Merge branch 'v4.1.0-dev' into dhaselva/F0467

Author: dhaselva

aci-preupgrade-validation-script.py

@@ -6292,6 +6292,53 @@ def multipod_modular_spine_bootscript_check(tversion, fabric_nodes, username, pa
 
     return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
 
+  
+@check_wrapper(check_title="Inband Management Policy Misconfiguration")
+def inband_management_policy_misconfig_check(cversion, tversion, **kwargs):
+    result = PASS
+    headers = ["Node_ID", "Address", "Gateway"]
+    data = []
+    recommended_action = "Contact Cisco TAC to remove any identified misconfigured 'mgmtRsInBStNode' objects"
+    doc_url = "https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#inband-management-policy-misconfiguration"
+    
+    if (cversion.older_than("5.2(8d)")) and (tversion.newer_than("6.0(4c)") or tversion.same_as("6.0(4c)")):
+        mgmtRsInBStNodes = icurl('class', 'mgmtRsInBStNode.json?query-target-filter=or(eq(mgmtRsInBStNode.addr,"0.0.0.0"),eq(mgmtRsInBStNode.gw,"0.0.0.0"))')
+        for mgmtRsInBStNode in mgmtRsInBStNodes:
+            attrs = mgmtRsInBStNode["mgmtRsInBStNode"]["attributes"]
+            addr = attrs['addr']
+            gw = attrs['gw']
+            node_match = re.search(node_regex, attrs['dn'])
+            node_id = node_match.group("node")
+            data.append([node_id, addr, gw])
+    else:
+        return Result(result=NA, msg=VER_NOT_AFFECTED)
+    if data:
+        result = FAIL_O
+    return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
+    
+    
+@check_wrapper(check_title="svccore excessive data check")
+def svccore_excessive_data_check(**kwargs):
+    result = PASS
+    headers = ['Class Name','Count']
+    data = []
+    recommended_action = "Delete the core files before proceeding with upgrade. Please refer to the document linked below and contact Cisco TAC for assistance if needed."
+    doc_url = "https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#svccore-excessive-data-check"
+    try:
+        svccoreCtrlr_classes_count = icurl('class', 'svccoreCtrlr.json?query-target=self&rsp-subtree-include=count')
+        svccoreNode_classes_count = icurl('class', 'svccoreNode.json?query-target=self&rsp-subtree-include=count')
+        
+        if int(svccoreCtrlr_classes_count[0]['moCount']['attributes']['count']) > 240:
+           data.append(['svccoreCtrlr', svccoreCtrlr_classes_count[0]['moCount']['attributes']['count']])
+        if int(svccoreNode_classes_count[0]['moCount']['attributes']['count']) > 240:
+            data.append(['svccoreNode', svccoreNode_classes_count[0]['moCount']['attributes']['count']])
+        if data:
+            result = MANUAL
+        
+        return Result(result=result,headers=headers,data=data,recommended_action=recommended_action,doc_url=doc_url)
+    except Exception as e:
+        return Result(result=ERROR, msg="Error occurred while fetching svccore object counts: {}".format(str(e)), doc_url=doc_url)
+
 
 @check_wrapper(check_title='BGP Timer Policy Already Existing (F0467 bgpProt-policy-already-existing)')
 def bgpProto_timer_policy_already_existing_check(tversion, **kwargs):
@@ -6419,6 +6466,7 @@ class CheckManager:
         validate_32_64_bit_image_check,
         fabric_link_redundancy_check,
         apic_downgrade_compat_warning_check,
+        svccore_excessive_data_check,
 
         # Faults
         apic_disk_space_faults_check,
@@ -6496,7 +6544,9 @@ class CheckManager:
         configpush_shard_check,
         auto_firmware_update_on_switch_check,
         rogue_ep_coop_exception_mac_check,
-        n9k_c9408_model_lem_count_check, 
+        n9k_c9408_model_lem_count_check,        
+        n9k_c9408_model_lem_count_check,
+        inband_management_policy_misconfig_check,
         bgpProto_timer_policy_already_existing_check,
     ]
     ssh_checks = [

docs/docs/validations.md

@@ -37,6 +37,7 @@ Items                                                        | This Script
 [Fabric Link Redundancy][g17]                                | :white_check_mark: | :no_entry_sign:
 [APIC Database Size][g18]                                    | :white_check_mark: | :no_entry_sign:
 [APIC downgrade compatibility when crossing 6.2 release][g19]| :white_check_mark: | :no_entry_sign:
+[Svccore Excessive Data Check][g20]                          | :white_check_mark: | :no_entry_sign:
 
