AURA-SDWAN (SURE) は Cisco SD-WAN の潜在的な問題を確認するツールです。 アップグレードする場合など事前にこのツールを実行することで問題を回避することが出来ます。 今回はこのツールの実行方法についてメモしておきます。
要求事項
冒頭に記載した通り、AURA-SDWAN は「vManage 上で実行するツール」です (※ リモートから実行するツールではありません。 vManage 上から実行するツールです)。 また、GitHub のページで Requirements に下記と記載されている通り、パスワードに ! を含む場合は実行出来ません。
- vManage user with admin OR RO network operator privileges
- The vManage user password must not contain the "!" character.
vManage への SSH ログイン
まず、vManage へ SSH ログインします。
$ ssh admin@10.0.0.1
Warning: Permanently added '10.0.0.1' (ED25519) to the list of known hosts.
viptela 20.9.1
(admin@10.0.0.1) Password:
Last login: Fri May 12 11:29:33 JST 2023 from XX.XX.XX.XX on ssh
Last failed login: Sun May 14 21:12:36 JST 2023 from YY.YY.YY.YY on ssh:notty
There was 1 failed login attempt since the last successful login.
Welcome to Viptela CLI
admin connected from YY.YY.YY.YY using ssh on vManage
vManage#SSH ログインに成功したら vshell コマンドを実行し、シェルを起動します。
vManage# vshell
vManage:~$ pwd
/home/admin
vManage:~$スクリプトのダウンロード
AURA-SDWAN のスクリプトは Python2 用と Python3 用が存在します。 以下のように、vManage のバージョンに応じて利用するスクリプトを選択します。
| vManage | Python | 利用するスクリプト名 |
|---|---|---|
| 18.4 〜 20.5 | Python2 | python2/py2_sure.py |
| 20.6 以降 | Python3 | python3/py3_sure.py |
今回、検証した vManage は 20.9 系です。 その為、Python3 をベースにします。 実際、CLI を確認すると python3 のみ、存在するようです。
vManage:~$ python --version
bash: python: command not found
vManage:~$ python2 --version
bash: python2: command not found
vManage:~$ python3 --version
Python 3.8.13今回は以下のように python3/py3_sure.py をダウンロードします。
curl -kLOs https://raw.githubusercontent.com/CiscoDevNet/sure/main/python3/py3_sure.py実行
vManage:~$ python3 py3_sure.py -u admin
vManage Password (Note: Tool doesn't support passwords containing "!") :
#########################################################
### AURA SDWAN (SURE) - Version 3.0.0 ###
#########################################################
### Performing SD-WAN Audit & Upgrade Readiness ###
#########################################################
****Collecting Preliminary Data
*Starting Checks, this may take several minutes
**** Performing Critical checks
Critical Check:#01
Critical Check:#02
Critical Check:#03
Critical Check:#04
Critical Check:#05
Critical Check:#06
Critical Check:#07
Critical Check:#08
Critical Check:#09
Critical Check:#10
Critical Check:#11
Critical Check:#12
Critical Check:#13
Critical Check:#14
Critical Check:#15
Critical Check:#16
**** Performing Warning checks
Warning Check:#17
Warning Check:#18
Warning Check:#19
Warning Check:#20
Warning Check:#21
Warning Check:#22
Warning Check:#23
Warning Check:#24
Warning Check:#25
**** Performing Informational checks
Informational Check:#26
Informational Check:#27
Informational Check:#28
******
Cisco AURA SDWAN tool execution completed.
Total Checks Performed: 28
Overall Assessment: 3 Critical errors, 2 Warnings, please check report for details.
-- Full Results Report: sdwan_sure/sure_report_14_05_2023_22_04_06.txt
-- Logs: sdwan_sure/sure_logs_14_05_2023_22_04_06.log
-- Json Summary: sdwan_sure/sure_json_summary_14_05_2023_22_05_06.json
Reach out to sure-tool@cisco.com if you have any questions or feedback
vManage:~$実行結果
実行結果は sdwan_sure ディレクトリ配下に出力されます。 今回はミニマムな検証環境で実行した為、幾つか Failed になっています。 実際にアップグレードする際は出来るだけ、Failed を解消します。
vManage:~$ cat sdwan_sure/sure_report_14_05_2023_22_04_06.txt
Cisco SDWAN AURA v3.0.0 Report
Cisco SDWAN AURA command line tool performs a total of 26(Non Cluster Mode) or 32(Cluster Mode) checks at different levels of the SDWAN overlay.
