{{indexmenu_n>20220516}}
====== NetYCE 8.0.0 Build 20220516 ======
====== Release notes ======
Date: 2022-05-16
>
NOTICE \\
This set of release notes reflects the work in progress. Each of these
items will become available with the next release and will be made available
in the [[maintenance:downloads:system_updates:system_updates|Download Patchfiles]] article.
\\
===== Featured =====
==== TMF941 API version2 ====
This pre-releases the TMF641 API version2 that supports multiple ServiceItems in
one ServiceOrder. The implementation of the new ServiceOrder required a different
set of NMS tables to support the per-ServiceItem states and their effect on the
ServiceOrder state.
Version 2 is superseding version 1 but is not replacing it. Both will be available
side by side for some time before it is obsoleted. Note that no history is carried over
from version 1 to version 2.
==== OS Repository ====
A new Operating System file repository was added to NetYCE to manage the numerous
image files of the different vendors and hardware-models of your networking devices.
The repository consists of two parts. First of all the disk-space where the files
are stored and monitored is part of the file-transfer directory tree of the application
which allows all your devices access using all common protocols (scp, sftp, ftp, tftp).
This disk space can be shared using Network File System (NFS) among all NetYCE servers
or any Unix based server to act as a distributed disk-share without duplication of files.
Active monitoring of all file activity (adding, updating, moving, deleting) will
automatically adjust the OS repository to reflect these changes.
Secondly, the user front-end form, which can be found under 'Operate - OS repository',
allows the user to organize the image files into file-sets associated with a Vendor and
a Device type. Each file-set created is intended to assist the user in finding or
selecting the image files needed to a specific device-type and OS version or feature
set. As image files can be used for many device-types, the repository keeps track of
shared usage and status.
Finally, a couple of Scenario commands were added to locate image files in the repository
for use in OS upgrade scenarios. These commands will also allow access to the meta-data
of each file-set to simplify copy and activation actions.
\\
===== Enhancement =====
==== Template markers ====
We added support for the variables and that will have the active template name during its generation. This allows for marking the start and end of each template and can be used in conditionals.
However, a few shortcomings with this approach were observed: first, all templates will need modification - an unpleasant task. Second, when a sub-template is done, config generation returns to its parent to process the remaining lines of that template. It is often hard to locate which template that was, especially when a deeper template tree was used.
To resolve these issues, an automatic 'current template' marker option has been added that use these new variables. It will insert comment lines in the generated output at the template 'start', template 'done' and template 'resume' places.
This feature is controlled by the "Template_markers" Tweak: When its Num_value equals 1 - print 'start' template info; when 2 - also include 'done'; when 3 - also include 'resume' comments. The default is to include none (0).
When the templates are used hierarchical, the message text indentation follows the levels.
==== Re-schedule jobs ====
The new Re-schedule job option is available from the 'Job logs' pop-up window. It is accessed from the Job-logs and the Scheduled-jobs forms.
In order to re-schedule a job the job 'scenario' and 'command' files must still be present on the server.
By default this period is 30 days and can be modified using the "Age_result_files" tweak.
Another requirement is that the job **must** have been executed, or at least be running.
If these conditions are not met, the Re-schedule button will not be available.
The implementation allows for EDITING the job "command" and "scenario" sections before re-scheduling which will also allow for all the usual options. It is available for both the command-job and the basic-command-job.
==== Legal message ====
Customers can now format a legal or other customized message on at the login page.
To configure, access the 'Settings' page of the 'Admin - Setup' menu and select the 'Tweaks'
category. Find the variable 'Login_legal_message' in the list. Set the num value of this tweak
to 1 to display the message in the description field. The message can be formatted using html
tags and is displayed centered below the login box.
==== Compliancy 'duplicate' Rule ====
The Compliance Policies form now has a 'Duplicate' option button for Rules.
It creates a copy of the selected rule for further editing.
==== Emailing Custom reports ====
The 'Create reports' tool in the Reports menu now allows you to have the resulting CSV output
to be emailed to one or more addresses when the scheduled report is completed.
The resulting CSV report will be included in the message body and as an attached csv-file.
To limit the number of lines in the message body, the Settings Tweak 'Email_report_body_limit' can
be modified from its default of 500 lines.
==== Backup Search ====
The 'Backup Search' tool allows to find specific configuration files in the backups of whole series of nodes. The selection of these nodes is performed using filters for common attributes.
