Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Configuration Engine

Release Notes for Cisco CNS Configuration Engine 1.3.1

Downloads

Table Of Contents

Release Notes for Cisco CNS Configuration Engine Maintenance Release 1.3.1

Recent Updates

Web Server (httpd) Failure Problem on CNS 2100 Series System

CNS Event Namespace Chages for Cisco IOS 12.3

What this Means to You

What's New in this Maintenance Release

Related Documentation

Console Access to CNSIE-2110-K9 System

Console Access to CNSIE-2115-K9 System

Serial Connection Settings

Troubleshooting the Serial Port

Cabling an ASM Interconnect Network

Installation Notes

New Event Gateway Prompts in Setup

Parameter Descriptions

Location of Backup Files

Recommendations

Enabling Telnet Following Software Installation

Limitations and Restrictions

How to Enable IBM Director

Resolved Caveats - Maintenance Release 1.3.1

Open Caveats - Maintenance Release 1.3.1

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco CNS Configuration Engine Maintenance Release 1.3.1

The scope of this document includes information relevant to Maintenance Release 1.3.1 only. For information about release 1.3 of this product, refer to the "Related Documentation" section.

Recent Updates

This section contains new information about this release of the product:

Web server (httpd) failure problem (CSCeb76924) on CNS 2100 Series system

CNS Event Namespace Chages for Cisco IOS 12.3

Web Server (httpd) Failure Problem on CNS 2100 Series System

This problem is described as:

httpd (Apache web server) is not running or cannot be started due to a out-of-space problem. The following error message is seen in /var/log/appliance-setup.log:

Waiting for tomcat to initialize...

........Starting httpd:fopen:No space left on device

httpd:could not open error log file /etc/httpd/logs/error_log.

[FAILED]

See CSCeb76924 for a complete description of this problem and the recommended workaround.

CNS Event Namespace Chages for Cisco IOS 12.3

With the release of Cisco IOS 12.3, the base element of the CNS event subject namespace has been changed from cisco.cns.* to cisco.mgmt.cns.*.

What this Means to You

If you intend to upgrade your Cisco network devices to run Cisco IOS 12.3 and the devices in question are managed by the CNS 2100 series, then we recommend that you also upgrade your CNS Configuration Engine to release 1.3.2 and your CNS SDK to version 1.5.3.

The CNS event subject namespace has been modified in accordance with the new Cisco subject naming conventions. In order to keep up with the new subject naming convention, CNS agents in Cisco IOS have been modified and released with the 12.3 Cisco IOS train. The change affects the subject names that the CNS agents subscribe to and publish on.

For the smooth transition of existing applications from the old subject namespace, the Namespace Mapping service (NSM) has been updated with a new mechanism that maps old subjects to the new ones.

Impact on Existing Applications that use Namespace Mapper

There are no code or configuration changes required in applications written using the NSM API since the API interfaces have not been modified. However, upgrading to Cisco CNS SDK 1.5.3 is a required procedure for the transition.

Impact on Existing Applications that do not use the Namespace Mapper

Applications that are written without the use of the Namespace Mapper would have to be modified to accommodate the change in CNS event subjects. For example, the subject cisco.cns.config.load has been modified to cisco.mgmt.cns.config.load.

For a complete list of subject changes, please refer to the Release Notes for Cisco Configuration Engine Maintenance Release 1.3.2, or Cisco CNS SDK 1.5.3 documentation.

We recommend that all applications use the Namespace Mapper in order to maintain the separation between design-time and deployment-time subjects.

What's New in this Maintenance Release

Many caveats present in release 1.3 have been resolved for Maintenance Release 1.3.1 (see "Resolved Caveats - Maintenance Release 1.3.1" section).

This release of the Cisco CNS Configuration Engine is certified to run on the upgraded hardware platform (CNSIE-2115-K9), which is based on the IBM x335 server.

This maintenance release contains three new Event Gateway prompts in the Setup program (see "New Event Gateway Prompts in Setup" section).

