cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
584
Views
0
Helpful
7
Replies

Creating dynamic scheduled compliance jobs (wildcard issue?)

philip.r.hayes
Level 1
Level 1

We've been trying to use the baseline templates to run on a schedule and we think that at the time of the job creation, RME selects the devices and makes a static list. Is this correct?

We created a scheduled job, then deleted a device that was part of the first run of that job. In the second run, the removed device not only appeared on the report but was reported as compliant. How could that be? If the job is run against the config archive, and if the device was deleted, then shouldn't the config be deleted as well?

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

It depends on the version of RME, and what you selected when you created the job as to how job membership is defined. In recent versions of RME, when you get the part of the job creation task where you can select devices, you will see two radio buttons at the top of the window. The default is Device Selector. However, if you select Group Selector, you will be able to choose a group on which the job will run. As the group changes, the job's membership will change as well.

The fact that the device was reported as compliant may be an issue with the fact that it no longer existed. It's hard to saw what commands need to be added or removed if the config is no longer present. The job log should have more details.

We have RME 4.0.6 in LMS 2.6.

So picking devices using the device selector and wildcards results in a static list.(?) The only way to create dynamic lists would be by setting up a gazillion groups; yes/no?

You're still picking devices, so this would be static, yes. RME 4.0.6 does not provide the group selector interface (RME 4.1 and higher only).

We have been looking into using backend scripting with, hopefully, cwcli. But so far no luck.

But what is really bothersome is that Cisco's documenation states that the Group Selector is how to select devices dynamically. You say that it's not in the version we are running?

Here's the 'scrubbed' URL:

http://SERVER:1741/help/rme/fundamentals/index.html?config_DeplyBaslinTempFileSys.html

Personally I feel that I should be able to open a TAC case that would force Cisco to fix the flaw. I could care less what version I have if the helpfile states that I should be able to do it. IMHO...

RME 4.0.6 only presents the device selector. I see no where in this document that it mentions the group selector.

Interesting. When I pasted in the URL, it didn't show the same thing I saw the first time. But, towards the bottom, I clicked on "Running A Compliancy Check" and it came up with this: (sorry about any formatting issues)

Running Compliance Check

To execute a compliance check:

Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.

1. Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Select the template and click Compliance Check.

The Select Devices dialog box appears.

2. Select either:

* Device Selector, if you want to schedule a job for static set of devices. See Using RME Device Selector for information on how to use RME Device Selector.

Or

* Group Selector, if you want to schedule a job for dynamic group of devices.

The job is scheduled only for the devices that are present in the selected group at the time when the job is run. The customizable group selector for jobs evaluate static groups also as dynamic during run time.

You can see the "Group Selector" reference above.

But, if you have any ideas on how to accomplish this at the command line, I'm listening.

Yes, I see it. This is a documentation bug. The documentation was most likely imported from RME 4.1.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco