Here’s an Intersight Quiz for you

Hey Cisco Intersight users – here’s a quiz for you.  Hopefully it will give the reader some insight on how to decipher the crazy logic used to name policy types in Cisco Intersight.

Let’s begin with a (partial) screendump of a the progress of a UCS Domain Profile being deployed in Intersight.

Now, here’s the question:

In the exhibit above, which Intersight Policy is being validated in the outlined section?

  1. The DNS, NTP and Timezone Policy
  2. The Network Connectivity Policy
  3. The IP Addressing Policy
  4. The Name Server Policy
  5. The DNS Policy

The correct answer (of course) is B
A is only for HyperFlex*, and C, D and E are not valid Policy types in Intersight.

So my message to Cisco is this.

You wouldn’t send a Sales Rep to a meeting with your customers wearing budgie smugglers and thongs, so you should expect the same standards from your software’s customer-facing interface, which is more and more becoming the behemoth known as Intersight!

How about you rename the Network Connectivity Policy to the DNS Policy, to match the Profile Deployment’s version of the name?

While you are at it – how about you make the Ethernet Network Policy a bit clearer too – I haven’t quite worked out if this refers ONLY to the VLAN Policy, of if this Validation/Deployment is actually more than just one Policy type.

RedNectar

*I don’t know WHY HyperFlex has its own special inconsistent Policy Set. Add that to the list of questions for Cisco!

Posted in Cisco, Intersight, opinion, rant | Tagged , | Leave a comment

Do you put version numbers in MS Word Documents? You should. And here’s how to do it properly

“Do you have the latest version?”

“Well, mine’s version 2.0. What’s yours?”

“Mine’s version 2.0 too”

“Well, why are they different?”


We’ve all had that conversation or similar right?

So why not implement a way of improving version numbering in Word documents? I’ll show you several tips to make versioning better, even completely automated if you want.

Hello! MS has a built in field that records the revision number.

Yes, MS Word does indeed have a built in field (called REVNUM) that gets updated every time the document is saved.

So one solution to the problem above is to include REVNUM field on the front page of each document.  If you always create documents from standard templates (you should) then the field can be added to the template. So your front page may end up looking like this:

And I’ll use that field later too, but REVNUM just doesn’t work as well as it should – like when MS Word has locked up or you’ve had to use auto-recovery, or you’ve had to use Save As… for some other reason. The REVNUM number goes back to 2 in these cases. And it doesn’t convey the same meaning as version – where a particular version of a document may go through several revisions and saves.

What I’m suggesting is a more manual method which has the version number recorded in one location but displayed on multiple pages.  The trick is to automate the process so the same version number is consistent.  This involves two stages

Stage 1: Create a document revision table

Stage 2: Create a field that displays the largest version number in the revision table

Here’s how.

TIP:RedPoint2  You are going to find following this tutorial much easier if you configure MS Word to Show Bookmarks. [Must be done with a document opened]
Windows: File > Options > Advanced > Show Document Content > [x] Show Bookmarks
macOS: Word > Preferences > View > Show in Document > [x] Bookmarks

Stage 1: Create a document revision table

It might looks something like this:

Now, if everyone is diligent at filling in the table, that might be all you need. But I suggest should do a bit more than just that.

Stage 2: Display the version and revision number on the front page

The trick here is to extract the largest Version number from the table mentioned above.  And this is where those Bookmark markers come in.

Step 1: Create a bookmark for the table

Select your the whole table in word and select Insert > Bookmark (or hit Ctrl|Cmd+Shift+F5) and give the bookmark a name such as DocRevisionInfoTable

Once you’ve added the bookmark, you’ll see those markers appear at the beginning and end of the table (if you’ve turned on the option to Show Bookmarks)

The challenge now is to somehow extract the latest version number and display it somewhere else – like the front page of your document.

Step 2: Add a field to the front page to display largest Version Number

Now that you have the Document Revision Table in a bookmark, you can use a calculation to extract the largest number in the first column of the table. It works like this:

Get your cursor where you want the version number to appear – I usually place it after the word Version  that I’ve typed in the footer area of the front page

Navigate to Insert > Field and enter the following text

=MAX(DocRevisionInfoTable A:A) \#"#.0#"

and click OK

And there you have it! Every time you add a new version number to the table, the field on the front page will be updated when you print the file or update the fields.

Step 3: Add Revision Number and Print Date

The above method is not foolproof – because the table only gets updated when someone manually adds a new version number, so I suggest that it’s also a good idea to add some more fields to the front page as well, so your front page looks something like the one above.  Specifically I’ve added PRINTDATE and REVNUM to the front page to make it look like the one above – or, if you show field codes – looks like:

For my purposes, the month is close enough for the PrintDate – but you could change the format to include the date and time if you wanted. For instance, if you change the PRINTDATE format string to

"MMMM yyyy dd, hh:mm:ss"

The resulting page will end up with a footer looking like:

In my case, PRINTDATE works well, because I print documents to .pdf before I distribute them.  But if you distribute MS Word documents in (ugh) .docx format you might prefer to used the LastSavedTime document property instead of PRINTDATE. It works in much the same way – and would look like this:

Of course, if anyone has re-saved, or done a Save As… then your versioning has gone out the window – hence my disgust at the thought of distributing documents in a form where they can easily changed, perhaps inadvertently.

