Cisco Configuration Engine

Table Of Contents

Release Notes for Cisco Configuration Engine, 2.0

Introduction

What's New in this Release

Software-only Bundle

Linux Release Version

Solaris Release Version

Installation

Setup

OpenLDAP Replaces IBM Directory

Enhanced Scalability of Device Connections

Dynamic Log level Update

Monitoring Service

Related Documentation

Cisco IOS Dependences

Router Configuration

Limitations and Restrictions

Open Caveats Release 2.0

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco Configuration Engine, 2.0

---

Introduction

The Cisco Configuration Engine, 2.0 is a network management application that acts as a configuration service for automating the deployment and management of network devices and services. The Cisco Configuration Engine, 2.0 runs on host systems running either Linux or Solaris.

Each Cisco Configuration Engine, 2.0 manages a group of Cisco IOS devices (routers) and services they deliver, storing their configurations and Cisco IOS images, then delivering them as needed. The Cisco Configuration Engine, 2.0 automates initial configurations, configuration and image updates, dynamically generating the device-specific configuration or image on-demand, and logs the results.

---

Note For the latest information regarding this release, check online at: www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cce/rel2_0.

---

What's New in this Release

This section describes the new features found in Cisco Configuration Engine, 2.0.

Software-only Bundle

Cisco Configuration Engine, 2.0 is released as software-only bundle running on Linux or Solaris without the need for a Cisco Configuration Engine hardware appliance.

Linux Release Version

The Linux release version of Cisco Configuration Engine, 2.0 has been tested in the following hardware and OS environment:

•ï Pentium III or equivalent and above.

•ï Red Hat Enterprise Linux Enterprise Server 3.0.

•ï 1 GB RAM.

•ï 40 GB disk space.

Solaris Release Version

The Solaris release version of Cisco Configuration Engine, 2.0 has been tested in the following hardware and OS environment:

•Sunfire V210 1 (2 CPU for 10,000 device connections).

•Solaris 2.8.

•1 GB RAM (2 GB for 10,000 device connections).

•40 GB disk space (70 GB for 10,000 device connections).

Installation

With the removal of the operating system-related installation, Cisco Configuration Engine, 2.0 installation assumes the operating system is up and running and has network connection. The Cisco Configuration Engine, 2.0 application is provided on a tar file.

---

Note PXEBOOT installation is no longer a requirement.

---

•System and OS checking: An installation script is implemented to check for CPU architecture, OS version, RAM space, disk space, and swap space. The script will abort if the system does not meet the requirements for each parameter specified for Version (i.e., Linux Version, Solaris Version).

•Clean install: Installation script verifies that the system is clean before making an installation.

•Co-locate install: Cisco Configuration Engine, 2.0 is bundled with other applications that might contain the same third-party software. The installation script checks the existence of all required third-party software—using its version number and exact name—and if there is a conflict, the installation script prompts the user to determine whether the script should abort or use the existing copy.

•OpenLDAP and repository support: The new scripts support Open LDAP, update installation XML files, and setup files for OpenLDAP. The default installation is for Open LDAP with Berkeley DB.

•Installation for Trial usage: Cisco Configuration Engine, 2.0 allow installation in a system that does not meet resource requirements. This allow customers to have a system with which to test.

•Non-Interactive installation: Cisco Configuration Engine, 2.0 provides a non-interactive mode. Data for this is derived from a datafile.

Setup

Setup process configures and launches each of the Cisco Configuration Engine, 2.0 software components. It prompts users to acquire configuration settings. In this release all operating-system related and directory-service related prompts, such as hostname, IP address have been removed.

•Sharable third-party software: The Setup script acquires the locations of the third-party installation or the location of the property files (if required), and invokes the associated helper scripts to generate the new property files.

•Start and Stop service: Cisco Configuration Engine, 2.0 provides a script to consolidate the start and stop for all or individual services.

•Non-interactive Setup: Cisco Configuration Engine, 2.0 provides this setup mode without prompts for user input to allow other Cisco products to bundle Cisco Configuration Engine, 2.0 in an integrated manner.

OpenLDAP Replaces IBM Directory

OpenLDAP is used as a replacement for IBM Directory in Cisco Configuration Engine, 2.0. OpenLDAP is an open source LDAP implementation that provides Directory services that are needed by Cisco Configuration Engine.

OpenLDAP can be configured to use internal or external database as data repository for Directory. When configured to use internal database, OpenLDAP stores data in plain files using Berkeley DB library. When configured to use external database, OpenLDAP stores data in relational tables using ODBC library.

OpenLDAP can also be configured to act as a proxy to forward incoming LDAP requests to another external LDAP server, which provides another possibility for string data in external LDAP server, e.g., iPlanet.

Enhanced Scalability of Device Connections

The maximum number of device connections supported on a Solaris platform with 2 CPUs and 2 GB main memory is 10,000.

Dynamic Log level Update

With this release, you can now change the log level programmatically using Web Services. A new API has been defined in Admin Web Service: setLogLevel(int level, Token token). For more information, see the Cisco Configuration Engine Administrator Guide, 2.0.

Monitoring Service

A wrapper monitoring service has been provided in this release to monitor various Cisco Configuration Engine, 2.0 services. If any of the Configuration Engine processes die, the monitoring service exits.

