Reply

New RAW XML Policy Rule variables

Guru
Posts: 61
5807     0

Is it possible to use a variable in a ConfigBlockCheck statement?

Example- <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/\$variable$' boundary-method='regexp' end-on-block-start='true'>

 

I'm trying to set up a policy that will look at the interfaces on a switch and then pass or fail based on config found and the interface it found it on.  I created an array that is collecting the interface numbers from my first ConfigBlockCheck.  Now i want to use ForEach to itterate through the  array and a ConfigBlockCheck to check each interface config.

 

If anyone has any other ideas as well, i'm all ears.

Thanks.

Daniel

No, you can't use a variable

Adviser
Posts: 357
5807     0

No, you can't use a variable in the attribute. I don't think it would be necessary in this case though. Instead, I am thinking you should next the ConfigBlockChecks. I'm not clear on what you're trying to do exactly. Can you provide a little more detail?

 

 

 

Sorry, that should be "nest

Adviser
Posts: 357
5807     0

Sorry, that should be "nest the ConfigBlockChecks".

I'm trying to check the

Guru
Posts: 61
5807     0

I'm trying to check the interface configurations on Cisco 2960s switches.

Items we know-

On all switches, ports 1 and 2 are trunks.

On 24 port switches, ports 25-26 are trunks and 3-24 are access ports

On 48 port switches, ports 49-50 are trunks and 3-48 are access ports.

We don't know if a switch is a 24 port or 48 port just by name or address, so the policy needs to figure it out and process them accordingly.

 

Highlighted

Ok, so, the issue is that you

Adviser
Posts: 357
5807     0

Ok, so, the issue is that you want to know whether it's a 24 or 48 so you know what config to check on ports 25-26?

So, instead of stuffing away each port number in an array, you should be able to do something like this:

<ConfigFileCheck op="contains-some" output="is48ports">interface GigabitEthernet././47</ConfigFileCheck>​

Then, later you can use the variable "is48ports" inside the ConfigBlockCheck in an <If>, something like:

<ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/([0-9]+)' boundary-method='regexp' end-on-block-start='true'>
    <If>
        <Expr op="matches">
            <Expr variable="_start_match_1"/>
            <Expr value="(25|26)"/>
        </Expr>
        <Then>
            <If>
                <Expr variable="is48ports"/>
                <Then>
                    <ConfigFileCheck op="contains-all">switchport access vlan</ConfigFileCheck>
                </Then>
                <Else>
                    <ConfigFileCheck op="contains-all">switchport mode trunk</ConfigFileCheck>
                </Else>
            </If>
        </Then>
        <ElseIf>
        ...
        </ElseIf>
        <Else>
        </Else>
    </If>
</ConfigBlockCheck>

 

Note that <ConfigFileCheck> in the context of a <ConfigBlockCheck> will look at the *block* not the whole file.

 

Thanks John.

Guru
Posts: 61
5808     0

Thanks John.

That got me pretty far, but my variable isn't populating according the the debug output.

It wou;dnt let me assign output in the ConfigFileCheck so it had to be moved out.

Script below-

 

<PolicyRuleLogic editor="raw-xml" xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <If>
    <ConfigFileCheck op='contains-some'>interface GigabitEthernet././47</ConfigFileCheck>
    <Then>
      <Expr output='is48port' value='1'/>
    </Then>
  </If>
  <Expr op='array' output='intPass'/>
  <Expr op='array' output='intFail'/>
  <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/(\d+)$' boundary-method='regexp' end-on-block-start='true'>
    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'/>
        <Expr value='(^1$|^2$|^49$|^50$)'/>
      </Expr>
      <Then>
        <If>
          <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
          <Then>
            <Expr op='push'>
              <Expr variable='intPass'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Then>
          <Else>
            <Expr op='push'>
              <Expr variable='intFail'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Else>
        </If>
      </Then>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'/>
            <Expr value='(^25$|^26$)'/>
          </Expr>
          <Expr op='defined'>
            <Expr variable='is48port'/>
          </Expr>
        </Expr>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Else>
          </If>
        </Then>
      </ElseIf>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'/>
          <Expr value='(^25$|^26$)'/>
        </Expr>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Else>
          </If>
        </Then>
      </ElseIf>
      <ElseIf>
        <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
        <Then>
          <Expr op='push'>
            <Expr variable='intPass'/>
            <Expr variable='_start_match_1'/>
          </Expr>
        </Then>
      </ElseIf>
      <Else>
        <Expr op='push'>
          <Expr variable='intFail'/>
          <Expr variable='_start_match_1'/>
        </Expr>
      </Else>
    </If>
  </ConfigBlockCheck>
</PolicyRuleLogic>