My advice is to stick with the PRINTDATE method and only distribute documents via .pdf

And that’s about as automated as you can get! Hopefully no-more arguments

RedNectar


 

 

Posted in Microsoft, Microsoft Word, tutorial | Tagged , , | Leave a comment

Foolproof Validation of the ACI Access Policy Chain

Have you ever come across an invalid-vlan or invalid-path error in an ACI Endpoint Group, L3Out or Tenant?

invalid-vlan error

The chances are, there is a problem in your Access Policy Chain – i.e. the collection of Access Policies that you created before adding a static mapping in an EPG.

If you follow my foolproof method, you are guaranteed to find the problem! So here is…

RedNectar’s Foolproof Validation Process for an Access Policy Chain


TLDR Version

  1. Locate the Leaf Profile for leaf 2201 and 2202
  2. In the work pane, double-click the listed Associated Interface Selector Profile (which will actually be a Leaf Profile – there is NO SUCH OBJECT IN ACI CALLED Interface Selector Profile)
  3. When the Interface Profile opens, locate the Interface Selector that represents your port-channel, and double-click it. This will take you to the Access Port Selector page (don’t you just love Cisco’s naming consistency?)
  4. In the Access Port Selector page, locate the Policy Group, and click the external link button
  5. This will open a pop-up for your VPC Interface Policy group. On this screen, verify:
    1. The Link Aggregation Type is indeed Virtual Port Channel (VPC)
    2. The Port Channel Policy is a policy that sets LACP to Active (use the external link button to check)
    3. There is indeed a value in the Attached Entity Profile (even though there is NO SUCH OBJECT IN ACI CALLED Attached Entity Profile – instead what you SHOULD see there is an Attachable Access Entity Profile)
  6. Click on the external-link button next to the Attachable Access Entity Profile name. This will open a pop-up page for the  Attachable Access Entity Profile
  7. In the Attachable Access Entity Profile page, locate your Physical Domain in the list of Domains for this AAEP.
  8. In the L3 Domain Profile page, locate the VLAN Pool and click the external-link icon next to it. This will open a pop-up page showing your VLAN Pool values
  9. In the VLAN Pool page, validate that
    1. The Allocation Method is Static (although with v5.2 onwards it doesn’t matter)
    2. The VLANs you wish to use are listed.

Oh – and there is a great shortcut method too, but for that you’ll need to jump to the end of the full article

 /TLDR


The Full Version – with worked example

I’ll begin with an example – I want to statically map VLAN 2194 on my VPC configured on ports Ethernet 1/48 or switches 2201 and 2202 to my WebServers_EPG

Let’s assume I’ve done the mapping and found the invalid-vlan error illustrated above, so I need to ensure a VPC has been configured in an Access Policy Chain that includes ports Ethernet 1/48 or switches 2201 and 2202 as well as vlan-2194

The generic view for an Access Policy Chain is of course:

Generic Access Policy Chain

So for the example above, I’d expect it to be configured as:

Access Policy Chain for scenario

Access Policy Chain for scenario

To validate this chain, I’ll begin with the Leaf Profile.  If I have followed Best Practices then I’ll find a single Leaf Profile that has both Leaf 2201 and Leaf 2202

And sure enough, here it is – in my lab it is called Shared:L2201..2202_LeafProf

Step 1-Check the Leaf Profile

Check Leaf Profile

Check Leaf Profile

With the Leaf Profile opened I’ll check

  1. That the Leaf Selector does include Leaves 2201 and 2202 – and from the illustration, it appears that it does
  2. That an Interface Profile is linked to the Leaf Profile. Again from the illustration, I can see it is lined to the Shared:L2201..2202_IntProf
Step1-Checked

Step1-Checked

Step 2-Check the Interface Profile

From the Leaf Profile,  if I have followed Best Practices then I’ll find a single Interface Profile so I can double-click the Linked Interface Profile called (in this case Shared:L2201..2202_IntProf) to open it

Check Interface Profile

Check Interface Profile

From here,

  1. Note that the Interface Profile is automatically selected in the Navigation Pane and the interface selectors expanded
  2. Check that the Interface Selector
    1. is correctly named (It’s called MINT:1:48, reflecting the interface number)
    2. points to the correct interface (1/48 is correct for our example)
    3. is linked to the correct Interface Policy Group (I can see it is linked to a policy group called MINT:L2201..2:1:48.l2sw_VPCIPG)
  3. Double-click on the Interface Selector to to continue…
Step2-Checked

Step2-Checked

Step 3-Check the Interface Selector

After double-clicking the Interface Selector, the Access Port Selector page opens (Don’t you just love Cisco’s consistency with naming :-J)

Check Interface Selector

Check Interface Selector

You’ve already checked that there is a Policy group linked, so all you need do here is click on the external link to open up the configuration page for the VPC, in this case the VPC is named MINT:L2201..2:1:48.l2sw_VPCIPG with the name reflecting the leaf switch IDs and the port number used for the VPC.

Step3-Checked

Step3-Checked

Step 4-Check the Interface Policy Group

Once the Interface Policy Group window opens (be patient, there’s a LOT of fields to update) there are three main things you want to check (for a VPC)

Check Interface Policy Group

Check Interface Policy Group

  1. Check that the Link Aggregation Type is correct
  2. Check that the Port Channel Policy is correct
  3. Check that the Policy Group is indeed linked to the AAEP – in this case the AAEP is called MINT:HostLinks_AAEP so we’ll assume that it is correct for now.

