Versions Compared

Old Version 1

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 2

changes.mady.by.user Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Scripts: Used for automation tasks across numerous devices across the network, which execute Command Line Interface commands on network devices. You can write scripts in Infoblox’s proprietary CCS language, Perl, or in Python, using the standard Perl and Python API.
  • Jobs: These are scheduled instances of scripts that run against selected devices or device groups. You can also use end-user credentials for specific jobs.
  • Custom issues: These scripts can raise to point out conditions discovered during script processing. See the section Creating Custom Evaluating Issues in NetMRI for more information on custom issues and their use in jobs.

...

Job scripting implementation is done through the NetMRI Job Wizard. Substantial planning and preparation may be needed before implementing jobs.

...

Automation Change Manager (ACM)

...

...

The Automation Change Manager (ACM) uses NetMRI scripts and other job automation features to enable the Automation Tasks feature set in the Infoblox NIOSTM Dashboard. You add a NetMRI appliance into an Infoblox Grid network to enable the Automation Change Manager functionality. With the proper licensing installed on both the NetMRI appliance and Anchorbookmark564bookmark564 the Infoblox grid master, the ACM automation tasks enable the performance of the following tasks with a few mouse clicks:

...

Automation Change Manager leverages NetMRI's job automation scripts to expand the functionality of the Infoblox NIOS Tasks Dashboard. Numerous NetMRI job features, including lists and job triggers, Anchorbookmark565bookmark565 support the ACM functionality. The following topics describe the elements used to build the ACM system.

...

...

Creating and Scheduling Jobs

...

A job schedules a script to run against selected devices. You schedule jobs to run once or on a regular basis, at times Anchorbookmark569bookmark569 you  you specify. Create and manage scheduled jobs at Config Management –> Job Management –> Scheduled Jobs tab.To run a script as a job immediately, see the section Running Scripts Immediately later in this topic.

You can import existing scripts using the Import icon on the Scripts tab. When you do so, ensure that your script uses the UTF-8 encoding.

Different account roles allow separately authoring, approving, scheduling, or executing jobs (i.e. scripts) of the specific risk level. For more information, see Understanding Users and Roles Creating Admin and User Accounts.

To create and schedule a new Job, perform the following:

  1. At the top right of the page, click New. The Fill Out Job Details Wizard opens.
  2. Enter a Job Name.
    Click the Approved option if your user account allows it. (A job cannot be scheduled until approved. Another admin account may need to approve the scheduled job.)
  3. Type a Job Description of the job.

...

titleNote

...

  1.  Bulk push mode is supported only on Juniper and Cisco devices. Cisco downloads via TFTP, and Juniper configs download via the HTTP protocol.

...

  1. Choose a job script or template from Scripts or Templates (selectable by tabs). If required by the script or template, enter data and/or select options. Any variables defined in the script will appear in a list to the right.

...

  1. Choose the Push Mode option: Line by Line, Bulk, or Text File. This determines the method by which the config file is written to devices that are part of the job.

...

  1. For Push Mode, choosing Line by Line sets the template config sequence to be pushed to the device involved in the Job, one line at a time. Pushed in Bulk, the entire configuration is staged in NetMRI and then downloaded to the device.

...

  1. If any non-Cisco/Juniper device is part of the device group selected for the job, the job will revert to Line by Line mode.

...

  1. After choosing a script or template from their respective lists, you may see one or more input values that are required

...

  1.  as a part of the job. Templates may furnish default values, or you can enter desired values in the defined fields.

...

  1. When finished, click Next.

...

  1.  If custom fields are defined for jobs, you will see the Fill out Custom Information screen. If none are defined, proceed to Step 7 below.

...

  1. Fill in any other data associated with the job.

...

  1. Click Next. The Select Device Groups or Devices page appears.
  2. Click device groups and/or devices and click the –> icon to add the group to the right pane of the page.

...

  1. Click Next. The Schedule when Job should run page appears.
  2. Specify the schedule for the job, including the Recurrence Pattern (Once, Hourly, Daily, Weekly, or Monthly), and the Execution Time (specify in half-hour

...

