cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Incorrect results running CLI script in parallel in VSX

We have some SSH expert mode bash scripts that run against large VSX deployments, and, for various reasons, we've been trying to speed up the runtime of these scripts. One thing we've tried is executing a script in parallel. E.g.,

vsx stat -l | awk '/^VSID:/{ print $NF }' |
xargs -n 1 -P 4 -I{} bash -c 'id={}; result=`source /etc/profile.d/vsenv.sh; vsenv $id && ifconfig`; echo "$result"'

xargs options:
-n max args
-P max procs
-i --> -i{} -- in the following command to xargs, for each line of input from stdin, replace {} with that input.

I.e., we use vsx stat -l to extract the VSID, then for each VS, we execute ifconfig and dump the result.

It's really fast, but we see some incorrect results: ifconfig reports the same IP for each interface in each VS; if we run it serially, we get correct output.

We're suspecting that this 'initialization' of the bash environment, bash -c 'id={}; result=`source /etc/profile.d/vsenv.sh...' isn't creating a "complete" Check Point shell environment (like the one you'd get if you SSH'd in). Just a guess.

Anyone have suggestions on how to properly initialize the shell? Any other ideas?

Tags (2)
0 Kudos
3 Replies

Re: Incorrect results running CLI script in parallel in VSX

In addition to the question, could it be related to how Linux VRF for VSX was implemented? 

0 Kudos
Admin
Admin

Re: Incorrect results running CLI script in parallel in VSX

Note that a VS is not fully isolated from other VSes (to Michael Rolbin‌'s point).

It's possible this could change in the future, but it's true as of R80.10.

That said, assuming xargs spawns unique processes, I would think sourcing that particular script would work properly.

0 Kudos

Re: Incorrect results running CLI script in parallel in VSX

Your bash script is a little bit complicated.

More elegant solution:

Command "show interface <interface.vlan>" from clish has great "feature" that it will show you on which vs instance particular VLAN is configured. Just grep it before XY lines (grep -B 5) and you have all interfaces configured on specifix vsid.

Kind regards,
Jozko Mrkvicka