Table of Contents
NetYCE 8.0.0 Build_20220617
Historical log files
The “Debugging” tool allows the user to view the many different log files the NetYCE system maintains. Most log files are rotated periodically to create a limited set of historical log files.
At file rotation are the running files renamed to get a '.0' appended. An existing '.0' file is renamed to '.1' and so on.
Now this tool will optionally show these rotated log files too to allow the user to examine more of the process' history.
Node group test
The 'Node-group test' tool has been reworked to provide a more comprehensible user interface. The new tool will list a set of Node-groups that can be filtered in a number of ways. For each of the resulting Node-groups, the user can test and review the node members for the various User-groups at different log levels.
The 'node member test' function of the original tool has been integrated in the Node-groups list by using a Node-name as a 'filter' to list the Node-groups that have the node as a member.
Compliance Condition Arbitrary Order Checkbox
A condition now has an extra checkbox, marked with “Words in a line can be in arbitrary order”. When checked, each line in the condition can match a line in its respective block with words in arbitrary order. This is useful when matching lists of ip addresses where you don't know the order, for example
MariaDB 10.6 support
For new installations support has been added for MariaDB version 10.6. The previously supported versions are 10.2 through 10.4, depending on the Linux version. Most NetYCE installations use 10.2 or 10.3.
Although the MariaDB 10.2 and 10.3 versions are completly stable and are continuously updated for vulnerabilities and big-fixes, new installations could profit from performance and features that the newer versions offer.
Customers wanting to upgrade their systems database to MariaDB 10.6 should follow the procedure on our Wiki: https://wiki.netyce.com/doku.php/maintenance:general:mariadb-10.6-upgrade
A few changes to the menu were made to make their entries more self-explanatory.
In the 'Admin - System' menu, the entries are now:
- 'System status' which is unchanged
- 'Yce archives' to create or restore YCE databases and was named DB archives earlier
- 'Backups archives' to create or restore NCCM databases and was named Config archives before
- 'Debugging' to access the (debug) logging files and enable or disable debugging mode. It was named Debug logs before
The 'Admin' menu now lists the entry 'File manager' instead of 'Shared files'. The 'File manager' entry
now has the entries:
- 'Shared files' to access the file-transfer directory tree
- 'Support files' to access the user-files directory tree
Also, the 'Admin - Setup' menu was modified. It now has three entries:
- 'General settings' which was named 'Settings' before
- 'Compliance settings' which was previously found as tool under 'Backups'
- 'Configuration files' to edit system configuration files
The menu 'breadcrumbs' refer to the list of last visited pages that are displayed in the top bar of the NetYCE GUI. When they were introduced in version 8.0 their order did not change when re-visiting a page that was already in the list.
To conform to the common use of these 'breadcrumbs', the list will now show the last six visited pages in the order they were visited with the most recent on on the right. The list will update after each page request.
Customers using the Infoblox exporter daemon (IBD) experienced an issue where the already high memory footprint was gradually increasing over time.
As it turned out, a memory leak caused the gradual increase and could be resolved readily. However, it was also noted that the IBD daemon did not return the freed memory to the OS once the exports were completed. To resolve this issue the exports are now executed using a temporary 'worker' sub process. As this temporary process exists at the end of each cycle, all memory is freed.
When selecting a file form the OS-repository and transferring it to a device, an issue is encountered that prevents an inexperienced user to make this job scenario to work.
The reason is that the Linux filesystems are case-sensitive. Trying to transfer a file with a single character upper or lower case mismatch will cause the transfer to fail with a 'file not found' error. And, as the OS-repository uses the vendor-type name in lower case while the <vendor_type> variable is returned using a mixed case, the issue will present itself at first try.
As we always attempt to make the job scenarios to behave case-insensitive, a transparent solution was created. Now, when transferring files using the 'file_get' and 'file_put' functions, the paths will be treated case-insensitive. This is accomplished by testing each element of the file path and file-name against the existing directories and correcting for the actual character case.
NCCM disabled polling
Nodes that failed polling for their configuration backup are disabled after a preset number of failures. These can be re-enabled using the 'Backups - Polling status' tool.
However, even if the resulting poll was successful, the node returned to its initial 'disabled' state. This issue has been fixed.
Failing disk mounts
Some recent installations experienced a serious server startup issue regarding missing disk mounts. As a consequence the system booted with a disk in read-only mode and no running NetYCE processes.
The issue proved to be related to the OS-repository setup that, when disabled, attempts to remove this OS-repository from the corresponding configuration file,
/etc/fstab. However, due to a missing default value for the OS-repository directory, ALL lines were removed from this file.
By ensuring proper defaults for the OS-repository setup, the issue was resolved. Please contact us for repair-instructions if you have experienced this issue but were unable to fix it.
Cisco IOS-XE Software-version
As part of any configuration backup session the Software version is retrieved from the device. This is often a lengthy message from which the relevant information must be extracted. For Cisco IOS-EX devices this extraction failed and resulted in the full message being saved as the Software version.
This issue has been corrected and will now update using the correct version information.
Cisco IOS enable secret
Cisco devices use an 'enable secret' that is used as a password to get higher privileges. Depending on the configuration and aaa-setup, this enable secret can be omitted during login.
When NetYCE establishes a session with a Cisco IOS device, the standard operation is to test if the session allows for the 'enable secret' privileges. This involved dropping down from a privileged mode and then try to re-establish it. A problem is encountered when the 'enable secret' was not configured in NetYCE (using the device specific or management Domain values). It would drop from privileged mode but could not continue.
To resolve this situation, the Cisco IOS sessions will not test the privilege mode when already privileged at login and no enable secret is available.