Related Documentation

Other documentation related to this product include:

Cisco CNS Configuration Engine 1.3 Administrator's Guide

Documentation Guide for Cisco CNS Configuration Engine1.3

Cisco CNS 2100 Series Intelligence Engine Installation Guide

Release Notes for Cisco CNS 2100 Series Intelligence Engine 1.3

Cisco CNS 2100 Series Intelligence Engine Machine Code License

Regulatory Compliance and Safety Information for Cisco CNS 2100 Series Intelligence Engine

Cisco CNS Software Development Kit API Reference and Programmer Guide 1.5.2

Console Access to CNSIE-2110-K9 System

Normal terminal login to the CNSIE-2110-K9 (x330) system is supported by way of the system serial port. The CNS 2100 Series system redirects and supports console login at the serial port.

For more information about console access to the CNSIE-2110-K9 (x330) system, refer to the Release Notes for Cisco CNS 2100 Series Intelligence Engine, Release 1.3.

Console Access to CNSIE-2115-K9 System

Normal terminal login to the CNSIE-2115-K9 (x335) system is supported by way of the system serial port (See Figure 1, item 7).

Figure 1 CNSIE-2115-K9 (x335)Rear Panel

1. Power connector: Connect the power cable here.

2. Ethernet 2 connector: Connect an Ethernet cable here.

3. USB 3 connector: Connect to a Universal Serial Bus here.

4. Ethernet 1 connector: Connect an Ethernet cable here.

5. ISM connector: Connect an ASM link cable from the ASM interconnect module to this connector.

6. C2T OUT connector: Connect the cable from this connector to the input connector of another server.

7. Serial connector: Connect a 9-pin serial device to this connector.

8. C2T IN connector: Connect the cable from the output connector of another server to this connector.

The CNS 2100 Series system redirects and supports console login at the serial port. It is a more desirable feature because you can perform daily or emergency administrative tasks remotely, by way of the serial port.

Serial Connection Settings

The serial connection settings are as follows:

9600 baud
8 data bit
N (No)parity
1 stop bit

Troubleshooting the Serial Port

The serial port is enabled by default. If there is a connection problem, verify that it is enabled by accessing the Remote Console Redirection menu during system start as follows:

Step 1 Press F1, then go to: Configuration/Setup Utility (menu) -> Devices and I/O ports (menu) -> Remote Console Redirection (menu)

Step 2 Make sure the Remote Console Active parameter is enabled.

Cabling an ASM Interconnect Network

An Advanced System Management (ASM) bus is integrated into the C2T interconnect cables, so by adding one or more Remote Supervisor Adapters to a C2T chain of servers, you can create an Advanced System Management (ASM) interconnect network. For information about using a Remote Supervisor Adapter for remote server management, see the documentation that comes with the adapter.

Before cabling the ASM interconnect network, review the following information:

The cables in an ASM interconnect network are hot-swappable.

Make sure that the firmware for the Remote Supervisor Adapter, ASM processor, and integrated system management processor (ISMP) are at the latest level.

The servers in an ASM interconnect network are referred to by their assigned addresses, not by their positions in the rack.

An ASM interconnect network can have up to 24 RS-485 connections, depending on the configuration. The connections can include Remote Supervisor Adapters, ASM processors, ASM PCI adapters, and ISMPs. Use the following information to determine the number of servers and connections that you can have on your ASM interconnect network:

Each Remote Supervisor Adapter, ASM processor, ASM PCI adapter, and ISMP in a server that is connected to the network uses one connection. For example, if a server that is connected to the network has a Remote Supervisor Adapter and an integrated ASM processor, the server uses two connections on the network.

The network must include at least one server with a Remote Supervisor Adapter (either installed as an option or pre-installed in the server).

You can connect up to 23 xSeries 335 servers into an ASM interconnect network using one Remote Supervisor Adapter. However, if you use both xSeries 335 and xSeries 330 servers in the network, the xSeries 330 servers must be the lowest-numbered servers in the chain. Figure 2 shows an ASM interconnect network with three servers.