  1. increments). The selected Recurrence Pattern determines additional schedule settings based on the selection.

...

  1. Click Next. The Enter User CLI Credentials page appears, for cases when user account CLI credentials are required for the job. If not, proceed to

...

  1. the next step.

...

  1. Choose Use the requester's stored CLI credentials, or Use the approver's stored CLI credentials.

...

  1. Or, choose Use these CLI credentials and enter and verify the Username and Password values and the equipment-associated Enable Password required for the account.

...

  1. Click Next.
  2. In the Review and save screen, review the job specifications. If changes are needed, click the < Previous button to return to an earlier screen.

...

  1. Click Save.

Once a job is listed in the table, you can check its Status, Last Run, and Result in the Job History tab.

Note
titleNote

Creating a job produces a new instance of the specified script or template, and inserts into that instance a Script-Schedule line containing schedule details.

...

  1. In the Actions column, click the icon and choose Edit from the menu. The Job Wizard opens to the Summary of Job screen.
  2. Click Edit. The Fill out Job Details screen appears.
  3. Edit the job as needed. Use the Next –> and <– Previous buttons to navigate the wizard.
  4. Navigate to the Review and Save screen, and then click Save Anchorbookmark572bookmark572.

To delete a job, click Delete, then confirm the deletion.

...

Running Scripts Immediately

To run a script as a job immediately, perform the following:

  1. Go to Config Management –> Job Management –> Scripts tab.
  2. Hover the mouse over the Action menu for your desired script, and choose Run Now from the Action menu.
    The Script Run Now window appears. You can choose to run a script (the default) or a template as a job. Templates support a push mode; scripts do not.
  3. If any input is required by the selected script, enter it in the right panel and click Next. (Note that in this step, the selected script is highlighted in the left pane of the window, listed with all other scripts in the library.)
  4. If you have custom fields for data entry, add that information and click Next. If not, simply click Next.
  5. Select the Device Groups or Devices to run the job against from their respective tabs and click the (–>) button to add them to the job, and then click Next.
    Click the -> and <- buttons to navigate pages of the Device Groups and Devices lists.
    In the Devices list, use the Device Groups drop-down menu to choose the device group for device selection.
    In the Devices list, use the Search box and type in a string of any length to search for a device name or an IP address. You can also search by the values shown in the Network View field.
  6. On the Review and Run page, review your settings. If necessary, use the <- Previous button to return to previous steps to make changes. When you are finished, click Run Now to begin the script or template execution.

...

Working with Configuration Templates

If you plan to work with categories of Cisco and Juniper switches and Anchorbookmark577bookmark577 routers that are not part of the Automation Change Manager set, you create a new "canned" IOS or JunOS template on the Configurations Templates Anchorbookmark576bookmark576 pageTemplates page. This is the foundational tool for adding device types to the Automation Change Manager (ACM).

...

Should a Configuration Template be used to provision a Bare Metal Device, the name of the Config Template in NetMRI must be the same as for a corresponding List in Job Management. For example, a cisco_catalyst37xxstack configuration template appears in the Config Template page when the NetMRI appliance is enabled for the Automation Anchorbookmark578bookmark578 Change  Change Manager. The sample Cisco Catalyst 37xx IOS template reads as follows (edited to remove extra line feeds):

...

To create a new template, perform the following:

Image Modified

  1. At the top right of the page, click New. The Config File Template dialog appears.
  2. Enter a Name for the template.
  3. Choose the Vendor and Device Type.
  4. Enter the Model and Version.
  5. Enter any Template Variables required for the new Config File Template. Consult the other Config Templates if you need examples.
  6. Paste or write any configuration file text that is required for the template.
  7. Click Save & Close.

...

  1. At the top right of the page, click Import.
  2. Enter the path and file name, or click Browse... to locate the file. Image Removed
  3. Click Import.

