Cisco SD-WAN の AURA-SDWAN ツールで潜在的な問題を確認する
AURA-SDWAN (SURE) は Cisco SD-WAN の潜在的な問題を確認するツールです。 アップグレードする場合など事前にこのツールを実行することで問題を回避することが出来ます。 今回はこのツールの実行方法についてメモしておきます。
要求事項
冒頭に記載した通り、AURA-SDWAN は「vManage 上で実行するツール」です (※ リモートから実行するツールではありません。 vManage 上から実行するツールです)。 また、GitHub のページで Requirements に下記と記載されている通り、パスワードに ! を含む場合は実行出来ません。
- vManage user with admin OR RO network operator privileges
- The vManage user password must not contain the "!" character.
vManage への SSH ログイン
まず、vManage へ SSH ログインします。
| $ ssh admin@10.0.0.1
Warning: Permanently added '10.0.0.1' (ED25519) to the list of known hosts.
viptela 20.9.1
(admin@10.0.0.1) Password:
Last login: Fri May 12 11:29:33 JST 2023 from XX.XX.XX.XX on ssh
Last failed login: Sun May 14 21:12:36 JST 2023 from YY.YY.YY.YY on ssh:notty
There was 1 failed login attempt since the last successful login.
Welcome to Viptela CLI
admin connected from YY.YY.YY.YY using ssh on vManage
vManage#
|
SSH ログインに成功したら vshell コマンドを実行し、シェルを起動します。
| vManage# vshell
vManage:~$ pwd
/home/admin
vManage:~$
|
スクリプトのダウンロード
AURA-SDWAN のスクリプトは Python2 用と Python3 用が存在します。 以下のように、vManage のバージョンに応じて利用するスクリプトを選択します。
| vManage |
Python |
利用するスクリプト名 |
| 18.4 〜 20.5 |
Python2 |
python2/py2_sure.py |
| 20.6 以降 |
Python3 |
python3/py3_sure.py |
今回、検証した vManage は 20.9 系です。 その為、Python3 をベースにします。 実際、CLI を確認すると python3 のみ、存在するようです。
| vManage:~$ python --version
bash: python: command not found
vManage:~$ python2 --version
bash: python2: command not found
vManage:~$ python3 --version
Python 3.8.13
|
今回は以下のように python3/py3_sure.py をダウンロードします。
| curl -kLOs https://raw.githubusercontent.com/CiscoDevNet/sure/main/python3/py3_sure.py
|
実行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62 | vManage:~$ python3 py3_sure.py -u admin
vManage Password (Note: Tool doesn't support passwords containing "!") :
#########################################################
### AURA SDWAN (SURE) - Version 3.0.0 ###
#########################################################
### Performing SD-WAN Audit & Upgrade Readiness ###
#########################################################
****Collecting Preliminary Data
*Starting Checks, this may take several minutes
**** Performing Critical checks
Critical Check:#01
Critical Check:#02
Critical Check:#03
Critical Check:#04
Critical Check:#05
Critical Check:#06
Critical Check:#07
Critical Check:#08
Critical Check:#09
Critical Check:#10
Critical Check:#11
Critical Check:#12
Critical Check:#13
Critical Check:#14
Critical Check:#15
Critical Check:#16
**** Performing Warning checks
Warning Check:#17
Warning Check:#18
Warning Check:#19
Warning Check:#20
Warning Check:#21
Warning Check:#22
Warning Check:#23
Warning Check:#24
Warning Check:#25
**** Performing Informational checks
Informational Check:#26
Informational Check:#27
Informational Check:#28
******
Cisco AURA SDWAN tool execution completed.
Total Checks Performed: 28
Overall Assessment: 3 Critical errors, 2 Warnings, please check report for details.
-- Full Results Report: sdwan_sure/sure_report_14_05_2023_22_04_06.txt
-- Logs: sdwan_sure/sure_logs_14_05_2023_22_04_06.log
-- Json Summary: sdwan_sure/sure_json_summary_14_05_2023_22_05_06.json
Reach out to sure-tool@cisco.com if you have any questions or feedback
vManage:~$
|
実行結果
実行結果は sdwan_sure ディレクトリ配下に出力されます。 今回はミニマムな検証環境で実行した為、幾つか Failed になっています。 実際にアップグレードする際は出来るだけ、Failed を解消します。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176 | vManage:~$ cat sdwan_sure/sure_report_14_05_2023_22_04_06.txt
Cisco SDWAN AURA v3.0.0 Report
Cisco SDWAN AURA command line tool performs a total of 26(Non Cluster Mode) or 32(Cluster Mode) checks at different levels of the SDWAN overlay.