Figure 2 ASM Interconnect Network of Three Servers

1. IN: Connect the cable from the output connector of another server to this connector.

2. OUT: Connect the cable from this connector to the input connector of another server.

3. ISM: Connect an ASM link cable from the ASM interconnect module to this connector in the first (A) server.

4. ASM link cable: Connect this cable to the ISM connector (3) in the first server.

5. Mouse: Connect a mouse to this connector.

6. Keyboard: Connect a keyboard to this connector.

7. Video: Connect a monitor to this line.

8. ASM interconnect module: Connect this module to the RS-485 connector (9) on the Remote Supervisor Adapter in the first server.

9. RS-485 on Remote Service Adapter: Connect the ASM Interconnect Module to this connector.

You can add up to 23 more servers to the network by installing a Remote Supervisor adapter in the 24th server, creating a second ASM bus. Figure 3 shows an ASM interconnect network with 46 servers.

Figure 3 ASM Interconnect Network of 46 Servers

1. IN: Connect the cable from the output connector of another server to this connector.

2. OUT: Connect the cable from this connector to the input connector of another server.

3. ISM: Connect an ASM link cable from the ASM interconnect module to this connector in the first (A) server.

4. ASM link cable: Connect this cable to the ISM connector (3) in the first server.

5. Mouse: Connect a mouse to this connector.

6. Keyboard: Connect a keyboard to this connector.

7. Video: Connect a monitor to this line.

8. Second ASM bus: Connect servers 24 through 46 on this bus.

9. First ASM bus: Connect servers 1 through 23 on this bus.

To cable an ASM interconnect network, complete the following steps:

Step 1 Follow the instructions for cabling a C2T chain.

Step 2 Connect an ASM interconnect module (which comes with the Remote Supervisor Adapter) to the RS-485 connector on the Remote Supervisor Adapter in the first server. If the network contains more than 23 servers, do the same on the 24th server.

Connect an ASM link cable (which comes with the Remote Supervisor Adapter) from the ASM interconnect module to the ISM connector in the first server. Insert a terminator into the second connector on the ASM interconnect module. If the network contains more than 23 servers, do the same on the 24th server.

Installation Notes

The Cisco CNS Configuration Engine 1.3.1 software is contained on a CD-ROM.

To be able to monitor the installation activity and run the Setup program, you should be connected to the system serial port.

To install the software, follow these steps:

Step 1 Verify that the CNS 2100 Series system is powered down.

Step 2 Power on the system and quickly insert the Cisco CNS Configuration Engine 1.3.1 CD-ROM in the CD drive.

Step 3 Push the Reset button to restart the system from the CD-ROM.

The software installs automatically. When the install sequence completes, the system automatically ejects the CD-ROM and restarts into Linux from the hard drive.

During the Linux startup sequence, by default, the CNS 2100 Series system redirects and supports console login at the serial port.

Step 4 Refer to the Cisco CNS Configuration Engine 1.3 Administrator's Guide to run the Setup program.

Also, see "New Event Gateway Prompts in Setup" below.

New Event Gateway Prompts in Setup

There are three new prompts in Event Gateway section of the Setup program included in Maintenance Release 1.3.1: 

Enter log file rotation timer (minutes, 0 = no rotation): [2]

Enter max log file size (Kbytes): [3072] 

Enter the max versions of log file (0-99): [1]

Parameter Descriptions

Log file rotation timer: Use to specify the time period (minutes) with which to check the cut-off size of a log file for version and backing up of log files. Default value is 2.

Max log file size: Use to specify the cut-off file size after which a log file is backed up to a new version; maximum log file size (Kbytes): [3072] 3072.

The max versions of log file: Select the number of versions of the log file you want saved; (0-99): [1] 1.

Event Gateway no allows version control of log files. For example: 

/var/log/CNS/TibGateLog-11011

/var/log/CNS/TibGateLog-11011.1

/var/log/CNS/TibGateLog-11011.2

etc..

