Solved: Re: NSO 5.3.2.1 - <template> XML processing instruction target threshold size reached

JimBoucher · ‎07-08-2020

Hi, This error does not happen on NSO 5.2.0.3 nor on NSO 5.3.1.1 but it does happen on NSO 5.3.2.1.

I have a fairly large template that has to deal with many different profile types so it is long but quite flat in structure. The ncs.log shows me this:

<DEBUG> 8-Jul-2020::15:39:22.554 sv69536 ncs[26187]: - Failed to load file ./state/packages-in-use/1/slf-loadbalancers/templates/slf-lb-profiles.xml: slf-lb-profiles.xml:365: XML processing instruction target threshold size reached

Am I correct in interpreting this as "Your template is too big"? If I'm correct, is there a way to get around this other than chop up my template?

Thanks,

Jim

rogaglia · ‎07-30-2020

The fix versions are out:

NSO-5.3.2.3 [July 27, 2020]
===========================
Corrections:

- ncs: The allowed XML processing instructions length can now be
configured via
/ncs-config/parser-limits/max-processing-instruction-length. The default
length is 32kB.

View solution in original post

hhyq1975 · ‎07-09-2020

Hi

I have some issue in 5.3.2.1 The package works in 5.3 and 5.3.1.2

it's a small xml file.

admin@ncs> show packages package zte oper-status

oper-status file-load-error

oper-status error-info "[zte-plan-set-af.xml:20: XML processing instruction target threshold size reached], [zte-plan-set-ipv6-af.xml:20: XML processing instruction target threshold size reached], [zte-plan-set-ipv4-af.xml:20: XML processing instruction target threshold size reached]"

Thank

Hao Huang

wsuetens · ‎07-10-2020

This seems to be caused by a change in NSO 5.3.2

- netconf: NETCONF now limits the accepted XML processing instruction
target length.

(ENG-22472, RT:39480, PS-34558, CSCvr89757)

TAC has received some cases revolving this. We're looking into guidelines on how to best handle this new restriction.
I'll update here when I have guidelines.

-- Cisco TAC

JimBoucher · ‎07-10-2020

I found this in ncs.conf. Is this what you are talking about? I don't see a match for processing instruction threshold. Where can I find details on how to configure this threshold?

/ncs-config/parser-limits
Parameters for limiting parsing of XML data in ConfD.

/ncs-config/parser-limits/max-tag-length (uint32 | unbounded | model) [1024]
Maximum number of bytes for tag names excluding namespace prefix.

/ncs-config/parser-limits/max-attribute-length (uint32 | unbounded | model) [1024]
Maximum number of bytes for attribute names including namespace prefix.

/ncs-config/parser-limits/max-attribute-value-length (uint32 | unbounded) [unbounded]
Maximum number of bytes for attribute values in escaped form.

/ncs-config/parser-limits/max-attribute-count (uint32 | unbounded | model) [64]
Maximum number of attributes on a single tag.

/ncs-config/parser-limits/max-xmlns-prefix-length (uint32 | unbounded) [1024]
Maximum number of bytes for xmlns prefix.

/ncs-config/parser-limits/max-xmlns-valueLength (uint32 | unbounded | model) [1024]
Maximum number of bytes for a namespace value in escaped form.

/ncs-config/parser-limits/max-xmlns-count (uint32 | unbounded) [1024]
Maximum number of xmlns declarations on a single tag.

/ncs-config/parser-limits/max-data-length (uint32 | unbounded) [unbounded]
Maximum number of bytes of continuous data.

wsuetens · ‎07-10-2020

Hi Jim

I don't believe there are any settings available currently to allow us to modify the threshhold. The developers are looking into the limitations caused by this change.

We'll make sure to let you know the results. We understand that this has invalidated some of the more complex service templates you're using. I doubt restricting those templates was intended but I shouldn't speculate.

I'll make sure to update here when there's more info. For now we may be restricted to versions before NSO 5.3.2 for these services.

Regards,

Wouter

vleijon · ‎07-10-2020

Note that this is related to processing instructions such as ?for?, sometimes you can re-factor your code to make those sections smaller.

JimBoucher · ‎07-14-2020

Thanks, but at this point, I think this is a bug and hope to see a fix before we move to 5.3.x. We are waiting for another fix for 5.3.3. Can you have this fixed for that release? I say it is a bug, perhaps incorrectly, as this is an undocumented,unconfigurable limitation in templates that ties to a piece of Northbound NETCONF Interface functionality. Am I misunderstanding this?

vleijon · ‎07-14-2020

You will have to contact TAC to get delivery commitments, but I can see that there is an internal ticket that is being worked on.

I would agree that it is unconfigurable limitation. It is a consequence of ENG-22472 that was a security fix (see the CHANGES file).

wsuetens · ‎07-20-2020

A new setting will be added to NSO to allow users to set the threshold.

/ncs-config/parser-limits/max-processing-instruction-length

This setting will be included in following releases

* nso-5.1.5
* nso-5.2.4
* nso-5.3.3
* nso-5.4.1
* nso-5.5

For some NSO versions, patches will be developed to get this change out even sooner.
Current patches available, adding this setting:
5.4.0.1
5.3.2.3

There are plans for patches in other versions. Will update here when one releases.

rogaglia · ‎07-30-2020

The fix versions are out:

NSO-5.3.2.3 [July 27, 2020]
===========================
Corrections:

- ncs: The allowed XML processing instructions length can now be
configured via
/ncs-config/parser-limits/max-processing-instruction-length. The default
length is 32kB.

JimBoucher · ‎07-31-2020

I just tried NSO 5.3.2.3 and set the following in ncs.conf.

+ <parser-limits>
+ <max-processing-instruction-length>65536</max-processing-instruction-length>
+ </parser-limits>

Works Great!

Thanks,

Jim