Network Change & Configuration Management

Reply
Highlighted

New RAW XML Policy Rule variables
DSchrock
Guru
Posts: 61

‎02-03-2015 01:50 PM

5816     0

Is it possible to use a variable in a ConfigBlockCheck statement?

Example- <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/\$variable$' boundary-method='regexp' end-on-block-start='true'>

 

I'm trying to set up a policy that will look at the interfaces on a switch and then pass or fail based on config found and the interface it found it on.  I created an array that is collecting the interface numbers from my first ConfigBlockCheck.  Now i want to use ForEach to itterate through the  array and a ConfigBlockCheck to check each interface config.

 

If anyone has any other ideas as well, i'm all ears.

Thanks.

Daniel

Reply
0 Kudos

No, you can't use a variable
JBelamaric
Adviser
Posts: 357

‎02-03-2015 02:08 PM

5817     0

No, you can't use a variable in the attribute. I don't think it would be necessary in this case though. Instead, I am thinking you should next the ConfigBlockChecks. I'm not clear on what you're trying to do exactly. Can you provide a little more detail?

 

 

 

Reply
0 Kudos

Sorry, that should be "nest
JBelamaric
Adviser
Posts: 357

‎02-03-2015 02:10 PM

5817     0

Sorry, that should be "nest the ConfigBlockChecks".

Reply
0 Kudos

I'm trying to check the
DSchrock
Guru
Posts: 61

‎02-04-2015 06:47 AM

5817     0

I'm trying to check the interface configurations on Cisco 2960s switches.

Items we know-

On all switches, ports 1 and 2 are trunks.

On 24 port switches, ports 25-26 are trunks and 3-24 are access ports

On 48 port switches, ports 49-50 are trunks and 3-48 are access ports.

We don't know if a switch is a 24 port or 48 port just by name or address, so the policy needs to figure it out and process them accordingly.

 

Reply
0 Kudos

Ok, so, the issue is that you
JBelamaric
Adviser
Posts: 357

‎02-05-2015 07:43 AM

5817     0

Ok, so, the issue is that you want to know whether it's a 24 or 48 so you know what config to check on ports 25-26?

So, instead of stuffing away each port number in an array, you should be able to do something like this:

<ConfigFileCheck op="contains-some" output="is48ports">interface GigabitEthernet././47</ConfigFileCheck>​

Then, later you can use the variable "is48ports" inside the ConfigBlockCheck in an <If>, something like:

<ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/([0-9]+)' boundary-method='regexp' end-on-block-start='true'>
    <If>
        <Expr op="matches">
            <Expr variable="_start_match_1"/>
            <Expr value="(25|26)"/>
        </Expr>
        <Then>
            <If>
                <Expr variable="is48ports"/>
                <Then>
                    <ConfigFileCheck op="contains-all">switchport access vlan</ConfigFileCheck>
                </Then>
                <Else>
                    <ConfigFileCheck op="contains-all">switchport mode trunk</ConfigFileCheck>
                </Else>
            </If>
        </Then>
        <ElseIf>
        ...
        </ElseIf>
        <Else>
        </Else>
    </If>
</ConfigBlockCheck>

 

Note that <ConfigFileCheck> in the context of a <ConfigBlockCheck> will look at the *block* not the whole file.

 

Reply
0 Kudos

Thanks John.
DSchrock
Guru
Posts: 61

‎02-06-2015 11:11 AM

5817     0

Thanks John.

That got me pretty far, but my variable isn't populating according the the debug output.

It wou;dnt let me assign output in the ConfigFileCheck so it had to be moved out.

Script below-

 

<PolicyRuleLogic editor="raw-xml" xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <If>
    <ConfigFileCheck op='contains-some'>interface GigabitEthernet././47</ConfigFileCheck>
    <Then>
      <Expr output='is48port' value='1'/>
    </Then>
  </If>
  <Expr op='array' output='intPass'/>
  <Expr op='array' output='intFail'/>
  <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/(\d+)$' boundary-method='regexp' end-on-block-start='true'>
    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'/>
        <Expr value='(^1$|^2$|^49$|^50$)'/>
      </Expr>
      <Then>
        <If>
          <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
          <Then>
            <Expr op='push'>
              <Expr variable='intPass'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Then>
          <Else>
            <Expr op='push'>
              <Expr variable='intFail'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Else>
        </If>
      </Then>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'/>
            <Expr value='(^25$|^26$)'/>
          </Expr>
          <Expr op='defined'>
            <Expr variable='is48port'/>
          </Expr>
        </Expr>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Else>
          </If>
        </Then>
      </ElseIf>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'/>
          <Expr value='(^25$|^26$)'/>
        </Expr>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Else>
          </If>
        </Then>
      </ElseIf>
      <ElseIf>
        <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
        <Then>
          <Expr op='push'>
            <Expr variable='intPass'/>
            <Expr variable='_start_match_1'/>
          </Expr>
        </Then>
      </ElseIf>
      <Else>
        <Expr op='push'>
          <Expr variable='intFail'/>
          <Expr variable='_start_match_1'/>
        </Expr>
      </Else>
    </If>
  </ConfigBlockCheck>
</PolicyRuleLogic>

