hier_config icon indicating copy to clipboard operation
hier_config copied to clipboard
verified publisher icon netdevops

Idempotent command handling enhancements

Open aedwardstx opened this issue 7 years ago • 2 comments

  • [ ] Find a way to use a single idempotency rule for the following:
client 10.1.1.1 server-key
client 10.2.2.2 server-key 

#e.g.
idempotent_commands:
- lineage:
  - re_search: ^client {client_ip} server-key
  • [ ] See what we can do to clarify this or improve HConfig behavior For the best results, idempotent command lineage rules should be a single match per rule e.g.
idempotent_commands:
- lineage:
  - startswith: hardware access-list tcam region
- lineage:
  - startswith: hardware profile tcam region

If you were to lump them together, an idempotent command check for hardware profile tcam region X would be True if hardware access-list tcam region Y were in the compiled_config. Much of the time, this is still okay but there are cases where it is not. In certain cases, this behavior can shadow command negations.

  • [ ] Restructure Idempotent rules to not require the word lineage over and over
idempotent_commands:
- - startswith: aaa authentication attempts
- - startswith: aaa authentication login
- - startswith: aaa authentication enable
- - startswith: interface # Support for deep rules
  - startswith: description

aedwardstx avatar Jun 19 '18 04:06 aedwardstx

doesn't CiscoConfParse do this?

edurguti avatar Oct 28 '20 13:10 edurguti

One Question here Assume my

idempotent_commands:

  • lineage: - startswith: router bgp - re_search: ^neighbor .+ remote-as .+$

i.e Running config

router bgp 1001 neighbor 40.0.0.0 remote-as 33001 neighbor 40.0.0.17 remote-as 1002 neighbor 40.0.0.8 remote-as 2002

New Expected Config

router bgp 1001 neighbor 40.0.0.0 remote-as 44001 neighbor 1000:: remote-as 2001 neighbor 1000::8 remote-as 2002

With above idempotent rule- it generates below remidial config

router bgp 1001 neighbor 40.0.0.0 remote-as 44001 neighbor 1000:: remote-as 2001 neighbor 1000::8 remote-as 2002

and doesnt not negate .17 and .8 neighbour

My expected remedial config: (replace where neighbour ip matches, and only ASN is idempotent. And do negation and add which ever is neessary)

router bgp 1001 neighbor 40.0.0.0 remote-as 44001 neighbor 1000:: remote-as 2001 neighbor 1000::8 remote-as 2002 no neighbor 40.0.0.17 remote-as 1002 no neighbor 40.0.0.8 remote-as 2002

How can i achieve this behaviour? can you suggest the example of idempotent rule here.

kulpatel avatar Sep 22 '23 12:09 kulpatel