Image Added

To export the entire table of templates from the Config Template page, perform the following:

  1. At the top right of the page, click CSV Export. A dialog box appears, requesting "Do you want to open or save this file?" If you have Excel or another CSV file-compatible Image Removed
    spreadsheet program, you can immediately open the complete table of templates by simply clicking Open.
  2. To save the table data as a new CSV-format file, click Save.
  3. Click Save in the Save As dialog box after browsing folder paths and defining the file name. (Procedures may vary slightly based on the operating system.)Image Added

NetMRI does not export the templates — the table listing all the templates is exported to an externally readable file.

...

To delete a template, click Delete, and then confirm the deletion.

...

Creating New Jobs From Config Templates


Note
titleNote

Config templates also offer the ability to generate a text-based configuration file to enable configuration of an undiscovered device or devices of the same type. This feature provides an alternative path to configuring bare metal devices instead of using NetMRI's Bare Metal Provisioning feature. See the subsection Downloading a Config Template for more information.

...

To create a new Job from an existing config template, do the following:

  1. Action Schedule or Run Now from the menu. The Job Wizard appe Anchorbookmark581bookmark581ars appears, showing the Fill Out Job Details page.
    The Fill Out Job Details page differs based on whether you wish to immediately run the job (Run Now) or to schedule it for a later occasion.
  2. Enter a Name and Job Description for the new job.
  3. Choose the Push Mode option: Line by Line, Bulk, or Text File. This determines the method by which the config file is written to devices that are part of the job.
    For Push Mode, choosing Line by Line sets the template config sequence to be pushed to the device involved in the Job, one line at a time; pushed in Bulk, the entire configuration is staged in NetMRI and then downloaded to the device.
    (Available only when you choose the Run Now menu option.) Choosing the Text File option runs the template job and sends its output to a text file, which is uploaded to the management computer. See the subsection Downloading a Config Template for more information.

...

titleNote

...

  1.  If any non-Cisco/Juniper device is part of the device group selected for the job, the job will revert to Line by Line mode.

...

  1. Click the Templates tab, and select the template that will execute as part of the Job. Enter any required input values.

...

  1. If this job requires approval and you have the permissions to do so, click the Approved check box. Otherwise, leave it blank for admin account approval.

...

  1. At the bottom of the page, click Next.

...

  1. Choose the Devices or Device Groups to be part of the new Job, and click Next.

...

  1. Choose the Recurrence Pattern (Once, Hourly, Daily, Weekly, or Monthly) and the Execution Time (which is specified in half-hour increments). The chosen Recurrence Pattern determines additional schedule settings based on the selection.

...

  1. Click Next.

...

  1. (Optional) Enter the admin account's CLI credentials, or choose the options for Use the requester's stored CLI credentials or Use the approver's stored CLI credentials as needed. Click Next.

...

  1. On the Review and Run page of the Template Run Now wizard, review the steps taken for the

...

  1. job.
    • Review the Inputs field to ensure that all necessary input values have variables or data entries assigned to them through the template.
    • Check the Devices field to make sure the correct devices are listed for the job.

...

  1. (Line by Line or Bulk Mode only) Click Run Now if all settings are correct.

Once the new Job is ready and your changes are saved, you click Run Now to execute the template Job.

...

job.

Downloading a Config Template

To download a device configuration file from a config template for use in the configuration of an undiscovered network device, for editing, or for other purposes, perform the following:

...

When the Push Mode is for a text file, the Job does not execute against a device itself; instead, the configuration is downloaded from the template with the variables or value modifications added. You can then use the template to hand-configure the intended device.

...

About Template Variables

The Config File Template window (Config Management –> Job Management –> Config Templates –> New) provides a Template Variables field as part of creating a template. As previously noted, variables are optional in template definition, but knowing their format is useful.
Defining variables for config templates uses the same format as for script variables, in which three entries are provided for each vari

Anchor
bookmark584
bookmark584
able (the variable name, input type and input format) in the Template Variables field. A simple example is given below:

...

Note
titleNote

Scripts use a standard variable called eval_type. This variable is not used in configuration templates.

Otherwise, template variables are treated in the same fashion as defined in the CCS Supplement PDF, provided under the Additional Documentation section of the online Help.

