Configuration Manager allows users to manage devices and configurations on their networks. The application is essentially a multi-functional interface to view devices, manage groups of devices, backup devices, and compare backup configurations, along with features for Golden Configuration tree management, compliance reporting, and remediation.
Based on the type of entity the user needs to view or manipulate, there are five main page views in the application.
- Devices
- Device Groups
- Device Backups
- Configuration Parsers
- Golden Configurations
To identify the release version that is running in your environment, click the hamburger icon next to the application name and click the About menu option in the popup menu to open the About dialog.
Quick Access Shortcuts
Configuration Manager allows you to 'pin' elements from all pages by clicking the pin icon that corresponds to each item. These pinned elements can be found on the Home page.
Configuration Manager also features a Quick-Access Toolbar in the navigation panel on the left-hand side.
From this toolbar you can perform various functions such as:
Create a collection by clicking the Create icon button in the top toolbar. The Create dialog will open.
Navigate to the Home page by clicking the Home button. This returns you to main landing page for Configuration Manager.
Search collections using the Search icon (magnifying glass) to search for items in a collection based on filter settings.
View product documentation by clicking the Documentation icon to open a dialog that links you to the Itential product guides.
Devices
Devices are available from any southbound system registered through Itential Automation Platform (IAP). This includes the option of one or more instances of Cisco NSO and Itential Automation Gateway (IAG).
Device Details
On the Device Details page, helpful information is displayed in three cards arranged horizontally at the top and in one larger sized card with tabs displayed beneath.
| Card Name | Description |
|---|---|
| Device Details | Displays pertinent device information. Allows user to check if device is synced. |
| Device Status | Display the status of a device. |
| Last Backup | Indicates the time since last backup. |
| Tab Name | Description |
|---|---|
| Configuration | Allows user to view the current configuration on a device. |
| Backups | Allows user to view a history of backups on a device. For each backup listed, the user can quickly navigate to the respective backup with a linked button. |
| Comparison | Allows user to view differences between backups, or between a backup and the live configuration of the device. |
Device Groups
Similar to other constructs used for inventory management and orchestration, device groups in IAP are a collective association of device ids. Other API calls can use these groups to manage various workflow operations based on a user defined association.
Editing Device Group Details
When editing a Device Group, the user can update the list of devices that are available, or edit devices attached to a group.
The user can also update the description and name of the Device Group from the settings menu. To display this menu, click the blue vertical dots (icon) at the top.
Device Backups
Device backups are similar to existing backups in other Itential applications. They provide a reference point of a device's configuration at a given point in time. The details on each backup are unique to each device. Each backup card will show information that further delineates the history of the device's configuration. From this page, filtering, sorting, pagination and batch deletion actions are available.
Editing a Device Backup
The Backup Details page of a specific device backup shows information on a card located at the top and one larger sized card with two tabs at the bottom.
| UI Element | Description |
|---|---|
| Backup Details (card) | Displays backup information for a device. |
| Configuration (tab) | Allows user to view the raw configuration of a selected backup. |
| Backups (tab) | When the user selects a backup record for comparison, the Backup diff card is populated with a detailed, side-by-side view of differences between the two selected configurations. From this view, changes made over time to a device configuration, or the comparison of devices within a group, are made apparent. |
Details such as description, notes and access control of a device backup can be changed through the settings menu. To display this menu, click the blue vertical dots (icon) at the top.
Configuration Parsers
Configuration Parsers allow you to define configuration parsers for devices in order to perform configuration validation and remediation on a device.
| UI Element | Description |
|---|---|
| Parser Rule | The editor for defining the rules for the device parser. |
| Parser Data | The editor where you can place data to test the parser against. |
| Parser Execution Log | The output log when you execute the parser against the test data. |
Configuration Parser Rule Editor
The Parser Rule toolbar allows you to perform several functions as referenced in the table below.
| Icon | Description |
|---|---|
| Floppy disk | Save the parser rule. |
| Reverse arrow | Revert changes to a previous save point. |
| Forward arrow | Execute the parser against the data. |
| Double circle arrow | Refresh the execution log. |
| Double pages | Copy selected text to clipboard. |
Configuration Parser Data
The Parser Data editor allows you to create configurations that can be used to test the parser that is being created. You can either enter your configuration, import a configuration from an available device or paste in a configuration.