 [g1]: #compatibility-target-aci-version
 [g2]: #compatibility-cimc-version
@@ -57,6 +58,7 @@ Items                                                        | This Script
 [g17]: #fabric-link-redundancy
 [g18]: #apic-database-size
 [g19]: #apic-downgrade-compatibility-when-crossing-62-release
+[g20]: #svccore-excessive-data-check
 
 ### Fault Checks
 Items                                         | Faults         | This Script       | APIC built-in
@@ -199,7 +201,8 @@ Items                                           | Defect       | This Script
 [Rogue EP Exception List missing on switches][d30] | CSCwp64296   | :white_check_mark: | :no_entry_sign:
 [N9K-C9408 with more than 5 N9K-X9400-16W LEMs][d31] | CSCws82819   | :white_check_mark: | :no_entry_sign:
 [Multi-Pod Modular Spine Bootscript File][d32]  | CSCwr66848   | :white_check_mark: | :no_entry_sign:
-[BgpProto timer policy already existing][d33]   | CSCwt78235   | :white_check_mark: | :no_entry_sign:
+[Inband Management Policy Misconfiguration][d33]| CSCwd40071   | :white_check_mark: | :no_entry_sign:
+[BgpProto timer policy already existing][d34]   | CSCwt78235   | :white_check_mark: | :no_entry_sign:
 
 [d1]: #ep-announce-compatibility
 [d2]: #eventmgr-db-size-defect-susceptibility
@@ -233,7 +236,8 @@ Items                                           | Defect       | This Script
 [d30]: #rogue-ep-exception-list-missing-on-switches
 [d31]: #n9k-c9408-with-more-than-5-n9k-x9400-16w-lems
 [d32]: #multi-pod-modular-spine-bootscript-file
-[d33]: #bgpProto-timer-policy-already-existing
+[d33]: #inband-management-policy-misconfiguration
+[d34]: #bgpProto-timer-policy-already-existing
 
 ## General Check Details
 
@@ -2756,9 +2760,37 @@ This issue happens only when the target version is specifically 6.1(4h).
 To avoid this issue, change the target version to another version. Or verify that the `bootscript` file exists in the bootflash of each modular spine switch prior to upgrading to 6.1(4h). If the file is missing, you have to do clean reboot on the impacted spine to ensure that `/bootflash/bootscript` gets created again. In case you already upgraded your spine and you are experiencing the traffic impact due to this issue, clean reboot of the spine will restore the traffic.
 
 
+### Inband Management Policy Misconfiguration
+
+Due to the defect [CSCwh80837][67], starting from version 6.0(4c), mgmtRsInBStNode policy get modified in leaf/spine during Apic upgrade.
+
+Impact:
+
+When upgrading Apic from versions prior to 6.0(4c) to versions 6.0(4c) or later, if there is a misconfiguration in the inband management policies (mgmtRsInBStNode) with invalid values, the re-processing triggered by [CSCwh80837][67] will expose the underlying [CSCwd40071][68] defect. This results in continuous policyelem core dumps and switch reboot if Switch are running impacted version of [CSCwd40071][68].
+
+The invalid configuration occurs when mgmtRsInBStNode has "0.0.0.0" values ( with or without mask) for either the "addr" or "gw" fields.
+
+Suggestion:
+
+Contact Cisco TAC to remove any identified misconfigured objects before performing the upgrade to prevent policyelem crashes.
+The [CSCwd40071][68] defect affects versions 5.2(5c) and later with a fix available in 6.0(1g). However, the issue will only be triggered during Apic upgrades crossing 6.0(4c) due to [CSCwh80837][67].
+
+
+### Svccore Excessive Data Check
+
+Due to excessive `svccoreCtrlr` or `svccoreNode` managed objects, Apic gui stuck in loading multiple queries.
+
+The svccoreCtrlr and svccoreNode objects represent core files related to Apic and Leaf/Spines process respectively.
+
+Due to [CSCws84232][69], the APIC GUI may become unresponsive after login, with dashboards stuck in a continuous “Loading…”state.
+Administrators may be unable to access or operate the APIC GUI, potentially impacting day-to-day management or upgrade.
+
+This check will verify the count of the `svccoreCtrlr` Managed Object and raise and alarm with the bug if object count found more than 240. Remove the content or objects of `svccoreCtrlr` or `svccoreNode`. Contact Cisco TAC or upgrade to a release containing the fix for CSCws84232 before proceeding with an upgrade.
+
+
 ### BgpProto Timer Policy Already Existing
 
-This bug [CSCwt78235][67] validates `F0467` faults where `changeSet` contains 'bgpProt-policy-already-existing'. The fault indicates conflicting BGP protocol timer policy under an L3Outs deployed in same vrf under same node. If this fault is not resolved, l3out will not be programmed properly in the leaf after the upgrade.
+This bug [CSCwt78235][70] validates `F0467` faults where `changeSet` contains 'bgpProt-policy-already-existing'. The fault indicates conflicting BGP protocol timer policy under an L3Outs deployed in same vrf under same node. If this fault is not resolved, l3out will not be programmed properly in the leaf after the upgrade.
 