...

Defining Lists for ACM, Perl, Python, and CCS Script Reference

Lists are a key component in the Automation Change Manager (ACM) feature set. The Lists page (Config Management  –> Job Management –> Lists) allows the creation, editing, importing, and exporting of lists to provide external lists of data to Perl/Python script variables, CCS script variables, and configuration template variables. 

...

  • ACM Allowed DHCP Servers – List of any DHCP servers in the enterprise network, that are not to be included in any Rogue DHCP server reports. Defines to NetMRI and to the NIOS system that "these are the established DHCP servers in the network; do not report against these devices." Any router or other device that is not on this list, which offers DHCP-based IP configuration to clients connecting to the network will cause an issue to be fired by the Automation Change Manager.
  • ACM BMP Device Provisioning – Bare Metal Provisioning list, to identify each switch to be provisioned. New switches are identified by their MAC address, the management IP address and site settings, including a Site Settings Name which corresponds to a name in the ACM BMP Site Settings list. The MAC address is the hardware MAC address assigned to the device coming out of the factory, and which is usually stamped on the rear of the chassis or on the shipping
    Anchor
    bookmark590
    bookmark590
    box for the device. (This list is used in the topic Checklist for Running The Automation Change Manager System .)
  • ACM BMP Site Settings – Bare Metal Provisioning list to define the default switch port configuration. Consider it a branch office list–to contain the standardized configuration templates for any new devices installed in a given branch office network. This list defines values such as the Management VLAN ID and its VLAN name, the port designated for management VLAN traffic, the domain name, Syslog and Network Time Protocol server information, and VLANs on the provisioned device to be configured on individual access ports or ranges of access ports (VLAN1 Ports and VLAN2 Ports). (This list is used in the topic Checklist for Running The Automation Change Manager System .)
  • ACM BMP Switch Model Interface Defs – Bare Metal Provisioning list defining the interfaces for the device types expected to be provisioned through the job. If the switch model to be provisioned is already in this table, no further information is needed here. The entries follow the standard slot/port designator formats for Cisco and Juniper devices such as Cisco 2950 and 3750 switches and Juniper EX2200 switches. You may need to create your own definitions within this list (or even new lists) to match switch port designators for provisioning other device types. (This list is used in the topic Checklist for Running The Automation Change Manager System .)
  • ACM Script Settings – Defines the VLAN to which any rogue DHCP server, detected and isolated on the network, is placed for remedial action. By default, when this task executes, the isolation VLAN is defined as VLAN 99.

...

Note: An example of a triggering event is: NetMRI discovers a new Cisco switch on the network. This event is embodied in a bit of data called a Trigger Source, which defines the nature of the event. Also see the following topic, Automation Change Manager (ACM) Triggering Sources , for more detail.

...

As part of triggered job definition, you specify the triggering event, the time periods over which

Anchor
bookmark598
bookmark598
 you would like this trigger to be active, and the device and interface groups to whose members the trigger applies.
For triggering events, a job's settings, such as script and variable input, define a template for new jobs to perform remedial actions, gather further information from the device, and other actions. The triggered job runs once per affected device, when NetMRI detects an issue or policy rule violation on that device. If the condition clears, and subsequently occurs again, the triggered job runs again.

...

  • Set the NIOS DHCP appliances to serve DHCP Options 66 for Cisco devices and DHCP Option 68 for Juniper devices. Each setting, if used, also requires entry of the IP address for NetMRI. This is further described in the topic Notes on DHCP Configuration for ACM Operation ;
  • Set the NetMRI inactivity timeout (60 minutes by default; In NetMRI, go to Settings icon –>Setup –> Advanced Settings –> User Interface category –> Inactivity Timer), and set this value to a higher time duration than for any NIOS system (in NIOS, go to Grid –> Grid Properties);
  • Register the NetMRI appliance with NIOS, with or without a certificate for secure HTTPS communication (for information, see ACM Registration and Certificate Usage Between NetMRI and NIOS);
  • Obtain the factory MAC address for each of the new devices to be installed into the network, plus the initial IP address to be assigned to the devices;
  • The admin account running ACM jobs on NIOS, and performing ACM setup on the NetMRI system, must be properly defined on both systems. The user name must be the same on both systems. Access privileges must be equivalent on both sides of the configuration; the account Roles/Privileges defined in NetMRI determine the ACM features to which the user has access in NIOS;

...