Reach out to sure-tool@cisco.com if you have any questions or feedback
Summary of the Results:
-----------------------------------------------------------------------------------------------------------------
AURA SDWAN Version: 3.0.0
vManage Details:
Software Version: 20.9.1 System IP Address: 1.2.3.4
Script Execution Time:
Start Time: 14-05-2023 22:04:05
End Time: 14-05-2023 22:05:06
-----------------------------------------------------------------------------------------------------------------
Overall upgrade evaluation: Critical issues found that need to be resolved before an upgrade
-----------------------------------------------------------------------------------------------------------------
Check Results:
Total Checks Performed: 28
Total Checks Passed: 25 out of 28
Total Checks Failed: 3 out of 28
Total Checks with Errors: 3
Total Checks with Warnings: 2
-----------------------------------------------------------------------------------------------------------------
Detailed list of failed checks, and actions recommended
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| Check no | Check Name | Check Result | Check Actions |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #03 | Memory size | Memory size is 33 GB, it is below the hardware siz | Correct the memory available to the server |
| | | e recommendations when DPI is enabled. Memory size | |
| | | should be 128 GB. For more information please che | |
| | | ck: https://www.cisco.com/c/en/us/td/docs/routers/ | |
| | | sdwan/release/notes/compatibility-and-server-recom | |
| | | mendations/ch-server-recs-20-3.html | |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #04 | CPU Count | No. of Processors is below minimum supported size | Allocate more processors |
| | | when DPI is in use. CPU Count is 16, it should be | |
| | | 32 or higher. | |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #10 | NTP status across network | Devices with invalid ntp association found | Please validate the NTP time synchronization acros |
| | | | s the network |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
-----------------------------------------------------------------------------------------------------------------
Preliminary Tabulated data:
+------------------------------------------------+---------------+
| Parameters | Value |
+------------------------------------------------+---------------+
| vManage System IP address | 1.2.3.4 |
+------------------------------------------------+---------------+
| vManage CPU Speed | 2.399 |
+------------------------------------------------+---------------+
| vManage CPU Count | 16 |
+------------------------------------------------+---------------+
| xEdge Count | 22 |
+------------------------------------------------+---------------+
| vManage Cluster Size | 1 |
+------------------------------------------------+---------------+
| vManage Server Mode | Single Server |
+------------------------------------------------+---------------+
| vManage Disk Controller Type | /dev/sdb |
+------------------------------------------------+---------------+
| DPI Status | enable |
+------------------------------------------------+---------------+
| Server Type | on-prem |
+------------------------------------------------+---------------+
| Wildfly process CPU Utilization(RSS) | 4.0% |
+------------------------------------------------+---------------+
| Wildfly process Memory Utilization(RSS) | 13.8% |
+------------------------------------------------+---------------+
| neo4j process CPU Utilization(RSS) | 1.7% |
+------------------------------------------------+---------------+
| neo4j process Memory Utilization(RSS) | 7.0% |
+------------------------------------------------+---------------+
| elasticSearch process CPU Utilization(RSS) | 0.7% |
+------------------------------------------------+---------------+
| elasticSearch process Memory Utilization(RSS) | 25.3% |
+------------------------------------------------+---------------+
| Total devices | 25 |
+------------------------------------------------+---------------+
-----------------------------------------------------------------------------------------------------------------
Detailed list of ALL checks, and actions recommended
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| Check no | Check Name | Check Result | Check Analysis | Check Actions |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 2 | At minimum 20% server disk space should be availa | SUCCESSFUL | Enough Disk space is available to perform the upgr | None |
| | ble | | ade. Space available /opt/data:92%, rootfs.rw:78% | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 3 | Memory size | Failed | Memory size is 33 GB, it is below the hardware siz | Correct the memory available to the server |
| | | | e recommendations when DPI is enabled. Memory size | |
