Features enabled do not match across cluster members-juniper-junos

error
high-availability
junos
juniper
Features enabled do not match across cluster members-juniper-junos
0

#1

Features enabled do not match across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the features they have enabled are different.

Remediation Steps:
Review the licensing and enabled features or modules on each device to ensure they match.

How does this work?
The script runs the “show system license” command via SSH to retrieve the features enabled on the device.

Why is this important?
Many features require licenses to enable them.

Without Indeni how would you find this?
An administrator would need to log into each device individually and run commands necessary to get licensing information.

junos-show-system-license-features

#! META
name: junos-show-system-license-features
description: Retrieve features enabled on the SRX device.
type: monitoring
monitoring_interval: 1440 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
features-enabled:
    why: |
        Many features require licenses to enable them. 
    how: |
        The script runs the "show system license" command via SSH to retrieve the features enabled on the device.
    can-with-snmp: false
    can-with-syslog: false
    without-indeni: |
        An administrator would need to log into each device individually and run commands necessary to get licensing information.
    vendor-provided-management: |
        The features enabled can be retrieved from the command line and GUI.

#! REMOTE::SSH
show system license | display xml

#! PARSER::XML
_vars:
    root: /rpc-reply/license-summary-information
_metrics:
    -
        _groups:
            ${root}/license-usage-summary/feature-summary | ${root}/license-information/license/feature-block/feature:
                _tags:
                    "im.name":
                        _constant: "features-enabled"
                    "live-config":
                        _constant: "true"
                    "display-name":
                        _constant: "License Expire"
                    "im.identity-tags":
                        _constant: "name"
                _value.complex:
                    "name":
                        _text: "name" 
        _value: complex-array

cross_vendor_features_enabled_comparison_vsx

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}

/**
  *
  */
case class cross_vendor_features_enabled_comparison_vsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "cross_vendor_features_enabled_comparison_vsx",
  ruleFriendlyName = "Clustered Devices: Features enabled do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the features they have enabled are different.",
  metricName = "features-enabled",
  applicableMetricTag = "vs.name",
  metaCondition = DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same features enabled. Review the differences below.",
  baseRemediationText = "Review the licensing and enabled features or modules on each device to ensure they match.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Execute the "show feature" and "show license-usage" NX-OS commands to review the enabled features and licenses per vPC peer switch.
      |2. Both vPC peer switches should have the same licenses installed and features activated.
      |3. For more information please review  the following CISCO  NX-OS guides:
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/best_practices/cli_mgmt_guide/cli_mgmt_bp/features.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide/b_Cisco_NX-OS_Licensing_Guide_chapter_01.html""".stripMargin
)


case class cross_vendor_features_enabled_comparison_non_vsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "cross_vendor_features_enabled_comparison_non_vsx",
  ruleFriendlyName = "Clustered Devices: Features enabled do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the features they have enabled are different.",
  metricName = "features-enabled",
  metaCondition = !DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same features enabled. Review the differences below.",
  baseRemediationText = "Review the licensing and enabled features or modules on each device to ensure they match.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
       |1. Execute the "show feature" and "show license-usage" NX-OS commands to review the enabled features and licenses per vPC peer switch.
       |2. Both vPC peer switches should have the same licenses installed and features activated.
       |3. For more information please review  the following CISCO  NX-OS guides:
       |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/best_practices/cli_mgmt_guide/cli_mgmt_bp/features.html
       |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide/b_Cisco_NX-OS_Licensing_Guide_chapter_01.html""".stripMargin
)