To import a configuration from an available device simply mouse over the device button and select from an available device in the popover list.
Configuration Parser Execution Log
The Parser Execution Log will display the results of how the parser will process a supplied configuration against the parser rules that have been created. After the parser rules have been executed a color bar will be displayd in the editor window of the Parser Rule with a color associated for each rule, and in the Parser Execution Log each part of the configuration that the rule was applied to will be colored to match the rule.
You can also view Configuration Parser details by clicking the blue vertical dots (icon) at the top. A menu will display details of the parser and allow you to update or modify read/write access for Groups.
Configuration Parser Rule Definitions
Template-based definitions for parser rules are explained below.
Cisco-IOS Based
For configuration parsers that are based on the Cisco-IOS template, here are the following definitions and descriptions of what each rule represents.
| Rule | Description |
|---|---|
| word | Determines what defines a word (example: interface) in a config. |
| whitespace | Determines the spacing or anything in particular to ignore. |
| banner | Determines the structure of a banner. Banners are captured uniformly instead of separately (example: words). |
F5-BigIP Based
For configurations parsers that are based on the F5-BigIP template, here are the following definitions and descriptions of what each rule represents.
| Rule | Description |
|---|---|
| word | Determines what defines a word (example: interface) in a config. |
| quoted_string | Similarly to a word, this captures a series of words as one element. |
| multiline_quote | A rule that captures a quoted string on multiple lines. |
| open_statement_block | Defines the entry-point of a new scope (example: '}' for f5 configs). |
| close_statement_block | Defines the exit-point of a scope (example: '}' for f5 configs). |
| end_line | Determines the end of a configuration line. |
| statement_terminator | Determines the end of a configuration line/scope (example: ';' for Junos); similar to end_line. |
Golden Configurations (Device)
Golden Configurations allow you to specify patterns of configuration data that should be similar across devices on your network, and tools to evaluate compliance with a set of defined standards and to bring devices back into compliance. The configurations are arranged in a tree pattern so that portions of the standard which apply to multiple devices can be stated in one place, and requirements which are more specialized can build on the baseline standards. Configuration Trees may have multiple versions to support migrations from one set of standards to another.
Configuration Trees
Configuration Trees have a single root node, and each node may have any number of children. Configuration Trees also support versioning.
The tree area of the page allows you to see the relationships of nodes in the tree, as well as add, remove, and rename nodes, or choose a selected node. You may also select among versions of the tree, and create a new version based on the current state of the selected version.
Node Details
The Node Compliance bar in the Node Details tab shows the compliance percentage for all devices in the node combined. Hovering over the bar displays a list of devices that failed or succeeded in meeting compliance.
The Node Issues section displays all configurations that are not present in the devices on which a compliance report was run.
Configuration
The Configuration tab allows you to edit the Golden Configuration associated with a selected node, as well as the Configuration Variables for the tree.
The Golden Configuration is a configuration pattern which the device should conform to. It is comprised of configuration lines and rules which must be matched in order for the device to be considered compliant.
When you create a new node in the Configuration Tree, its configuration will be inherited from the parent node. You may specialize this node from the parent by adding or overriding lines in the parent configuration.
The lines of Golden Configuration are designed to mimic the native configuration structure of a device, and will have parent-child relationships as they do on the device. This is usually shown by indentation or block delimiters.
Each line of Golden Configuration has an evaluation type that determines whether the line must be present, not present, or should be ignored. The severity determines whether rule failures are considered errors, warnings, or information-only issues in the Compliance Report.
Add/Edit Configuration Lines
The configuration editor allows configurations to be edited inline through the text editor. Once you have finished defining your configuration, you can save it by clicking the floppy disk icon in the toolbbar just above the editor. You can also import configurations from a device by clicking the import button located to the left side of the save button.
