Release Notes for Cisco Configuration Engine 3.5.3

Table Of Contents

Release Notes for Cisco Configuration Engine 3.5.3

Contents

Introduction

What's New in this Release

ASA Support

Execute the Patch Script

Related Documentation

Cisco IOS Dependencies

Router Configuration

Limitations and Restrictions

Caveats

Open Caveats

Resolved Caveats

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco Configuration Engine 3.5.3

---

Revised: May 2, 2011, OL-21544-05

This document describes the new features, system requirements, and caveats for Cisco Configuration Engine 3.5.3. Use this document in conjunction with the documents listed in the "Related Documentation" section.

---

Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

---

Contents

This document includes the following sections:

•Introduction

•What's New in this Release

•Related Documentation

•Cisco IOS Dependencies

•Router Configuration

•Limitations and Restrictions

•Caveats

•Obtaining Documentation and Submitting a Service Request

Introduction

The Cisco Configuration Engine 3.5.3 is a network management application that acts as a configuration service for automating the deployment and management of network devices and services. The
Cisco Configuration Engine runs on host systems running either Linux or Solaris.

The Cisco Configuration Engine is a network management software application that provides a highly scalable, secure, and reliable solution for remote deployment. By taking advantage of intelligent agents inside Cisco IOS Software, the Cisco Configuration Engine enables the "call-home" architecture, where a new device can automatically connect with the Cisco Configuration Engine and ask for the correct configuration.

What's New in this Release

Cisco Configuration Engine 3.5.3 supports the following features:

•ASA Support

•Execute the Patch Script

ASA Support

Cisco Configuration Engine,3.5.3 provides configuration management and image service to Cisco Adaptive Security Appliance devices (ASA device). You have to enable encryption on Cisco Configuration Engine when you set up the ASA devices. For more information on ASA, see the Cisco Configuration Engine Administration Guide.

Execute the Patch Script

If you have custom attributes defined in CE and planning to migrate to Cisco Configuration Engine 3.5.3, then you need to run this schema patch script. The patch script will be a part of Cisco Configuration Engine release 3.5.3 and the patch script file can be located in the RPMS/Patch directory when you untar the Cisco Configuration Engine 3.5.3 tar file. After applying this patch, you can run the search query based on your custom attributes.

To run the patch script, follow these steps:

1. Untar the Cisco Configuration Engine 3.5.3 tar file and go to the patch folder.

2. Run the ./schema_patch.sh file.

Example of Data Export Prompts

# ./schema_patch.sh

--------------------------------------------------

CE utility to patch schema of custom defined attributes.

--------------------------------------------------

Apply this patch if you are migrating from any CE release prior to CE 3.5.3 to CE 3.5.3 or 
above release.

Do you want to apply the patch to update CE schema? (y/n) [n]y

Applying patch...

Patch SUCCESS!!!

Now you can run dataexport script for CE migration.

For more information on patch script, see Cisco Configuration Engine Installation and Configuration Guide.

Related Documentation

Table 1 describes the documentation available for Cisco Configuration Engine.

Table 1 Cisco Configuration Engine Documentation 

Document Title	Available Formats
Cisco Configuration Engine Installation & Configuration Guide, 3.5.3	This guide is available on Cisco.com.
Cisco Configuration Engine Administration Guide 3.5.3	This guide is available on Cisco.com.
Cisco Configuration Engine Software Development Kit API Reference and Programmer Guide	This guide is available on Cisco.com.
Troubleshooting Guide for Cisco Configuration Engine 3.5.3	This guide is available on Cisco.com and Docwiki.
Release Notes for Cisco Configuration Engine 3.5.3	This release notes is available on Cisco.com.

Cisco IOS Dependencies

Table 2 lists Cisco IOS versions with corresponding versions of Configuration Engine, including feature limitations associated with each version.

Table 2 Cisco Configuration Engine 3.5.3 and Cisco IOS Dependencies

Cisco IOS	CNS Configuration Engine	Limitations
12.3	1.3.2 or later	—
12.2(11)T	1.2 or later	—
12.2(2)T	1.2 or later with no authentication	Applications will be unable to use exec commands or point-to-point messaging.

Router Configuration

The Cisco Configuration Engine 3.5.3 software needs to be installed and prepared first before configuring a device. The device can obtain its initial configuration from the Cisco Configuration Engine 3.5.3.

For information about Cisco Flow-Through Provisioning, see:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftsnap26.html.

Limitations and Restrictions

•If you download a configuration that changes username, password, enable password, or IP address for a non-agent-enabled device, you need to modify the corresponding Intelligent Modular Gateway (IMGW) hop information for the device to update it with the new username, password, enable password, and IP address.

•TFTP:

–No new files can be created and files cannot be deleted. However, existing files can be overwritten ONLY if they are publicly writable. The permissions of the files placed into the FTP directory can be controlled by the SFTP user managing files in the FTP directory.

–The TFTP service does not require an account or password on the server system. Because of the lack of authentication information, TFTPD allows only publicly readable files (o+r) to be accessed. Files may be written only if they already exist and are publicly writable.

•Device Name values may only contain: period (.), underscore (_), hyphen (-), and alphanumeric characters.

•Group Name values may only contain: underscore (_) and alphanumeric characters.

•The configuration entry in /etc/hosts on the server where CE is installed must comply with the following format:

<server IP> <hostname> <FQDN>

172.27.117.199 imgw-test16 imgw-test16.cisco.com

•CNS Agent should use the same config event and image ID when using CE to manage devices.

•If you download a configuration that changes the CNS password, you need to use CE to resync the device.

•Attribute name must begin with alpha characters only when adding a new attribute through the Directory Manager.

Caveats

The caveats describe unexpected behavior in Cisco Configuration Engine 3.5. See the following sections for more information:

•Open Caveats

•Resolved Caveats

Open Caveats

Table 3 describes the open caveats for Cisco Configuration Engine 3.5.3.

Table 3 Open Caveats for Cisco Configuration Engine 3.5.3

ID	Problem	Workaround
CSCto17118	When you uninstall the Cisco Configuration Engine version 3.5.2 or below, some of the RPMs like mod_ssl on RHEL can get corrupted. Due to this, the http daemon will not start.	Use the ./ce_check.sh script provided with Cisco Configuration Engine software release 3.5.3 or above for validation RHEL LPNs before installation. In case of corruptions, reinstall the LPNs before executing the ce_install.sh command.
CSCtn02285	After the scheduled job for Image update shown as "SUCCESS", login to the device and verify the image (IOS) version. When the given image form the Cisco Configuration Engine is corrupted and if the flash already has some image, the device reloads with the image in the flash and shows the job status as "SUCCESS".	Add the correct image to Cisco Configuration Engine and schedule a job, or add the image manually to flash and initiate the image update job again.

Resolved Caveats

Table 4 describes the resolved caveats for Cisco Configuration Engine 3.5.3.

Table 4 Resolved Caveats for Cisco Configuration Engine 3.5.3

ID	Problem
CSCto55149	Cisco Configuration Engine installation fails if the "BC" is not installed on Linux.
CSCtk12948	Included the postgresal rpm in the RHEL5 Cisco Configuration Engine image.
CSCto24383	Displaying java exception message on config preview screen for device added using the bulk upload.
CSCto55306	Unable to query on custom attributes.
CSCsc82397	TibGate memory leaked due to NSM events.
CSCto88161	The Cisco Configuration Engine installer should check for mailcap and xinetd packages on Linux.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

---

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R

© 2011 Cisco Systems, Inc. All rights reserved.