Location of Backup Files

Event Gateway logs on the system are being backed up by a cron job. Logs are time stamped and stored in TAR format in the system in the /usr/log/backup directory.

Event Gateway logs are time stamped and stored in TAR format on the system in the /usr/log/backup directory. This directory is filled up to 1.1 GB size with event gateway logs. Once this limit is reached, a new file to be backed up is accommodated by deleting old backup files.

To do the backup operations, backup script needs a maximum of 2.1 GB of temporary memory in /usr directory.

To un-TAR the backup files, use the following command:

tar -zxvf <filename>

Note Since backup cron job is synchronized with the log file rotation timer of Event Gateway, the /usr/log/backup directory might contain no more than one version (<backup-file>.1) of the log file for a given time stamp.

Recommendations

Try to use the default values provided. They are probably the best values.

For log file rotation timer, always use a positive value equal to, or greater than, 2. DO NOT use 0.

Enabling Telnet Following Software Installation

Telnet access is disabled following installation of the Maintenance Release 1.3.1 software. To enable Telnet access, complete these steps:

Step 1 On the CNS 2100 Series system, change directory to /etc/xinetd.d.

Step 2 Use a text editor to operate on the telnet file as follows:

Change: disable       =yes

to: disable       =no

Step 3 Use the mv command to move /etc/securetty to /etc/securetty.old.

Limitations and Restrictions

All password values in Setup must contain alphanumeric characters only. Special characters have different meanings in the UNIX shell and should not be used for passwords.

Device Name values may contain only: period (.), underscore (_), hyphen (-), and alphanumeric characters.

Group Name values may contain only: underscore (_) and alphanumeric characters.

How to Enable IBM Director

To enable IBM Director, login as root in a terminal window, then type the following UNIX commands:

ln /etc/rc.d/init.d/init.wbem /etc/rc.d/rc3.d/S85init.wbem

ln /etc/rc.d/init.d/init.wbem /etc/rc.d/rc5.d/S85init.wbem

cp /etc/TWGagent/TWGagent.orig /etc/TWGagent/TWGagent

/etc/rc.d/init.d/init.wbem start

/etc/rc.d/init.d/TWGagent start

Resolved Caveats - Maintenance Release 1.3.1

This section lists caveats that have been resolved in release Maintenance Release 1.3.1 (see Table 1).

Table 1 Cisco CNS Configuration Engine 1.3.1 

ID
Problem

CSCdw58345

The current version of LDAP directory is unable to handle attributes more than 64 characters, which causes internal processes to fail.

CSCdy48492

When there are about 5,000 devices to be displayed in the Update or Delete Device screens it takes about 10 minutes to display all the devices in the screen.

CSCdy61014

Currently due to resource constraints, it is not possible to have all 5,000 devices connect to the Event Gateway (TibGate) all at once.

CSCdy63149

When more than 500 simultaneous connections come in, the configuration service can leave a spinning java thread utilizing CPU cycles. However, this thread is scheduled whenever other threads come in.

CSCdy72661

Event Gateway (TibGate) authentication request timeout option not set to support 5,000 devices.

CSCdz20043

GUI: Tools -> Data Manager -> UpdateProductList, the option on the UpdateProductList page Download from Cisco Web site does not work. This is because the default URL specified in the properties is incorrect.


Open Caveats - Maintenance Release 1.3.1

This section lists known caveats that are open for the CNS 2100 Series third-party software (see Table 2), CNS 2100 Series platform (see Table 3), and Maintenance Release 1.3.1 of the Cisco CNS Configuration Engine software application (see Table 4).

Table 2 CNS 2100 Series Third-Party Software

ID
Problem
Workaround

CSCdv70366

The directory API does not support special characters in device names, such as < & etc.

The API does not accept special characters in username or password fields.

When using the Intelligent Modular Gateway feature of the CNS 2100 Series to configure a device by means of Telnet or SSH, it is not possible to use punctuation characters in the username or password for the target device.