Click on the link icon to open the linked AAEP window…

Step4-Checked

Step4-Checked

Step 5-Check the Attachable Access Entity Profile

Check AAEP

Check AAEP

All you need to do here is verify that the AAEP is linked to the correct Physical Domain, in this case, I can see that there is a L3Domain and a Physical Domain involved, but since we are troubleshooting a static mapping for an EPG, the Physical Domain is the correct one to choose. If the original error had been on a L3Out, I’d be choosing the L3 Domain.

Double-click on the Physical Domain name – in this example MINT:MappedVLANs_PhysDom to open the Physical Domain window.

Step5-Checked

Step5-Checked

Step 6-Check the Physical Domain

With the Physical Domain window opened, all you need to check is that it is indeed linked to a VLAN Pool, and in this case, I can see that it is linked to a VLAN Pool called MINT:MappedVLANs_VLAN.Pool – suggesting the the Best Practice of having one VLAN Pool Per Domain has been followed.

Check Physical Domain

Check Physical Domain

Click on the link icon to open the linked VLAN Pool window…

Step6-Checked

Step6-Checked

Step 7-Check the VLAN Pool

With the VLAN Pool window opened, there are two things to check

  1. That the allocation mode is static (or at least has a static range added for the relevant VLANS)
  2. That the VLAN ID  you are checking actually exists
Check VLAN Pool

Check VLAN Pool

In our example, if you recall, an invalid-vlan error was raised when we statically mapped VLAN 2194 on my VPC configured on ports Ethernet 1/48 or switches 2201 and 2202 to my WebServers_EPG

So at last we have found the cause of the error.

Step8-FAILED Check

Step8-FAILED Check

If we now add vlan-2194 to the VLAN Pool, the error will go away.

VLAN 2194 Added

VLAN 2194 Added

Take a breath…

OK. you now have a few windows to close, but if you have been following my progress diagrams along the way, you’ll notice that we’ve checked all part of the Access Policy Chain.  This is a foolproof method for finding breaks or mis-aligned policies, policies accidentally linked to the wrong object ect.

And now that I’ve put you through all that pain, I’ll tell you the Not-so-foolproof-but-much-quicker way of checking the access policy chain!

RedNectar’s Not-so-foolproof-but-much-quicker way of checking the access policy chain

Start at the VLAN Pool, and in the work pane (after checking the correct VLANs are in the VLAN pool, and the Allocation Mode is correct) click the Show Usage button

Not So Foolproof Method

Not So Foolproof Method

The fact that both leaves appear here shows that there IS a chain from the VLAN Pool back to both leaves – and to validate that the correct ports have been assigned, click the Click to Show Detail links.

The Usage Details window validates that the VLAN pool is mapped via the correct interfaces to the leaf switch for this articular Access Policy Chain.

Why – Not-so-foolproof?

This is a really great method to ensure that all the connections are valid, but it does NOT show you exactly which AAEP or Policy group is used, but even MORE importantly, if there IS a break in the chain somewhere, say between the Policy Group and AAEP, or between the Interface Selector and the Policy Group, you’ll see nothing here. Literally. Nothing. And you’ll have no idea where the break is, so you’ll go back to the Foolproof Method

So, if you are just sanity checking, I’d always recommend that you start here – at the VLAN Pool.  IF everything looks good here you can probably rest peacefully. BUT if you are troubleshooting a problem, then you will end up having to traverse the foolproof method – although if you’ve followed best practices of only having one Interface Profile per Switch Profile, you can usually begin at Step 2

RedNectar

Posted in Access Policies, Access Policy Chain, ACI, ACI Tutorial, Cisco | Tagged , | Comments Off on Foolproof Validation of the ACI Access Policy Chain

M6 HyperFlex host with no connectivity to Nexus 9K; Tip for installers

A real show stopper when doing a HyperFlex Edge/No-FI install is the 25G connection between the UCS HyperFlex hosts and the upstream switch, like a Nexus 9K. Here’s how to make it go smoothly.

When connecting Cisco UCS HyperFlex servers with a VIC 1467 interface card to a Nexus 9k, you need to take care that the FEC mode is correct. So after completing the cabling and before you even try to begin your install, check the CIMC via the CIMC UI and look at the External Ethernet Interfaces.  If all interfaces are in a Link down state, as shown below, toggle the FEC mode to CF74 on the connected interfaces.

Posted in GNS3 WorkBench | Comments Off on M6 HyperFlex host with no connectivity to Nexus 9K; Tip for installers

Change from US to UK date format in the vSphere Client — Define The Data Centre

If you’ve found yourself double guessing and still not being sure what date you’re actually looking at in the vSphere client then this post is for you. We’re going to change the US date format MM/DD/YYY to DD/MM/YYYY in Chrome but it also works for Firefox and Edge too. The default setting in when logged […]

Change from US to UK date format in the vSphere Client — Define The Data Centre
Posted in GNS3 WorkBench | Comments Off on Change from US to UK date format in the vSphere Client — Define The Data Centre

HyperFlex’s new snapshot mechanism matters. Here’s why, and what Cisco forgot.

It all become possible when in ESXi v7.0U2, VMware introduced a new parameter for VMs called snapshot.alwaysAllowNative. Then, with HyperFlex v4.5(2), Cisco took advantage of this new parameter to remove the biggest bugbear of all HyperFlex installations. The SENTINEL snapshot.

The short story

Before HyperFlex Data Platform (HXDP) v4.5(2), HyperFlex used VMware APIs to create an initial snapshot in native format because this format is much more efficient when combined with HyperFlex’s pointer-based log structured file system.  This snapshot was always given the special name SENTINEL, but it took some time to create and always consumed a little extra space if it was not deleted later. And if it was deleted, there was always a chance that a VMware REDO snapshot would be taken, and the efficiencies of the HyperFlex pointer-based log structured file system would be compromised.