Note: The ACM system supports single sign-on between the NIOS and NetMRI appliances When you sign on to one appliance in ACM, the other appliance automatically recognizes the login. For information, see Creating a Single-Sign-On Admin Account.

...

  • Set the admin accounts to be notified when ACM Issues and events pop up. The best location to view event information is the Task Viewer in NIOS' Automation Tasks Dashboard. Triggering issues and events are reported on NetMRI's main Issues page in Network Analysis –> Issues. Additional configuration may be needed to ensure notifications are sent to the right people.
    You may need to define NetMRI Issue notifications in the Settings icon –> Notifications section –> Subscriptions page. Notifications are sent in three ways: Syslog messages, e-mail and SNMP traps. For information, see Managing Issue Notifications , and Defining a Job Notification for specific configuration.
  • All NIOS appliances running DHCP services must be configured to forward Syslog messages to NetMRI. This ensures the Automation Change Manager detects the correct events for triggering jobs (you perform this task in the topic Deployment for Bare Metal Provisioning, Pt. 1 ;
  • Activate a TFTP server with configuration stub files and full configuration files for the device types to be supported. NetMRI has a built-in TFTP server that is always running by default and is accessible by the same methods as any TFTP server. For information, see Notes on TFTP Service for ACM Operation .

Anchor
Creating a Single-Sign-On Admin Account
Creating a Single-Sign-On Admin Account
Anchor
bookmark603
bookmark603
Creating a Single-Sign-On Admin Account

...

If the discovered device/end host is found to be running a DHCP server, NetMRI raises a Rogue DHCP Server Detected issue and a series of events takes place, further described in the topic Activating Rogue DHCP Server Remediation.
NIOS DHCP configuration intuitively supports custom DHCP options, which follow the RFC 2132 guidelines. DHCP configuration settings can quickly apply across the entire NIOS grid (in NIOS, Grid Manager –> DHCP –> Grid DHCP Properties), or to a specific DHCP range on a specific member. The same guideline applies if NetMRI operates with a standalone NIOS appliance running the DHCP service in the network. You can also create new DHCP ranges

Anchor
bookmark606
bookmark606
on any NIOS appliance running DHCP, to support Cisco and Juniper DHCP options for ACM bare-metal provisioning.
For Cisco:

...

A sample Juniper file is in the topic Sample Juniper router.conf File.

If the administrator wants to deviate from the autoconfig string (i.e. for hostname, community string and/or CLI credentials), the following holds true:

...

  1. Ensure the DHCP Options configuration is defined for all NIOS DHCP servers/DHCP ranges that will inter-operate with the Automation Change Manager. For more information, See Notes on DHCP Configuration for ACM Operation .
  2. Configure the NIOS appliance to forward Syslog notifications to NetMRI; on the NIOS appliance, choose Grid –> Grid Manager –> Members –> Grid Properties. Choose UDP as the transport protocol.
  3. Ensure the NIOS appliance is running the NTP protocol:
    1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box.
    2. Expand the Toolbar and click NTP -> NTP Member Config. If the Enable this Member as an NTP Server checkbox is enabled, nothing else needs to be done and you continue to Step 4.
  4. Ensure the TFTP server is up and running with the desired initial configuration files ready for download, and reachable within the network. For more information, see Notes on TFTP Service for ACM Operation .
  5. The required admin user accounts should receive the appropriate notifications when Bare Metal Provisioning jobs occur. Consult the topic Defining a Job Notification for more information.
  6. Ensure that the proper license is installed in the NetMRI appliance by going to Settings icon –>Setup –> Settings Summary; check the Module Settings list. Automation Change Manager should read Enabled. (If necessary, also ensure the proper license is already installed in the NIOS system.)
  7. Register NetMRI with the NIOS system. This is done in NIOS through the following:
    1. From the Dashboards tab, select the Tasks tab.
    2. In the Automation Tasks pane, click the down arrow gadget and select ACM Registration.
    3. Under ACM Settings, do the following:
      1. Enter the IP address or resolved host name of the Automation Change Manager system supporting the Automation task pack.

