OS name mismatch across cluster members-juniper-junos

error
high-availability
junos
juniper
OS name mismatch across cluster members-juniper-junos
0

#1

OS name mismatch across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the OS installed is different.

Remediation Steps:
Install the correct versions of software on each device.

How does this work?
This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the “show version” command. The output includes the device’s hardware and software related details.

Why is this important?
Capture the device operating system name.

Without Indeni how would you find this?
An administrator would have to log into the device and manually issue commands to retrieve this information.

junos-show-version

#! META
name: junos-show-version
description: Fetch the information for the end of support for hardware and software 
type: monitoring 
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
model:
    why: |
        Capture the device model.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

vendor:
    why: |
        Capture the device vendor name.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

hostname:
    why: |
        Capture the host name of the device. This is used for inventory purposes.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

os-name:
    why: |
        Capture the device operating system name.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

os-version:
    why: |
        Capture the device operating system version. The version should be the same across all members of a cluster.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

software-eos-date:
    why: |
        Ensuring the software being used is always within the vendor's list of supported versions is critical.
        Otherwise, during a critical issue, the vendor may decline to provide technical support. Juniper posts the list
        of supported software on their website: 
        http://www.juniper.net/support/eol/junos.html
    how: |
        This script logs into the Juniper JUNOS-based device using SSH to retrieve the current software version and
        based on the software version and the Juniper provided information at:
        http://www.juniper.net/support/eol/junos.html the correct end of support date is used.
    without-indeni: |
        Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing
        its software end of support and is in need of upgrading.
    can-with-snmp: false
    can-with-syslog: false

hardware-eos-date:
    why: |
        Ensuring the hardware being used is always within the vendor's list of supported models is critical. Otherwise,
        during a critical issue, the vendor may decline to provide technical support. Juniper posts the list of
        supported hardware on their website: 
        http://www.juniper.net/support/eol/srxseries_hw.html
    how: |
        This script logs into the Juniper JUNOS-based device using SSH to retrieve the current model used and based on
        it and the Juniper provided information at http://www.juniper.net/support/eol/srxseries_hw.html the correct end
        of support date is used.
    without-indeni: |
        Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing
        its end of support and is in need of replacement.
    can-with-snmp: false
    can-with-syslog: false


#! REMOTE::SSH
show chassis hardware node local | match node
show version

#! PARSER::AWK
BEGIN {
    node0 = 0
    cluster = 0
    node_hostname = 0
    node_model = 0
    node_software = 0

    hardware_eos["srx110h2"] = date(2022, 03, 31)
    hardware_eos["srx110h2-vb"] = date(2022, 03, 31)
    hardware_eos["srx100"] = date(2021, 05, 01)
    hardware_eos["srx210"] = date(2021, 05, 01)
    hardware_eos["srx240"] = date(2021, 05, 01)
    hardware_eos["srx650"] = date(2021, 05, 01)
    hardware_eos["srx110h"] = date(2020, 11, 30)
    hardware_eos["srx110h-taa"] = date(2020, 11, 30)
    hardware_eos["srx210he"] = date(2020, 11, 30)
    hardware_eos["srx210he-taa"] = date(2020, 11, 30)
    hardware_eos["srx210he-poe-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h-poe-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h"] = date(2020, 11, 30)
    hardware_eos["srx100b"] = date(2019, 05, 10)
    hardware_eos["srx100h"] = date(2019, 05, 10)
    hardware_eos["srx110h-va"] = date(2019, 05, 10)
    hardware_eos["srx110h-vb"] = date(2019, 05, 10)
    hardware_eos["srx210be"] = date(2019, 05, 10)
    hardware_eos["srx210he"] = date(2019, 05, 10)
    hardware_eos["srx210he-poe"] = date(2019, 05, 10)
    hardware_eos["srx220h"] = date(2019, 05, 10)
    hardware_eos["srx220h-poe"] = date(2019, 05, 10)
    hardware_eos["srx240b"] = date(2019, 05, 10)
    hardware_eos["srx240b2"] = date(2019, 05, 10)
    hardware_eos["srx240h"] = date(2019, 05, 10)
    hardware_eos["srx240h-poe"] = date(2019, 05, 10)
    hardware_eos["srx240h-dc"] = date(2019, 05, 10)
    hardware_eos["srx210b"] = date(2017, 08, 31)
    hardware_eos["srx210h"] = date(2017, 08, 31)
    hardware_eos["srx210h-poe"] = date(2017, 08, 31)
    hardware_eos["srx210h-p-mgw"] = date(2011, 01, 24)
    hardware_eos["srx220h-p-mgw"] = date(2011, 01, 24)
    hardware_eos["srx240h-p-mgw"] = date(2011, 01, 24)