Now, with with HyperFlex v4.5(2), coupled with ESXi v7.0U2 the HXDP only needs to set a parameter on the VM – the snapshot.alwaysAllowNative parameter. Much more efficient and far less prone to error.  It is much faster now for backup software to take snapshots and there is no potential residual space wasted.

But the old problem of a VMware REDO snapshot being taken still exists, and unfortunately, when Cisco adapted this new approach, they dropped the ball when it came to management options in the HyperFlex Connect management app, the VMware HyperFlex plugin, the HyperFlex CLI and on the Intersight SAS platform.  None of these management systems has any ability to allow users to see which VMs have the snapshot.alwaysAllowNative parameter set, and none of them has any ability to set the parameter.

I’m calling on Cisco to add these options ASAP.  Previously it was relatively simple to see if a VM had a SENTINEL snapshot – you just needed to look at the Snapshots tab for a VM. Now you have to navigate at least six mouse-clicks to check for the snapshot.alwaysAllowNative parameter in a long list of other parameters.

In the meantime, I’ve created a bunch of PowerCLI scripts you can use to:

  • List all the VMs that have the snapshot.alwaysAllowNative parameter set to TRUE
  • List all the VMs that have the snapshot.alwaysAllowNative parameter set to FALSE
  • List all the VMs that do not have the snapshot.alwaysAllowNative parameter at all, with an option to
    • Set the snapshot.alwaysAllowNative parameter to TRUE on these VMs

These scripts are found at the end of this article.

The full story. Let’s start with: Why does it matter?

Before I can explain WHY it matters, you need to understand a little more about VMware snapshots, and in particular, the Native snapshot, and how it is different to the regular REDO snapshot.

First of all, snapshots matter because all backup and replication software do their work by first taking a snapshot of any running VM – it’s pretty obvious that you can’t backup a running VM while it is potentially writing to disk. The solution is to take a snapshot, copy the snapshot then delete it. Simple.

Secondly, you need to understand that VMware has not always created snapshots the same way.  Today, VMware snapshots are based on a collection of deltas from an initial base, known as REDO files. But in the distant past a snapshot was simply a copy of the .vmdk file that was the VM.  Hence the name the native snapshot. This snapshot of course doubled the amount of disk space required for the VM in the VMware NFS file system, but it turns out that this is an ideal format for snapshot files using HyperFlex’s log-structure pointer based file system which, instead of making a copy of a VM when a native snapshot is taken, makes a copy of the pointers instead. No additional disk space needed! Very cool. Very efficient. And very much suited to a Hyper-Converged Infrastructure (HCI).

But there’s a problem.

The writers of the HyperFlex Data Platform (HXDP) had to come up with a way of forcing VMs to create snapshots in the original native format rather than the normal REDO format.  And the way they did this originally was when a snapshot was created via the HXDP rather than using the normal VMware methods, HyperFlex made use of APIs to create the first snapshot in native format and gave it a special name – SENTINEL.

Once a VM had one snapshot in the original native format, VMware would create any future snapshots in native format as well, for compatibility.

Now the problem is that if a VM has had a normal VMware REDO snapshot taken before the SENTINEL had been created, or after the SENTINEL had been removed, the HXDP can’t take a native format snapshot.  And that problem still exists today, even with the new snapshot.alwaysAllowNative parameter.

Missing in Action – Cisco Management Tools

It has been common practice for HyperFlex users to create an initial SENTINEL HyperFlex snapshot as soon as they deploy a VM to ensure that their integrated backup software would be able to make use of the more efficient pointer-based log-structured files system when backing up VMs.

But there was a disadvantage to this approach – over time, the SENTINEL would contain data that belonged to the originally deployed VM that was now out of date, which was fine should you ever wish to revert to the original state, but if you were getting short on space, it meant that at least a small amount of space was been reserved for an unlikely event – remembering you’d likely have a backup of the original file should you need it.

The advantage though was that you could easily check to see if a VM had a SENTINEL snapshot, you just had to click on the Snapshot tab for the VM

But with the new more efficient snapshot.alwaysAllowNative parameter, checking if the parameter is set is much harder.

 

That’s 8 clicks and two scrolls by the time you are done! And the visual challenge of finding the parameter in that long list is just not easy.

Why didn’t Cisco add a Native Snapshots column to the VM list in HyperFlex Connect, or perhaps better still a symbol like a * in the Snapshot column to indicate that the VM had been configured for native snapshots?

And why is there no Action option to set a VM (or group of VMs) snapshot.alwaysAllowNative parameter to TRUE?

And I’d expect these options to be also available in Intersight, on the right-click menu in vCenter (via the plugin) and even would be nice to have some vm options in the HyperFlex Connect Web CLI – such as stcli vm list (which I’d expect to list the snapshot.alwaysAllowNative parameter among other useful information) and stcli vm [(--id ID | --name NAME)] set snapshot.alwaysAllowNative

Now I’m hopeful that Cisco cares enough about their User Interface to actually repair this oversight. And I was prepared to forgive the initial release. But the urge to write this article came when I recently upgraded our lab cluster to HXDP v5.0.  I really expected these features would have been attended to. But I was sadly disappointed.

So while waiting for Cisco to actually fix this faux pas, I’ve written some PowerShell CLI commands that will help you in the meantime. Feel free to cut and paste from below.

