Standard configurations are an important part of Network Management. Ensuring that our baseline configuration elements such as NTP, SNMP, Banners, TACACS and Services adhere to our defined best practices, we must use tools to automate and check for compliance against these standards. In this blog post, I will breifly outline how rConfigs Snippet feature can aid in the automated delivery of standard configurations. I will write another post soon on how we can use the Compliance feature to ensure our standards are configured correctly on our network devices.
Lets start by creating a configuration snippet:
Go ahead, and fill out a Snippet Name and Description. My advice is to make it meaningful and concise. You are best advised to be very specific in your Snippet creation. For example, do not create a Snippet that will encompass all of your standard config such as SNMP, TACACS and NTP, but instead try to create a snippet for each. Of course, nothing is stopping you from creating a snippet that contains all of your standard configuration. I just wouldn't :)
Looking at the example above, let me describe the configuration in detail;
1. Assuming this is a device that requires a command for Configuration Mode, our first line is "conf t". The reason is that when rConfig logs into a device it is likely to be in "exec" mode, and thus requires this command for elevate configuration privileges.
2. The next two lines are NTP commands, and the functional part of the configuration where we set our NTP standards. You only need to hit "enter" on your keyboard to define the next line in the configuration.
3. You should build your snippet as you would if you were manually configuring a device. It is best practice to escape out to "exec" mode after functional config has been delivered, in this case we use the "end" command, and then save the configuration. Here we use "wr mem". But of course, the specific commands depend on your device and code revision.
4. I would always add a few line breaks when completing a configuration manually. It will be good practice to add a few "enter"s after the final "write mem" command to ensure the whole configuration is delivered.
Great, lets save that, and it will should up in our list of available snippets. Now what?
We can do three things with Snippets.
1. Deploy them per device immediatly.
2. Deploy them to individual or multipe devices using a scheduled task
3. Build a compliance report for checking our devices configurations adhere to our standards
Here I will focus on the first two and write a post on Compliance checking later.
Our basic process here is to identify a device we want to deploy the Config Snippet to, deploy it and verify that it has deployed sucessfully. Head over to the devices tab, and click on a device you wish to configure.
Check the device is "online". Click on the "Run Config Snippet" button and a new dialog box will open.
Select the config snippet you wish to deliver. And you will see that the config snippet is loaded on the page for you to verify before you upload it to the device.
Click on the "Upload Configuration" button. You will see the output as it ws delivered to the device per below.
You can now click "Close". At this point when undertaking some testing of your new config snippet, I would always login to the device in question to verify the configuration. See below.
Great! it worked. You can also invoke a manual download from the devices page on rConfig, and read the configuration files per the screenshot below.
We can also create a Scheduled Task to deploy configuration snippets in bulk to devices on our network. There is a specific "Task Type" option when creating a Scheduled Task to deploy snippets. Lets look at the process. In the example below, we will carry out the following steps;
1. Create a Scheduled Task
2. Select the Routers Category of devices
3. Select a time to push the snippet
More often than not, we may only want to push a configuration snippet to our network devices only once. To help us acheive that goal, we should create a scheduled task, and then delete that task after it has run sucessfully to ensure it does not run at our specified intervals afterwards.
Once we click on the "Schedule Config Snippet" options, we are presented with a number of other options. Lets take a look at those options;
1. Choose "Task Type" of "Schedule Config Snippet"
2. Snippet Name: Select your previously created Snippet
3. Task Name/ Description: Same as before, please put something meaningful in these boxes. You can see I choose "NTP Routers Deployment"
4. Click to deliver an Email Report
5. Select one or many devices from the "Select Devices" box, or one/ many categories
6. Select a time and date to run the deployment. I will write another blog post on the scheduler, but hopefully this is self-explanitory for now.
7. Finally, click "Save"
You can click the "View Scheduled Task" button to view the task details. Now, at this point we have two choices, we can wait for the task to execute, or we can execute it ourselves manually. To execute a scheduled task manually follow the instructions below.
1. Get your task ID per below.
2. SSH to your rConfig shell, and verify the CRON job has been installed by running this command; "sudo -u apache crontab -l" (the -l is a small caps L and not a captical i)
3. Lets run the command as presented in the CRON job that matches our Task ID. In our case it will be "php /home/rconfig/lib/configCategoryScript.php 937868". Note we excluded tha CRON Timeer text "0 0 * * 5". Note: you can add the "true" keyword to the end of the command for a more verbose output. See more information on that here; http://www.rconfig.com/rconfig-support/knowledge-base/39-troubleshooting-showcmdscript-php-console-output
4. Now lets take a look at the output.
Just a couple of points here. When your run the command from the CLI, you notice you will see the actual commands being delivered to the device. You will also notice that formatting may not be quite as expected i.e. command input not directly adjact to the prompt, but on the line below. Thats OK!. You will see the connection close also, before rConfig moves on to the next device. If you notices long pauses between devices, check rConfigs connectivity to that device, and ensure its "prompt" is correctly configured in the devices configuration page on your rConfig build.