cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
59
Views
1
Helpful
3
Replies
Highlighted
Cisco Employee

Compliance check and support on REST API for saving/retrieving/comparing device configs

 

Folks,

 

My customer would like to compare device configs on a regular basis. In this particular case, he wants to compare a device config saved at a particular point in time he chooses to the device config currently running on the network.

 

We have looked into the NSO supported compliance reporting. The “compare-template” option on compliance reporting is great for checking against a gold configuration. For the “other parts” of the config, we would need to use “device-check” and “service-check”.

 

When I run a “device-check” compliance report, I understand you can request a device sync and capture the historic changes.

 

Based on the experiments I have been running with compliance reporting I have the following questions:

 

 

Questions:

 

Does the compliance report also capture the config changes made “outside” of NSO?

 

Where are the REST calls to run compliance reports documented?

 

Is there a REST equivalent commands for the following commands?

 

      > save f5.cfg devices device MSDC-TESTVIPRION config

 

      > compare file f5.cfg devices device MSDC-TESTVIPRION config

 

      > compare file f5.cfg devices device MSDC-TESTVIPRION config | save abc.txt

 

 

If you have any questions, please let me know.

 

Thanks for your assistance ,

 

Alex

 

 

==

 

Alex Daltrini

 

3 REPLIES 3
Highlighted
Cisco Employee

 

Hi Alex,

 

 

A few comments below.

 

 

-Dan

 

 

The device-check option should provide the list of changes which differ from the contents of the CDB

 

 

Based on the experiments I have been running with compliance reporting I have the following questions:

 

 

Questions:

 

Does the compliance report also capture the config changes made “outside” of NSO?

 

 

I think any changes made outside of NSO would result in an out of sync condition and would be handled as described above.

 

 

Where are the REST calls to run compliance reports documented?

 

 

All of the rest calls can be view by issuing a GET against NSO and the REST calls are returned. For this example I defined a compliance report and I can retrieve the report in the following way:

 

 

<compliance xmlns="http://tail-f.com/ns/ncs" xmlns:y="http://tail-f.com/ns/rest"  xmlns:ncs="http://tail-f.com/ns/ncs">

 

<reports>

 

  <report>

 

    <name>dan</name>

 

    <device-check>

 

      <device>JJ</device>

 

    </device-check>

 

    <y:operations>

 

      <run>/api/running/compliance/reports/report/dan/_operations/run</run>

 

    </y:operations>

 

  </report>

 

</reports>

 

</compliance>

 

dan@DANISULL-M-K0H9%

 

 

From the above operations tag you can see the URL to run the report. So to actually run the report you would do the following:

 

 

dan@DANISULL-M-K0H9% curl -X POST -u admin:admin http://127.0.0.1:8080/api/running/compliance/reports/report/dan/_operations/run

 

<output xmlns='http://tail-f.com/ns/ncs'>

 

  <id>1</id>

 

  <compliance-status>no-violation</compliance-status>

 

  <info>Checking one device and no services</info>

 

  <location>http://localhost:8080/compliance-reports/report_1_admin_0_2016-9-19T14:21:27:0.xml</location>

 

</output>

 

dan@DANISULL-M-K0H9%

 

 

Is there a REST equivalent commands for the following commands?

 

 

I believe there are, I haven’t checked though

 

 

      > save f5.cfg devices device MSDC-TESTVIPRION config

 

      > compare file f5.cfg devices device MSDC-TESTVIPRION config

 

      > compare file f5.cfg devices device MSDC-TESTVIPRION config | save abc.txt

 

Highlighted
Cisco Employee

 

Folks, My customer would like to compare device configs on a regular basis. In this particular case,

                                                           

  1. e.g. run a ‘device’check” against an out-of-sync device…

                                                                                                                                        Best regards, Gregg


Highlighted
Cisco Employee

 

> whatever - even in a cron job or something - but “compliance report” will not check agaisnt these…

 

 

one update to this…

 

 

you can do the following:

 

- lots of work

 

- may be better ways…

 

 

 

1) “save” a config as XML…

 

 

show full-configuration devices device c0 | display xml | save c0.xml

 

 

2) “edit” this file to change <device> to <template> (and </template>)

 

 

and then..

 

3) load this as a device-temlate (which you’ll later use as “golden template” to compare the device against)

 

4) create a config template… pointing to this device template (and dev-group with this device in it)

 

5) run compliance report…

 

 

 

probabably can be automated/improvded somehow…

 

 

 

 

 

 

Best regards,

 

Gregg

 

This widget could not be displayed.