| | | | should be 128 GB. For more information please che | |
| | | | ck: https://www.cisco.com/c/en/us/td/docs/routers/ | |
| | | | sdwan/release/notes/compatibility-and-server-recom | |
| | | | mendations/ch-server-recs-20-3.html | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 4 | CPU Count | Failed | No. of Processors is below minimum supported size | Allocate more processors |
| | | | when DPI is in use. CPU Count is 16, it should be | |
| | | | 32 or higher. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 5 | ElasticSearch Indices status | SUCCESSFUL | All the indices have GREEN status | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 6 | Look for any neo4j exception errors | SUCCESSFUL | Check will be available in the next release | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 7 | Validate all services are up | SUCCESSFUL | All enabled services are running | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 8 | Elasticsearch Indices version | SUCCESSFUL | Version of all the Elasticsearch Indices is greate | None |
| | | | r than 6.0 | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 9 | Evaluate incoming DPI data size | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 10 | NTP status across network | Failed | Devices with invalid ntp association found | Please validate the NTP time synchronization acros |
| | | | | s the network |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 11 | Validate Neo4j Store version | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 12 | Validate ConfigDB Size is less than 5GB | SUCCESSFUL | The ConfigDB size is 1.1G which is within limits i | None |
| | | | .e less than 5GB | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 13 | Validate vSmart/vBond CPU count for scale | SUCCESSFUL | vSmart/vBond CPU count is sufficient for the numbe | None |
| | | | r of devices present | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 14 | Validate uuid from server configs file. | SUCCESSFUL | Validated the uuid from server configs file. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 15 | Validate server_configs.json | SUCCESSFUL | Validated the server_configs.json. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 16 | Validate uuid at /etc/viptela/uuid | SUCCESSFUL | UUID is valid. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 17 | CPU Speed | Failed | CPU clock speed is 2.399, it is below recommended | Upgrade the hardware type |
| | | | range as per the hardware guide. CPU clock speed s | |
| | | | hould be greater than 2.8. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 18 | Network Card type | SUCCESSFUL | VM is not using Intel e1000 card type | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 19 | Backup status | Failed | /var/log/nms/neo4j-backup.log file not found | Investigate why the /var/log/nms/neo4j-backup.log |
| | | | | is missing |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 20 | Evaluate Neo4j performance | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 21 | Confirm there are no pending tasks | SUCCESSFUL | There are no stuck or pending tasks on the server | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 22 | Controller versions | SUCCESSFUL | Versions of all the controllers are same | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 23 | Confirm Certificate Expiration Dates | SUCCESSFUL | Certificates are ok | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 24 | vEdge list sync | SUCCESSFUL | All the controllers have consistent state_vedgeLis | None |
| | | | t | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 25 | Confirm control connections | SUCCESSFUL | The vBond and vSmart count on API call matches the | None |
| | | | currently control connected devices. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 26 | Disk controller type | SUCCESSFUL | Disk type is not IDE, safe to upgrade. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 27 | Validate there is at minimum vBond, vSmart present | SUCCESSFUL | One or more than one vBond and vSmart present, saf | None |
| | | | e to upgrade | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 28 | Validate all controllers are reachable | SUCCESSFUL | All the controllers are reachable | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+参考
ヘルプ
$ python3 py3_sure.py --help
usage: py3_sure.py [-h] [-q] [-v] [-d] -u USERNAME [-vp VMANAGE_PORT]
AURA - SDWAN (SURE) Audit & Upgrade Readiness - v3.0.0
optional arguments:
-h, --help show this help message and exit
-q, --quiet Quiet execution of the script
-v, --verbose Verbose execution of the script
-d, --debug Debug execution of the script
-u USERNAME, --username USERNAME
vManage Username
-vp VMANAGE_PORT, --vmanage_port VMANAGE_PORT
vManage Password
ERROR: Error validating the command line arguments.
コメント