Each line in a configuration can be defined as follows.
Evaluation Mode
Used to indicate if a configuration line if required to exist in a device for compliance.
- Required - Implies the line must exist in the device config.
- Disallowed
{d/}- Implies the line must not exist in the device config. - Ignored
{i/}- Completely ignores the line and doesn't generate an issue in the compliance report.
Severity Type
Each severity type has its own weight which determines the grade of a compliance report.
- Warning
- Error
<e/> - Info
<i/>
Define New Tree Variables
To define new tree variables:
- Select the (x) icon button on the right side to access the variables panel.
- To hide a configuration which is not defined on the current node directly, click the eye icon and select the Inherited Config checkbox.
Manage Devices
The Manage Devices tab allows you to associate network devices with the selected Configuration Node.
When you run a compliance report for a device, it will be checked against the Golden Configuration of the device's associated configuration node. Likewise, when you run a compliance report for a node, each associated device will be checked. A device can only be associated with one configuration node.
From this tab, you can see a list of associated devices, and a small graph that shows the compliance status for each device. You may add or remove devices from the selected node.
Compliance
Click the vertical dots icon to open the Compliance dialog, which presents a menu to run and view compliance for a selected device. From the compliance report view, you can see overall statistics for a selected device. You can also select any issue that is found and view details that will enable you to troubleshoot and fix the error. You may address one or more issues before applying changes to a device.
Click the 3-bar graph icon near the top right to display the compliance history graph. This graph shows how many warnings, issues, errors and passes were computed in the compliance report. The blue line represents the score for each compliance report.
You can navigate between compliance reports by clicking on the bar-chart.
Click the down arrow in the Configuration Errors section to expand an item and view additional detail that will enable you to choose how you would like to proceed with the issue.
When you select Add as an action the issue will minimize with a green check mark to represent that the issue has been marked for resolution.
Click Apply to compile a list of changes that have been marked for resolution to be added to the device.
You can also view Golden Configuration details by clicking the blue vertical dots (icon) on the top toolbar. A menu will display details of the tree and allow you to update the Name or modify read/write access for Groups.
Golden Configurations (JSON)
Configuration Manager also has integrated support for running compliance on JSON data. This section of the guide will only cover the elements of Golden Config (GC) that are different than those of devices.
Configuration
The Configuration tab of a JSON GC takes JSON data as input. This data will be used to generate a compliance report on task instances.
To utilize variables in a JSON GC:
{
"vpcName": "$_varName_$"
}Anything enclosed in $_ _$ will be replaced by the variable value.
Task Instances
Task instances are instances of adapter tasks with their respective parameters which are used for fetching certain data.
You can perform a compliance check on these task instances by hovering over the 3-vertical-dots menu and clicking Run Compliance.
When you run compliance on a task instance, the Adapter Task associated with the instance will execute and fetch certain data. The data fetched from the adapter task is used for generating a compliance report.
Add a Task Instance
Click the Manage tab to view all task instances. To create a task instance, simply click the plus (+) button, which will generate the following view.
The Add Adapter Task dialog will contain a list of adapters and the tasks which belong to each adapter. You can also search for methods from the search bar at the very top. Once you've located the adapter task you would like to add, click on it to select it. From here you can hover over the blue Add button in the dialog footer and select +Add from the options menu. This will open the parameters dialog.
From this screen you must select a unique (within the node) Instance Name and define the parameters that are required to execute the Adapter Task you have selected. Once the appropriate information is provided, click the Submit button at the button to save the task instance.
The newly created task instance will appear in the Manage tab along with other existing task instances.
Run Compliance
Running compliance for a task instance is very much the same process as the one for devices. Simple click Run Compliance from the menu options that display when you click the vertical dots.
Once the compliance process has finished running, select the View Compliance menu option to display the Compliance and Reporting dialog. From here you can view which items in your configuration are out of compliance.