Here is the debug output for

Guru
Posts: 61
5808     0

Here is the debug output for a my variable 'is48port' and ports 25/26.  (changed the code sligthly to use 'assign' to see if it made a difference- it didn't)

<If>
    <ConfigFileCheck op='contains-some'>
    </ConfigFileCheck> result value <true>
    <Then>
      <Assign variable='is48port'>
        <Expr value='1'>
        </Expr> result value <1>
      </Assign> result value <1>
    </Then> result value <1>
  </If> result value <1>

....skipped....

    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'>
        </Expr> result value <25>
        <Expr value='(^1$|^2$|^49$|^50$)'>
        </Expr> result value <(^1$|^2$|^49$|^50$)>
      </Expr> result value <false>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <25>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <>
          </Expr> result value <>
        </Expr> result value <false>
      </ElseIf> result value <false>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'>
          </Expr> result value <25>
          <Expr value='(^25$|^26$)'>
          </Expr> result value <(^25$|^26$)>
        </Expr> result value <true>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>
            </ConfigFileCheck> result value <false>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'>
                </Expr> result value <[]>
                <Expr variable='_start_match_1'>
                </Expr> result value <25>
              </Expr> result value <["25"]>
            </Else> result value <["25"]>
          </If> result value <["25"]>
        </Then> result value <["25"]>
      </ElseIf> result value <["25"]>
    </If> result value <["25"]>
    <If>
      <Expr op='matches'>
        <Expr variable='_start_match_1'>
        </Expr> result value <26>
        <Expr value='(^1$|^2$|^49$|^50$)'>
        </Expr> result value <(^1$|^2$|^49$|^50$)>
      </Expr> result value <false>
      <ElseIf>
        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <26>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <>
          </Expr> result value <>
        </Expr> result value <false>
      </ElseIf> result value <false>
      <ElseIf>
        <Expr op='matches'>
          <Expr variable='_start_match_1'>
          </Expr> result value <26>
          <Expr value='(^25$|^26$)'>
          </Expr> result value <(^25$|^26$)>
        </Expr> result value <true>
        <Then>
          <If>
            <ConfigFileCheck op='contains-all'>
            </ConfigFileCheck> result value <false>
            <Else>
              <Expr op='push'>
                <Expr variable='intFail'>
                </Expr> result value <["25"]>
                <Expr variable='_start_match_1'>
                </Expr> result value <26>
              </Expr> result value <["25", "26"]>
            </Else> result value <["25", "26"]>
          </If> result value <["25", "26"]>
        </Then> result value <["25", "26"]>
      </ElseIf> result value <["25", "26"]>
    </If> result value <["25", "26"]>

I thought output was

Adviser
Posts: 357
5808     0

I thought output was available on all the objects, I am surprised that didn't work. I'll have to look into it.

 

 

 

The issue is probably scoping, though by default I believe the Assign was supposed to create a variable in the global scope. Try adding:

scope="root"

as an attribute of the <Assign> and see if that fixes it.

 

Ok, the variable is now seen,

Guru
Posts: 61
5808     0

Ok, the variable is now seen, but its still resulting in a <false>

        <Expr op='and'>
          <Expr op='matches'>
            <Expr variable='_start_match_1'>
            </Expr> result value <26>
            <Expr value='(^25$|^26$)'>
            </Expr> result value <(^25$|^26$)>
          </Expr> result value <true>
          <Expr op='defined'>
            <Expr variable='is48port'>
            </Expr> result value <1>
          </Expr> result value <false>
        </Expr> result value <false>
      </ElseIf> result value <false>

Ok. Not sure why, "1" should

Adviser
Posts: 357
5808     0

Ok. Not sure why, "1" should be seen as true. Can you not use 'defined' and instead just do <Expr variable='is48port'/>    ?

You can also try to force it to boolean <Expr type="boolean" variable="is48port"/>

Changing the code from <Expr

Guru
Posts: 61
5808     0

Changing the code from <Expr op='defined'> to just <Expr variable='is48port'/>  in addition to the scope change looks to have fixed it, based on limited tests just now.  I'll let you know if anything unexpected occurs.

 

Thanks John!

