Performing a Configuration Audit for Recovered Services
A configuration audit can help you determine whether the service configuration on the device has been changed out of band. To this end, you can compare the results of a configuration audit with the service configuration in the Junos Space database. The following example shows a sample comparison.
To perform a configuration audit:
- From the View selector, select Service View.
The workspaces that are applicable to routing and tunnel services are displayed.
- Click the Build icon in Service View of the
Connectivity Services Director banner.
The functionalities that you can configure in Build mode are displayed on the Tasks pane.
- In the View pane, select the Network Services > Connectivity node without expanding the tree and selecting a type of service.
The tasks that are applicable for the different connectivity services are displayed on the Tasks pane.
- In the Network Services > Connectivity task
pane, select Service Recovery > View Recovered Services.
The Service Recovery page is displayed with a list of recovered services with the Recovered Services tab selected.
- Select a recovered service, and click the Audit button at the top of the table of listed services and select Configuration Audit > Run Configuration Audit.
- In the Schedule Configuration Audit window,
Select Audit Now, then click OK.
An informational dialog appears, stating that the configuration audit job is successfully triggered with the job ID, and an OK button.
Select Audit Later, enter a date and time, then click OK.
- To monitor the progress of an audit after selecting Audit Now, click the Job ID in the Audit Information window. The Job Management page shows information about
the configuration audit job.
Alternatively, to display the Job Management page, click the System icon on the Connectivity Services Director banner, and select Manage Jobs from the Tasks pane. You can also view the CSD Deployment Jobs page in Deploy mode of Service View by selecting the View Deployment Jobs option in the task pane.
The State field indicates whether the service passed or failed the audit. If the service failed the audit, then the Summary field provides information about the failure.
To monitor the progress of an audit after selecting Audit Later, after the scheduled time of the audit:
- On the Junos Space Network Management Platform user interface, select Jobs .
- In the Job Types chart, select the Configuration Audit segment of the pie chart.
- Select the configuration audit of interest from the list
on the Job Management page.
Summary information about the audit appears in the quick look panel.
- In the filter bar, select the table view icon to see additional information about the job. If the service failed the audit, information about the failure appears in the Summary field.
- In the Audit Information window, click the
job ID of the configuration audit.
The Job Management window appears and shows a filtered view of the job inventory, showing only the configuration audit job.
If a resynchronization between a device and the Junos Space database is ongoing when the configuration audit job starts, the configuration audit job suspends until the resynchronization job finishes. If the resynchronization job fails to complete, the audit could be suspended indefinitely. To allow the audit to proceed, go to the Job Management workspace and cancel the resynchronization job, as described in Canceling a Job.
- In the Status column, check the status of the
audit to determine whether it succeeded or failed.
Check the Summary column, which contains useful service information such as the VC ID and endpoint information. For some failed deployments, this column also contains information about why the deployment failed.
When a configuration audit is performed, the XPATH attributes that are present in the service configuration are used. Only the addition, modification, or deletion of the XPATH attributes is detected, and the creation of a new attribute (child XPATH ) on a device is not determined. The audit operation disregards such attributes and does not identify them. This behavior is expected and occurs because Junos Space Platform software audits only the settings present a user template. If the template has a container, Junos Space Platform only audits to determine whether the device is configured with this container. If a user wants to audit any container child, the user needs add it into the template. This scenario is similar to an out-of-band configuration change on the device, which Junos Space Platform can determine only if the system of record (SOR) mode is set for the Junos Space Network Management Platform application.