Important

   

Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.

Deploying to the running configuration

A job with the Deploy to Active action updates the device's active Running configuration. As outlined in Managing device configurations and Managing configuration compliance, Deploy to Active can be used for:

  • Rolling back a configuration to a prior configuration
  • Making configuration changes by using a target configuration
  • Making configuration changes by using templates (from library or ad-hoc)
  • Making configuration changes by using rules
  • Enforcing compliance to assigned rules (that is, audited configuration policies)

You can request BMC Network Automation to perform a Scan Syntax before making the configuration change. If the Scan Syntax fails on a device, the configuration change is not made to that device. When a change completes successfully, you can also request that the resulting Running configuration be marked as Trusted and copied to the Startup configuration (that is, Commit). BMC Network Automation also performs a snapshot after the Deploy to Active action to update the archive.

To run the Deploy to Active action

  1. On the Add Job page, select Add Action > Span Actions > Deploy to Active.

  2. Enter information in the following fields:

    Field

    Description

    Annotation

    (Optional) Annotation assigned to the configurations created by the action.

    Network Span

    Select a realm, group, multiple devices, or a single device for the Deploy to Active action. When the Network Span is Realm or Group, you can use Filter Devices to select which devices to include in the action.

    When the action is triggered in an event-based Policy, additional options include: Same as Triggering RealmSame as Triggering GroupSame as Triggering Device.

  3. In the Configuration field, select the configuration, template or rule(s) to merge with the device's Running configuration.
    • Trusted Running: Deploy the device's Trusted Running configuration.
    • Target: Deploy the device's Target configuration.
    • Template: Deploy the selected template. If the template references runtime parameters, select Params to assign the parameter values. To correctly format templates, see the tips under Understanding template formatting.
    • Ad-Hoc Template: Deploy the ad-hoc template created specific to this action. The ad-hoc template belongs to the job and is deleted when the job is deleted. The ad-hoc template does not appear in the template list.

      Click Create/Edit Template and enter the configuration commands that are to be sent to the device during the deploy operation.

      To insert substitution parameters into the template, click Substitution Parameters, select the category, and use your desktop's native copy/paste function to copy the substitution parameter name into the template. See also Using substitution parameters in templates.

      Note

      You can edit the ad-hoc template after the job is saved if the job is draft, scheduled, or waiting for approval state. If the job is copied, the ad-hoc template is copied with the job and can be edited. To correctly format the ad-hoc template, see the tips under Understanding template formatting.

    • Historical Running: Deploy the device's selected historical configuration.
    • Remediate With: Select one or more rule sets and rules to remediate or correct. There are conditions under which BMC Network Automation can make the current running configuration compliant based on the rule grammar and device type.
    • Remediate With All Assigned: Remediate or correct all or a subset of the assigned rule sets, to correct rules actively in violation.
      Click Filter Rules to set rule filter criteria. For example, you might want to enforce assigned rules based on Violation Severity. See Managing policies for recommendations for how to configure a policy to automatically correct assigned rules based on filter criteria.
    • Historical Trail(s) By Date: Deploy the selected historical trail(s) to the devices in the selected network span, to their active configuration.
      Use this option when several different trails should always be deployed together, when they have inter-related settings. Select one or more trails, other than the running trail from the drop-down menu of mergeable trails, then choose the configuration active at that date/time. Only those trails applicable to a particular device are deployed to that device.

    • Historical Trail: Deploy a selected configuration to the selected device. Select the trail to be deployed, then select the particular configuration.

      Note

      When you select Historical Trail or Historical Trail(s) By Date, SmartMerge is not used.

  4. Select any of the following options, as relevant:

    Check box

    Description

    Scan Syntax Prior to Deploy

    Perform a Scan Syntax before deploying to active. Substitutions for global, function, device, agent, template, and runtime parameters are made for the scan. If the Scan Syntax detects an error, the the Deploy to Active action does not occur.

    Mark as Trusted

    If the the Deploy to Active action completes successfully, mark the resulting Running and Startup configurations as trusted.

    Commit

    If the the Deploy to Active action completes successfully, copy the device's Running configuration to the Startup. This ensures if the device reboots, the changes have been committed.

    Use Auxiliary Interface

    When the selected network span is a device, the auxiliary interface is used for connecting to the device. When not checked or when the span is not a device, the primary interface is used.

    Ignore Any Rule Conflicts

    If remediating multiple rules, ignore any conflicts between corrections in different rules. By default such conflicts are not ignored, and cause the action to fail to generate the compliant configuration, since conflicts usually lead to incorrect syntax or unexpected changes. Ignore conflicts only when you have reviewed the incremental script and verified it is correct in spite of conflicts.

    Note that the system can detect conflicts only within a single sub-action, for sub-actions that generate a compliant configuration. The system cannot detect conflicts across different sub-actions. For example, the system cannot detect that two sub-actions, each pushing a template contain conflicting commands in the templates, or that two image deployments cancel each other out. Use the Preview feature to review the details of the sub-actions when remediating many violations at once.

    Override Rule Corrective Action OptionsWhen remediating, indicates which option settings are used. When this option is selected, the option settings you choose here take effect. When not selected, the option settings in the Deploy to Active corrective actions of the rule take effect.

    1. For advanced options related to the Deploy to Active action of the configuration file, click Advanced Options, and then select from the following options, as relevant.

      Note

      Depending on the vendor, BMC Network Automation supports such Deploy to Active options when you have selected a configuration (for example, Trusted Running, Historical Running, Target). 

      Option

      Description

      Full Merge

      The entire configuration file is merged onto the device by BMC Network Automation. The result of this Deploy to Active operation depends on the device's internal logic for resolving differences between the current running configuration and the selected configuration.

      Incremental Merge

      SmartMerge Technology creates scripts that include only those commands that are necessary to transform the current Running configuration into the selected configuration (rollback) or to enforce the selected rules. The SmartMerge script is merged onto the device.

      Stop on Syntax Errors (Only Tunneled Transfers)

      Select this option to stop the Deploy to Active action if the device reports a command error, skipping all commands that follow the command in error

      The device must support the Tunneled file transfer mode for this option to be applicable.

      Force Tunneled Transfer Mode

      Force BMC Network Automation to ignore the device's file transfer mode setting and use tunneled mode instead.

      The device must support the Tunneled file transfer mode for this option to be applicable.

  5. Click OK to add the action to the job.

You can preview the scripts that are to be deployed by clicking . To assess the change against the current configuration, click . BMC Network Automation displays a Configuration Comparison Report or Compliance Report for analysis. These Actions icons are shown in the following figure:

Additional information regarding remediation

When you choose Remediate With All Assigned, a device must be actively in violation of a rule for the Deploy to Active corrective actions of the rule to be executed. When you choose Remediate With, a device need not be in violation.

Only the Deploy to Active corrective actions in a rule are executed by a Deploy to Active span action. Any corrective action that is a Deploy to Stored, Deploy OS Image, or a custom action is ignored when running a Deploy to Active span action.

The Deploy to Active span action expands into one or more Deploy to Active sub-actions, each of which performs one corrective action. For example, you might have selected to remediate some rules whose corrective action pushes a template and other rules that push a compliant configuration. These would be represented as two sub-actions under the top-level Deploy to Active action. You can observe this action and sub-action hierarchy on the Preview Sub-Actions and Scripts page, the Job Details page, and the Job Summary report.

Was this page helpful? Yes No Submitting... Thank you

Comments