Solved: Re: can we use NSO device template functionality to remove/update configurations as well

rt228x001 · ‎04-23-2019

Hi,

We are trying to utilize NSO for template updates to devices over at my work. And i am trying to see the feasibility of our needs. We need to be able to update/remove configurations in devices as per what is in the template. for now we intend to create a baseline template( consisting of Ntp, snmp, banners, Security ACLs.. etc). utilizing device templates functionality of NSO.

We also want to be able to update our devices to the template. But while testing. i found NSO device template will updates the existing configuration, but will not remove the existing configuration from that section of configuration.

Example existing config in a ASR9k

RP/0/RSP0/CPU0:usxyz-asr9k01-lab#show configuration running-config ntp
ntp
authenticate
server vrf management 10.11.a.b
server vrf management 10.44.a.c prefer
source MgmtEth0/RSP0/CPU0/1
!

root@ncs# show running-config devices template asr9k_ntp_template
devices template asr9k_ntp_template
config
cisco-ios-xr:ntp server vrf management
server-list 10.180.x.x
!
server-list 10.180.x.y
prefer
!
server-list 10.161.x.z
!
!
cisco-ios-xr:ntp access-group peer NTP-ACL
vrf management
version ipv4
!
cisco-ios-xr:ntp update-calendar
!
!

---

when applying the ntp template, it will push out the configurations from the device templates. But it wont remove configurations not part of the template. the devices will still have unwanted configs. For example: 10.11.a.b ntp server will still be left in the devices. Is there a way to apply the device templates to fully overwrite and remove a section of configs?

Also tested another scenario: Devices have configurations applied via NSO device template functionality and we need to remove some configurations.
I tested this scenario by updating the template by removing some ntp servers for testing(the devices had the template config applied prior). And did apply-template to devices. But the devices still have configuration of old ntp servers. Is there a functionality in device template that will remove the configs from devices as well when we update template?

gschudel · ‎04-24-2019

Hi

yes you can modify the behavior of device-template interactions w/ devices.

If you look in the documentation :: e.g. "NSO 4.7.3.2 Getting Started Guide" on Chapter 3 - NSO Basics

and page 19 where it describes "Device Templates" you will find a discussion about "tags"...

Tags are very important to XML and control its behavior. NSO templates assume tags="merge" as the default behavior.

from the document

"""

Another important question is how to control if the template shall merge the list or replace the list. This is managed via "tags". The default behavior of templates is to merge the configuration. Tags can be inserted at any point in the template. Tag values are merge, replace, delete, create and nocreate.

"""

and later...

"""

Any existing values in the list are replaced in this case. The following tags are available:
* merge (default): the template changes will be merged with the existing template
* replace: the template configuration will be replaced by the new configuration
* create: the template will create those nodes which does not exist. If a node already exists this will
result in an error.
* nocreate: the merge will only affect configuration items that already exist in the template. It will never create the configuration with this tag, or any associated commands inside it. It will only modify existing configuration structures.
* delete: delete anything from this point

"""

What you want is (if i understand your question) is to wrap the ntp section with tags="replace" for that entire section. Be sure to give all the relevant NTP servers (I assume you are also using variable substitution in your device-template).

this will then ensure that _THESE_ and ONLY THESE ntp servers exist on the device. (if there are extra ones they will be remove; if there are missing ones they will be added).

How do you add these tags? The documentation also describes how to add them from NSO CLI, but personally, i find it cumbersome to work this way - so - i typically save the device-template as an XML file, then edit the file (with vi for example), or your favorite editor), and then "load merge" the edited file to replace the old one...

to save it you can "pipe" the file

show xxxxx | display xml | save foofile.xml

then edit foofile.xml, add your tag, and then load-merge the file

you'll probably end up with something like...

<config>
<ntp xmlns="http://tail-f.com/ned/cisco-ios-xr">
<server tags="replace">
<server-list>

etc.

best,

gregg

View solution in original post

gschudel · ‎04-24-2019

Hi

yes you can modify the behavior of device-template interactions w/ devices.

If you look in the documentation :: e.g. "NSO 4.7.3.2 Getting Started Guide" on Chapter 3 - NSO Basics

and page 19 where it describes "Device Templates" you will find a discussion about "tags"...

Tags are very important to XML and control its behavior. NSO templates assume tags="merge" as the default behavior.

from the document

"""

Another important question is how to control if the template shall merge the list or replace the list. This is managed via "tags". The default behavior of templates is to merge the configuration. Tags can be inserted at any point in the template. Tag values are merge, replace, delete, create and nocreate.

"""

and later...

"""

Any existing values in the list are replaced in this case. The following tags are available:
* merge (default): the template changes will be merged with the existing template
* replace: the template configuration will be replaced by the new configuration
* create: the template will create those nodes which does not exist. If a node already exists this will
result in an error.
* nocreate: the merge will only affect configuration items that already exist in the template. It will never create the configuration with this tag, or any associated commands inside it. It will only modify existing configuration structures.
* delete: delete anything from this point

"""

What you want is (if i understand your question) is to wrap the ntp section with tags="replace" for that entire section. Be sure to give all the relevant NTP servers (I assume you are also using variable substitution in your device-template).

this will then ensure that _THESE_ and ONLY THESE ntp servers exist on the device. (if there are extra ones they will be remove; if there are missing ones they will be added).

How do you add these tags? The documentation also describes how to add them from NSO CLI, but personally, i find it cumbersome to work this way - so - i typically save the device-template as an XML file, then edit the file (with vi for example), or your favorite editor), and then "load merge" the edited file to replace the old one...

to save it you can "pipe" the file

show xxxxx | display xml | save foofile.xml

then edit foofile.xml, add your tag, and then load-merge the file

you'll probably end up with something like...

<config>
<ntp xmlns="http://tail-f.com/ned/cisco-ios-xr">
<server tags="replace">
<server-list>

etc.

best,

gregg

rt228x001 · ‎04-26-2019

Thank you so much gregg for the detail answer!

that answers everything plus being able to load and merge the xml device template makes it even more easier!!

one more question though. Is there a place where device templates are stored similar to services in packages directory?

-Rasil

gschudel · ‎04-26-2019

cool!

regarding storing templates...

my colleagues may have guidance here as well, but "no" no formal place in NSO - you can make a directory and just be sure it's part of your tools-chain (regression/revision/etc.) -- but not in the ./packages dir :)