    software_eos["16.1"] = date(2020, 01, 28) 
    software_eos["15.1X49"] = date(2020, 05, 01) 
    software_eos["15.1"] = date(2018, 12, 05) 
    software_eos["14.2"] = date(2018, 05, 05) 
    software_eos["14.1X5"] = date(2019, 06, 30) 
    software_eos["14.1"] = date(2018, 06, 13) 
    software_eos["13.3"] = date(2017, 07, 22) 
    software_eos["13.2X5"] = date(2017, 06, 30) 
    software_eos["13.2"] = date(2016, 02, 29) 
    software_eos["13.1X5"] = date(2015, 12, 30) 
    software_eos["13.1"] = date(2015, 09, 15) 
    software_eos["12.3X54"] = date(2018, 07, 18) 
    software_eos["12.3X52"] = date(2016, 02, 23) 
    software_eos["12.3X51"] = date(2015, 09, 15) 
    software_eos["12.3X50"] = date(2016, 07, 31) 
    software_eos["12.3X48"] = date(2022, 06, 30) 
    software_eos["12.31"] = date(2016, 07, 31) 
    software_eos["12.2X5"] = date(2015, 07, 31) 
    software_eos["12.2"] = date(2015, 03, 05)  
    software_eos["12.1X4"] = date(2015, 06, 30) 
    software_eos["12.1X47"] = date(2017, 02, 18) 
    software_eos["12.1X46"] = date(2017, 06, 30) 
    software_eos["12.1X45"] = date(2015, 01, 17) 
    software_eos["12.1X44"] = date(2016, 07, 18) 
    software_eos["12.1"] = date(2014, 09, 28) 
    software_eos["11.4"] = date(2015, 06, 21) 
    software_eos["11.3"] = date(2013, 03, 15) 
    software_eos["11.2"] = date(2013, 02, 15) 
    software_eos["11.1"] = date(2012, 05, 15) 
    software_eos["10.4"] = date(2014, 06, 08) 
    software_eos["10.3"] = date(2011, 12, 21) 
    software_eos["10.2"] = date(2011, 11, 15) 
    software_eos["10.1"] = date(2011, 05, 15) 
    software_eos["10.0"] = date(2013, 05, 15) 
    software_eos["9.6"] = date(2010, 11, 06) 
    software_eos["9.5"] = date(2010, 08, 15) 
    software_eos["9.4"] = date(2010, 05, 11) 
    software_eos["9.3"] = date(2012, 05, 15) 
    software_eos["9.2"] = date(2009, 11, 12) 
    software_eos["9.1"] = date(2009, 07, 28) 
    software_eos["9.0"] = date(2009, 05, 15) 
    software_eos["8.5"] = date(2011, 05, 16) 
    software_eos["8.4"] = date(2008, 11, 09) 
    software_eos["8.3"] = date(2008, 07, 18) 
    software_eos["8.2"] = date(2008, 05, 15) 
    software_eos["8.1"] = date(2010, 05, 06) 
    software_eos["8.0"] = date(2007, 11, 15) 
    software_eos["7.6"] = date(2007, 08, 15) 
    software_eos["7.5"] = date(2007, 05, 08) 
    software_eos["7.4"] = date(2007, 02, 15) 
    software_eos["7.3"] = date(2006, 11, 16) 
    software_eos["7.2"] = date(2006, 08, 14) 
    software_eos["7.1"] = date(2006, 05, 14) 
    software_eos["7.0"] = date(2006, 02, 15) 
    software_eos["6.4"] = date(2005, 11, 12) 
    software_eos["6.3"] = date(2005, 08, 15) 
    software_eos["6.2"] = date(2005, 05, 15) 
    software_eos["6.1"] = date(2005, 02, 15) 
    software_eos["6.0"] = date(2004, 11, 15) 
    software_eos["5.7"] = date(2004, 08, 15) 
    software_eos["5.6"] = date(2004, 05, 15) 
    software_eos["5.5"] = date(2004, 02, 15) 
    software_eos["5.4"] = date(2003, 11, 15) 
    software_eos["5.3"] = date(2003, 08, 15) 
    software_eos["5.2"] = date(2003, 05, 15) 
    software_eos["5.1"] = date(2003, 02, 15) 
    software_eos["5.0"] = date(2002, 11, 15) 
    software_eos["4.4"] = date(2002, 08, 15) 
    software_eos["4.3"] = date(2002, 05, 15) 
    software_eos["4.2"] = date(2002, 02, 15) 
    software_eos["4.1"] = date(2001, 11, 15) 
    software_eos["4.0"] = date(2001, 08, 15) 
}

