Page MenuHomePhabricator

Juniper network device audit - all sites
Open, HighPublic

Description

This task will cover/track the auditing of all Juniper network devices in our inventory for both support contract info (in netbox, will have new support contract ID for 95% of them once T207198's order is complete) and the location on the Juniper Entitlement Report (many devices show SF office for site, others show wrong sites, each should be updated to the actual location they live at.)

This audit shouldn't start until after the support renewal goes through, so to reduce duplicated efforts/updates.

Event Timeline

RobH triaged this task as High priority.Jan 15 2019, 5:51 PM
RobH created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 15 2019, 5:51 PM
RobH renamed this task from network device audit to Juniper network device audit - all sites.Jan 15 2019, 5:51 PM

I was looking at FY19-20 CapEx planning and ran an export of the Entitlement Report from Juniper's website. The output is... not very close to the truth. There are serial there that do not match any of our gear, there are devices with serial numbers that do not match anything we have, plus the locations are all weird and wrong...

Is it difficult to fix this? Also, T183479 is probably a subset of this task and should be resolved in favor of this one.

faidon removed a parent task: Unknown Object (Task).
faidon merged a task: Restricted Task.

yep! Juniper has been working on it since a few weeks in ticket: 2019-0408-0694
Based on https://docs.google.com/spreadsheets/d/1tJ-mqN4-g_NyvO24pRERxVTbX6AMe6lMG9YcO2840Vg/edit (Tab Final)

faidon mentioned this in Unknown Object (Task).Apr 30 2019, 6:05 PM

This is almost done. They added all the missing devices and almost fixed the "installed at" addresses, got some of them wrong. I followed up with the correct ones.

Update from IRC: Juniper's install base is actually missing a whole lot of our devices (e.g. only lists 9 EX4300s, out of... 52). @ayounsi is asking them, but this clearly needs more work :(

From Juniper:

I am still in the process of changing the installed base address of the serial numbers given.
Furthermore, for the serial numbers that are not showing in MyJuniper account, please be advised that we are currently having a known issue with data flow in MyJuniper and our IT team are still in the process of fixing it.

I wrote a Netbox report to check against Juniper's installed base ( https://netbox.wikimedia.org/extras/reports/juniper.Juniper/ )
Still in review in https://gerrit.wikimedia.org/r/c/operations/software/netbox-reports/+/539192

From that report, 42 devices and 228 FRUs (inventory items) are missing from Juniper's installed base.

I commented on the Juniper case to get those fixed, including the proper addresses

Next step should be:

  • Wait for Juniper to update their DB with the missing serials (note that they properly show up in the entitlement search tool, so they are aware of it in some ways)
  • Evaluate if the above brings new issues
  • Ask Juniper to delete the devices that we no longer have in the DCs

A lot of back and forth with Juniper, current status is:
test_consistency fails 70
test_missing_device_from_installed_base 4
test_missing_inventory_from_installed_base 183

Emailed them so they do the following fixes:

So first 4 devices are missing
[...]
Secondly, some addresses are incorrect:
[...] (15 devices)
Third, 183 FRUs (routing engines, PSUs, etc...) are missing from the Installed base. Let me know if you need the serial numbers in a different format (eg. a list of them alone).
[...]
Last, what is the process to remove items from the installed base? For example devices that we have decommissioned.

There are also some devices with expired support being taken care of in T234265.