Reach out to sure-tool@cisco.com if you have any questions or feedback
Summary of the Results:
-----------------------------------------------------------------------------------------------------------------
AURA SDWAN Version: 3.0.0
vManage Details:
Software Version: 20.9.1 System IP Address: 1.2.3.4
Script Execution Time:
Start Time: 14-05-2023 22:04:05
End Time: 14-05-2023 22:05:06
-----------------------------------------------------------------------------------------------------------------
Overall upgrade evaluation: Critical issues found that need to be resolved before an upgrade
-----------------------------------------------------------------------------------------------------------------
Check Results:
Total Checks Performed: 28
Total Checks Passed: 25 out of 28
Total Checks Failed: 3 out of 28
Total Checks with Errors: 3
Total Checks with Warnings: 2
-----------------------------------------------------------------------------------------------------------------
Detailed list of failed checks, and actions recommended
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| Check no | Check Name | Check Result | Check Actions |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #03 | Memory size | Memory size is 33 GB, it is below the hardware siz | Correct the memory available to the server |
| | | e recommendations when DPI is enabled. Memory size | |
| | | should be 128 GB. For more information please che | |
| | | ck: https://www.cisco.com/c/en/us/td/docs/routers/ | |
| | | sdwan/release/notes/compatibility-and-server-recom | |
| | | mendations/ch-server-recs-20-3.html | |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #04 | CPU Count | No. of Processors is below minimum supported size | Allocate more processors |
| | | when DPI is in use. CPU Count is 16, it should be | |
| | | 32 or higher. | |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
| #10 | NTP status across network | Devices with invalid ntp association found | Please validate the NTP time synchronization acros |
| | | | s the network |
+----------+---------------------------+----------------------------------------------------+----------------------------------------------------+
-----------------------------------------------------------------------------------------------------------------
Preliminary Tabulated data:
+------------------------------------------------+---------------+
| Parameters | Value |
+------------------------------------------------+---------------+
| vManage System IP address | 1.2.3.4 |
+------------------------------------------------+---------------+
| vManage CPU Speed | 2.399 |
+------------------------------------------------+---------------+
| vManage CPU Count | 16 |
+------------------------------------------------+---------------+
| xEdge Count | 22 |
+------------------------------------------------+---------------+
| vManage Cluster Size | 1 |
+------------------------------------------------+---------------+
| vManage Server Mode | Single Server |
+------------------------------------------------+---------------+
| vManage Disk Controller Type | /dev/sdb |
+------------------------------------------------+---------------+
| DPI Status | enable |
+------------------------------------------------+---------------+
| Server Type | on-prem |
+------------------------------------------------+---------------+
| Wildfly process CPU Utilization(RSS) | 4.0% |
+------------------------------------------------+---------------+
| Wildfly process Memory Utilization(RSS) | 13.8% |
+------------------------------------------------+---------------+
| neo4j process CPU Utilization(RSS) | 1.7% |
+------------------------------------------------+---------------+
| neo4j process Memory Utilization(RSS) | 7.0% |
+------------------------------------------------+---------------+
| elasticSearch process CPU Utilization(RSS) | 0.7% |
+------------------------------------------------+---------------+
| elasticSearch process Memory Utilization(RSS) | 25.3% |
+------------------------------------------------+---------------+
| Total devices | 25 |
+------------------------------------------------+---------------+
-----------------------------------------------------------------------------------------------------------------
Detailed list of ALL checks, and actions recommended
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| Check no | Check Name | Check Result | Check Analysis | Check Actions |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 2 | At minimum 20% server disk space should be availa | SUCCESSFUL | Enough Disk space is available to perform the upgr | None |
| | ble | | ade. Space available /opt/data:92%, rootfs.rw:78% | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 3 | Memory size | Failed | Memory size is 33 GB, it is below the hardware siz | Correct the memory available to the server |
| | | | e recommendations when DPI is enabled. Memory size | |
| | | | should be 128 GB. For more information please che | |
