Golden Configurations
Golden Configuration (also known as "Golden Config") is a configuration management tool based on a config tree design that disperses root configurations to child nodes. With Golden Config, you can write/copy native device configurations to a single device or multiple devices. Also included is a compliance engine that enables you to review and fix errors generated from mismatched configurations between the given config and the actual configuration on the attached device. By using Golden Config, you can maintain standardized configurations in one location and build more specialized requirements from a standard configuration.
Note: Itential Automation Platform (IAP) is compatible with several third-party software products for network operating environments. Beginning with the system requirements for 2019.1.2, all third-party software version compatibility is documented in Release Notes. To get the most up-to-date requirements for any third-party software, including open source, first identify which IAP release you are using and then refer to the respective release note.
Prerequisites
See the Nexus registry for the package version bundled with your IAP release.
| Package |
|---|
adapter-prospector |
itential_tools |
Itential Prospector |
itential-utils |
Smart Template |
Note: The Itential Prospector requirement is managed by
adapter-prospector.
Install Requirements
- To assign devices to the trees created in Golden Config, setup devices and corresponding NEDs (network element drivers) in NSO.
- To install and configure services properly, follow the package guides for Itential Prospector and
itential_tools.
Application Interface
To access Golden Config:
From the IAP welcome page, click Configuration Manager in the left navbar. The main page for Configuration Manager opens.
Figure 1: IAP Homepage
Select Golden Configurations from the menu on the left, or click the corresponding tile below the Quick Start banner. Existing configurations will show in the menu bar on the left or when the Golden Config application is opened. If either is blank, no configurations have been created yet.
Figure 2: Configuration Manager
Collection View
The Golden Configurations page displays all existing configurations in a collection view as cards with device information relevant to the config item displayed within the card. A description of each numbered element on the interface is provided in the reference table that follows.
Figure 3: Golden Configurations UI
| UI Label | Component | Description |
|---|---|---|
| 1 | Collection | Icon to view collection of Golden Configs. |
| 2 | Refresh | Icon to refresh the page. |
| 3 | Import | Import an existing configuration. |
| 4 | Select All | Select all configurations. |
| 5 | Delete | Permanently remove a configuration. |
| 6 | Export | Export an existing configuration. |
| 7 | Search | Search bar to find a configuration by name. |
| 8 | Sort | Sort order for configurations (ascending or descending). |
| 9 | Create | Create a new configuration. |
| 10 | Paging | Used to show the total number of configs and to page through a collection. Also used to set how many items to show at one time in a collection. |
The config tiles have other components which are detailed in the table below.
Figure 4: Golden Config Tile Details
| UI Label | Component | Description |
|---|---|---|
| 1 | Configuration Name | Click the name link to open the configuration. |
| 2 | Pin | Click to enable and the config item will appear on the Configuration Manager main page under Golden Configurations. |
| 3 | Select Button | Click to select the config item for deletion or export. |
| 4 | Menu Icon | Click the stacked dots to edit, delete, or export a configuration. |
Create New Configurations
To create a new configuration:
Click the plus sign (+) in the empty first tile, or select + Create a Collection from the Configuration Manager homepage. The Create New Configuration dialog opens.
Figure 5: Create Configuration
Figure 6: Create Collection
Enter a name for the configuration and then select the OS Type from the dropdown. Click Save.
Figure 7: Create New Golden Config
A pop-up confirmation banner displays and a new empty Golden Configuration Tree with the base/root node is created.
Figure 8: Confirmation Banner
Figure 9: New Golden Config Tree
Edit Configurations
To edit a configuration:
Click the name of the configuration, or select Edit from the stacked dots menu button.
Figure 10: Edit Configuration Settings
Click the base/root node menu button
to perform the following tasks:- Add a child node.
- Rename the base/root node.
- Delete a node.
- Run a compliance check.
Figure 11: Base Menu
Note: You cannot delete the base/root node.
Click the compliance button
to check all devices for compliance.Click the version button
to highlight the version name.Click the dropdown arrow
to search the version.Click the plus sign
to add another version.Figure 12: Version Options
Add a Child Node
To add a new child node, simply click the edit menu and select Add Child.
