User Tools

Site Tools


maintenance:releases:7.2.0_20210330
no way to compare when less than two revisions
LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.


maintenance:releases:7.2.0_20210330 [2021/03/30 06:47] (current) – created yspeerte
Line 1: Line 1:
 +{{indexmenu_n>20210330}}
 +
 +====== NetYCE 7.2.0 Build_20210330 ======
 +====== Release notes ======
 +Date: 2021-03-30
 +
 +
 +\\ 
 +<WRAP widths 60% box safety>
 +===== Enhancement =====
 +</WRAP>
 +
 +==== Node groups ====
 +<WRAP indent>
 +Node groups are used to dynamically select the desired nodes for a task using given criteria.
 +These criteria are implemented using Rules consisting of Conditions. The conditions accept 
 +lists of strings (with or without wildcards) to match the different values. And as long as 
 +these lists consists of single words, the whitespace separator being used causes no problems.
 +
 +However, when trying to use a condition match string that included spaces proved to be impossible.
 +To resolve the issue, conditions now accepts lists of strings where the values may be enclosed
 +in quotes. By using quotes around values using spaces the lists can be properly separated.
 +</WRAP>
 +
 +==== Compliance REST signal ====
 +<WRAP indent>
 +Changed CMPL REST-api signal config to use <variables> in (custom) attributes. Instead of
 +sending a fixed-format Rest/Json post, the message payload can now be custom formatted
 +using a number of '<variables>' which are substituted in the defined signal template.
 +</WRAP>
 +
 +==== HP C7 file transfer ====
 +<WRAP indent>
 +When transferring a (configuration) file from a HP Comware7 device, the use of the 
 +'management vpn' is mandatory. As one customer found out, adding the management vpn
 +to their extensively modelled nodes was time consuming.
 +
 +To relieve this problem, we created an option to add the missing vpn to transfer command
 +based on a Tweak specific to a node-type or class.
 +</WRAP>
 +
 +==== Aruba MM vendor module ====
 +<WRAP indent>
 +The new vendor module 'Aruba MM' was added to support the Aruba Mobility Master Controller family
 +of devices.
 +</WRAP>
 +
 +
 +\\ 
 +<WRAP widths 60% box safety>
 +===== Change =====
 +</WRAP>
 +
 +==== IPsec GRE api ====
 +<WRAP indent>
 +In version 7.2 the form supporting IPsec GRE tunnels was dropped from the product as
 +it was designed to support a specific customer design that was phased out. 
 +
 +In its stead two XCH API calls were created to provide continued support of this
 +design during its migration phase.
 +</WRAP>
 +
 +==== Compliance traps ====
 +<WRAP indent>
 +The optional SNMP Traps that can be issued on a changing Compliance status are now 'spoofed'
 +by default. Here the 'spoofing' refers to the 'faking' of the source ip-address of the Trap
 +message by replacing the server address with the node address.
 +
 +The SNMP Trap will use the node ip-address instead of the NetYCE server as the source if the
 +node-fqdn can be resolved using the DNS in an ipv4 address. Otherwise the NetYCE server will
 +be used as the source address. 
 +
 +If this functionality is not desired, it can be disabled using the signal_cmpl.conf setup file.
 +</WRAP>
 +
 +
 +\\ 
 +<WRAP widths 60% box safety>
 +===== Fix =====
 +</WRAP>
 +
 +==== Compliance fixes ====
 +<WRAP indent>
 +A fair number of relatively minor fixes and improvements were incorporated 
 +in the NCCM and Compliance modules:
 +  * Front-end fix for error on condition include change
 +  * Nccm daemon fix for misaligned condition types
 +  * Fixes in compliance reporting entries
 +  * Fixed compliance report filenames and detail levels
 +  * Front-end fix for report templates with both a policy id and a group name
 +  * Front-end fox in report vendor type search
 +  * You can now search for a numerical status in the cmpl api
 +  * Modified the report details for multiconfig compliance
 +  * Bug fix in compliance reporting XCH api call
 +  * Fixed the hyperlink in the compliance signal report details
 +  * Cleaned up the report details for configuration rules
 +  * Added report details to report view for policy reports
 +  * Added optional runtime statistics to the nccmd daemon for tuning purposes: Change Nccm_lookup variable Nccm_stats' Num_value 0 -> 1
 +  * Compliance report on 'ordered' blocks