RedNectar

The PowerCLI Scripts

To use PowerCLI scripts you need to have installed PowerShell Core for your OS (Windows usually comes with PowerShell installed) then from the Powershell CLI, install the VMware PowerCLI Powershell modules like this:

Install-Module -Name "VMware.PowerCLI" -Scope "CurrentUser"

Next, you connect to your HXDP vCenter – but if you don’t have valid certificates on your vCenter, fist do this

Set-PowerCLIConfiguration -InvalidCertificateAction:Ignore

And when you connect to vCenter, it should look something like this:


PS /Users/rednectar> Connect-VIServer -Server vca.your.domain.dns
Specify Credential
Please specify server credential
User: admin@your.domain.dns
Password for user admin@your.domain.dns: *********
Name                Port User
----                ---- ----
vca.your.domain.dns 443  YOUR.DOMAIN.DNS\admin

And now you can issue the following command to perform the following functions:

  • List all the VMs that have the snapshot.alwaysAllowNative parameter set to TRUE

Get-VM  |
 where {$_.Name -notlike "vCLS*"} |
 where {($_.ExtensionData.Config.ExtraConfig |
 where {$_.Key -match "snapshot.alwaysAllowNative"} |
 where {$_.value -eq $true})} |
 select @{N="VMs using Native Snapshots";E={$_.Name}}

  • List all the VMs that have the snapshot.alwaysAllowNative parameter set to FALSE

Get-VM  |
 where {$_.Name -notlike "vCLS*"} |
 where {($_.ExtensionData.Config.ExtraConfig |
 where {$_.Key -match "snapshot.alwaysAllowNative"} |
 where {$_.value -eq $false})} |
 select @{N="VMs set to NOT use Native Snapshots";E={$_.Name}}

  • List all the VMs that do not have the snapshot.alwaysAllowNative parameter at all

Get-VM |
 where {$_.Name -notlike "vCLS*"} |
 where {!($_.ExtensionData.Config.ExtraConfig |
 where {$_.Key -match "snapshot.alwaysAllowNative"})} |
 select @{N="VMs NOT configured at all for Native Snapshots";E={$_.Name}}

Set the snapshot.alwaysAllowNative parameter to TRUE on these VMs


Get-VM -PipelineVariable vmname |
where {$_.Name -notlike "vCLS*"} |
where {!($_.ExtensionData.Config.ExtraConfig |
where {$_.Key -match "snapshot.alwaysAllowNative"})} |
New-AdvancedSetting -Name snapshot.alwaysAllowNative -value TRUE -Confirm:$false -force |
select @{N="VMs Converted to use Native Snapshots";E={$vmname.Name }}

Posted in Cisco, Hyperflex | Tagged , | Comments Off on HyperFlex’s new snapshot mechanism matters. Here’s why, and what Cisco forgot.

Finding text within a paragraph or word in MS Word

When using wildcards to search for text between two specific markers, MS Word will find those markers and that text no matter how far apart they are.

If you want to restrict the search to finding that text/markers within a word or a paragraph, you need to be a bit clever about how you search, and think in the negative.

Find within a word

In my case, I wanted to find any place where I had used two carat characters (^) in the same unbroken string of characters, and prepend the first of those characters with a backslash. Turns out the replacement was not so easy either.

FWIW – this was the context I in which I was searching. I’ve highlighted the ^ characters for you.

fabric 1101,1201-2202 show lldp neighbors | egrep "Node|-|apic|^Spine|^Leaf"

Spoiler: the result looked like this – which will find text within any word that has two carat characters (^)

So let’s unpack this. The find pattern above is

([!^ ]@^^)([!^ ]@^^)

Firstly, I’ll remove the parentheses – they come into play for the replacement part.  That leaves us with

[!^ ]@^^[!^ ]@^^

The [! ] sequence says NOT a space character.  The @ symbol says “Any number of … non-space characters

Because the carat character is considered a special character in word search and replace, ^^ is actually searching for a single ^ character

So the whole sequence reads:

Find… any number of non-space characters followed by a ^ followed by any number of non-space characters followed by a ^

That’s the “find” part sorted. But why the parentheses?

The thing is, I want to insert a backslash before the first ^ character, so I have to group by search with () – the first group being all the characters up to, but not including the ^ character. ([! ]@) and the second group being the rest. (^^[! ]@^^)

Which gives us the find pattern as shown above. ([! ]@)(^^[! ]@^^)

The next problem is the replacement part.  For that I use the special MS Word tags \1 and \2 which correspond to the first and second search groups respectively.  But that causes another problem – I actually want to USE a backslash character in my replacement string – and of course it too is a special character. So you’d think, using the logic that if ^^ finds a single ^, then ^\ (or even \) would do in the replacement section to insert a backslash.

But also no. Instead, you need to flash back to when you memorised the set of ASCII characters and remember that the \ character is character number 92

So now I can specify that my replacement string is

\1^92\2
Nerd tip: If you want to find repeating patterns in MS Word, you can use the \1 construction in the search for box to, so searching for ( the)\1 would find all occurrences of the word sequence ” the the”

OK. So that will work fine so long as my two carat characters don’t have any spaces between them.  But what about if my source text was a little less concise, with spaces between the target carat characters like:

fabric 1101,1201-2202 show lldp neighbors | egrep "Node|-|apic|^Spine| ^Leaf"

Find within a paragraph

The logic is exactly the same, except this time I need to search for “anything that is NOT a paragraph marker.

MS Word uses the special combination of ^p to mean “paragraph marker” – but it is NOT available when using wildcards!  Instead, I have to go back to that wonderful ASCII set and remember that a CR (carriage return) character is number 13.

