How can I compare jinja2 templates with existing configuration files to test for deviation?

0
votes

I am creating jinja2 templates to generate plain text router configurations for a network with 1K+ routers. In the end state, I'll use ansible to push the generated configurations to the router. Building the template is challenging as the configuration files exhibit considerable variation. I believe an iterative approach is needed in which fuzzy matching is performed as the template is refined. Some variation will be eliminated as the final templates are constructed. Necessary variation will be handled using roles, group_vars, and host_vars.

My question is strictly about comparing two text files: one a jinja2 template and the other a configuration file. To simplify the task, I could use only jinja2 variables without any other jinja2 constructs. I am not concerned about validating the configuration. A fuzzy match would occur if both text files are a match with the exception of the jinja2 variables.

I'll give an example that uses a partial configuration for simplicity's sake.

Template:

system {
    host-name {{ hostname }};
    root-authentication {
        encrypted-password "{{ root_password }}"; 
    }
    login {
        user ansible {
            uid 2000;
            class super-user;
            authentication {
                ssh-rsa "ssh-rsa {{ private_key }}"; 
            }
        }
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
}

Existing Configuration:

system {
    host-name router1;
    root-authentication {
        encrypted-password "$1$pRoJeWbG$S.s2PL77OZJ/g.xAQ5d5E/"; 
    }
    login {
        user ansible {
            uid 2000;
            class super-user;
            authentication {
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdOJzdhpjOBm042fykczzPOmDSf98TRaiomT8hGzCJ1svMV/sq9yH2lsY5ixsundWAQHmq6pv78SmFTj8/26UQHoM/pHYYhTyRRWe3g7PJ9NQ+MV+AZ/bnAYX8p8BD6EOudMJHleuCTQ3HJ9F87Mbvtd8W5eXv+qtSr+dTBQSKRJuqMUde+ofrdCYAezFSo87B3s/K4HrlT92D79BfabCztepvCREwOjr9Leppast17HBnbhsHIZBt/VX6oVlZynN7wpyjssbLmu84cCxDNOse0aCG7yddsdQ124asjfvb4lvYqRIgG9S4oMkem8IuiHkRcrVihmdV10TkJ8Puxq/ root@7f826f01cf36"; 
            }
        }
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    } 
}

The example above would be a match. If the configuration did not include the netconf stanza, there would not be a match, and the deviation would be flagged. If the config file included text not in the template, this would also be flagged.

I've experimented with python's fuzzywuzzy module. This solution seems imperfect as additional manual inspection is required.

I could envision a solution using regexes; however, I want to avoid configuration syntax-specific regexes. In other words, I could use the same solution to check for deviation in an nginx config file.

Are there existing python modules that could be used to find deviations as I've defined above? Are there better ways of approaching this problem?

1
pythonansiblejinja2
Instead of parsing configuration files for the sake of parsing configuration files, you should apply the configuration to your build server (that is router) and verify the configuration.techraf
What do you mean by checking compliancy? Could you give some examples?Eddie
I will update the question in response to these comments.Jeff Loughridge

1 Answers

0
votes

If you have the router specific templates from the initial build, you could just render the jinja template to create the router specific configuration file and then do a comparison. This may be more process intensive but would be much simpler to implement.