Table 3 CNS 2100 Series Platform 

ID
Problem
Workaround

CSCdv85666

When setting up the CNS 2100 Series with the Setup program, if you enter an invalid IP address for the Ethernet0 interface, you are not re-prompted to enter a correct one. This invalid IP address causes network connectivity problems for the unit.

If you accidentally enter an invalid IP address for the Ethernet0 interface, proceed through the rest of Setup program, but do not commit the changes. Then log in as setup again (if the unit has never been configured before) or run the Setup program (if you are updating a previous configuration) and enter the correct values.

CSCdv90816

In the Linux operating system, the two Ethernet interfaces are defined as Ethernet0 and Ethernet1. The user is presented with this nomenclature when configuring and using these two interfaces.

The labelling on the IBM x330 hardware shows the two Ethernet interfaces as Ethernet1 and Ethernet2.

In the CNS 2100 Series, the hardware is labeled with ports Ethernet 1 and Ethernet 2. The software identifies these ports as Ethernet 0 and Ethernet 1.

Ethernet 1 on the hardware label refers to Ethernet 0 in the software.

Ethernet 2 on the hardware label refers to Ethernet 1 in the software.

CSCdz76673

The following new Event Gateway prompts have been added: 

Enter log file rotation timer 
(minutes, 0 = no rotation): [15] 

Enter max log file size 
(Kbytes): [3072] 

Enter the max versions of log 
file (0-99): [1]

These prompt changes are not reflected in the internaldir.pl and externaldir.pl files in the /opt/CSCOcnsie/bin directory. These are sample scripts to run the user's non-interactive setup prompts. Without these prompts, it is possible to run non-interactive setup. However, the drawback is that the values for the above prompts default to its existing values. Users cannot set these values using non interactive setup script.

None.

CSCdz78340

In NSM default mode, when 5,000 devices pull down their initial configuration of size 64 KB with 27 LDAP attributes and establish connection with Event Gateway, they will succeed at the very first time after a fresh reboot of CNS 2100 Series. If all the devices go down and come back again, they encounter memory allocation failure and not all the connections are established with Event Gateway.

If you reduce the size of the initial configuration file to 20 KB, the problem will not be seen.

CSCdz81426

Setup can fail and pause indefinitely when a numeric hostname, such as 2110, is used and entered at the network-parameter prompt. The log file /var/log/appliance-setup.log contains errors similar to the followings:

2003-01-10 21:05:50 rvrd: unable to resolve network specification ('2110')

2003-01-10 21:05:50 rvrd: unable to resolve network specification ('2110')

It shows that Tibco fails to resolve the numeric hostname for an IP address.

Name the appliance with an alpha-numeric value beginning with an alpha value.

CSCdz83000

When IMGW starts, it generates a debug messages. It displays the debug messages a number of times recursively.

[root@infystorm2 tools]# /etc/rc.d/init.d/Imgw stop

Stopping IMGW [ OK ]

[root@infystorm2 tools]# /etc/rc.d/init.d/Imgw start

Done

[root@infystorm2 tools]# perl: warning: Setting locale failed.

perl: warning: Please check that your locale settings:

LANGUAGE = (unset),

LC_ALL = (unset),

LANG = "en_US.iso885915" are supported and installed on your system.

perl: warning: Falling back to the standard locale ("C").

perl: warning: Setting locale failed.

perl: warning: Please check that your locale settings:

LANGUAGE = (unset),

LC_ALL = (unset),

LANG = "en_US.iso885915" are supported and installed on your system.

perl: warning: Falling back to the standard locale ("C").

None.

CSCeb76924

httpd (Apache web server) is not running or cannot be started due to a out-of-space problem. The following error message is seen in /var/log/appliance-setup.log:

Waiting for tomcat to initialize...

........Starting httpd:fopen:No space left on device

httpd:could not open error log file /etc/httpd/logs/error_log.

[FAILED]

There are many (thousands) mgetty.log files generated in the /var/log directory. This large number of log files uses up all file system resources and the file system is not able to accommodate any more new file. Once the log files are removed, the system can function normally.

