Re: Skyline - Full reset of Config Script

David_Evans

I have been running skyline for nearly 2 years now and so have configured it several ways as the SK's and admin guides have changed over time. I have been seeing several of the firewalls and MLM / MDS boxes disappear from skyline in the various ways that the checkmates threads have been bringing up over the last few months (as well as a few others).

This is my "clear everything from the config, regardless of how it was originally configured, and how many different ways it was configured over time without resetting the config in between.... " script.

This has taken care of 95% of my disappearing devices since the first of the year.

I'll let someone from Checkpoint chime in if its doing something bad, but it runs every clear / wipe / reset command that I have found from the various SK's and Checkmates threads all in one script. It is likely overkill, but I was tired of figuring out which config command was run on which firewall at what time so this seems to cover all the bases for me.

Doing the reset and then using the newest "sklnctl export --set" command to configure as a fresh device, seems to help the stability greatly.

My only note is, on Maestro devices, wait 5 -10 mins before running your new setup script so that the configuration, or lack there of, gets copied to all the members. On non maestro boxes you can pretty much attach your setup script right to the end.

Change the .json file name and path to match your config(s).

/opt/CPotelcol/CPotelcolCli.sh set_dynamic_config "$(cat /opt/CPotelcol/config.json)"
rm /home/admin/payload-no-tls.json
touch /home/admin/payload-no-tls.json
/opt/CPotelcol/REST.py --set_open_telemetry "$(cat /home/admin/payload-no-tls.json)"
{
echo '{'
echo '"enabled": true,'
echo '"export-targets": {'
echo '"rebase": ['
echo '{'
echo ' "enabled": true,'
echo ' "type": "prometheus-remote-write",'
echo ' "url": "http://1.1.1.1:9090/api/v1/write"'
echo '}'
echo ']'
echo '}'
echo '}'
} > /home/admin/payload-no-tls.json
sklnctl export --set "$(cat /home/admin/payload-no-tls.json)"
rm /home/admin/payload-no-tls.json
/opt/CPviewExporter/CPviewExporterCli.sh stop
/opt/CPotelcol/CPotelcolCli.sh stop
cpview -a off

Elad_Chomsky

Hi @David_Evans ,

We have added the 'rebase' operation as a hidden flag - to do a total reset of the configuration. This should be used in emergency cases.

In general we are aware of a known issue with MLM/MDS and CPView - and are working to push a fix to the jumbo during Q1/Q2 of 2025.

/opt/CPotelcol/CPotelcolCli.sh set_dynamic_config "$(cat /opt/CPotelcol/config.json)" - This can be skipped. ( done in 'rebase' already ).

In Maestro, the configuration can be a bit more complex due to the sync mechanism, my recommendation is to run the rebase operation using g_all. No need for the stop commands at the end, for the Skyline components. By default it will be run as part of the sklnctl operation. CPView stop/start is only needed in cases of problems in CPView - Summing it up:

1) Identify the current problem - Run 'cpview -m' and check it the command "/opt/CPotelcol/GetOTDynamicConfig.sh | jq . " is failing.

2) In case of CPView problems, run 'kill -9 $(pidof cpviewd); sleep 120; cpview -a off; cpview -a on'

2) In case of Skyline problems, Run -
/opt/CPotelcol/REST.py --set_open_telemetry "$(cat /home/admin/payload-no-tls.json)"
{
echo '{'
echo '"enabled": true,'
echo '"export-targets": {'
echo '"rebase": ['
echo '{'
echo ' "enabled": true,'
echo ' "type": "prometheus-remote-write",'
echo ' "url": "http://1.1.1.1:9090/api/v1/write"'
echo '}'
echo ']'
echo '}'
echo '}'
} > /home/admin/payload-no-tls.json
sklnctl export --set "$(cat /home/admin/payload-no-tls.json)"

To force configuration reset.

Are you a member of CheckMates?

Skyline - Full reset of Config Script