Drift is calculated by comparing the settings on the device and the global security settings as these settings are the user intended settings that must be available on the system. SSH server restarts whenever applicable.
| Identify Drift | Reconcile configuration | Idempotency |
|---|---|---|
| Yes | Yes | Yes |
(efa:extreme)extreme@tpvm:/opt $ efa inventory drift-reconcile detail --uuid 3d073e9c-879f-4db7-9ab9-852c3f669d51 +--------------------------------+--------------------------------------+ | NAME | VALUE | +--------------------------------+--------------------------------------+ | UUID | 3d073e9c-879f-4db7-9ab9-852c3f669d51 | +--------------------------------+--------------------------------------+ | Device IP | 10.x.x.x | +--------------------------------+--------------------------------------+ | Status | success | +--------------------------------+--------------------------------------+ | Execution Reason | manual | +--------------------------------+--------------------------------------+ | operation | drift-and-reconcile | +--------------------------------+--------------------------------------+ | Inventory Status | inventory-dr-success | +--------------------------------+--------------------------------------+ | Is Inventory config Refreshed | true | +--------------------------------+--------------------------------------+ | Inventory Duration | 15.586983384s | +--------------------------------+--------------------------------------+ | Fabric Status | fabric-dr-success | +--------------------------------+--------------------------------------+ | Is Fabric config Refreshed | false | +--------------------------------+--------------------------------------+ | Fabric Duration | 121.479233ms | +--------------------------------+--------------------------------------+ | Policy Status | policy-dr-success | +--------------------------------+--------------------------------------+ | Is Policy config Refreshed | false | +--------------------------------+--------------------------------------+ | Policy Duration | 88.764104ms | +--------------------------------+--------------------------------------+ | Tenant Status | tenant-dr-success | +--------------------------------+--------------------------------------+ | Is Tenant config Refreshed | false | +--------------------------------+--------------------------------------+ | Tenant Duration | 49.042052ms | +--------------------------------+--------------------------------------+ | Device Update Count | 2 | +--------------------------------+--------------------------------------+ | Device Update Total Duration | 2m34.074986291s | +--------------------------------+--------------------------------------+ | Maintenance Mode Disable | | | Duration | | +--------------------------------+--------------------------------------+ | Start Time | 2022-09-19 20:25:47 +0530 IST | +--------------------------------+--------------------------------------+ | Last Modified | 2022-09-19 20:29:16 +0530 IST | +--------------------------------+--------------------------------------+ | Duration | 3m29.931352961s | +--------------------------------+--------------------------------------+ Inventory Service Response: Config Drift: Device Secure Settings +------------------------+---------------+--------------------------------+ | NAME | APP STATE | CHILD CONFIG | +------------------------+---------------+--------------------------------+ | Device Secure Settings | cfg-refreshed | Secure Setting Max Password | | | | Age | +------------------------+---------------+--------------------------------+ Reconcile Status: +-------------------+---------------+---------------+ | CONFIG-TYPE | APP STATE | ERROR-MESSAGE | +-------------------+---------------+---------------+ | NtpAuthKey | Not-Attempted | | | SnmpHost | Not-Attempted | | | MMOnReboot | Not-Attempted | | | InterfaceConfig | Not-Attempted | | | SnmpUser | Not-Attempted | | | DeviceTimezone | Not-Attempted | | | ThresholdMonitor | Not-Attempted | | | SecureSetting | Success | | | NtpDisable | Not-Attempted | | | SnmpView | Not-Attempted | | | SnmpGroup | Not-Attempted | | | DeviceSetting | Not-Attempted | | | NtpServer | Not-Attempted | | | SnmpCommunity | Not-Attempted | | | BreakoutInterface | Not-Attempted | | +-------------------+---------------+---------------+ Fabric Service Response: Policy Service Response: Tenant service Response: --- Time Elapsed: 75.311491ms ---
The following table describes scenarios for the device secure settings:
| Scenario | Secure Settings | Device Config |
|---|---|---|
| Fresh installation of EFA | Enabled (Default) | Applied on device registration |
| Fresh installation | Disabled | No settings are applied during registration |
| Upgrade from prior releases. Security hardening configuration is executed on the device with same configuration as the default settings in EFA. | Enabled (Default) | Device update will result in cfg-in-sync
|
| Upgrade from prior releases. Security hardening configuration is executed on the device with different configuration than the default settings in EFA. | Enabled (Default) | Device update will result in cfg-refresh
|
| Upgrade from prior releases. No security hardening configuration is executed on the device. | Enabled (Default) | Device update will result in cfg-refresh |
| Upgrade from prior releases | Disabled | Device update will result in cfg-in-sync |