view sourceprint?001 version 1.0;
002 ns junos = "http://xml.juniper.net/junos/*/junos";
003 ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
004 ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
005 import "../import/junos.xsl";
006 match configuration {
007 /*
008
009 version: 1.1
010 date: 8 August 2014
011 */
012
013 /*
014 - Make sure [edit chassis] is not totally deleted...
015 -
016 */
017 call error-if-missing($must = chassis, $statement = "chassis") {
018 with $message = {
019 expr "Chassis configuration cannot be empty !!!";
020 }
021 }
022 /*
023 - We are making sure that the loopback interface configuration is present
024 - and it has family inet configured.
025 - The commit will fail if this is the case.
026 -
027 - Uncomment the line with 'v6-enable' if you have/want to cover IPv6 too.
028 */
029 call error-if-missing($must = interfaces/interface[name == "lo0"]/unit[name =="0"]/family/inet/address, $statement = "interfaces lo0 unit 0 family inet address");
030
031 /* v6-enable BEGIN
032 call error-if-missing($must = interfaces/interface[name == "lo0"]/unit[name =="0"]/family/inet6/address, $statement = "interfaces lo0 unit 0 family inet6 address");
033 /* v6-enable END
034
035 /*
036 - Now we check the present loopback interface configuration and make sure it's not disabled.
037 - The commit will fail if this is the case.
038 */
039 call error-if-present($must = interfaces/interface[name == "lo0"]/disable | interfaces/interface[name == "lo0"]/unit[name == "0"]/disable) {
040 with $message = {
041 expr "The Loopback interface is disabled.";
042 }
043 }
044 /*
045 - Make sure snmp 0/0 is not configured. It would mess up with some apply-path implementations on the loopback filter !
046 - The commit will fail if this is the case.
047 */
048 call error-if-present($must = snmp/community[name == *]/clients[name == "0.0.0.0/0"]) {
049 with $message = {
050 expr "0.0.0.0/0 restrict is not recommended along with apply-path";
051 expr " because it would compromise the firewall filter !!! ";
052 }
053 }
054 /*
055 - Making sure the whole forwarding-options section is not deleted/deactivated.
056 - The commit will fail if this is the case.
057 */
058 call error-if-missing($must = forwarding-options, $statement = "[edit forwarding-options]") {
059 with $message = {
060 expr "The [edit forwarding-options] is missing !!! ";
061 }
062 }
063 /*
064 /*
065 - Making sure the whole routing-options section is not deleted/deactivated.
066 - The commit will fail if this is the case.
067 */
068 call error-if-missing($must = routing-options, $statement = "[edit routing-options]") {
069 with $message = {
070 expr "The [edit routing-options] is missing !!! ";
071 }
072 }
073 /*
074 - Making sure the whole protocols/bgp section is not deleted/deactivated.
075 - The commit will fail if this is the case.
076 */
077 call error-if-missing($must = protocols/bgp, $statement = "protocols bgp") {
078 with $message = {
079 expr "The protocols/bgp is missing !!! ";
080 }
081 }
082 /*
083 - Check that the protocol is not disabled...
084 */
085 call error-if-present($must = protocols/bgp/disable) {
086 with $message = {
087 expr "The BGP protocol is disabled, failing commit..";
088 }
089 }
090 /*
091 - Making sure the whole protocols/ospf section is not deleted/deactivated.
092 - The commit will fail if this is the case.
093 */
094 call error-if-missing($must = protocols/ospf, $statement = "protocols ospf") {
095 with $message = {
096 expr "The OSPF protocol is missing, failing commit..";
097 }
098 }
099 /*
100 - Check that the protocol is not disabled...
101 */
102 call error-if-present($must = protocols/ospf/disable) {
103 with $message = {
104 expr "The OSPF protocol is disabled, failing commit..";
105 }
106 }
107
108 /*
109 - Making sure the whole class-of-service section is not deleted/deactivated.
110 - The commit will fail if this is the case.
111 */
112
113 call error-if-missing($must = class-of-service, $statement = "[edit class-of-service]") {
114 with $message = {
115 expr "The whole class-of-service section is missing, failing commit..";
116 }
117 }
118 /*
119 - Check that the Cos is not disabled...
120 */
121 call error-if-present($must = class-of-service/disable) {
122 with $message = {
123 expr "The whole class-of-service is disabled, failing commit..";
124 }
125 }
126 /*
127 - Making sure the whole protocols/pim section is not deleted/deactivated.
128 - The commit will fail if this is the case.
129 */
130 call error-if-missing($must = protocols/pim, $statement = "protocols pim") {
131 with $message = {
132 expr "The pim protocol is missing, failing commit..";
133 }
134 }
135 /*
136 - Check that the protocol is not disabled...
137 */
138 call error-if-present($must = protocols/pim/disable) {
139 with $message = {
140 expr "The pim protocol is disabled, failing commit..";
141 }
142 }
143 /*
144 - Making sure the whole protocols/mpls section is not deleted/deactivated.
145 - The commit will fail if this is the case.
146 */
147 call error-if-missing($must = protocols/mpls, $statement = "protocols mpls") {
148 with $message = {
149 expr "The mpls protocol is missing, failing commit..";
150 }
151 }
152 /*
153 - Check that the protocol is not disabled...
154 */
155 call error-if-present($must = protocols/mpls/disable) {
156 with $message = {
157 expr "The MPLS protocol is disabled, failing commit..";
158 }
159 }
160 /*
161 - Making sure the whole protocols/ldp section is not deleted/deactivated.
162 - The commit will fail if this is the case.
163 */
164 call error-if-missing($must = protocols/ldp, $statement = "protocols ldp") {
165 with $message = {
166 expr "The LDP protocol is missing, failing commit..";
167 }
168 }
169 /*
170 - Check that the protocol is not disabled...
171 */
172 call error-if-present($must = protocols/ldp/disable) {
173 with $message = {
174 expr "The LDP protocol is disabled, failing commit..";
175 }
176 }
177 }
178 /*
179 - Make sure snmp 0/0 is not configured. It would mess up with auto-filter !QQ
180 - The commit will fail if this is the case.
181 */
182 /*
183 - This is where we can generate custom error/warning messages
184 - by modifying the default templates.
185 */
186 template warn-if-missing ($must, $statement = "unknown", $message = "missing mandatory configuration statement") {
187
188 if (not($must)) {
189 <xnm:warning> {
190 <edit-path> {
191 copy-of $statement;
192 }
193 <message> {
194 copy-of $message;
195 }
196 }
197 }
198 }
199 /*
200 -
201 -
202 -
203 */
204 template error-if-missing ($must, $statement = "unknown", $message = "missing mandatory configuration statement") {
205
206 if (not($must)) {
207 <xnm:error> {
208 <edit-path> {
209 copy-of $statement;
210 }
211 <message> {
212 copy-of $message;
213 }
214 }
215 }
216 }
217 /*
218 -
219 -
220 -
221 */
222 template error-if-present ($must = 1, $message = "invalid configuration statement") {
223 /* give error if param missing */
224
225 for-each ($must) {
226 <xnm:error> {
227 call jcs:edit-path();
228 call jcs:statement();
229 <message> {
230 copy-of $message;
231 }
232 }
233 }
234 }
|