So now I can search for “any number of non-CR characters followed by a ^ followed by any number of non-CR characters followed by a ^” using the following sequence.

[!^13]@^^[!^13]@^^

RedNectar

You don’t need to read why I was doing this.

I’m in the process of converting some documents to asccidoc.

In asciidoc, the ^ characters are used to delimit superscript, so my original line of

fabric 1101,1201-2202 show lldp neighbors | egrep "Node|-|apic|^Spine|^Leaf"

is rendered in asciidoc format as

fabric 1101,1201-2202 show lldp neighbors | egrep "Node|-|apic|Spine|Leaf"

I needed to “escape” the leading ^ character for it to render correctly.

I this site a great help when figuring this out https://wordmvp.com/FAQs/General/UsingWildcards.htm

RN

Posted in Microsoft, Microsoft Word, MS Word Tips | Tagged , , , | Comments Off on Finding text within a paragraph or word in MS Word

Are Interface Descriptions in ACI using magic?

When you add a description to an interface in ACI, the eye of Sauron blinks and unexpected things happen. But is this magic?

I fell into this rabbit hole (or should I say hobbit hold?) when answering this question on the Cisco Community forum, and now I’ll give you the short(er) story.

In a nutshell

There are three ways to put a Description on and Interface in ACI

  1. You enter directly it under the Fabric > Inventory path
  2. You create an Interface Override for the interface and add it there – it automagically appears on the Physical Interface description under the Fabric > Inventory path
  3. You add a description to the Access Port Block for the Interface Selector for the relevant Interface Profile, where again it mysteriously appears in the Physical Interface description under the Fabric > Inventory path

It turns out

  • 1. and 2. are closely related. Change one, and you change the other.
    • If you delete the override object, the description on the interface is deleted also
    • If you EDIT the override object, the description on the interface is edited also
    • If you create your own override object with a Description, the description also appears on the interface
  • IF a Description is assigned to an Access Port Block for the Interface Selector for the relevant Interface Profile 
    • AND there is no relevant Interface Override for that port
    • AND the Interface Selector is linked to an Interface (Access Port) Policy Group
  • THEN the description is copied to the Physical Interface description

If you want more detail, read on.

To Begin…

If a user adds a description to an Interface when viewing it from Fabric > Inventory >> Podn > Leafn > Interfaces > Physical Interfaces > eth1/n then it appears as you view that screen, as you would expect.

But something else unexpected happens too. A NEW object is created and buried under  Fabric > Access Policies >> Interfaces > Leaf Interfaces > Overrides > nnn_eth_1_n

Wow. What’s going on here?

The crux of the matter

The Overrides configuration is really just the beginning of the weird background stirrings that go on, but to get to the root of the problem, you need to look more closely at the original screen. In particular, the Distinguished Name (DN) of the interface, which in my case was 

topology/pod-1/node-1201/sys/phys-[eth1/2]

Right-clicking on the interface to view the interface in the object-store browser (visore) reveals that the object belongs to the l1PhyIf class…

…and if you examine the inbuilt documentation for that class, you’ll find…

…that objects of this type are NOT configurable!

So what happens behind the scenes is that when you edit this non-configurable object, ACI hides it away in a place that is configurable – namely (in my example) uni/infra/hpaths-1201_eth1_2/rsHPathAtt-[topology/pod-1/paths-1201/pathep-[eth1/2]] which, as you can guess is the DN of the Override I illustrated earlier. 

It turns out that:

  • If you delete the override object, the description on the interface is deleted also
  • If you EDIT the override object, the description on the interface is edited also
  • If you create your own override object with a Description, the description also appears on the interface

But this is only HALF the story. And here is where the real weird stuff happens.

The real weird stuff

If the interface has NO override, and therefore no description appearing on the Physical Interface, then a description added to the Access Port Block for the Interface Selector for the relevant Interface Profile can also appear as the description on the physical interface – BUT NOT SO FAST.

The description DOESN’T appear on the Physical Interface until an Interface Policy Group is assigned.  Once an Access Policy Group has been allocated to the interface, the description then magically appears on the Physical Interface Description.

Duel to the death!

Now if there are TWO ways of getting a description into the Physical Interface Description, which one wins?

The only way to find out is to set up a duel!  Perhaps not quite Éowyn vs Witch King proportions, but let’s find out.

LOTR Éowyn vs Witch King of Angmar

Image from Lord of the Rings: The Return of the King. GIF image from Streamerclips.com

Round 1:

  1. Create an Interface Description via the Access Port Block 
  2. Edit the description via the Physical Interface page under the Inventory

Result:

  1. A NEW Override object is created to hold the edited description
  2. The Interface Description under the Access Port Block remains unaltered

Round 2:

  1. Delete the new Override object created in Round 1,
  2. and observe the results

Result:

  1. The Physical Interface description under Inventory is deleted
  2. The Interface Description under the Access Port Block remains unaltered

Round 3:

  1. Disassociate the Interface (Access Port) Policy Group from the Interface Selector
  2. Re-associate the Interface (Access Port) Policy Group with the Interface Selector
  3. and observe the results

Result:

  1. The Physical Interface description under Inventory is updated with the Access Port Block description
  2. The Interface Description under the Access Port Block remains unaltered

It appears that the Override object is playing Éowyn’s part for this duel, while the Access Port Block represents the hapless king.

But the good new is that even if the duel is lost, the description in the Access Port Block remains even if the other description is changed or removed.

