Config Scripts Overview
Cisco IOS XR config scripts can validate and make modifications to configuration changes. They allow device administrators to enforce custom configuration validation rules, or to simplify certain repetitive configuration tasks. These scripts are invoked automatically when you change a configuration and commit the changes. A config script inserts itself into the commit process when a configuration commit is in progress. The config script can modify the current config candidate. For example, consider you want to maintain certain parameters for routers such as switched off ports or security policies. The config script is triggered to validate the updated configuration and take appropriate action. If the change is valid, the script allows committing the new configuration. If the configuration is invalid or does not adhere to the enforced constraints, the script notifies you about the mismatch and blocks the commit operation. Overall, config scripts help to maintain crucial device parameters and reduce human error in managing the network.
When you commit or validate a configuration change, the system invokes each of the active scripts to validate that change. Config scripts can perform the following actions:
- Analyze the proposed new configuration.
- If the configuration is invalid, block the commit by returning an error message along with the set of configuration items to which it relates.
- Return a warning message with the related details but do not block the commit operation.
- Modify the configuration to be included in the commit operation to make the configuration valid, or to simplify certain repetitive configuration tasks. For example, where a value needs duplicating between one configuration item and another configuration item.
- Generate system log messages for in-depth analysis of the configuration change. This log also helps in troubleshooting a failed commit operation.
Config Scripts Limitations
The following are the configuration and software restrictions when using config scripts:
- Config scripts cannot make modifications to a configuration that is protected by the Central Configuration Validator (CCV) process, in particular:
- Script checksum configuration.
- Other sensitive security configurations such as Authentication, Authorization, and Accounting (AAA) configuration.
- Config scripts do not explicitly support importing helper modules or other custom imports to provide shared functionality. Although such imports appear to function correctly when set up, they can potentially represent a security risk because there is no checksum validation on the imported modules. Modifications to these imported modules are not automatically detected. To reflect changes to the imported module in the running scripts, you must manually unconfigure and reconfigure any scripts using the imported module.
Get Started with Config Scripts
Config scripts can be written in Python 3.5 programming language using the packages that Cisco supports.
This section gets you started with provisioning your Python automation scripts on the router.
Note: This section does not delve into creating Python scripts, but assumes that you have a basic understanding of Python programming language. This section will walk you through the process involved in deploying and using the scripts on the router.