There is a provision to start, stop, or check the status of this service. The following Configuration Engine processes are monitored:

•HTTP/Tomcat

•Event Gateway

•IMGW

•Web Services

•Tibco Rendezvous Daemon

Related Documentation

Other documentation related to this product include:

•Cisco Configuration Engine Linux Installation and Configuration Guide, 2.0

•Cisco Configuration Engine Solaris Installation and Configuration Guide, 2.0

•Cisco Configuration Engine Administrator Guide, 2.0

•Documentation Guide for Cisco Configuration Engine, 2.0

•Release Notes for Cisco Configuration Engine Software Development Kit API Reference and Programmer Guide, 2.0

•Cisco Configuration Engine SDK API Reference and Programmer Guide 2.0

Cisco IOS Dependences

Table 1 lists Cisco IOS versions with corresponding versions of Configuration Engine including feature limitations associated with each version.

Table 1 Cisco Configuration Engine, 2.0 and Cisco IOS Dependencies

Cisco IOS	CNS Configuration Engine	Limitations
12.3	1.3.2 or later
12.2(11)T	1.2 or later
12.2(2)T	1.2 or later with no authentication.	Applications will be unable to use exec commands or point-to-point messaging.

Router Configuration

For a router to pick up its initial configuration from the Cisco Configuration Engine, 2.0, install the Cisco Configuration Engine, 2.0 software before installing a router. Then, establish a connection between the router and the Cisco Configuration Engine, 2.0.

For information about Cisco Flow-Through Provisioning, refer to:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftsnap26.html.

Limitations and Restrictions

•If you download a configuration that changes username, password, enable password, or IP address for a non-agent-enabled device, you need to modify the corresponding IMGW hop information for the device to update it with the new username, password, enable password, and IP address.

•SFTP - An SFTP server is permanently enabled which can be used for administrative tasks such as placing images securely into the FTP directory [ /tftp/CSCOcnsis/images/ ] for image download by devices over FTP or TFTP. Any regular system account may login to SFTP.

•FTP - FTP service is READ-ONLY and the user must be "root".

•TFTP:

–No new files can be created and files cannot be deleted. However, existing files can be overwritten ONLY if they are publicly writeable. The permissions of the files placed into the ftp directory can be controlled by the SFTP user managing files in the ftp directory.

–The TFTP service does not require an account or password on the server system. Due to the lack of authentication information, TFTPD allows only publicly readable files (o+r) to be accessed. Files may be written only if they already exist and are publicly writable.

•All password values in Setup must contain alphanumeric characters only. Special characters have different meanings in the UNIX shell and should not be used for passwords.

•Device Name values may contain only: period (.), underscore (_), hyphen (-), and alphanumeric characters.

•Group Name values may contain only: underscore (_) and alphanumeric characters.

Open Caveats Release 2.0

This section lists known caveats that are open for Cisco Configuration Engine, 2.0 (see Table 2).

Table 2 Known Problems 

ID	Problem	Workaround
CSCeg51948	External Directory: Updates too slow; 1.5 to 2 hours to update 1500 devices.	When using external directory (e.g.,NDS) the following attributes need to be indexed: cn, IOSConfigID, IOSEventID, and CNSImageID. This is important to attain a satisfactory performance on the LDAP store especially for an LDAP store with a very large number of devices.
CSCeh03078	Submitjob API:Img update with different eventID, configID, and ImageID fails.	Ensure that the configID, eventID, and imageID of the device are same as the deviceName while using the update image Web Services APIs.
CSCsc09967	Tomcat does not come up after running setup. When the imported certificate and private key is invalid, httpd daemon would exit. This is a problem when the public key in the certificate does not correspond to the private key.	Import the correct certificate and private key.
CSCsc10663	Device does not get deleted from CISDevices after calling DynamicLog API.	Set the logging level to Info or Debug.
CSCsc39451	Exec does not work in crypto mode for IMGW device. When Cisco Configuration Engine is set up in crypto mode with plaintxt turned off, and the target device is IMGW devices, Web Service API of iexec and exec will not go through.	Make sure plaintxt HTTP is used if the Exec request is against an IMGW device and the response is to be post to a HTTP server.
CSCsc42731	Job stuck in queued state in non-algorithmic mode. When non-algorithm mode is turned on from algorithm mode, the complete config update job stays in queue as in-progress instead of complete.	Delete the previous in-progress jobs and restart Cisco Configuration Engine by running setup -r.
CSCsc58075	Internal Server Error seen if tomcat internal port is changed. If running setup, there are prompts that related to tomcat ports can be modified from default values. The default value is 8005 for tomcat shutdown port and 8009 for tomcat internal port. If the ports are changed, this will result in tomcat failure and all servers that depends on tomcat will not be able to run.	Enter Tomcat internal port number: [8009]. Enter Tomcat shutdown port number: [8005].
CSCsd12624	In Solaris environment, during installation phase, if a user assigns a long path as CE root directory, it causes CE servers shutdown to fail, which also causes server status check to fail.	All CE processes path length should not exceed 65 characters. That is, don't assign long path to CE_INSTALLATION_ROOT during CE installation phase.
CSCsd31329	When Cisco Configuration Engine has created a lot of jobs, and many have completed, after restarting Cisco Configuration Engine servers, Cisco Configuration Engine does not display any completed jobs in the GUI under Query Jobs.	Don't accumulate a large number of job entries in Cisco Configuration Engine. When submitting an initial configuration, update the configuration or image request, either from GUI or WebAPI. Remember to always delete the job after the request is done.
CSCsd32853	When getConfigStatus gets null exception, it might return to clients occasionally. The root cause is because the jobID created by configSvr in updateDeviceWithConfig call takes more time than ImageServer's getConfigStatus() expects. Before the job ID is created on the ConfigServer side, ImageServer assumes the job is done and wants to query the job status when getConfigStatus API is invoked by client program.	Set appropriate sleep timer in between updateDeviceWithConfig and getConfigStatus to guarantee creating the job ID is done before a query of its status.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Copyright © 2006 Cisco Systems, Inc. All rights reserved.