 

 

For the most part, the policy

Guru
Posts: 61
5808     0

For the most part, the policy is working but i'm getting a strange result from 24 port switches.  All tests are passing, but it is passing with the message 'Running config file does not contain any of the specified lines'

Full policy below:

 

<PolicyRuleLogic editor="raw-xml" xmlns='http://www.infoblox.com/NetworkAutomation/1.0/ScriptXml'>
  <If>
    <ConfigFileCheck op='contains-some'>interface GigabitEthernet././47</ConfigFileCheck>
    <Then>
      <Assign scope='root' variable='is48port'>
        <Expr value='1'/>
      </Assign>
    </Then>
  </If>
  <Expr op='array' output='intPass'/>
  <Expr op='array' output='intFail'/>
  <ConfigBlockCheck block-end='^!$' block-start='^interface GigabitEthernet1/0/(\d+)$' boundary-method='regexp' end-on-block-start='true'>
    <If>
      <Expr expression='(1 and 2) or 3'>
        <Expr label='1' op='&lt;'>
          <Expr variable='_start_match_1'/>
          <Expr value='51'/>
        </Expr>
        <Expr label='2' variable='is48port'/>
        <Expr label='3' op='&lt;'>
          <Expr variable='_start_match_1'/>
          <Expr value='27'/>
        </Expr>
      </Expr>
      <Then>
        <If>
          <Expr op='matches'>
            <Expr variable='_start_match_1'/>
            <Expr value='(^1$|^2$|^49$|^50$)'/>
          </Expr>
          <Then>
            <If>
              <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
              <Then>
                <Expr op='push'>
                  <Expr variable='intPass'/>
                  <Expr variable='_start_match_1'/>
                </Expr>
              </Then>
              <Else>
                <Expr op='push'>
                  <Expr variable='intFail'/>
                  <Expr variable='_start_match_1'/>
                </Expr>
              </Else>
            </If>
          </Then>
          <ElseIf>
            <Expr op='and'>
              <Expr op='matches'>
                <Expr variable='_start_match_1'/>
                <Expr value='(^25$|^26$)'/>
              </Expr>
              <Expr variable='is48port'/>
            </Expr>
            <Then>
              <If>
                <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
                <Then>
                  <Expr op='push'>
                    <Expr variable='intPass'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Then>
                <Else>
                  <Expr op='push'>
                    <Expr variable='intFail'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Else>
              </If>
            </Then>
          </ElseIf>
          <ElseIf>
            <Expr op='matches'>
              <Expr variable='_start_match_1'/>
              <Expr value='(^25$|^26$)'/>
            </Expr>
            <Then>
              <If>
                <ConfigFileCheck op='contains-all'>switchport mode trunk</ConfigFileCheck>
                <Then>
                  <Expr op='push'>
                    <Expr variable='intPass'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Then>
                <Else>
                  <Expr op='push'>
                    <Expr variable='intFail'/>
                    <Expr variable='_start_match_1'/>
                  </Expr>
                </Else>
              </If>
            </Then>
          </ElseIf>
          <ElseIf>
            <ConfigFileCheck op='contains-all'>switchport mode access</ConfigFileCheck>
            <Then>
              <Expr op='push'>
                <Expr variable='intPass'/>
                <Expr variable='_start_match_1'/>
              </Expr>
            </Then>
          </ElseIf>
          <Else>
            <Expr op='push'>
              <Expr variable='intFail'/>
              <Expr variable='_start_match_1'/>
            </Expr>
          </Else>
        </If>
      </Then>
    </If>
  </ConfigBlockCheck>
  <If>
    <Expr op='&gt;'>
      <Expr op='size'>
        <Expr variable='intFail'/>
      </Expr>
      <Expr value='0'/>
    </Expr>
    <Then>
      <Return>
        <PolicyRuleFail/>
      </Return>
    </Then>
    <Else>
      <Return>
        <PolicyRulePass/>
      </Return>
    </Else>
  </If>
</PolicyRuleLogic>

Each ConfigFileCheck will set

Adviser
Posts: 357
5808     0

Each ConfigFileCheck will set the policy result message. Since your <PolicyRulePass/> and <PolicyRuleFail/> do not explicitly contain a message, the message used is the one from the last run ConfigFileCheck. You can fix this by just adding a message. For example:

<PolicyRulePass>The switch has proper trunk and access port configurations.</PolicyRulePass>

and

<PolicyRuleFail><Expr op="concat"><Expr>These ports are incorrectly configured: </Expr><Expr op="join"><Expr variable="intFail"/><Expr value=","/></Expr><Expr value="."/></Expr></PolicyRuleFail>

 

 

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You