Date: 2021-03-30
Node groups are used to dynamically select the desired nodes for a task using given criteria. These criteria are implemented using Rules consisting of Conditions. The conditions accept lists of strings (with or without wildcards) to match the different values. And as long as these lists consists of single words, the whitespace separator being used causes no problems.
However, when trying to use a condition match string that included spaces proved to be impossible. To resolve the issue, conditions now accepts lists of strings where the values may be enclosed in quotes. By using quotes around values using spaces the lists can be properly separated.
Changed CMPL REST-api signal config to use <variables> in (custom) attributes. Instead of sending a fixed-format Rest/Json post, the message payload can now be custom formatted using a number of '<variables>' which are substituted in the defined signal template.
When transferring a (configuration) file from a HP Comware7 device, the use of the 'management vpn' is mandatory. As one customer found out, adding the management vpn to their extensively modelled nodes was time consuming.
To relieve this problem, we created an option to add the missing vpn to transfer command based on a Tweak specific to a node-type or class.
The new vendor module 'Aruba MM' was added to support the Aruba Mobility Master Controller family of devices.
In version 7.2 the form supporting IPsec GRE tunnels was dropped from the product as it was designed to support a specific customer design that was phased out.
In its stead two XCH API calls were created to provide continued support of this design during its migration phase.
The optional SNMP Traps that can be issued on a changing Compliance status are now 'spoofed' by default. Here the 'spoofing' refers to the 'faking' of the source ip-address of the Trap message by replacing the server address with the node address.
The SNMP Trap will use the node ip-address instead of the NetYCE server as the source if the node-fqdn can be resolved using the DNS in an ipv4 address. Otherwise the NetYCE server will be used as the source address.
If this functionality is not desired, it can be disabled using the signal_cmpl.conf setup file.
A fair number of relatively minor fixes and improvements were incorporated in the NCCM and Compliance modules:
Some Cisco IOS devices are using a different on-screen layout to display their version output. The fix now detects and extracts the firmware version from either layout.
Some device types use a different on-screen confirmation prompt than others which caused time-outs on some transactions. Now either format is detected.
On devices using a different hostname than used in the NetYCE node, the configuration backup file was using an incorrect filename.
Browsers keep improving their security levels enforcing older and newer guidelines. One of them, 'SameSite cookies' was causing some issues. This is now corrected.
After an AD or Ldap password change some users could no longer login to NetYCE. The reason proved to be the inclusion of a backslash (\) character in the new password. These backslashes are commonly incorporated password generated by a tool.
As these backslashes require a 'protect' not to be discarded on encryption, the corresponding 'unprotect' before submitting to AD/Ldap was neglected, causing the password to be rejected. This is now corrected.
Aruba MC view config failed to show any configuration lines. Resolved the issue by adding the missing web formatter to the module
When interacting with some devices that use a sub-prompt the session would not properly timeout if this prompt was not 'expected'. The session would end up in a loop basically indefinitely.
The handling of timeouts was extended to include these situations. Now, when an unexpected (sub-)prompt is presented, an <enter> is given after 10 seconds as before, but not forever. If the same prompt is encountered six times in a row (1 minute), the session is aborted.
The string 'XXXXX' is used in templates and scenarios to flag an error when a variable substitution fails. This flag was chosen over 'error' or 'failed' because of its uniqueness.
But as it turns out, not unique enough. Customers that created templates which included the 'XXXXX' string found that the template was rejected or was reported to have an error. To resolve this issue, the handling of this flag was altered to make this distinction in context. Using the XXXXX string in templates is now supported without raising errors, but the flag will still be highlighted in red when using the various tools.
It was found that the front-end accepted Site_types with a slash (/) in its name. When using web-technologies, these slashes have special meaning and need to be protecting (escaping) to prevent them from getting lost when communicating with the server. This was properly incorporated as expected, but not once but twice. In the message routing these slashes resulted in the server receiving a name it should not find in the database preventing returning the correct data.
This problem was resolved for the site-types to support existing customer configurations. Other instances where slashes are currently accepted will be modified to deny them.
During job execution the Hardware-model of the device is read using a version command. On some Huawei models this led to inaccurate model names.
The issue was resolved resulting in improved accuracy of hardware model determination.