#node0:
/^node0/ {
    node0++ 
    cluster = 1
}

#Hostname: SRX02
/^Hostname/ {
    hostname[node_hostname] = $2 
    node_hostname++
}

#Model: srx100b
/^Model/ {
    model[node_model] = $2
    node_model++
}

#JUNOS Software Release [12.1X46-D55.3]
/^(JUNOS Software Release)/ {
    software[node_software] = $4
    node_software++
}

END {
    if ( cluster == 0 ) {
        node_idx = 0 
    } else {
        if (node0 == 2) {
            node_idx = 0
        } else {
            node_idx = 1
        }  
    }
    gsub(/\[|\]/,"", software[node_idx]) 
    split(software[node_idx], software_version, "-")
    writeComplexMetricString("vendor", null, "Juniper")      
    writeComplexMetricString("os-name", null, "JUNOS")      
    writeComplexMetricString("model", null, model[node_idx])      
    writeComplexMetricString("hostname", null, hostname[node_idx])      
    writeComplexMetricString("os-version", null, software[node_idx])      
    writeDoubleMetric("software-eos-date", null, "gauge", 60, software_eos[software_version[1]]) 
    if ( model[node_idx] != "vsrx") {
        writeDoubleMetric("hardware-eos-date", null, "gauge", 60, hardware_eos[model[node_idx]]) 
    }
}


cross_vendor_compare_osname

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}

/**
  *
  */
case class cross_vendor_compare_osname() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_compare_osname",
  ruleFriendlyName = "Clustered Devices: OS name mismatch across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the OS installed is different.",
  metricName = "os-name",
  isArray = false,
  alertDescription = "The members of a cluster of devices must have the same OS's installed.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/gal-vitenberg/83/484/103\">Gal Vitenberg</a>.",
  baseRemediationText = "Install the correct versions of software on each device.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Check that the vPC peers have the same NX-OS version except during the non-disruptive upgrade, that is, In-Service Software Upgrade (ISSU).
      |2. Execute the "show version" NX-OS command and check the installed NX-OS version across the vPC peer switches.
      |3. Schedule a Maintenance Window for NX-OS upgrade in order the vPC peer switches have exact the same NX-OS version.
      |NOTE: The vPC could be established between the vPC peers with not exact the same NX-OS name but several problems will be faced when new features are configured. For instance FEX-mismatch SW log message will be generated if you try to connect a FEX via vPC to a pair of vPC switches with different SW version. In this case the FEX will be operational only from one of the vPC peer switches.""".stripMargin
)