NSO 4.5

Jan Lindblad · ‎10-09-2017

NSO 4.5 is out!

Read the CHANGES file below. Or click the link below to see NSO 4.5 tagged posts here on the Hub. For example Jacob's series on the new NSO Web UI. More 4.5 news posts are on the way.

https://communities.cisco.com/search.jspa?q=nso-4.5&place=/places/531930&depth=ALL

NSO 4.5 CHANGES file:

NSO-4.5 [October 6, 2017]

==========================

Deprecation notice:

- Toolchain: pyang will be removed from NCS in a

future release. If you need pyang, we recommend that you download the

latest version of pyang from github (https://github.com/mbj4668/pyang).

(Issue tracker: #26851)

Removals:

- ncs: It is no longer possible to upgrade directly from NCS 2.3.x or

older version. If such need exists, the upgrade needs to be done in two

steps: from NCS 2.3.x to NSO 4.4, and then to the desired more recent

version.

- Documentation: The user guide previously mentioned a possibility to

login via JSON-RPC and re-use the resulting session cookie for REST and

RESTCONF requests, this has been removed.

(Issue tracker: #26857)

- Python API: The module _ncs.deprecated.maapi has been removed.

Non-backwards compatible enhancements:

- ncs: The internal representation of leaf-lists has changed. Leaf-lists

now behave similar to lists in terms of operations, i.e., individual

elements can now be created and deleted instead of setting/deleting the

entire leaf-list as a single entity. Attributes can be set on

individual leaf-list elements which removes previous limitations on how

service code can be written allowing individual leaf-list elements to

be shared by multiple services.

= Highlights =

* create(), sharedCreate() and delete() can now be used on individual

leaf-list elements. This affects the following APIs:

* Java

* Python

* JSON-RPC

* Erlang

* C

* Attributes can be set on individual leaf-list elements. It also

means that FASTMAP will store a refcount and a list of backpointers per

individual leaf-list element when service code uses sharedCreate() to

deploy a leaf-list entry.

* NavuLeafList can now be used to manage leaf-list YANG nodes in Java

NAVU API. Please refer to the JavaDoc for com.tailf.navu.NavuLeafList.

* For convenience, previous operations for setting/deleting whole

leaf-lists still exist, but the semantics are somewhat different. In

terms of actual operation these will result in a series of create and

delete operations of leaf-list elements, which will result in a

different view when iterating over a changeset.

* `diffIterate` will report create/delete for leaf-list elements

instead of set/delete for the whole leaf-list (see notes on backwards

compatibility below).

* Data providers will get invocation of

`iterator()`/`existsOptional()`/`create()`/`remove()`/`numInstances()`/

`moveAfter()` data callbacks for individual leaf-list elements instead

of `getElem()`/`setElem()`/`remove()` for the whole leaf-list (see

notes on backwards compatibility below).

* Entries in `audit.log` will now show individual create and delete

for leaf-list elements.

== Migration ==

* While operations for setting/deleting whole leaf-lists still exist,

they should be seen as convenience and be changed in the long run to

the new operations.

* Usage of NavuLeaf for managing leaf-list nodes in Java code should

be replaced by the new NavuLeafList API. Even though NavuLeaf is still

supported for backwards compatibility, but since it relies on

setting/deleting the whole leaf-list operations it should be replaced

in the long run.

* Code doing iteration on changesets, e.g., subscribers need to be

changed to expect create/delete on leaf-list elements. As a stop gap

measure one can use a newly introduced (and deprecated) flag to get the

old behaviour. This change should be minimal, but please note that

there are limitations.

* Data providers need to be changed to expect different data callback

invocations as described above. As a stop gap measure one can use a

newly introduced (and deprecated) flag to get the old behaviour.

== Backwards compatibility ==

Certain operations can be made to run in a backwards compatibility

mode, making them behave as before, i.e., handling leaf-lists as single

elements. The flags for controlling this behaviour are deprecated,

meaning that they will be removed in a future release.