Figure 13: Add child
Be sure you are on the correct level before you add a node. An underline appears on the selected level. The same add, rename, delete, and run compliance options are available for every node in the tree.
Figure 14: Node Levels
Delete a Child Node
To delete a child node, click the edit menu next to the node you want to delete. This step is permanent and does not prompt you for confirmation.
Figure 15: Delete Node
Node Details
The Node Compliance bar in the Node Details tab shows the compliance percentage for all devices in the node combined. Hovering over the bar displays a list of devices that failed or succeeded in meeting compliance.
The Node Issues section displays all configurations on which a compliance report was run. It will display which nodes have compliance errors that require remediation.
Figure 16: Node Details
Configuring Devices
From the Configuration tab there are several actions that can be performed. A description of each numbered element on the Configuration tab is provided in the reference table below. Additional details of these actions are presented in the sections that follow.
Figure 17: Configuration Tab
| UI Label | Component | Description | Icon |
|---|---|---|---|
| 1 | Evaluation Mode | Indicates if a configuration line must exist or not. See the Evaluation Mode section below. |  |
| 2 | Severity Type | Severity is of three types: error, warning, or informational. See the Severity Type section below. |  |
| 3 | Fix Mode | Determines how to handle configuration lines for remediation. See the Fix Mode section below |  |
| 4 | Import | Import a configuration. |  |
| 5 | Save | Save a configuration. |  |
| 6 | Revert | Revert back to a previous configuration. |  |
| 7 | Copy | Copy the configuration to clipboard. |  |
| 8 | Show Variables | Opens the variables panel. See Define New Tree Variables below. |  |
| 9 | Preview | Used to show/hide a configuration. See Define New Tree Variables below. |  |
| 10 | Configuration Editor | Paste in the native configuration here. If there is an existing configuration on the node, the new config will merge with the existing configuration. Use the toggle switch to set the editor in light or dark mode. |  |
Golden Configuration is a configuration pattern to which a device should conform. It is comprised of configuration lines and rules which must be matched in order for the device to be considered compliant.
When you create a new node in the Configuration Tree, its configuration will be inherited from the parent node. You may customize this node from the parent by adding or overriding lines in the parent configuration.
The lines of Golden Configuration are designed to mimic the native configuration structure of a device and will have parent-child relationships as they do on the device. This is usually shown by indentation or block delimiters.
Each line of Golden Configuration has an evaluation mode that determines whether the line must be present, not present, or should be ignored. The severity determines whether rule failures are considered errors, warnings, or information-only issues in the Compliance Report.
Using the Config Editor
The Configuration Editor allows configurations to be edited inline through the text editor. After defining a configuration, be sure it is saved. Configurations can be imported as well.
Each line in a configuration can be defined as follows.
Evaluation Mode
Used to indicate if a configuration line is required to exist in a device for compliance.
- Required - The line must exist in the device config.
- Ignored
{i/}- Completely ignores the line and does not generate an issue in the compliance report. - Disallowed
{d/}- The line must not exist in the device config.
Figure 18: Evaluation Mode
Severity Type
Each severity type has its own impact which determines the grade of a compliance report.
- Info
<i/> - Warning
- Error
<e/>
Figure 19: Severity Type
Fix Mode
Used for determining how to handle lines that contain variables when performing auto-remediation.
- Manual - The user must must manually remediate the issue (skips auto-remediation for the line).
- Append
<a/>- Automatically appends the configuration line into the device. - Change
<c/>- Finds a matching candidate in the device configuration and replaces it with the current line.
To apply these properties to a line, highlight the configuration lines you want to modify and select a property from the toolbar above the editor.
Figure 20: Fix Mode
Defining New Tree Variables
Tree variables can be used across any Golden Config tree. To define new tree variables:
Select the circled (x) icon button
on the right to access the variables panel.Figure 21: Show Variables
To hide a configuration which is not defined on the current node directly, click the eye icon
(the show variable button will be disabled). From the modal that opens, select the Inherited Config checkbox.Figure 22: Inherited Config
Managing Devices
The Manage Devices tab allows you to associate network devices with the selected Configuration Node.