After inspecting the logrotate configuration file (/etc/logrotate.d/mgetty) that comes with mgetty, it was found that there is a mis-configuration in the file:

/var/log/mgetty.log.tty* {
       nocompress
       missingok
}

The wide-card asterisk commands logrotate to rotate not only the mgetty.log.ttyS0 file, but all the files that are created in each of the subsequent rotation. Eventually, all the file system resources are used up.

This is a two-step workaround:

First, remove existing mgetty log files with the command:
find /var/log -name 'mgetty.log.ttyS0.*' -print | xargs rm -fr

Second, correct the mgetty logrotate configuration (/etc/logrotate.d/mgetty) as follows:

/var/log/mgetty.log.ttyS0 {
       nocompress
       missingok
}


Table 4 Cisco CNS Configuration Engine 1.3.1 

ID
Problem
Workaround

CSCdv04599

TibGate getting killed after fetching large number of mappings.

When using the Namespace Mapper feature, there is a limitation of 150 mappings per subject name. If more than 150 mappings are provided, the CNS Event Gateway stops functioning.

Limit the number of mappings per subject name to 150.

CSCdy15293

The reload button in the web-based user interface might not work properly when reload is pressed number of times.

To clear this problem, close and restart the web browser.

CSCdy48788

When the Bulkupload data contains invalid attributes, DAXMLservelet stops working and logs invalid errors. This is a problem in the current LDAP directory version.

Validate that there are no invalid attributes in the Bulkupload data. If for some reason the system goes into this state, then reload the Cisco CNS Configuration Engine software.

CSCdy68363

In NSM Provider mode, if 5,000 devices try to establish connection with Event Gateway at a time, NSM Server is stressed and takes longer time to resolve the original subject. If the keepalive timeout on the devices is set less than the resolve time period (which depends on the load at that time), Event Gateway fails to send keepalive messages back to the devices. This causes the devices to time out and retry for a new connection.

1. Set a keepalive timeout that is longer than the time required for NSM server to resolve the original subject. Testing has been done with 3,500 seconds and 5 retries, and the problem was not observed.

2. Bring up the 5,000 devices in batches: a set of 100 with 1,000 seconds delay before another set of 100. All 5,000 devices will establish connection with Event Gateway successfully. The same thing applies to configuration update also.

CSCdy80613

Currently due to limited resources, it takes a long time for all 5,000 devices to receive configuration updates.

Issue updates in staggered waves of 500 devices per wave.

CSCdy83389

When 5000 devices try to post their inventory information and connect to Event Gateway upon receiving their configurations, it may take up to an hour before the last configuration is received. During this period, most of the device authentication requests are queued and timeout due to the default authentication timeout value of 180 seconds.

The devices will retry automatically and will ultimately get authenticated.

CSCdz14956

Under stress conditions over a period of weeks it has been noticed that the EventMonitor on the GUI stops logging the events.

To restart the EventMonitor log, restart the CNS 2100 Series system.

CSCdz33665

When SSL is turned on and 5,000 devices post their configurations, then connect to the Event Gateway (TibGate) upon receiving their configurations, all 5,000 successfully connect to the Event Gateway. But, if all 5,000 disconnect from the Event Gateway and reconnect, the CNS 2100 Series system experiences out of memory failures and the number of devices that successfully reconnect to the Event Gateway is reduced. The problem gets worse for each subsequent 5,000 disconnect and reconnect sequence.

The number of devices using SSL, either connecting to Apache configuration server or connecting to the Event Gateway (TibGate, should be limited to 3,000 or less.

CSCdz84489

If you configure the Event ID and Config ID using the cns id command before the event agent is started, you will not receive any config/event changed events even after the event agent is enabled.

In order for the notification to be sent out, it is necessary that the event and config agent are up and running prior to the execution of the cns id command.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Copyright © 2003, Cisco Systems, Inc.
All rights reserved.