...

14. Continue to the following topic, Deployment for Bare Metal Provisioning, Pt. 2

Anchor
Deployment for Bare Metal Provisioning,
Deployment for Bare Metal Provisioning,
Anchor
bookmark613
bookmark613
Deployment for Bare Metal Provisioning, Pt. 2

...

  1. If you plan to create any new config templates for different device models beyond the models built in to the Automation Change Manager release, do so now. Note that the set of variables defined in the config templates are fixed. They are set by the values in the columns in the TAE BMP Device Provisioning list or from the TAE BMP Site Settings list. For more information, see Working with Configuration Templates .
  2. In the TAE BMP Switch Model Interface Defs list: If the switch model to be provisioned is already in the table, no information needs to be entered about interface configuration. If you have new model information, add the Vendor Model Key value and interfaces values for the new device types from Juniper or Cisco. Click Save when done.

...

7. Click the Settings icon for the Bare Metal Provisioning task. The NetMRI instance appears in a new browser tab, displaying the Job History page. You track job execution here or in the NIOS Task Dashboard's Task Viewer. For information, see Viewing the Job History and the Job Viewer.

Perl Scripts for Bare Metal Provisioning

A number of read-only scripts are included in the licensed Automation Change Manager package. The Provision Bare Metal Device script is referenced by the Provision Bare Metal Device triggered job. For information, see Triggering Jobs Through Events. This script runs whenever the template job is invoked by NetMRI's detection of a new network device. Explore this NetMRI page for more script examples that can provide ideas for development.

...

The Rogue DHCP Server Remediation automated task does not provide NIOS-based settings; configuration for this task is done in the NetMRI user interface. The task is triggered by detection of a network device requiring remediation.

As noted in the Triggering Jobs Through Events topic, two Triggered Jobs are associated with rogue DHCP remediation:

...

To enable the NetMRI-to-NIOS communication, you also define the NIOS administrator User ID and password that NetMRI will use to check the configuration in NIOS. If this is not yet in place, see Creating a Single-Sign-On Admin Account.

Rogue DHCP Triggering Events

...

  1. The upstream switch port from which the DHCP messages originated is found, and that upstream port has only a single downstream MAC address connected to it. This downstream MAC address is the culprit.
  2. A Rogue DHCP Server Located Issue displays in NetMRI's main Issues table (Network Analysis –> Issues) and in the NIOS Task Viewer. Then, after approval, the Isolate Rogue DHCP Server task activates.
    Click the Issue name in the Title column; the Issue Viewer appears in a separate browser window. Details of the issue are substantial, including the specific Device IP address, the device MAC and type, the identity of the upstream switch and the upstream interface, and the Last Seen timestamp.
    Any previously configured notifications will arrive at the admin's Inbox or through other channels.
  3. Go to the NIOS system and open the Tasks Dashboard.
  4. Click the Settings icon for the Rogue DHCP Server Remediation task. The NetMRI instance appears in a new browser tab, displaying the Job History page. This is where you track job execution in NetMRI. (For information, see Viewing the Job History and the Job Viewer ). The page lists the Locate and Isolate jobs and their results. You can also open the Task Viewer in the NIOS Task Dashboard.

...

  • The Details tab provides detailed information about the selected job, including start and end times for the job, the current Job status, and the IP addresses and names for any devices against which the job runs.
    To view job details for a device: Click the hyperlink in the Status column. The Job Details Viewers opens for the chosen job, automatically displaying the Process Log for the selected job (see Viewing Job Details for more information).
    Click the hyperlink in the IP Address column. The Device Viewer appears for the device associated with the chosen IP address (see Inspecting Devices in the Network for more details).

...