| | | | ck: https://www.cisco.com/c/en/us/td/docs/routers/ | |
| | | | sdwan/release/notes/compatibility-and-server-recom | |
| | | | mendations/ch-server-recs-20-3.html | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 4 | CPU Count | Failed | No. of Processors is below minimum supported size | Allocate more processors |
| | | | when DPI is in use. CPU Count is 16, it should be | |
| | | | 32 or higher. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 5 | ElasticSearch Indices status | SUCCESSFUL | All the indices have GREEN status | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 6 | Look for any neo4j exception errors | SUCCESSFUL | Check will be available in the next release | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 7 | Validate all services are up | SUCCESSFUL | All enabled services are running | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 8 | Elasticsearch Indices version | SUCCESSFUL | Version of all the Elasticsearch Indices is greate | None |
| | | | r than 6.0 | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 9 | Evaluate incoming DPI data size | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 10 | NTP status across network | Failed | Devices with invalid ntp association found | Please validate the NTP time synchronization acros |
| | | | | s the network |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 11 | Validate Neo4j Store version | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 12 | Validate ConfigDB Size is less than 5GB | SUCCESSFUL | The ConfigDB size is 1.1G which is within limits i | None |
| | | | .e less than 5GB | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 13 | Validate vSmart/vBond CPU count for scale | SUCCESSFUL | vSmart/vBond CPU count is sufficient for the numbe | None |
| | | | r of devices present | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 14 | Validate uuid from server configs file. | SUCCESSFUL | Validated the uuid from server configs file. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 15 | Validate server_configs.json | SUCCESSFUL | Validated the server_configs.json. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 16 | Validate uuid at /etc/viptela/uuid | SUCCESSFUL | UUID is valid. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 17 | CPU Speed | Failed | CPU clock speed is 2.399, it is below recommended | Upgrade the hardware type |
| | | | range as per the hardware guide. CPU clock speed s | |
| | | | hould be greater than 2.8. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 18 | Network Card type | SUCCESSFUL | VM is not using Intel e1000 card type | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 19 | Backup status | Failed | /var/log/nms/neo4j-backup.log file not found | Investigate why the /var/log/nms/neo4j-backup.log |
| | | | | is missing |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 20 | Evaluate Neo4j performance | SUCCESSFUL | Check will be available in the next release. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 21 | Confirm there are no pending tasks | SUCCESSFUL | There are no stuck or pending tasks on the server | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 22 | Controller versions | SUCCESSFUL | Versions of all the controllers are same | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 23 | Confirm Certificate Expiration Dates | SUCCESSFUL | Certificates are ok | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 24 | vEdge list sync | SUCCESSFUL | All the controllers have consistent state_vedgeLis | None |
| | | | t | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 25 | Confirm control connections | SUCCESSFUL | The vBond and vSmart count on API call matches the | None |
| | | | currently control connected devices. | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 26 | Disk controller type | SUCCESSFUL | Disk type is not IDE, safe to upgrade. | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 27 | Validate there is at minimum vBond, vSmart present | SUCCESSFUL | One or more than one vBond and vSmart present, saf | None |
| | | | e to upgrade | |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
| 28 | Validate all controllers are reachable | SUCCESSFUL | All the controllers are reachable | None |
+----------+----------------------------------------------------+--------------+----------------------------------------------------+----------------------------------------------------+
|
参考
ヘルプ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | $ python3 py3_sure.py --help
usage: py3_sure.py [-h] [-q] [-v] [-d] -u USERNAME [-vp VMANAGE_PORT]
AURA - SDWAN (SURE) Audit & Upgrade Readiness - v3.0.0
optional arguments:
-h, --help show this help message and exit
-q, --quiet Quiet execution of the script
-v, --verbose Verbose execution of the script
-d, --debug Debug execution of the script
-u USERNAME, --username USERNAME
vManage Username
-vp VMANAGE_PORT, --vmanage_port VMANAGE_PORT
vManage Password
ERROR: Error validating the command line arguments.
|