* For the iteration functions in the CDB and MAAPI APIs, the flag

ITER_WANT_LEAF_LIST_AS_LEAF can be used to get the old behaviour, see

the JavaDoc for com.tailf.conf.ConfIterateFlags and

com.tailf.conf.DiffIterateFlags.

* For data providers, annotation @DpFlags(leafListAsLeaf = true) can

be used to get the old behaviour, see the JavaDoc for

com.tailf.dp.annotations.DpFlags.

== Limitations ==

* There is no option to downgrade to a previous version of NSO. See

`ncs-backup(1)` regarding backup procedures.

* CDB subscribers on slaves cannot use the backwards compatibility

flag for iteration.

* If transactions on leaf-lists conflict with each other, iteration

might produce unexpected results due to a set/delete on the whole list

actually being composed of individual create/delete operations.

* At the moment it is not possible to see attributes on leaf-list

elements in CLI using | display service-meta-data. It is possible to

see attributes in XML format using | display xml.

== Examples ==

Several examples have been rewritten to show usages of new interfaces

for leaf-lists. Specific examples to look at might be (under

examples.ncs/getting-started/developing-with-ncs):

* `4-rfs-service`

* `18-simple-service-erlang`

* `23-new-leaf-list-upgrade`

(Issue tracker: #17868, #18557, #18980, #19136, #19177, #20326, #21179,

#24027, #25379, #27130, #27112, #27789, #28594, #28932)

- ncs: Improve consistency and clarity in audit logging.

* Src IP and port, protocol and context have been added to audit log

messages.

* Wording in audit log messages have been changed to be consistent and

clearly differentiate between authentication attempts (and methods) and

the final login result.

* A number of logsyms have changed named or been removed

The following logsyms are new (due to renaming): *

`LOCAL_AUTH_SUCCESS` * `LOCAL_AUTH_FAIL` * `PAM_AUTH_SUCCESS` *

`PAM_AUTH_FAIL` * `EXT_AUTH_SUCCESS` * `EXT_AUTH_FAIL` *

`AUTH_LOGIN_SUCCESS` * `AUTH_LOGIN_FAIL` * `AUTH_LOGOUT`

The following logsyms have be renamed or removed (due to no longer

being used): * `BAD_LOCAL_PASS` * `NO_SUCH_LOCAL_USER` *

`PAM_LOGIN_FAILED` * `PAM_NO_LOGIN` * `EXT_LOGIN` * `EXT_NO_LOGIN` *

`SSH_LOGIN` * `SSH_LOGOUT` * `SSH_NO_LOGIN` * `WEB_LOGIN` *

`WEB_LOGOUT`

- ncs: Input parameters to actions and rpcs are now validated with

respect to all constraints specified in the YANG model. A side effect

of this change is that empty non-'presence' containers in the input are

never passed to the action/rpc implementation, regardless of whether

they were provided in the invocation.

(Issue tracker: #26216, #27243, #27609, #28164, #29275)

- ncs: For devices the with want-reverse=true the reverse diff is now

sent when the device fails in the commit queue.

- ncs: NSO now gives warnings at startup or package reload when it looks

"suspicious", i.e. may break some functionality. Currently the

following scenarios will trigger the warnings, with more scenarios

likely to be added in the future:

- one or more namespaces are removed by the upgrade

- there are source .java files found in the package, but no matching

.class files in the jars loaded by NSO

- there are matching .class files with modification time older than

the source files, which hints that the source has been modified since

the last time the package has been compiled

If a warning has been triggered it is a strong recommendation to fix

the root cause. If all of the warnings are intended, it is possible to

proceed with "packages reload force" command when the upgrade is done

at runtime or --with-package-reload-force flag or

NCS_RELOAD_PACKAGES=force environment variable at startup.

Note that this is not a strict upgrade validation, but only intended

as a hint to NSO administrator early in the upgrade process that

something might be wrong. The usual upgrade procedure must still be

followed as described in NSO Administration Guide -> NSO Deployment ->

NSO system and packages upgrade.