Reply
0 Kudos

Here is the debug output for
DSchrock
Guru
Posts: 61

‎02-06-2015 11:25 AM

5817     0

Here is the debug output for a my variable 'is48port' and ports 25/26.  (changed the code sligthly to use 'assign' to see if it made a difference- it didn't)

<If>
    <ConfigFileCheck op='contains-some'>
    </ConfigFileCheck> result value <true>
    <Then>
      <Assign variable='is48port'>
        <Expr value='1'>
        </Expr> result value <1>
      </Assign> result value <1>
    </Then> result value <1>
  </If> result value <1>

....skipped....

    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'>
        </Expr> result value <25>
        <Expr value='(^1$|^2$|^49$|^50$)'>
        </Expr> result value <(^1$|^2$|^49$|^50$)>
      </Expr> result value <false>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <25>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <>
          </Expr> result value <>
        </Expr> result value <false>
      </ElseIf> result value <false>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'>
          </Expr> result value <25>
          <Expr value='(^25$|^26$)'>
          </Expr> result value <(^25$|^26$)>
        </Expr> result value <true>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>
            </ConfigFileCheck> result value <false>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'>
                </Expr> result value <[]>
                <Expr variable='_start_match_1'>
                </Expr> result value <25>
              </Expr> result value <["25"]>
            </Else> result value <["25"]>
          </If> result value <["25"]>
        </Then> result value <["25"]>
      </ElseIf> result value <["25"]>
    </If> result value <["25"]>
    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'>
        </Expr> result value <26>
        <Expr value='(^1$|^2$|^49$|^50$)'>
        </Expr> result value <(^1$|^2$|^49$|^50$)>
      </Expr> result value <false>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <26>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <>
          </Expr> result value <>
        </Expr> result value <false>
      </ElseIf> result value <false>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'>
          </Expr> result value <26>
          <Expr value='(^25$|^26$)'>
          </Expr> result value <(^25$|^26$)>
        </Expr> result value <true>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>
            </ConfigFileCheck> result value <false>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'>
                </Expr> result value <["25"]>
                <Expr variable='_start_match_1'>
                </Expr> result value <26>
              </Expr> result value <["25", "26"]>
            </Else> result value <["25", "26"]>
          </If> result value <["25", "26"]>
        </Then> result value <["25", "26"]>
      </ElseIf> result value <["25", "26"]>
    </If> result value <["25", "26"]>
Reply
0 Kudos

I thought output was
JBelamaric
Adviser
Posts: 357

‎02-06-2015 12:29 PM

5817     0

I thought output was available on all the objects, I am surprised that didn't work. I'll have to look into it.

 

 

 

The issue is probably scoping, though by default I believe the Assign was supposed to create a variable in the global scope. Try adding:

scope="root"

as an attribute of the <Assign> and see if that fixes it.

 

Reply
0 Kudos

Ok, the variable is now seen,
DSchrock
Guru
Posts: 61

‎02-06-2015 01:02 PM

5817     0

Ok, the variable is now seen, but its still resulting in a <false>

        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <26>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <1>
          </Expr> result value <false>
        </Expr> result value <false>
      </ElseIf> result value <false>
Reply
0 Kudos

Ok. Not sure why, "1" should
JBelamaric
Adviser
Posts: 357

‎02-06-2015 01:09 PM

5817     0

Ok. Not sure why, "1" should be seen as true. Can you not use 'defined' and instead just do <Expr variable='is48port'/>    ?

You can also try to force it to boolean <Expr type="boolean" variable="is48port"/>

Reply
0 Kudos

Changing the code from <Expr
DSchrock
Guru
Posts: 61

‎02-06-2015 01:19 PM

5817     0

Changing the code from <Expr op='defined'> to just <Expr variable='is48port'/>  in addition to the scope change looks to have fixed it, based on limited tests just now.  I'll let you know if anything unexpected occurs.