Or more simply:

  • IF a Description is assigned to an Access Port Block for the Interface Selector for the relevant Interface Profile 
    • AND there is no relevant Interface Override for that port
    • AND the Interface Selector is linked to an Interface (Access Port) Policy Group
  • THEN the description is copied to the Physical Interface description

Summary

There are three ways to put a Description on and Interface in ACI

  1. You enter directly it under the Fabric > Inventory path
  2. You create an Interface Override for the interface and add it there – it automagically appears on the Physical Interface description under the Fabric > Inventory path
  3. You add a description to the Access Port Block for the Interface Selector for the relevant Interface Profile, where again it mysteriously appears in the Physical Interface description under the Fabric > Inventory path

It turns out

  • 1. and 2. are closely related. Change one, and you change the other.
    • If you delete the override object, the description on the interface is deleted also
    • If you EDIT the override object, the description on the interface is edited also
    • If you create your own override object with a Description, the Description also appears on the interface
  • IF a Description is assigned to an Access Port Block for the Interface Selector for the relevant Interface Profile 
    • AND there is no relevant Interface Override for that port
    • AND the Interface Selector is linked to an Interface (Access Port) Policy Group
  • THEN the description is copied to the Physical Interface description

RedNectar

Posted in Access Policies, ACI, ACI API, Cisco | Tagged | Comments Off on Are Interface Descriptions in ACI using magic?

Hyperflex Post Install script fixer

UPDATE: HyperFlex v5.01b HAS FIXED THIS PROBLEM – Do not run this fixer if you are installing 5.01b or later. Somebody at Cisco must have read this blog!

I was shocked the other day to learn that the hx_post_install script that is used during the Cisco HyperFlex install process does NOT work the way it should.

In fact, the validation option is a complete waste of time (if working with M5 servers, which is probably 90% of installations), as I reported here.

To fix it, I could create a new copy of the script and give that to you, and you could copy that to your HyperFlex Storage Controller VM, but that’s a pain. Instead, I’ve decided to give yo a few commands to run that you can cut and paste into a command shell to fix the problem – or at least work around the problem until Cisco fixes it. To ease the pain, all you need do is cut-and-paste the following into your ssh session on the storage controller – IF you have blind faith in my skills. Otherwise, you might want to go through it step-by-step, so you understand it.

Non-nonsence cut-and-paste answer

Cut-and-paste the following into your ssh session on the storage controller. (Note: With  HX v4.5(2) and later, run this script from the Hyperflex Installer VM – it can’t be run from the storage controller VM because Cisco has restricted access to the root system on the SCVM in 4.5(2+)

cp $(which hx_post_install) .
sed -i 's/vmnic1/rednectar4/g' hx_post_install
sed -i 's/vmnic2/rednectar1/g' hx_post_install
sed -i 's/vmnic3/rednectar5/g' hx_post_install
sed -i 's/vmnic4/rednectar2/g' hx_post_install
sed -i 's/vmnic5/rednectar6/g' hx_post_install
sed -i 's/vmnic6/rednectar3/g' hx_post_install
sed -i 's/rednectar/vmnic/g' hx_post_install
sed -i 's/and args.validate//' hx_post_install
sed -i "s/Select post_install/***RedNectar's Updated hx_post_install script M5 modifications have been applied.***\\\nSelect post_install/" hx_post_install
sed -i 's/SCRIPT_VERSION = "4.0"/SCRIPT_VERSION = "4.1 RedNectar"/g' hx_post_install
echo "To run the modified script, type: ./hx_post_install --validate"

Full-blown answer

The first step after establishing an ssh session to a storage controller VM (or installer VM – esp v4.5(2+) ) is to locate the hx_post_install script

admin@hxscvm1:~$ which hx_post_install
/bin/hx_post_install

Using the result of the output above, copy the script to your admin home directory (where you land when you start your ssh session) and check that it exists.

admin@hxscvm1:~$ cp /bin/hx_post_install .
admin@hxscvm1:~$ ls -lh
total 92K
-rwxr-xr-x 1 admin springpath 92K Sep 17 10:42 hx_post_install

Notes:

  • Don’t miss the period at the end of the first line.
  • If you wanted to be fancy, you could combine step 1 &2 with:
    cp $(which hx_post_install) .

Now comes the bits where you manipulate the copy of the file using sed.  Basically, you have to swap the vnic names from the order used in the old M4 servers to the new order used by the M5 servers according to the table below:

vSwitch M4 vmnics used M5 vmnics used
vswitch-hx-inband-mgmt vmnic0 vmnic1 vmnic0 vmnic4
vswitch-hx-storage-data vmnic2 vmnic3 vmnic1 vmnic5
vswitch-hx-vm-network vmnic4 vmnic5 vmnic2 vmnic6
vmotion vmnic6 vmnic7 vmnic3 vmnic7

The problem is of course that if you replace say vmnic1 with vmnic4, when you later replace vmnic4 with vmnic2, you’ll be replacing the things you just replaced, so you need a double pass over the file.  Since I’m pretty sure the word rednectar does not occur in Cisco’s script, I’ll use that character pattern as a temporary placemarker for the word vmnic and then replace all occurrances of rednectar with vmnic at the end.

admin@hxscvm1:~$ sed -i 's/vmnic1/rednectar4/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/vmnic2/rednectar1/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/vmnic3/rednectar5/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/vmnic4/rednectar2/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/vmnic5/rednectar6/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/vmnic6/rednectar3/g' hx_post_install
admin@hxscvm1:~$ sed -i 's/rednectar/vmnic/g' hx_post_install

Now that should take care of the bug – but there is one more annoying flaw with the script that I’d like to clean up too.  And that is the fact that if you run the script without using the –validate option, it still asks you if you want to run a health check – BUT THEN DOESN’T DO THE MTU check.