(Issue tracker: #23121)

- ncs: Added /devices/commit-queue/queue-item/failed.

- ncs: NSO now displays the path that is out of sync in the no-overwrite

error message.

- ncs: When doing 'commit dry-run' with native format you can now also

get the reverse operations by adding the commit parameter 'reverse'.

This is the change-set for getting back to the current running state in

the network if the commit is successfully executed. Be ware that if any

changes are done later on the same data the reverse change-set returned

is then invalid.

(Issue tracker: #26955)

- ncs: Added time-based job scheduler suitable for scheduling periodic

background work.

Under /scheduler tasks can be configured to trigger actions on a given

instance. The periodicity of the tasks is configured with standard

Vixie Cron expressions.

For new installations a default task is configured to run the

'prune-completed-queue-items' action under

/devices/commit-queue/completed each day pruning all completed queue

items that are older than a day.

- ncs: Previously when a device was in the completed list in a commit

queue item meant that the device had been processed, not necessarily

that the device modifications were pushed to the network (if any of the

devices in the queue item had failed). It now means that a device is

completed when its device modifications are pushed to the network. This

is consistent through the commit queue notifications in the ncs-events

stream and the following lists:

/devices/commit-queue/queue-item/completed

/devices/commit-queue/completed/queue-item/completed

/deviecs/commit-queue/queue-item/completed

For commit queue notifications the failed-devices list in a

notification with executing status now only reports new failed devices

instead of all failed devices for the queue item.

Added /devices/commit-queue/completed/queue-item/completed-services

and devices/commit-queue/completed/queue-item/failed-services.

- ncs: To simplify template syntax when optional nodes are set using

template variables, and to allow for more backwards compatibility with

previous versions which did not allow setting empty string values using

templates, the semantics of a tag consisting solely of empty variables

has changed to its original meaning, i.e. to skip the node instead of

setting an empty string value. This does not apply to XPath expressions

including variables that result in an empty string value, so if an

empty string value is desired an XPath variable can be surrounded with

string(). For example:

- <some-tag>{$EMPTY}</some-tag>

- <some-tag>{$EMPTY}{$OTHEREMPTY}</sometag>

- <some-tag>{string($EMPTY)}</sometag> <!-- the tag will be set to ""

-->

(Issue tracker: #28735)

- CLI: If the prompt contained vt100/xterm control sequences, for example

for setting the xterm title, then those characters would be counted as

part of the prompt and the error indication arrow would be misaligned.

This has now been fixed such that many control sequences are

automatically recognized and ignored. Also, two new magical sequences:

\[ and \] has been added. They can be used to indicate that the

characters in between should be ignored when calculating the width of

the prompt. However, any prompt already containing \[ or \] need to

change to [ and ] respectively. Previously \[ and \] would be

completely equivalent to [ and ].

(Issue tracker: #29480)

- JSON-RPC: get_schema now returns children list for types that can have

children, even if no child exist.

- Python API: logging has been updated to match the format of existing

NSO log files.

(Issue tracker: #28782)

- Toolchain: The algorithm that generates integer values for YANG

identifiers has been modified to generate a different value for the

first identifier in each line below, to avoid the conflict with the

second identifier in the same line. Thus it is no longer necessary to

use tailf:id-value for any of these identifiers to avoid the conflicts,

and it is recommended to remove any existing tailf:id-value statements

for them.

community-id unit

lag_id protocol-operation

fabric-interfaces if-name-str

ejpol-items last-received

isis-context-information redundancy-events

si-nat-icmpv6-errors-local-nptv6 in-octets

tBgpInstanceParamsExtTblLstCh tos-type-info

(Issue tracker: #30064)

Enhancements:

- ncs: A new YANG extension, tailf:ned-default-handling ''mode'', has

been added. If used it will override the NED's native default handling

mode for that leaf.