 

Thanks John!

 

 

Reply
0 Kudos

For the most part, the policy
DSchrock
Guru
Posts: 61

‎02-09-2015 06:29 AM

5817     0

For the most part, the policy is working but i'm getting a strange result from 24 port switches.  All tests are passing, but it is passing with the message 'Running config file does not contain any of the specified lines'

Full policy below:

 

<PolicyRuleLogic editor="raw-xml" xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <If>
    <ConfigFileCheck op='contains-some'>interface GigabitEthernet././47</ConfigFileCheck>
    <Then>
      <Assign scope='root' variable='is48port'>
        <Expr value='1'/>
      </Assign>
    </Then>
  </If>
  <Expr op='array' output='intPass'/>
  <Expr op='array' output='intFail'/>
  <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/(\d+)$' boundary-method='regexp' end-on-block-start='true'>
    <If>
      <Expr expression='(1 and 2) or 3'>
        <Expr label='1' op='&lt;'>
          <Expr variable='_start_match_1'/>
          <Expr value='51'/>
        </Expr>
        <Expr label='2' variable='is48port'/>
        <Expr label='3' op='&lt;'>
          <Expr variable='_start_match_1'/>
          <Expr value='27'/>
        </Expr>
      </Expr>
      <Then>
        <If>
          <Expr op='matches'>
            <Expr variable='_start_match_1'/>
            <Expr value='(^1$|^2$|^49$|^50$)'/>
          </Expr>
          <Then>
            <If>
              <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
              <Then>
                <Expr op='push'>
                  <Expr variable='intPass'/>
                  <Expr variable='_start_match_1'/>
                </Expr>
              </Then>
              <Else>
                <Expr op='push'>
                  <Expr variable='intFail'/>
                  <Expr variable='_start_match_1'/>
                </Expr>
              </Else>
            </If>
          </Then>
          <ElseIf>
            <Expr op='and'>
              <Expr op='matches'>
                <Expr variable='_start_match_1'/>
                <Expr value='(^25$|^26$)'/>
              </Expr>
              <Expr variable='is48port'/>
            </Expr>
            <Then>
              <If>
                <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
                <Then>
                  <Expr op='push'>
                    <Expr variable='intPass'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Then>
                <Else>
                  <Expr op='push'>
                    <Expr variable='intFail'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Else>
              </If>
            </Then>
          </ElseIf>
          <ElseIf>
            <Expr op='matches'>
              <Expr variable='_start_match_1'/>
              <Expr value='(^25$|^26$)'/>
            </Expr>
            <Then>
              <If>
                <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
                <Then>
                  <Expr op='push'>
                    <Expr variable='intPass'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Then>
                <Else>
                  <Expr op='push'>
                    <Expr variable='intFail'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Else>
              </If>
            </Then>
          </ElseIf>
          <ElseIf>
            <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
          </ElseIf>
          <Else>
            <Expr op='push'>
              <Expr variable='intFail'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Else>
        </If>
      </Then>
    </If>
  </ConfigBlockCheck>
  <If>
    <Expr op='&gt;'>
      <Expr op='size'>
        <Expr variable='intFail'/>
      </Expr>
      <Expr value='0'/>
    </Expr>
    <Then>
      <Return>
        <PolicyRuleFail/>
      </Return>
    </Then>
    <Else>
      <Return>
        <PolicyRulePass/>
      </Return>
    </Else>
  </If>
</PolicyRuleLogic>
Reply
0 Kudos

Each ConfigFileCheck will set
JBelamaric
Adviser
Posts: 357

‎02-09-2015 06:37 AM

5817     0

Each ConfigFileCheck will set the policy result message. Since your <PolicyRulePass/> and <PolicyRuleFail/> do not explicitly contain a message, the message used is the one from the last run ConfigFileCheck. You can fix this by just adding a message. For example:

<PolicyRulePass>The switch has proper trunk and access port configurations.</PolicyRulePass>

and

<PolicyRuleFail><Expr op="concat"><Expr>These ports are incorrectly configured: </Expr><Expr op="join"><Expr variable="intFail"/><Expr value=","/></Expr><Expr value="."/></Expr></PolicyRuleFail>

 

 

 

Reply
0 Kudos
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Do you mean 

Recommended for You

Latest Annoucements

Infolbox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community