicyRuleLogic>
Any help would be greatly appreciated. Again, it checks each blocked interface that is a tunnel interface, however, when it hits the last block, it seems to check outside the blocks because it finds the ingress policy on the control plane and fails the last block.
Thank you,
Jerry
Re: ConfigBlockCheck Overrun
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 10:21 AM
Can you upload a segment of the config (sanitized as needed) that it is running against?
Did you try the debug function?
Re: ConfigBlockCheck Overrun
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 11:14 AM - edited 10-01-2015 11:15 AM
Hello Sir,
Thank you for the reply. I live by that debug button. That is how I found it was failing on the last block, no matter how many blocks I had, and/or what I put inside that block. A shortened version of the config file I am running is as follows:
!
control-plane
service-policy input SOMEPOLICY
!
<removed to shorten>
!
interface TunnelSomeTunnel1
description SomeDescription
bandwidth 1111
ip mtu 1111
delay 1111
keepalive 1 1
tunnel source 1111
tunnel destination 9999
service-policy output QOSPOLICY1
!
interface TunnelSomeTunnel2
description SomeDescription
bandwidth 2222
ip mtu 2222
delay 2222
keepalive 2 2
tunnel source 2222
tunnel destination 8888
service-policy output QOSPOLICY2
!
interface TunnelSomeTunnel3
description SomeDescription
bandwidth 3333
ip mtu 3333
delay 3333
keepalive 3 3
tunnel source 3333
tunnel destination 7777
service-policy input QOSPOLICY3
!
interface TunnelSomeTunnel4
description SomeDescription
bandwidth 4444
ip mtu 4444
delay 4444
keepalive 4 4
tunnel source 4444
tunnel destination 6666
service-policy output QOSPOLICY4
!
<removed to shorten>
What happens when I run the previous XML script is it will pass the first 2, fail the 3rd one, and fail the last one because it is looping back and seeing the control plane policy says 'service-policy input' and applies it to that block.
I have a temporary work around were I changed 'op='contains-all'' in configfilecheck, to 'op='contains-block'' and then put int /^interface Tunnel\S+\n(?:\s[^\n]+\n)*(?:\sservice-policy input \S+\n)/m. However, I am concerned that the CheckBlockConfig isn't working the way I thought (by finding the starting regex, matching it, and creating a block until it reaches the block-end regex, then when I use configfilecheck, it only checks those blocks).
Re: ConfigBlockCheck Overrun
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 12:10 PM
The description of how it works that you give above is correct.
I tried the XML you provided and it had some syntax problems. I cleaned it up and I also added the list of failing interfaces to the failure message. It did work OK for me.
I stuck some stuff in there like a basically useless "Expr" element:
<Expr variable='_start_match'/>
I did that because then you will see the value in the debug output, which can be really helpful to see where it is in its execution.
Try the attached XML - if that doesn't work, then you'll need to open a support case.
Re: ConfigBlockCheck Overrun
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-02-2015 06:32 AM
Hello,
I apologize for replying late. I was pulled away from my desk until the end of the day yesterday. I have tried that code this morning, and it is doing the same thing: failing the last block because it is finding the Control Plane Policy. I appreciate your help and will open a support case.
Thank you,
Jerry
Re: ConfigBlockCheck Overrun
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-06-2015 07:03 PM - edited 10-07-2015 07:41 AM
-