(Issue tracker: #25189)

- ncs: The kickers are enhanced with a notification-kicker that makes it

possible to trigger on received netconf notifications. For more on this

see the development guide.

- ncs: NSO now uses "CiscoSSL", a Cisco-enhanced version of OpenSSL

(currently based on OpenSSL 1.0.2k), for cryptographic functions.

(Issue tracker: #20900)

- ncs: New Yang annotation: tailf:ned-ignore-compare-config that can be

used to remove a changed leaf from compare-config.

For the tailf:aes-cfb-128-encrypted-string and the

tailf:des3-cbc-encrypted-string type, proper decryption/encryption will

be made of the data exchanged with a Netconf device.

(Issue tracker: #25826)

- ncs: It is now possible to execute commit dry-run outformat native

without establishing connection to the actual device. NEDs need to

implement this feature. It is implemented in NSO for NETCONF and SNMP

devices, while CLI and generic NEDs will by default fall back to the

previous behaviour which is to establish connection to the device.

In order to be able to execute commit dry-run outformat native offline

the implementation for NETCONF and SNMP devices requires the

capabilities of the device to be known, i.e. /devices/device/capability

list to contain relevant entries. This list is populated when

connecting to the device for the first time, or it can be manually

populated with add-capability or copy-capabilities actions. Other NEDs

(CLI or generic) implementing this feature might not have this

requirement, or have other requirements.

(Issue tracker: #25280)

- ncs: It is now possible to specify a "guard" for an insert operation on

ordered-by user list and leaf-list in service or API templates. A guard

identifies a range of elements in ordered-by user list or leaf-list so

that if all of the target elements to be inserted already exist in the

same order within this range, then their current position is preserved.

This is useful to avoid reordering a list or a leaf-list every time a

service is re-deployed, while being able to impose constraints on

elements' position in the list or leaf-list.

- ncs: Data kickers are now validated agains the YANG schema. The leaves

'monitor', 'trigger-expr' and 'kick-node' must comply to the YANG

models.

- ncs: The ncs-commit-queue-progress-event notification has now

additional information about completed and failed services as a result

on completed or failed commit queue items. The corresponding

ca_progress events that can be subscribed to by northbound notif

interface are also extended with the same information.

- ncs: The NOTIF_COMMIT_DIFF event now also includes the "comment" and

"label" given for the commit (if any) - they can be retrieved with the

CommitDiffNotification.getComment() and

CommitDiffNotification.getLabel() methods.

(Issue tracker: #27664)

- ncs: The --erlang-application-name parameter to ncs-make-package now

defaults to the package name.

- ncs: To guarantee service integrity NSO now checks for overlapping

service or device modifications when committing with the commit queue.

These checks can be bypassed by setting the

/ncs:devices/global-settings/commit-queue/error-recovery/mode to

unsafe. This could potentially commit changes that are not deployed to

the network if a queue item with overlapping modifications failed ahead

in the queue. The benefit of doing so is increased throughput. The mode

is configured on a per node basis.

NSO now serializes re-deploys through an internal re-deploy queue.

This is an optimization for RFM loops where multiple re-deploys are

requested in parallel. Several invocations of re-deploy can then be

skipped. Another benefit is that a reactive-re-deploy can wait for

commit queue items with overlapping modifications to finish instead of

failing in such scenario.

- ncs: SNMP NED now supports partial-show. Also fixed a bug where a

sync-from an SNMP device would sometimes fail in certain combinations

of loaded NSO packages.

- ncs: NSO now restricts reading configuration from a device in the

'compare-config' action when some other configuration is writing to it.

This is to avoid getting inconsistent data when reading the

configuration. A 'wait-for-lock' parameter has been added to the action

that can be used to specify a timeout that the action waits until the

device lock is released and any commit queue items that contain the

device are done. If the 'wait-for-lock' parameter is not specified, the

action will fail immediately for the device if the lock is taken for

the device or if the device is placed in the commit queue.