 +  * Added a timestamp column to the cmpl condition edit form
 +  * Condition evaluation time streamlined giving better performance
 +  * Enhancements to the 'new logic' form
 +  * Compliance policy test timeout catch
 +  * Nccm daemon optimizations to reduce memory load
 +  * Condition exclude match now logs the exact line that has matched
 +  * All excluded lines are now reported with a threshold of 20
 +
 +</WRAP>
 +
 +==== Cisco IOS vendor ====
 +<WRAP indent>
 +Some Cisco IOS devices are using a different on-screen layout to display their 
 +version output. The fix now detects and extracts the firmware version from
 +either layout.
 +
 +</WRAP>
 +
 +==== Huawei CE/S vendors ====
 +<WRAP indent>
 +Some device types use a different on-screen confirmation prompt than others which caused time-outs
 +on some transactions. Now either format is detected.
 +
 +On devices using a different hostname than used in the NetYCE node, the configuration backup 
 +file was using an incorrect filename.
 +</WRAP>
 +
 +==== Cookie failure ====
 +<WRAP indent>
 +Browsers keep improving their security levels enforcing older and newer guidelines. One of them,
 +'SameSite cookies' was causing some issues. This is now corrected.
 +</WRAP>
 +
 +==== Ldap/AD password failure ====
 +<WRAP indent>
 +After an AD or Ldap password change some users could no longer login to NetYCE. The reason
 +proved to be the inclusion of a backslash (\) character in the new password. These backslashes
 +are commonly incorporated password generated by a tool.
 +
 +As these backslashes require a 'protect' not to be discarded on encryption, the corresponding 
 +'unprotect' before submitting to AD/Ldap was neglected, causing the password to be rejected. 
 +This is now corrected.
 +</WRAP>
 +
 +==== Aruba MC vendor ====
 +<WRAP indent>
 +Aruba MC view config failed to show any configuration lines. Resolved the issue by adding
 +the missing web formatter to the module
 +=== Vendor session timeout ==
 +
 +When interacting with some devices that use a sub-prompt the session would not properly timeout
 +if this prompt was not 'expected'. The session would end up in a loop basically indefinitely.
 +
 +The handling of timeouts was extended to include these situations. Now, when an unexpected 
 +(sub-)prompt is presented, an <enter> is given after 10 seconds as before, but not forever. 
 +If the same prompt is encountered six times in a row (1 minute), the session is aborted.
 +</WRAP>
 +
 +==== 'XXXXX' error flag fix ====
 +<WRAP indent>
 +The string 'XXXXX' is used in templates and scenarios to flag an error when a variable
 +substitution fails. This flag was chosen over 'error' or 'failed' because of its uniqueness.
 +
 +But as it turns out, not unique enough. Customers that created templates which included the 
 +'XXXXX' string found that the template was rejected or was reported to have an error.
 +To resolve this issue, the handling of this flag was altered to make this distinction in 
 +context. Using the XXXXX string in templates is now supported without raising errors,
 +but the flag will still be highlighted in red when using the various tools.
 +</WRAP>
 +
 +==== Site-type name fix ====
 +<WRAP indent>
 +It was found that the front-end accepted Site_types with a slash (/) in its name. When using
 +web-technologies, these slashes have special meaning and need to be protecting (escaping)
 +to prevent them from getting lost when communicating with the server. This was properly
 +incorporated as expected, but not once but twice. In the message routing these slashes
 +resulted in the server receiving a name it should not find in the database preventing returning
 +the correct data.
 +
 +This problem was resolved for the site-types to support existing customer configurations. Other
 +instances where slashes are currently accepted will be modified to deny them.
 +</WRAP>
 +
 +==== Huawei_S Hardware-model ====
 +<WRAP indent>
 +During job execution the Hardware-model of the device is read using a version command. On some 
 +Huawei models this led to inaccurate model names.
 +
 +The issue was resolved resulting in improved accuracy of hardware model determination.
 +</WRAP>
 +
  
maintenance/releases/7.2.0_20210330.txt · Last modified: 2021/03/30 06:47 by yspeerte