Merge branch 'v4.1.0-dev' into dhaselva/N2k_fex

Author: monrog2

aci-preupgrade-validation-script.py

@@ -6348,6 +6348,53 @@ def multipod_modular_spine_bootscript_check(tversion, fabric_nodes, username, pa
 
     return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
 
+  
+@check_wrapper(check_title="Inband Management Policy Misconfiguration")
+def inband_management_policy_misconfig_check(cversion, tversion, **kwargs):
+    result = PASS
+    headers = ["Node_ID", "Address", "Gateway"]
+    data = []
+    recommended_action = "Contact Cisco TAC to remove any identified misconfigured 'mgmtRsInBStNode' objects"
+    doc_url = "https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#inband-management-policy-misconfiguration"
+    
+    if (cversion.older_than("5.2(8d)")) and (tversion.newer_than("6.0(4c)") or tversion.same_as("6.0(4c)")):
+        mgmtRsInBStNodes = icurl('class', 'mgmtRsInBStNode.json?query-target-filter=or(eq(mgmtRsInBStNode.addr,"0.0.0.0"),eq(mgmtRsInBStNode.gw,"0.0.0.0"))')
+        for mgmtRsInBStNode in mgmtRsInBStNodes:
+            attrs = mgmtRsInBStNode["mgmtRsInBStNode"]["attributes"]
+            addr = attrs['addr']
+            gw = attrs['gw']
+            node_match = re.search(node_regex, attrs['dn'])
+            node_id = node_match.group("node")
+            data.append([node_id, addr, gw])
+    else:
+        return Result(result=NA, msg=VER_NOT_AFFECTED)
+    if data:
+        result = FAIL_O
+    return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
+    
+    
+@check_wrapper(check_title="svccore excessive data check")
+def svccore_excessive_data_check(**kwargs):
+    result = PASS
+    headers = ['Class Name','Count']
+    data = []
+    recommended_action = "Delete the core files before proceeding with upgrade. Please refer to the document linked below and contact Cisco TAC for assistance if needed."
+    doc_url = "https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#svccore-excessive-data-check"
+    try:
+        svccoreCtrlr_classes_count = icurl('class', 'svccoreCtrlr.json?query-target=self&rsp-subtree-include=count')
+        svccoreNode_classes_count = icurl('class', 'svccoreNode.json?query-target=self&rsp-subtree-include=count')
+        
+        if int(svccoreCtrlr_classes_count[0]['moCount']['attributes']['count']) > 240:
+           data.append(['svccoreCtrlr', svccoreCtrlr_classes_count[0]['moCount']['attributes']['count']])
+        if int(svccoreNode_classes_count[0]['moCount']['attributes']['count']) > 240:
+            data.append(['svccoreNode', svccoreNode_classes_count[0]['moCount']['attributes']['count']])
+        if data:
+            result = MANUAL
+        
+        return Result(result=result,headers=headers,data=data,recommended_action=recommended_action,doc_url=doc_url)
+    except Exception as e:
+        return Result(result=ERROR, msg="Error occurred while fetching svccore object counts: {}".format(str(e)), doc_url=doc_url)
+
 
 # ---- Script Execution ----
 
@@ -6440,6 +6487,7 @@ class CheckManager:
         validate_32_64_bit_image_check,
         fabric_link_redundancy_check,
         apic_downgrade_compat_warning_check,
+        svccore_excessive_data_check,
 
         # Faults
         apic_disk_space_faults_check,
@@ -6518,6 +6566,7 @@ class CheckManager:
         auto_firmware_update_on_switch_check,
         rogue_ep_coop_exception_mac_check,
         n9k_c9408_model_lem_count_check,
+        inband_management_policy_misconfig_check,
     ]
     ssh_checks = [
         # General

docs/docs/validations.md

@@ -37,7 +37,8 @@ Items                                                        | This Script
 [Fabric Link Redundancy][g17]                                | :white_check_mark: | :no_entry_sign:
 [APIC Database Size][g18]                                    | :white_check_mark: | :no_entry_sign:
 [APIC downgrade compatibility when crossing 6.2 release][g19]| :white_check_mark: | :no_entry_sign:
-[Supported hardware compatibility][g20]                      | :white_check_mark: | :no_entry_sign:
+[Supported Hardware Compatibility][g20]                      | :white_check_mark: | :no_entry_sign:
+[Svccore Excessive Data Check][g21]                          | :white_check_mark: | :no_entry_sign:
 
 [g1]: #compatibility-target-aci-version
 [g2]: #compatibility-cimc-version
@@ -59,6 +60,7 @@ Items                                                        | This Script
 [g18]: #apic-database-size
 [g19]: #apic-downgrade-compatibility-when-crossing-62-release
 [g20]: #supported-hardware-compatibility
+[g21]: #svccore-excessive-data-check
 
 ### Fault Checks
 Items                                         | Faults         | This Script       | APIC built-in
@@ -200,6 +202,7 @@ Items                                           | Defect       | This Script
 [Rogue EP Exception List missing on switches][d30] | CSCwp64296   | :white_check_mark: | :no_entry_sign:
 [N9K-C9408 with more than 5 N9K-X9400-16W LEMs][d31] | CSCws82819   | :white_check_mark: | :no_entry_sign:
 [Multi-Pod Modular Spine Bootscript File][d32]  | CSCwr66848   | :white_check_mark: | :no_entry_sign:
+[Inband Management Policy Misconfiguration][d33]| CSCwd40071   | :white_check_mark: | :no_entry_sign:
 
 [d1]: #ep-announce-compatibility
 [d2]: #eventmgr-db-size-defect-susceptibility
@@ -233,6 +236,7 @@ Items                                           | Defect       | This Script
 [d30]: #rogue-ep-exception-list-missing-on-switches
 [d31]: #n9k-c9408-with-more-than-5-n9k-x9400-16w-lems
 [d32]: #multi-pod-modular-spine-bootscript-file
+[d33]: #inband-management-policy-misconfiguration
 
 ## General Check Details
 
@@ -2766,6 +2770,34 @@ This issue happens only when the target version is specifically 6.1(4h).
 To avoid this issue, change the target version to another version. Or verify that the `bootscript` file exists in the bootflash of each modular spine switch prior to upgrading to 6.1(4h). If the file is missing, you have to do clean reboot on the impacted spine to ensure that `/bootflash/bootscript` gets created again. In case you already upgraded your spine and you are experiencing the traffic impact due to this issue, clean reboot of the spine will restore the traffic.
 