(Issue tracker: #29234, #29531)

- ncs: A new command, templatize, has been added. It is used to extract

configuration templates from existing configurations by looking for

patterns.

- ncs: NSO now tries to reconnect to the device is the connection has

been dropped while calculating the reverse diff-set in the abort phase

of the transaction.

(Issue tracker: #29178)

- CDB: NETCONF notification subscription status was changed from internal

callpoint to operational CDB data. This to be able to subscribe for

changes.

- CDB: It is now possible to give data kickers priorities, 0-255,

deciding order of execution when multiple data kickers triggers at the

same time. Also, it is possible to serialize data kickers by

configuring a serialization number; 0-255. Also, it is possible to give

notification kickers priorities, 0-255, deciding order of execution

when multiple notification kickers triggers at the same time.

- CLI: Added /ncs-config/cli/mode-info-in-aaa to ncs.conf.

/ncs-config/cli/mode-info-in-aaa is either "true", "false" or "path",

If "true", then all commands will be prefixed with major and minor mode

name when processed by the AAA-rules. This means that it is possible to

differentiate between commands with the same name in different modes.

Major mode is "operational" or "configure" and minor mode is "top" in

J-style and the name of the submode in C- and I-mode. On the top-level

in C- and I-mode it is also "top". If set to "path" and if the command

operation is "read" the major mode will be followed by the path to the

submode which will be followed by the command. If set to "path" and if

the command operation is "execute" the major mode will instead be

followed by the command and the path to the submode will be prepended

to any path arguments of the command.

(Issue tracker: #29276)

- CLI: 'select' and 'de-select' are now available as pipe commands when

displaying the configuration in operational mode (eg. 'show

running-config') in the I-style CLI.

(Issue tracker: #28877)

- Cluster: Upgrade performance has been improved on service node in

cluster.

(Issue tracker: #25860)

- Cluster: NSO now gives an error if /cluster/commit-queue/enabled is not

set when committing to the commit queue with an LSA device.

Improved subscription failure alarm for ncs-events stream.

(Issue tracker: #29665)

- Documentation: EXAMPLES: The packages used in example

service-provider/virtual-mpls-vpn now have a '-example' suffix to

clarify that the packages are just examples and not production ready

packages. The documentation in the NSO Development chapter has been

updated with this information as well.

- Java API: Japi Dp - when a Dp daemon started it would previously start

5 worker threads as the min value for the worker threadpool. This min

is now changed to 1 thread.

(Issue tracker: #29565)

- JSON-RPC: Extend show_config method with optional parameters result_as

string|json and with_oper true|false

- NETCONF: The NSO NETCONF server now supports the RFC 5717 partial-lock

capability.

- Python API: It was not possible to e.g. call an action from inside

another action or service if they were both registered to the same

ncs.dp.Daemon. This has been fixed.

- Python API: Support for accumulate functionality in NSO data providers

has been added.

(Issue tracker: #27320)

- REST API: Added RESTCONF API according to

draft-ietf-netconf-restconf-18. As a result, the existing REST API has

got an improved json encoding, which may cause backward incompatible

changes.

- Smart Licensing: The NSO smart licensing integration now supports

configuration of proxy servers.

- Smart Licensing: The NSO Cisco Smart Licensing integration has been

upgraded to support Java 9.

- SNMP Agent: If any of the MIB models that hold configuration for the

SNMP Agent (SNMP-COMMUNITY-MIB, SNMP-VIEW-BASED-ACM-MIB,

SNMP-TARGET-MIB, SNMP-USER-BASED-SM-MIB) is annotated with a callpoint

(and consequently implemented by an external data provider) the SNMP

Agent must re-read the configuration for any changes to take effect.

This has previously been achieved by disabling and re-enabling the SNMP

Agent. A new MAAPI function has been added for triggering the SNMP

Agent to re-read its configuration - maapi_snmpa_reload().

(Issue tracker: #24426)

- Toolchain: The script "netconf-console" now accepts the command line

parameter "--start-time" and "--stop-time" to be used together with

"--create-subscription".

