Tuesday, January 23, 2018

Cisco Prime Infrastructure - templates and compliance

So I have been working on a few things with PI recently, and was hoping to see what others have been doing in this area... possibly of there is interest I could post some of what I have done!

We use PI for configuration pushes now, and are about to start ramping up on our use of the compliance module. So first, how do you structure your compliance policies and profiles? I am in 2 minds, as to whether to break it out with a policy for each configlet like in the templates and use the profiles in a similar way to composite templates, or just build a single policy for each device type/role.

Second, any good tips for either config templates (Apache VTL) or compliance policies? Things that are not immediately obvious, but worked well for a specific problem?

And third, I have a few (very basic and likely bug ridden) python scripts that can take a configuration template and turn it in to a policy that can be imported in Prime. If there is interest in that, I'd be happy to clean it up and share it with the community. It has some caveats, but broadly works well enough for most templates we have created.



No comments:

Post a Comment