 
+### Inband Management Policy Misconfiguration
+
+Due to the defect [CSCwh80837][67], starting from version 6.0(4c), mgmtRsInBStNode policy get modified in leaf/spine during Apic upgrade.
+
+Impact:
+
+When upgrading Apic from versions prior to 6.0(4c) to versions 6.0(4c) or later, if there is a misconfiguration in the inband management policies (mgmtRsInBStNode) with invalid values, the re-processing triggered by [CSCwh80837][67] will expose the underlying [CSCwd40071][68] defect. This results in continuous policyelem core dumps and switch reboot if Switch are running impacted version of [CSCwd40071][68].
+
+The invalid configuration occurs when mgmtRsInBStNode has "0.0.0.0" values ( with or without mask) for either the "addr" or "gw" fields.
+
+Suggestion:
+
+Contact Cisco TAC to remove any identified misconfigured objects before performing the upgrade to prevent policyelem crashes.
+The [CSCwd40071][68] defect affects versions 5.2(5c) and later with a fix available in 6.0(1g). However, the issue will only be triggered during Apic upgrades crossing 6.0(4c) due to [CSCwh80837][67].
+
+
+### Svccore Excessive Data Check
+
+Due to excessive `svccoreCtrlr` or `svccoreNode` managed objects, Apic gui stuck in loading multiple queries.
+
+The svccoreCtrlr and svccoreNode objects represent core files related to Apic and Leaf/Spines process respectively.
+
+Due to [CSCws84232][67], the APIC GUI may become unresponsive after login, with dashboards stuck in a continuous “Loading…”state.
+Administrators may be unable to access or operate the APIC GUI, potentially impacting day-to-day management or upgrade.
+
+This check will verify the count of the `svccoreCtrlr` Managed Object and raise and alarm with the bug if object count found more than 240. Remove the content or objects of `svccoreCtrlr` or `svccoreNode`. Contact Cisco TAC or upgrade to a release containing the fix for CSCws84232 before proceeding with an upgrade.
+
+
 [0]: https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script
 [1]: https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html
 [2]: https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-release-notes-list.html
@@ -2833,3 +2865,6 @@ To avoid this issue, change the target version to another version. Or verify tha
 [64]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp64296
 [65]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws82819
 [66]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr66848
+[67]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh80837
+[68]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd40071
+[69]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws84232

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_addr_and_gw_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "0.0.0.0",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "0.0.0.0",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_address_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "0.0.0.0",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "191.1.1.1",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_gateway_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "191.1.1.153/24",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "0.0.0.0",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_valid_config.json

@@ -0,0 +1 @@
+[]

tests/checks/inband_management_policy_misconfig_check/test_inband_management_policy_misconfig_check.py

@@ -0,0 +1,163 @@
+import os
+import pytest
+import logging
+import importlib
+from helpers.utils import read_data
+
+script = importlib.import_module("aci-preupgrade-validation-script")
+log = logging.getLogger(__name__)
+dir = os.path.dirname(os.path.abspath(__file__))
+test_function = "inband_management_policy_misconfig_check"
+mgmtRsInBStNode = 'mgmtRsInBStNode.json?query-target-filter=or(eq(mgmtRsInBStNode.addr,"0.0.0.0"),eq(mgmtRsInBStNode.gw,"0.0.0.0"))'
+
+@pytest.mark.parametrize(
+    "icurl_outputs, cversion, tversion, expected_result, expected_data",
+    [
+        # Current version is affected, Target version = 6.0(4c), valid data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json")
+            },
+            "5.2(7g)",
+            "6.0(4c)",
+            script.PASS,
+            []
+        ),
+        # Current version is affected, Target version = 6.0(4c), invalid address
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_address_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "191.1.1.1"]
+            ]
+        ),
+        # Current version is affected, Target version = 6.0(4c), invalid gateway
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_gateway_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "191.1.1.153/24", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version = 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), valid data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(8f)",
+            script.PASS,
+            []
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid address
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_address_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(5h)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "191.1.1.1"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid gateway
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_gateway_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(5j)",
+            script.FAIL_O,
+            [
+                ["103", "191.1.1.153/24", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(6c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected, Target version < 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+        #  Current version is affected, Target version < 6.0(4c), valid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version = 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(4c)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version > 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(6c)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version < 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+    ],
+)
+def test_logic(run_check, mock_icurl, cversion, tversion, expected_result, expected_data):
+    result = run_check(cversion=script.AciVersion(cversion), tversion=script.AciVersion(tversion))
+    assert result.result == expected_result
+    assert result.data == expected_data

tests/checks/svccore_excessive_class_entries_check/svccoreNode_negative.json

@@ -0,0 +1,12 @@
+[
+  {
+    "moCount": {
+      "attributes": {
+        "childAction": "",
+        "count": "3",
+        "dn": "",
+        "status": ""
+      }
+    }
+  }
+]