cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
174
Views
11
Helpful
6
Replies
Highlighted

Static config in template issue

Hi,

Currently a Python package is being developed and some templates should be applied to a device. The template contains some default config from a device, but NSO gives an error: Error from worker socket: external error (19): template.xml:101 Expression 'fdff:ffff:/120' resulted in an incompatible value 'fdff:ffff:/120'. If i check the line indicated in the error is have a different value <ip6>fdff:ffff::/120</ip6>.

The XML shows :: at the end of the ipv6 address, while NSO tries to use a single : after ffff. Is there someting wrong when using :: and should we escape this in some way? I tried the original value on the CLI and that works as expected.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Yes we did a sync-from, and saw that NSO tried to delete the self configured device configuration. The trick to add them correctly into the xml for us is adding them with the Python code.

Since the device config is very big, the sync-from takes to long to do this every time we change something in there. That is why we want to create the config in NSO ourselves.

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

Hi Maikel,

Can you provide at least a snippet of your template and a bit of detail regarding which NED you are trying to use?

Thanks,

-Dan

Highlighted

Hi Daniel,

The NED we are using is the Fortinet FortiOS NED-3.2.2 and we are testing the configurations in combination with some Fortigate VM's.Below i've added a snippet of the template which includes the values that show the issue. The configuration is added by the Fortigate automatically when you try to create a new virtual firewall. To keep NSO in sync we want to add the config using templates. Otherwise NSO has to sync with the device and tries to delete the config since it thinks that configuration is created out-of-band. Some of the values contain special characters and this is causing the issues. For this reason i was trying to give them as a string in the XML, but i have no idea how is should do this.

      <search-engine>
        <search-engine-list>
          <name>baidu</name>
          <hostname>.*\.baidu\.com</hostname>
          <url>^\/s?\?</url>
          <query>wd=</query>
        </search-engine-list>
        <search-engine-list>
          <name>baidu2</name>
          <hostname>.*\.baidu\.com</hostname>
          <url>^\/(ns|q|m|i|v)\?</url>
          <query>word=</query>
        </search-engine-list>
        <search-engine-list>
          <name>baidu3</name>
          <hostname>tieba\.baidu\.com</hostname>
          <url>^\/f\?</url>
          <query>kw=</query>
        </search-engine-list>
        <search-engine-list>
          <name>bing</name>
          <hostname>www\.bing\.com</hostname>
          <url>^(\/images|\/videos)?(\/search|\/async|\/asyncv2)\?</url>
          <query>q=</query>
          <safesearch>url</safesearch>
          <safesearch-str>&amp;adlt=strict</safesearch-str>
        </search-engine-list>
        <search-engine-list>
          <name>google</name>
          <hostname>.*\.google\..*</hostname>
          <url>^\/((custom|search|images|videosearch|webhp)\?)</url>
          <query>q=</query>
          <safesearch>url</safesearch>
          <safesearch-str>&amp;safe=active</safesearch-str>
        </search-engine-list>
        <search-engine-list>
          <name>yahoo</name>
          <hostname>.*\.yahoo\..*</hostname>
          <url>^\/search(\/video|\/images){0,1}(\?|;)</url>
          <query>p=</query>
          <safesearch>url</safesearch>
          <safesearch-str>&amp;vm=r</safesearch-str>
        </search-engine-list>
        <search-engine-list>
          <name>yandex</name>
          <hostname>yandex\..*</hostname>
          <url>^\/(yand|images\/|video\/)(search)\?</url>
          <query>text=</query>
          <safesearch>url</safesearch>
          <safesearch-str>&amp;family=yes</safesearch-str>
        </search-engine-list>
        <search-engine-list>
Highlighted
Cisco Employee

Hi Maikel,

I am not sure that there is a way to get around this in the template itself due to the way the the character string '::' in XML is parsed.

One way to get around this is to wrap this in a service and add an additional leaf to your service with the default set.  Then you can refer to this part of the yang service model in your template.  This can include the '::' sequence.

-Johan

Highlighted

Hi Kurt,

Thanks for the reply!

What we try to do is keeping NSO in sync with the fortigate devices and delete the not needed configurations. So in this case there will be two templates. the first template will include everything the Fortigate deploys by itself to keep NSO in sync with the firewall. The second template will be the same as the first one, but deleted some defaults in there.

If i understand it correctly in your example we should create a service which we use to refer and deploy the configurations. How would we be able to delete the not needed configurations? The problem for us is that we first need to add all the config in NSO before we can delete this, otherwise NSO is not deleting it because it thinks it's not created by NSO.

Highlighted

Hi Maikel,

Have you tried to "sync-from" the device back to NSO?  Any out-of-band changes made to the device should be brought back into NSO.  Note that this could have an impact on existing services that NSO has already deployed - in which case you could redeploy the existing services to confirm that they are still deployed correctly.

Highlighted

Yes we did a sync-from, and saw that NSO tried to delete the self configured device configuration. The trick to add them correctly into the xml for us is adding them with the Python code.

Since the device config is very big, the sync-from takes to long to do this every time we change something in there. That is why we want to create the config in NSO ourselves.

View solution in original post

Content for Community-Ad
Cisco Community August2020 Spotlight Award Winners