 
 [0]: https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script
@@ -2828,4 +2860,7 @@ This bug [CSCwt78235][67] validates `F0467` faults where `changeSet` contains 'b
 [64]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp64296
 [65]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws82819
 [66]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr66848
-[67]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt78235
+[67]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh80837
+[68]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd40071
+[69]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws84232
+[70]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt78235

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_addr_and_gw_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "0.0.0.0",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "0.0.0.0",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_address_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "0.0.0.0",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "191.1.1.1",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_invalid_gateway_config.json

@@ -0,0 +1,18 @@
+[
+    {
+        "mgmtRsInBStNode": {
+            "attributes": {
+                "tDn": "topology/pod-1/node-103",
+                "addr": "191.1.1.153/24",
+                "configurationMode": "static",
+                "dn": "uni/tn-mgmt/mgmtp-default/inb-inb/rsinBStNode-[topology/pod-1/node-103]",
+                "gw": "0.0.0.0",
+                "modTs": "2024-12-20T07:45:21.454+00:00",
+                "rType": "mo",
+                "rn": "rsinBStNode-[topology/pod-1/node-103]",
+                "stateQual": "none",
+                "tType": "mo"
+            }
+        }
+    }
+]

tests/checks/inband_management_policy_misconfig_check/mgmtRsInBStNode_valid_config.json

@@ -0,0 +1 @@
+[]

tests/checks/inband_management_policy_misconfig_check/test_inband_management_policy_misconfig_check.py

@@ -0,0 +1,163 @@
+import os
+import pytest
+import logging
+import importlib
+from helpers.utils import read_data
+
+script = importlib.import_module("aci-preupgrade-validation-script")
+log = logging.getLogger(__name__)
+dir = os.path.dirname(os.path.abspath(__file__))
+test_function = "inband_management_policy_misconfig_check"
+mgmtRsInBStNode = 'mgmtRsInBStNode.json?query-target-filter=or(eq(mgmtRsInBStNode.addr,"0.0.0.0"),eq(mgmtRsInBStNode.gw,"0.0.0.0"))'
+
+@pytest.mark.parametrize(
+    "icurl_outputs, cversion, tversion, expected_result, expected_data",
+    [
+        # Current version is affected, Target version = 6.0(4c), valid data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json")
+            },
+            "5.2(7g)",
+            "6.0(4c)",
+            script.PASS,
+            []
+        ),
+        # Current version is affected, Target version = 6.0(4c), invalid address
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_address_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "191.1.1.1"]
+            ]
+        ),
+        # Current version is affected, Target version = 6.0(4c), invalid gateway
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_gateway_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "191.1.1.153/24", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version = 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(4c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), valid data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(8f)",
+            script.PASS,
+            []
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid address
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_address_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(5h)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "191.1.1.1"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid gateway
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_gateway_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(5j)",
+            script.FAIL_O,
+            [
+                ["103", "191.1.1.153/24", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected,  Target version > 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(6c)",
+            script.FAIL_O,
+            [
+                ["103", "0.0.0.0", "0.0.0.0"],
+            ]
+        ),
+        # Current version is affected, Target version < 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+        #  Current version is affected, Target version < 6.0(4c), valid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_valid_config.json"),
+            },
+            "5.2(7f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version = 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(4c)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version > 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(6c)",
+            script.NA,
+            []
+        ),
+        # Current version is not affected, Target version < 6.0(4c), invalid both data
+        (
+            {
+                mgmtRsInBStNode: read_data(dir, "mgmtRsInBStNode_invalid_addr_and_gw_config.json"),
+            },
+            "5.3(2f)",
+            "6.0(3g)",
+            script.NA,
+            []
+        ),
+    ],
+)
+def test_logic(run_check, mock_icurl, cversion, tversion, expected_result, expected_data):
+    result = run_check(cversion=script.AciVersion(cversion), tversion=script.AciVersion(tversion))
+    assert result.result == expected_result
+    assert result.data == expected_data

tests/checks/svccore_excessive_class_entries_check/svccoreNode_negative.json

@@ -0,0 +1,12 @@
+[
+  {
+    "moCount": {
+      "attributes": {
+        "childAction": "",
+        "count": "3",
+        "dn": "",
+        "status": ""
+      }
+    }
+  }
+]