Automation

last person joined: yesterday 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

  • 1.  cs-time-based-filters not honoring deactivate statement?

    Posted 01-16-2012 00:14

    Hi!

     

    I picked up "cs-time-based-filters" from the Juniper Script Library. It works as advertised, but it appears it does not honor the "inactive" tag I tried to set on "apply-macro active-time-range".

     

    My intent was to keep the logic and settings in the configuration, but temporarily turn of the scheduled activation/deactivation.

     

    I am not really into writing these scripts myself (yet).

     

    Has anyone done modification of this kind to these scripts?



  • 2.  RE: cs-time-based-filters not honoring deactivate statement?
    Best Answer

    Posted 01-17-2012 05:36

    You're correct, the code wasn't setup to pay attention to whether the apply-macro time ranges are activated or not. The <get-configuration> call pulls in the pre-inheritance configuration, which includes inactive elements, and then makes no attempt to excludes macros that are deactivated:

     

        /* Look for macros in firewall stanza */
        var $firewall-macros = $candidate-configuration/firewall/filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $firewall-family-macros = $candidate-configuration/firewall/family//filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $groups-firewall-macros = $candidate-configuration/groups/firewall/filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $groups-firewall-family-macros = $candidate-configuration/groups/firewall/family//filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $logical-systems-firewall-macros = $candidate-configuration/logical-systems/firewall/filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $logical-systems-firewall-family-macros = $candidate-configuration/logical-systems/firewall/family//filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $groups-logical-systems-firewall-macros = $candidate-configuration/groups/logical-systems/firewall/filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];
        var $groups-logical-systems-firewall-family-macros = $candidate-configuration/groups/logical-systems/firewall/family//filter/term[starts-with(apply-macro/name, $active-range-macro) or starts-with(apply-macro/name, $inactive-range-macro)];

     

    So to remove the macros you'll want to either delete them or just rename them rather than deactivate them.



  • 3.  RE: cs-time-based-filters not honoring deactivate statement?

    Posted 01-17-2012 07:30

    Thanks!

     

    In hindsight it is quite obvious that I should just rename the macro. That will work just fine.

     

    /Per