Verify you are on the correct node (the hexagon next to the node name will be solid).
Click the + Add Devices button to add one or more devices. The Add Devices to Node dialog will appear.
Figure 23: Add Device
Click the single, right-facing arrow after the device name in the Available Devices column to copy the device to the Selected Devices column.
Click Apply to add the device to the selected node.
Figure 24: Select Devices
To remove additional devices, select the device name and a solid blue dot will appear. Click the left facing, double-arrows to remove the device from the Selected Devices column. The same also works for the Available Devices column. Select the device to be added and click the right-facing, double arrows.
Click Apply to add/remove all the selected devices.
Figure 25: Add/Remove Devices
Compliance
When you run a compliance report for adevice, it will be checked against the Golden Configuration of the corresponding node. Likewise, when you run a compliance report for a node, each device on that node will be checked. A device is associated with only one configuration node.
On the Manage Devices tab you can perform the following tasks:
- Review a list of devices by node.
- Review a compliance status graph for each device.
- Add or remove devices from a selected node.
Click the stacked dots icon to open the Compliance menu. Actions that can be performed from this menu are presented in the table below.
| Menu Item | Compliance Action |
|---|---|
| Refresh Device | Refresh the device statistics. |
| Run Compliance | Run compliance on a device. |
| View Compliance | View the results of a compliance check. |
| View Config Difference | View the differences between the Golden Configuration and the device configuration. |
| Remove Device | Remove a device from a node. |
Figure 26: Device Compliance Menu
Compliance Reports
Below is a sample compliance report in table view format. Various user actions that can be performed in the report are summarized in the steps that follow.
Figure 27: Sample Compliance Report
Click the 3-bar graph
icon near the top right to display the compliance report in a bar graph view. This graph view shows how many warnings, issues, errors, and passes were included in the compliance report. The blue line represents the score for each compliance report. Click the icon again to return to the table view.Figure 28: Bar Graph View
Click the down arrow
in the Configuration Errors section to expand an issue item and view additional details. Figure 29: Error Details
When the Add button is selected, the issue will minimize with a green check mark indicating a resolution has been determined.
Click Apply to compile a list of changes to be added to the device.
Figure 30: Apply Changes
Click the blue vertical dots (icon) in the top right to open the menu. Select View Metadata and a separate modal window open that allows you to append the metadata.
Figure 31: View Metadata
Under Groups, enter the first few letters of a group name in the Write field and then select the group from the list to add.
Figure 32: Add Group
Click Save. All users (members) in the added group now have write permissions to view/edit device configurations.
Figure 33: Save Group
Running Compliance on JSON Data
Configuration Manager also has integrated support for running compliance on JSON data. This section of the guide will only cover the elements of Golden Configuration (GC) that are different than those of devices.
Using Variables
The Configuration tab of a JSON GC takes JSON data as input. This data will be used to generate a compliance report on task instances. Anything enclosed in $_ _$ will be replaced by the variable value.
Figure 34: Configuration Tab
To utilize variables in a JSON GC:
Start by creating a new configuration in Golden Configurations. Enter a name, select json from the OS Type dropdown menu, and then click Save.
Figure 35: Task Instance
Click the plus (+) sign to Add a Task.
Task 36: Add Task
Select a task from the right-hand column. Click the down arrow to expand the task list.
Figure 37: Add Adapter
Select the task (a line will appear underneath the selection). Click the Add button.
Figure 38: Add Adapter Task
Select Add to add the task, or Add & Run to add the task and run compliance on the task.
Figure 39: Add | Add & Run
Under the Compliance column, hold the mouse over the bar and it will show a color-coded list (green - passes, blue - info, orange - warning, red - error, black - no config).
Figure 40: GC JSON Compliance Colors
Click the stacked dots button ( menu icon) at the end of the row. From this menu the following user actions can be performed:
Menu Action Description Edit Select to make changes to the adapter task. View Compliance Select to view the compliance report. Run Compliance Select to run a compliance check. Delete Select to permanently remove the adapter task. Figure 41: GC JSON Task Edit
A sample of the compliance results for a JSON GC is below. The Grade is a Fail since there is no config present.
Figure 42: GC JSON Compliance Results
