Table Of Contents
Release Notes for Cisco Configuration Engine, 1.5
Release Notes for Cisco Configuration Engine, 1.5
Introduction
The Cisco Configuration Engine, 1.5 is a network management application that acts as a configuration service for automating the deployment and management of network devices and services. The Cisco Configuration Engine, 1.5 runs on the Cisco 2116 Intelligence Engine hardware platform.
Each Cisco Configuration Engine, 1.5 manages a group of Cisco IOS devices (routers) and services they deliver, storing their configurations and Cisco IOS images, then delivering them as needed. The Cisco Configuration Engine, 1.5 automates initial configurations, configuration and image updates, dynamically generating the device-specific configuration or image on-demand, and logs the results.
Note
For the latest information regarding this release, check online at: www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cce/rel1_5.
What's New in this Release
•
•
•
•
•
•
•
Related Documentation
Other documentation related to this product include:
•
•
•
•
•
•
•
•
Console Access to CE-2116-K9
Normal terminal login to the CE-2116-K9 system is supported by way of system KVM connections on the rear panel.
Cisco IOS Dependences
Table 1 lists Cisco IOS versions with corresponding versions of CNS Configuration Engine including feature limitations associated with each version.
Router Configuration
For a router to pick up its initial configuration from the Cisco Configuration Engine, 1.5, install the Cisco Configuration Engine, 1.5 software before installing a router. Then, establish a connection between the router and the Cisco Configuration Engine, 1.5.
For information about Cisco Flow-Through Provisioning, refer to:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftsnap26.html.
Limitations and Restrictions
•
•
•
•
•
–
–
•
•
•
Open Caveats Release 1.5
This section lists known caveats that are open for Cisco Configuration Engine, 1.5 (see Table 2).
Table 2 Known Problems
CSCec11200
The cause of memory leak is an OpenSSL internal table that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless.
None.
CSCec17163
If during setup you enter for the internal FTP server prompt a username that already exists, Setup will accept this value and during processing you will see the following error message in the output:
Processing internal ftp parameters... Error: Internal ftp username is an existing system account! Please rerun setup to reconfigure FTP.Rerun Setup and disable FTP, then run Setup again and enter a valid username for the FTP user.
CSCec20018
FTP user password shows as clear text in Image Locations
None.
CSCec40266
Inventory response from the device does not report the alias file systems.
Use the actual file system names in the destination field.
CSCec51936
Image Server does not support NSM provider mode. For example, though the NSM server is setup in provider mode, Image Server still sends out individual checkServer events to the devices instead of checkServer.<group-name> events.
None.
CSCec67971
Job status page requires one page per device in a job. Jobs with a large number of devices in them have a lengthy Job Status page.
Limit the number of devices per job.
CSCec75172
When creating an image for AP352 on the Configuration Engine since, the version string is not a mandatory field, you may create an image without this field. If such an image is associated with an AP device, and the device is submitted in a job the Image Server will return a failure message for this job.
Enter a version string while creating an image for AP devices. In the case of the AP device, the only valuable information obtained from the inventory report is the version string which is used to evaluate whether the device is running the image we want or not. If this version string is not provided on the Image Server, the server can not verify what image the device is running on the device.
CSCec75653
The GUI filter is expected to function like the UNIX limited regular expression pattern but is currently functioning like a RE expression. According to RE syntax and usage quantifiers (?*+{}) are considered repeating operators and as such can not be at position one in regular expression pattern and must have a preceding token. According to the UNIX limited regular expression quantifiers such as ? * may be expressions by themselves.
The quantifiers such as ? * must be preceded with a "."
For example: * will now be.*
CSCec87203
If the image to be activated exists on the flash of device, and job is to distribute the same image with ERASE flag selected but OVERWRITE flag not selected, then distribution does not take place.
The OVERWRITE flag must be selected in order to have the image distributed in such a case.
CSCec87364
Tibgate sockets stuck in CLOSE_WAIT.
None.
CSCeg10583
GroupAPI: Invalid security credentials generates NullPointerExcep.
A NULL pointer exception could be encountered in /var/log/CNSCE/CSCOGroupAdmin/ga.log or in /var/log/CNSCE/tomcat/localhost.log when an invalid directory password is used in external directory mode. A NULL pointer is returned by the GroupAdminFactory when an invalid directory password is defined in the property file.
Check for NULL return when invoking the create method of GroupAdminFactory.
CSCeg25547
After performing a large of number Ldap operations in bulk upload, such as uploading a few thousand devices in IBM Ldap directory, the Ldap search operation time increases, which results in decreased system performance.
To improve the performance after bulk upload, the system should be restarted. On the Cisco 2116, perform a setup -r.
CSCeg44998
Unable to create group with 256 characters.
