| Table of Contents |
|---|
Introduction
opConfig 3 introduces the ability to 'push' configuration changes to devices, complete with error detection, support for change rollback and complete audit trails.
...
opConfig has always supported 'command sets', which consist of (individual) commands that can be sent to devices and whose output is collected and analyzed. Command sets are expected to be idempotentindependent, safely repeatable and without side effects. Command sets don't support sequencing or error detection, and thus are not suitable (or intended!) for modifying device configurations.
...
The primary storage and exchange format for config sets is JSON; example config sets can be find found in install/config_sets.d/ and it is recommended that you store your actively developed config sets in conf/config_sets.d/.
...
- an explicit single value
for example,"os_info.platform": "x86_64"would match if the node's OS platform value is exactly equal to "x86_64". - a list of alternative values
for example"name": [ "nodeA", "nodeB"]would match either of the two nodes namednodeAornodeB. The comparison is again strict equality.
The filter clause is considered a match if one or more choices amongst the list of alternatives do match.- If you are using the GUI, just introduce a list of node names separated by commas.
- a regular expression
for example"os_info.os": "/IOS/i"would select nodes whose OS contains the string "IOS" (or "ios", "IoS" etc.) anywhere.
Note that the regular expression must be given as a string, starting and ending with a "/" and optionally including the "i" modifier for case-insensitive matching.
...
- Continue the config set application
This is the default behaviour. opConfig will keep and report a tally of successful versus failed commands, but will try to apply all of them in sequence. - Abort the config set application
To select this option, the propertybreak_on_errormust be set totrue. In this case, the first failed command in a set causes all other commands to be skipped. - Apply Rollback commands
To revert the configuration back to a desired state, you would have to provide a sequence ofrollback-commandsin your error-handling section.
Rolling back woud would generally be combined withbreak_on_error, but opConfig does not strictly require itthat.
Stages and their Commands
...
The "plain" post-commands stage is chosen in all cases where no rollback was performed (i.g. if error handling was disabled or if all commands succeeded; )' on the other hand, if a rollback was performed, then only the post-rollback-commands are applied.
...
A common task for the post-commands stage would be a capture of the newly changed configuration (to double-check that everything has worked), or the cancelling of a future reload on Cisco devices.
The commands Stage (required)
Commands in this stage are run in configuration mode (which implies privileged mode). Error handling is available, hence the sequence of commands may be aborted early.
...
If error detection is enabled and if this stage is provided, then its commands will be applied as soon as errors are detected. The rollback commands are sent while in configuration mode, and no error handling is possible.
the five different command sections, pre, post, commands, rollback-commands and post-rollback-commands
Config Set Management
As mentioned above, config set documents must be imported into opConfig to become active. Configuration sets cannot be deleted (to ensure a valid audit trail), but they can be superseded and optionally disabled and hidden from the GUI.
...
| Code Block |
|---|
{
"name": "IOS - Configuration Best Practices",
"description": "A configuration set to configure the IOS device, by enabling and disabling various services and features.",
"filter":
{
"os_info.os": "IOS"
},
"notify": { "email": "you@company.com" },
"error_handling":
{
"match": [ "/Invalid input detected/" ],
"break_on_error": false
},
"pre-commands":
[
"_reload_in 5"
],
"commands":
[
"no ip http server",
"no ip http secure-server",
"no ip finger",
"no service finger",
"no service udp-small-servers",
"no service tcp-small-servers",
"no boot network",
"no service config",
"service password-encryption",
"service timestamps debug datetime msec",
"service timestamps log datetime msec",
"service sequence-numbers",
"service tcp-keepalives-in",
"service tcp-keepalives-out",
"no ip source-route",
"line con 0 ",
"exec-timeout 10 0",
"exit",
"line vty 0 4",
"exec-timeout 10 0",
"exit"
],
"post-commands":
[
"reload cancel"
]
} |
Config Set GUI
From opConfig 4.2.6 it is possible to edit the config sets in the GUI.
In the menu System > Manage Config Sets you can access the editor:
Please note, once a config set is saved, a new version will be created in the database.
It is not possible to delete a config set, but you can export one in json format:
Config Set Parameters
From opConfig 4.2.6 it is possible to use parameters in a config set.
The parameters are global to commands, pre commands or post commands, and are specified with the parameter name preceded by $
Example
Using a config set with parameters
cli Example
Using the cli tool opconfig-cli, you can specify parameters to push a config set using parameter.parametername, like:
| Code Block |
|---|
./opconfig-cli.pl act=push_configset name="my configset" parameter.interface=Tunnel100 parameter.description="Configuration change example" debug=2 |
GUI Example
Using the GUI, if a config set has parameters, you will have a second modal window to specify all the needed parameters:
Config set parameters will be introduced on a second screen:
