×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Tcl Script Not Executing

Answered Question
Jul 28th, 2013
User Badges:

Hello Community,


I have been working very hard to get the attached script to work. It was working and for some reason it has stopped working.


It has registered successfully, however I keep on getting the following error message when it's due to activate.



Process Forced Exit- MAXRUN timer expired.

    while executing

"if [catch {cli_exec $cli(fd) "show interface [ lindex $interface $i ]"} result] {

    error $result $errorInfo

}"

    invoked from within

"$slave eval $Contents"

    (procedure "eval_script" line 7)

    invoked from within

"eval_script slave $scriptname"

    invoked from within

"if {$security_level == 1} {       #untrusted script

     interp create -safe slave

     interp share {} stdin slave

     interp share {} stdout slave

..."

    (file "tmpsys:/lib/tcl/base.tcl" line 50)

Tcl policy execute failed:

Process Forced Exit- MAXRUN timer expired.

1Process Forced Exit- MAXRUN timer expired.

    while executing

"if [catch {cli_read_drain $cli(fd)} result] {

    error $result $errorInfo

}"



I wonder if someone could take a look and provide some assistance? Really appreciate it.



Cheers


Carlton

Correct Answer by Joe Clarke about 4 years 3 weeks ago

Yes, that's the point of adding the "down" bit to the regular expression.  Interfaces that are not up are excluded since you wouldn't typically care about those.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Carlton Patterson Sun, 07/28/2013 - 08:06
User Badges:

Hi Joseph,


If you're going to assist me, you may recall telling me to add the following line if the interfaces are to be switchports:


if [catch {cli_exec $cli(fd) "sh ip int brief | exc Interface|down|\[0-9\]*/\[0-9\]*\\.\[0-9\]*


That did work but is now not working.

Joe Clarke Sun, 07/28/2013 - 09:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Try doubling the maxrun time to 120 and re-registering the policy.  If you have a lot of interfaces, this can take a long time.

Carlton Patterson Sun, 07/28/2013 - 10:06
User Badges:

Hi Joseph,


There is indeed a whole lot of interfaces. Appreciate you coming back to me.


I will try your suggestion.


Cheers

Carlton Patterson Sun, 07/28/2013 - 10:28
User Badges:

Joseph,


Would I simply need to add the following line at the begining of the script?


#::cisco::eem::event_register_timer cron name test cron_entry "0 * * * *" queue_priority low nice 1 maxrun 120

Carlton Patterson Sun, 07/28/2013 - 10:32
User Badges:

Joseph,


I'm being dork!


I see it. Going to increase it and see if it makes a difference.


cheers

Carlton Patterson Sun, 07/28/2013 - 10:46
User Badges:

Hi Joseph,


I made the changes. Unfortunately, now the script doesn't work at all.


The following are my variables:


event manager environment input_errors_threshold 1000

event manager environment output_errors_threshold 1000

event manager environment crc_threshold 1000

event manager environment interface_reset_threshold 5

event manager environment interface_health_period 10

event manager environment _email_server x.x.x.x

event manager environment _email_from carlton.patterson@email.co.uk

event manager environment _email_to carlton.patterson@email.co.uk

event manager directory user policy "flash:/Syslog"

event manager session cli username "en.bcz00513"



As you can see I've set the period to 10seconds, and the interface resets to 5


The followig is my interface:


GigabitEthernet1/0/10 is down, line protocol is down (notconnect)

  Hardware is Gigabit Ethernet, address is b0fa.ebc3.128a (bia b0fa.ebc3.128a)

  Description: Desktop PC Floor Second South

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 4d00h, output hang never

  Last clearing of "show interface" counters 1d07h

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts (0 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 0 multicast, 0 pause input

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 6 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output


As you can see the reset is 6. However, the script doesn't recognise it.


Also see below for registration:


2    script    user    timer watchdog      Off   Sun Jul 28 17:36:17 2013  2048  composite_device_health.tcl

name {composite_device_health_interfac} time 10.000

nice 1 queue-priority low maxrun 120.000 scheduler rp_primary



Any thoughts would greatly appreciated.


Cheers

Carlton Patterson Sun, 07/28/2013 - 11:16
User Badges:

Joesph,


I'm actually getting the same error as before:


Jul 28 18:14:46.191: %HA_EM-7-FMS_POLICY_MAX_ENTRIES: fh_schedule_policy: Class default: Maximum number of 64 script publish entries exceeded; some events have been discarded


However, I don't have any other scripts running.....

Joe Clarke Sun, 07/28/2013 - 14:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It doesn't matter how many you have.  It only matters how many times a policy is being invoked versus how fast it can complete.  Given the maxrun timer, you must make sure your watchdog timer frequency is at least 120 seconds.

Carlton Patterson Sun, 07/28/2013 - 15:38
User Badges:

Hi Joseph,


Thanks again for getting back to me. I think I changed the watchdog timer correctly, see below, however the script still won't activate:


2    script    user    timer watchdog      Off   Sun Jul 28 22:14:51 2013  2048  composite_device_health.tcl

name {composite_device_health_interfac} time 120.000

nice 1 queue-priority low maxrun 120.000 scheduler rp_primary

Joe Clarke Sun, 07/28/2013 - 17:25
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What does that mean?  Do you see it executing in "show event manager history events"?

Carlton Patterson Mon, 07/29/2013 - 06:43
User Badges:

Hi Joseph,


Sorry if my message seemed a little cryptic.


My last post was just to show that I changed the watchdog and maxrun timer to 120.


First thing, can you let me know if timer number refer to seconds or minutes?


The reason I ask is because when I made the change last night I was hoping that I script would activate in 120 seconds. So when the script didn't execute I assumed the script wasn't working. However, after 7 hours the script activated.


I don't understand why.


Any thoughts?


Cheers

Joe Clarke Mon, 07/29/2013 - 07:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The time and maxrun are specified in seconds.  Once registered, the policy will run after 120 seconds (the way you configured it).  You can confirm if it did or not in "show event manager history events".

Carlton Patterson Mon, 07/29/2013 - 12:41
User Badges:

Hi Joseph,


Now this very interesting (and a little annoying :-)


The following outputs would suggest that script is working fine, but an email isn't sent.


If you could please shed some light on the issue I would really appreciate it.


MX-C3750-FL2-S#show even man p r                         

No.  Class     Type    Event Type          Trap  Time Registered           Secu  Name

1    script    user    timer watchdog      Off   Mon Jul 29 14:03:15 2013  2048  composite_device_health.tcl

name {composite_device_health_interfac} time 120.000

nice 1 queue-priority low maxrun 120.000 scheduler rp_primary



MX-C3750-FL2-S#show even man p ac

Key: p - Priority        :L - Low, H - High, N - Normal, Z - Last

     s - Scheduling node :A - Active, S - Standby


default class - 1 script event

no.  job id      p s status  time of event             event type          name

1    267962      L A running Mon Jul29 19:27:16 2013   timer watchdog      composite_device_health.tcl



MX-C3750-FL2-S#show event  manager history events        

No.  Job Id Proc Status   Time of Event            Event Type         Name

1    267952 Actv success  Mon Jul29 19:07:16 2013  timer watchdog     script: composite_device_health.tcl

2    267953 Actv success  Mon Jul29 19:09:16 2013  timer watchdog     script: composite_device_health.tcl

3    267954 Actv success  Mon Jul29 19:11:16 2013  timer watchdog     script: composite_device_health.tcl

4    267955 Actv success  Mon Jul29 19:13:16 2013  timer watchdog     script: composite_device_health.tcl

5    267956 Actv success  Mon Jul29 19:15:16 2013  timer watchdog     script: composite_device_health.tcl

6    267957 Actv success  Mon Jul29 19:17:16 2013  timer watchdog     script: composite_device_health.tcl

7    267958 Actv success  Mon Jul29 19:19:16 2013  timer watchdog     script: composite_device_health.tcl

8    267959 Actv success  Mon Jul29 19:21:16 2013  timer watchdog     script: composite_device_health.tcl

9    267960 Actv success  Mon Jul29 19:23:16 2013  timer watchdog     script: composite_device_health.tcl

10   267961 Actv success  Mon Jul29 19:25:16 2013  timer watchdog     script: composite_device_health.tcl

MX-C3750-FL2-S#



As you can see, all of the above outputs suggest that the script is running but it won't actually activate.


Any help you can provide would be greatly appreciated.


Cheers


Carlton

Joe Clarke Mon, 07/29/2013 - 12:44
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The script only sends email when a threshold is violated.  If there are no violations, the script will not produce any output.  So you'll need to debug the Tcl CLI calls and check the output to make sure the math lines up (the debug will also show if there is a problem running the CLI commands).  Note: you may have to add some debugging "puts" statements to the script if you want to see what the values are for intermediate variables.

Carlton Patterson Mon, 07/29/2013 - 12:47
User Badges:

Joseph,


I hope the previous outputs helps you to shed some light on what might be the problem. However, I was wondering how the line would help with non ip ports:


sh ip int brief | exc Interface|down|\[0-9\]*/\[0-9\]*\\.\[0-9\]*

Carlton Patterson Mon, 07/29/2013 - 13:31
User Badges:

Hi Joseph,


Thanks for sticking with me on this.


A violation is the number of resets exceeding 5.


The following shows resets of 6 from the device with the outputs shown above:

MX-C3750-FL2-S#show int gig 1/0/10

GigabitEthernet1/0/10 is down, line protocol is down (notconnect)

  Hardware is Gigabit Ethernet, address is b0fa.ebc3.128a (bia b0fa.ebc3.128a)

  Description: Desktop PC Floor Second South

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 5d03h, output hang never

  Last clearing of "show interface" counters 2d10h

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts (0 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 0 multicast, 0 pause input

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 6 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

Carlton Patterson Mon, 07/29/2013 - 14:05
User Badges:

OK Joseph,


I think I've found the problem.


The little thing I forgot to mention is that the 3750 switch is part of a stack of 4 switches, please see log. So, basically, there are 192 interfaces.


As a result, I tried increasing the maxrun and watchdog timer to 3600 but it still didn't activate.


I ran the script on an GNS3 device and it worked fine.


So I'm wondering if I need to tweak the script further to account for the stack?


Cheers

Carlton Patterson Tue, 07/30/2013 - 03:34
User Badges:

Hello Joseph,


Can you let me know what is the maximum time that can be set to maxrun?


I think I figured out why the script won't activate - stated below and I think I need increase the maxrun. However, when I can't get the maxrun to increase above 120, even though I typed 600.

Carlton Patterson Tue, 07/30/2013 - 04:14
User Badges:

Joseph,


I think I have figured out why it didn't work - the script only appears to work on interfaces that are ('connected'). I've been testing the script on unconnected interfaces...

Correct Answer
Joe Clarke Tue, 07/30/2013 - 17:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, that's the point of adding the "down" bit to the regular expression.  Interfaces that are not up are excluded since you wouldn't typically care about those.

Joe Clarke Tue, 07/30/2013 - 17:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The maxrun can vary based on platform.  You can try up to 2147483647.

Actions

This Discussion