This is a directory specific limitation. Group name is stored using the Organization Unit (OU) attribute of the directory. IBM directory imposes a 128-character-length limit on the OU.
Use a group name that is less than 128 character long.
CSCeg51948
External Directory Mode: Updates too slow: 1.5 to 2 hrs. to update 1500 devices.
When using External directory Mode the following attributes should be indexed:
•
•
•
•
For NDS, cn is automatically indexed. This is important to attain a satisfactory performance on the Ldap store, especially for an Ldap store with a very large number of devices.
CSCeg51980
IMGW: 1.5 hrs to start event listeners for 5,000 devices.
With 5000 IMGW devices in the directory, it takes around 50 minutes for IMGW to restart all listeners for all devices every time when IMGW is restarted or the Setup command is rerun on the Cisco 2116. During this restart period, IMGW works only on those devices with listeners being restarted.
None.
CSCeg55582
IMGW: config.warning event has empty warning-message tag.
This problem is caused by the improper registration of the device module. The value to the -cmd option was incorrect.
Make sure that the device module is registered properly. Deregister and then register the module again.
CSCeg55904
The device object was created under ou=GenericDevices, but no DID was created under ou=imgw.
The imgw.ldf file should be used to extend the schema of external directory before creating IMGW devices. This file can be found under /opt/CSCOimgw/.
CSCeg75996
Symptom: If submitting 100 jobs (image upgrades) each with a batch size of 50 devices or greater, not all devices will be successfully upgraded. Thus not all the jobs will complete successfully.
Conditions: 5000 devices being upgraded simultaneously across 100 or more jobs.
Limit the number of jobs to a maximum of 50 each, with a maximum batch size of 50. The jobs should complete successfully.
CSCeh03078
submitJob API: Image update with different configID, eventID, or imageId fails.
Ensure that the configID, eventID, and imageID of the device are same as the deviceName while using the update image Web Services APIs.
CSCeh10479
On trying to edit a device that is already associated with a group, you will see a cisco.cns.admin.group.MemberAlreadyExistsException.
The edit operation on the device proceeds successfully and hence the exception can be ignored.
None.
CSCeh29615
No crontab set for backup job when /var is 100% full.
Certain system commands need some space in /var to run and crontab is such a command in order to schedule the backup job for the user. Because of this, the crontab command issued by the script (called from the GUI) fails, which results in the failure of backup job.
Clean up /var partition on the system (moved some files to /home/), then resubmit the backup schedule from the GUI.
CSCeh53752
Submit configuration update jobs using methods updateDeviceListWithConfig(), updateGroupsWithConfig() of CEConfigService web service providing NULL as lines property input in the Config object. A NullPointerException is thrown.
Verify there is no NULL values inside lines array before passing into the API.
CSCeh53774
Create an image object using populateImage API without providing the image location input. Java null pointer exception is thrown.
Create an image object using populateImage API without providing the image name input. No error is thrown and the image object is also not created.
When creating an image, you must always provide:
image location
image name
image typeCSCeh54822
If the image details [image name, destination or location] is given incorrectly in the createDevice with Image API, the device is created successfully. But, the device is not registered with image services.
The problem can be seen in the following APIs:
createDeviceWithImage()
createDeviceWithImageInGrp()
createDeviceWithImageAndAttr()
createDeviceExtended()Always give existing image name/destination and location in the API.
CSCeh57119
There is no character-validity check for the input of the Web Service implementation of Group administration API. Group with invalid group name (such as !@!!) can be created into the directory.
Use only alpha-numeric character, underscore, and/or dash for making a valid group name.
CSCeh61716
There is an intermittent problem appeared in the first time installation of the IBM directory. You might see one of the following errors at the console:
Following Commands failed: see /var/log/CNSCE/appliance-setup.log for details.
/opt/CSCOcnsie/bin/db2perfsetup.sh
Following Commands failed: see /var/log/CNSCE/appliance-setup.log for details.
/opt/CSCOcnsie/bin/db2upgrade.shWhen browsing into the /var/log/CNSCE/appliance-setup.log, you will find some failure messages when the db2upgrade.sh script is executed.
Ignore these messages. No upgrade is required.
CSCeh62804
By providing only the device name for setApplyToDevices (and appropriate values for the remaining parameters) when submitting config and image jobs using un-managed-object APIs, such as updateConfig(Config[], ConfigJobProperty, Token), the status of the job is Invalid.
The java documentation does not provide sufficient information on the required inputs you must provide to these un-managed-object APIs to avoid running into this Invalid state.
Managed & Un-managed Objects
Methods of the CEConfigService and the CEImageService web services utilize value objects (like Javabeans, with properties accessed by get/set methods), such as Config, Template, Device or Image. These objects are either explicitly supplied in the request, or are created beforehand (using the administrative service CEAdminService), then referenced by name: the difference is in whether you manage these objects outside the scope of this request, or not.
Managed objects are administratively created and/or edited by you before a job is submitted. After the job completes, you are responsible for deleting the objects, if desired.
Un-managed objects are objects that exist only within the request—you don't have to manage them on the system.
Managed Objects
•
•
Un-managed Objects
•
•
•
Examples
•
•
CSCeh64492
DataMigration: for external directory, irrelevant error messages seen in results.
None.
CSCeh65144
No email sent when job description is null.
Before submitting a job for image update, config update, query inventory, or delete files on device, use setDescription method to set the description in:
•
•
•
•
If this is not set, the email job status functionality will not work as expected.
CSCeh66592
The addUser API does NOT validate Password, Last Name and First Name entries.
Make sure to invoke addUser API with valid input parameters for Password, Last Name, and First Name.
These entries cannot be null.
CSCeh71676
Symptom: Under normal conditions, with jobs being submitted to the server intermittently, the server will prevent jobs from being submitted if the number of jobs in the IN_PROGRESS or WAITING state exceeds the maximum number of allowed concurrently executing jobs (as configured in /opt/CSCOcnsie/conf/jobs.properties by the maxConcurrentJobs property).
However, if submitting many jobs (i.e. 100) to the server simultaneously, it is possible for those 100 jobs to all be submitted successfully (i.e. move into the IN_PROGRESS state) and exceed the maximum number of allowed concurrently executing jobs. Depending on the batch size and number of devices in each job, this could cause some jobs to never complete, as documented in CSCeg75996. This occurs because the 100 new jobs, since submitted simultaneously, can all be in the NEW state while the server verifies the number of concurrently executing jobs, which does NOT take into account jobs in the NEW state, nor does it account for jobs that are PREPARING, PREPARED or SCHEDULED that could become IN- PROGRESS, thereby exceeding the limit. Also, this doesn't account for jobs that are STOPPING, which are still executing (though probably not placing much load, they are still consuming CPU cycles). Also, when a job transitions from PREPARED or SCHEDULED to IN_PROGRESS (whether via it's initial submit, a restart or awaking from being scheduled) the verification step should be made again.
Conditions: 5000 devices being upgraded simultaneously across 100 or more jobs that are all submitted almost simultaneously (i.e. within a few seconds).
Submit the jobs sequentially after each job has reached the IN_PROGRESS state, then the concurrency limiting mechanism will work effectively.
Notes:
•
•
–
–
•
CSCeh72240
When submitting a configurqation upgrade job on un-managed IMGW devices. For example, using updateConfigWithTempl with invalid input for Agent Type. The device is created as an agent-enabled device and the job submitted is stopped.
Please use only valid values for AgentType.
For Devices of type=NON_AGENT_ENABLED_DEVICE, the valid values for AgentType are:
CONFIG_AGENT
IMAGE_AGENT
CONFIG_AND_IMAGE_AGENTCSCeh72256
Symptom: If a job is submitted using un-managed objects (i.e. not referencing by name devices, templates of images already created on the Configuration Engine) for non-agent-enabled devices with an invalid value, such as Device.deviceType= null, the job will move to the INVALID state, as expected. However, any objects created by this call remain after the job is made INVALID. They should have been cleaned up.
Conditions: Job with un-managed non-agent-enabled becomes INVALID doesn't cleanup objects this method call creates.
Manually cleanup the newly created objects, which will appear under the group /config/default (in the LDAP directory server) and in the directory /opt/CSCOcnsie/Templates on the CE file system.
Devices and Images can be deleted using the CEAdminService or the web GUI.
Activation templates appear with the prefix activation.
Example
activate.7200- 21Dev-11.cfgtpl
in the /opt/CSCOcnsie/Templates directory.Configuration templates appear with the prefix com.cisco.netmgmt.ce.websvc.common.device.Device@
Example
com.cisco.netmgmt.ce.websvc.common.device.Device@50c660e6.cfgtpl.cfgtpl
in the directory /opt/CSCOcnsie/Templates on the CE file system.CSCeh72260
The status of the Update Image job will be stopped if the activation template is not provided.
Always provide activation templates.
CSCeh72290
The searchUsers API throws an exception when invoked with a wild cards, such as *. This happens only when there is a user entry with null password or first/last name.
Do NOT add any users with invalid or null entries for password, or first/last names.
CSCeh72514
See CSCeh72256.
See CSCeh72256.
CSCeh73415
Exceptions are thrown for associateImageWithDev API with invalid inputs-javanullpointer.
For the API call: associateImageWithDev
•
•
•
Exceptions are thrown for all of the above cases.
CSCeh92212
The dataexport process fails when the LDAP device objects on the v1.4 machine contain some data in the Contact Information attribute.
Contact Cisco Technical Assistance Center (TAC).
Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Guest