So, to make the script ship-shape, add one more change to remove the logic that skips the test if the –validate argument was not specified:

admin@hxscvm1:~$ sed -i 's/and args.validate//' hx_post_install

Great, but you’ll also want to know you are running a version of the script that has been updated, so finish with:

admin@hxscvm1:~$ sed -i "s/Select post_install/***RedNectar's Updated hx_post_install script M5 modifications have been applied.***\\\nSelect post_install/" hx_post_install
admin@hxscvm1:~$ sed -i 's/SCRIPT_VERSION = "4.0"/SCRIPT_VERSION = "4.1 RedNectar"/' hx_post_install

And you are ready to run, BUT you’ll need to be careful that you run the copy that you’ve just edited, so in the same directory, instead of issuing the command hx_post_install, you’ll need to put the location path (i.e. ./) as part of the command – so enter:

admin@hxscvm1:~$ ./hx_post_install
***RedNectar's Updated hx_post_install script M5 modifications have been applied.*** Select post_install workflow- 1. New/Existing Cluster 2. Expanded Cluster (for non-edge clusters) 3. Generate Certificate Note: Workflow No.3 is mandatory to have unique SSL certificate in the cluster. By Generating this certificate, it will replace your current certificate. If you're performing cluster expansion, then this option is not required.

And of course, from now on you can just use the modified script by typing ./hx_post_install at the admin@hxscvm1:~$ prompt.

WARNING: If you started your session to the cluster IP address, then you need to remember which controller VM actually serviced your session, and make sure you have a session with the same controller VM before you try the ./hx_post_install version of the command.

Happy HX Installing

RedNectar

 

Posted in Cisco, Hyperflex | Tagged | Comments Off on Hyperflex Post Install script fixer

Webex multi-screen support – where is it Cisco?

This is a reprint (with pictures) of an idea I submitted to Cisco – please support and vote for it after clicking this link.

Many Webex users have multiple screens, yet Webex fails to make use of this beyond the ability to share one of those screens – at least in Webex (Teams) and Webex Meetings – last time I checked in the obsolete Webex Training not even that was available.

The takeaway

I’d like Cisco to move to a default two window model when screen sharing is active. For the presenter, one “window” would be the screen being shared. And ALL the pesky panels in a SINGLE window that can be managed as a single unit and remember where it lives when screen sharing stops. For the viewer, one window for the screen being shared and one for the collection of other panels.


In this discussion, I am writing from the Webex Meetings experience, but probably the ideas are applicable on other variations. I’m also writing from the point of view of a macOS user – there may be some variations tot Webex behaviour in other versions. Now there are MANY ways and instances where this could be implanted, but I wish to fist make the distinction between a Presenter who is sharing a screen, and a Participant, who is juggling trying to view that screen while keeping track of chats, Q&A etc.

The Presenter – the person SHARING a screen.

For the Presenter, when I share my screen, I need to option to create a panel window. – or the option to NOT use a panel window and put up with what we have now – floating windows covering your shared screen until you move them. (I have 3 screens, some colleagues have more)

This is my shared screen. I want to move ALL those overlay panels into a single window

The panel window should show ALL the other panels: the participants video feeds, the chat, the Q&A etc ALL in a single window that can be maximised (or not) and NOT appear over the top of every window in every space (currently, if i open say the chat window and move it to my second screen, it sits in from to all other content on that window, and EVEN WHEN I SWAP TO ANOTHER SPACE it STILL sits on top of the windows on THAT other space (Windows users may not understand spaces, but macOS users will).

My second screen cluttered with multiple pesky panels

If I wanted that window to be in all spaces, I’d CHOOSE to make that window available on all desktops!

So please don’t force your screen onto every desktop unless I choose!

But I digress – back to the proposed panel window

This Panel Window should remember its settings, so it the presenter STOPs sharing a screen, but later resumes sharing, the Panel Window should remember how it was set up last time. I envisage that the panel window would have many options for showing, hiding, focusing on speakers etc

So to recap – I’d like all my floating panels in ONE SINGLE window, and only appear on one desktop (unless I choose to show on all desktops). Something like this:

This is my mock-up of how a second window might look.

This is a mock-up of how I MIGHT arrange the panels on my second screen, I’d envisage that the second secret would be something like the current Participant’s screen but without the shared screen.

AND I’d like Webex (Meetings) to remember this layout should I stop sharing and then start sharing again.

If another person is talking, I’d particularly like that person’s image (or video if they are using it) to dominate (and show their name) something like above (where I’ve had to ADD the name under the picture – I want the name there even if the video is on)

The Participant – the person viewing the shared screen

Now Cisco has made some great improvements with the experience for the viewer in terms of the options for layouts. But still no support for a second screen.

Why can’t a participant move the presenter’s shared screen to another monitor?

Why can’t a participant move the bit that is being shared to another screen, and have Webex support two windows, like what I’ve described above for the presenter?

Cisco – please improve your support for multi-screen layouts. We have moved to a world of working from home where MANY people have to put up with this day in and day out. It is So frustrating being forced to use Webex when there are so many limitations.

RedNectar

Posted in Cisco, Webex | Tagged , , | Comments Off on Webex multi-screen support – where is it Cisco?