These filters have been extended to allow selections using 'Vendor-type' and 'Node-group' members.
\\
===== Change =====
==== Hostname restrictions ====
As per RFC-952 the hostname restrictions have been relaxed to allow leading numbers too.
Hostnames were previously enforced to start with a letter, rejecting leading numbers and
other characters.
The updated validation still rejects hostnames with leading dashes (''-'') or with dots (''.'') in them.
==== Config transfer fallback ====
Retrieving a backup of a device configuration uses one of four file-transfer protocols, depending
on the device capabilities and preference. Due to a wide variety of dependencies like firewalls,
management vrf, permissions, dialogs and more, these transfers may take some doing before it works
reliably.
To circumvent these issues, all our Vendor modules will now fall back to CLI configuration
'screen-scraping' should the file transfer fail. The device configuration will be read from the
device by listing it on the display. Although not the most efficient method, but it will allow
for the collection of backup configurations and validation of compliance rules.
==== Syslog patterns ====
Additional Syslog patterns have been added to the NCCM configuration file. These patterns
are vendor specific and are used to detect a configuration change. The system will then
setup a session to the device to retrieve the latest configuration and store it in the NCCM.
A subsequent compliance check is also automatic.
==== Configuration censoring ====
When reviewing the configurations in the NCCM tool 'Backup - Configuration' the
configuration differences (or fill config) are displayed using censoring where
passwords are hidden from view. Only higher level users are allowed to view the
configuration uncensored.
On request of customers we lowered the required permission level to 'operator' to
view uncensored configurations. We also changed the default to uncensored if the
user permissions allow.
==== Manager group permissions ====
The roles and permissions of System users and Manager users have been
somewhat ambigious. The result was an implementation where a Manager
user could change the permissions of his own group. As this is obviously
contra productive, these roles have been redefined.
The permissions of a Manager user have changed. A System user can assign
the client-types and permissions to a Manager group. A Manager user of
that group cannot change its own client-types or its permissions.
That same Manager user **can** change the permissions of other groups,
but only if he has manager permissions of that client type himself.
So effectively the System role determines the permissions of the Manager
role. The Manager role can delegate permissions to other groups.
The System role will have no permission retrictions.
\\
===== Fix =====
==== Node-groups by SiteCode ====
It turns out that rules (either include or exclude) on SiteCode work for some Node-groups, but no all.
Node-groups on the 'yce' scope work, those on 'all' or 'cmdb' do not.
There are different sql's and mappings for each of these scopes to match YCE and CMDB node attributes. One sql typo error was found for the YCE nodes in the 'all' scope and one mapping typo error in the CMDB nodes.
The fix is available in version 8.0.0 as of build 20211230
==== Obsolete nodes in NCCM ====
On occasion, some obsoleted nodes could still be listed in the NCCM for configuration
retrieval. We fixed the situations where this could occur.
==== NCCM Vendor filter ====
We fixed the Vendor_type filter in the NCCM polling status grid
==== Scenario parsing ====
Jobs that are submitted using a scenario that contained parsing errors resulted
in an aborted job as expected, but without any indication of the problem in the
job logs.
This issue has been corrected. Now the job logs will show the parsed scenario including
line numbers and an error message indicating the failing line.
==== System alerts ====
Dismissed system alerts no longer re-appear spontaneously
==== Command parsing ====
Command parsing header recognition improved
==== Genesis setup ====
Some users failed to properly setup the NetYCE downloadable trial VM.
Analysis showed that a specific sequence of actions and prompt answers
resulted in a system that would not allow users to login due to a
non-operational (morbo) backend.
Although the issue could be corrected by following the prompts more
carefully, we implemented precautions against the this and similar
setup situations.
==== Security fix ====
A potential security risk was resolved involving downloading NetYCE generated files.
Downloading a file now requires an active session and is restricted to the NetYCE
generated directory-trees.
The login restriction is does not apply to two specific directories:
* /var/opt/yce/output
* /var/opt/yce/download
==== Repication broken after sw update ====
A customer reported a problem with a broken database replication after a NetYCE software update.
This customer investigated the issue and also provided us with the required resolution.
This fixed the incorrect database-replication removal on the primary database-server when the
software update was executed on a satellite NetYCE server (a server not running a database).