(Issue tracker: #26653)

- Web UI: Introducing webui-one. A react based user interface that will

replace the previous XWT-based version. Webui-one contains a number of

stand alone applications, such as:

== Model browser ==

* Helps you browse and access all data models loaded into the NSO.

== Configuration editor ==

* Browse data models and change configuration values.

== Commit manager ==

* Examine your transaction, look at diffsets and commit your changes.

== Device manager ==

* Find, synchronize and group your devices. Monitor connectivity status

and access the configuration data.

== Service manager ==

* Find and synchronize your services. See deployment status

and access the service configuration data.

More applications will be added in future releases and users can add

their own.

Non-backwards compatible corrections:

- Building: ncsc / yanger now checks if a definition references something

with a "lesser" "status" (e.g., if a "current" leaf uses a "deprecated"

typedef).

(Issue tracker: #28373)

- Java API: Previously an item with declared tailf:id-value larger than

2^31 was not correctly handled. This has been fixed.

(Issue tracker: #27560, #27874, #29613)

- JSON-RPC: get_schema levels parameter now apply to list schema entries.

(Issue tracker: #28305)

- JSON-RPC: commit with flags dry-run=native output changed to a list of

objects with device and diff keys set to support determining which

device the diff affected.

(Issue tracker: #27778, #27708)

- JSON-RPC: get_schema returned incomplete list of children for action

output. This has been corrected.

- JSON-RPC: access rules returned from get_schema now more closely

reflect which operations are allowed.

(Issue tracker: #22865)

- JSON-RPC: get_value no longer qualify identityref values unless there

is a conflict.

- Python API: Service and Action now execute requests in separate threads

improving parallelism.

(Issue tracker: #28242)

- Python API: add tctx to experimental DataCallbacks handler and improve

support for leaf-list.

Corrections:

- ncs: Re-deploying a service using a NED having the default handling

mode 'report-all' would in some cases cause the device to be out of

sync. This has been fixed.

(Issue tracker: #25189)

- ncs: Previously when doing an XPath query through a JSONRPC request and

specifying a context node with an empty key an internal error would

occur. This has now been fixed.

(Issue tracker: #27063)

- ncs: During a deep-check-sync operation NSO could complain about failed

'when' expressions in an internal transaction used to evaluate the

result. This has been fixed so the 'when' expression are not checked

due to temporary nature of such transaction.

(Issue tracker: #26973)

- ncs: When writing kicker monitors in XPath format, augmented namespaces

were not always handled correctly. This has been fixed.

(Issue tracker: #27939, #29180)

- ncs: If an invalid namespace has been declared for a prefix in an XML

template, this would result in an internal error. This has been fixed

to produce a proper error message.

(Issue tracker: #27513)

- ncs: Previously for CLI and generic NED devices NSO could overwrite

list entries that were created out-of-band even though the

'no-overwrite' commit parameter was set. This has now been fixed.

- ncs: Action including leaf-list could make the CLI crash on tab

completion. This has now been fixed.

(Issue tracker: #29471)

- ncs: Previously for a NETCONF device with

ned-settings/use-confirmed-commit=false a get-config was issued when a

transaction aborted to calculate the reverse diffset between CDB and

the device. This could result in that any out-of-band changes done on

the device was overwritten. This has now been fixed.

(Issue tracker: #29432)

- ncs: Time to execute Maapi.setValues() used to grow quadratically with

the size of the provided ConfXMLParam array. This has been fixed so the

growth is now linear.

- ncs: If a list had a sub-list with a 'when' expression, and a list

entry and sub-list entries were created, and an additional change made

the 'when' evaluate to false, all in the same transaction, the sub-list

entries were not actually deleted. This has been fixed.

- AAA: When PAM authentication was used, and REST or RESTCONF requests

were made continuously with an interval of less than 10 seconds, the

amount of memory used by the PAM interface process 'epam' could grow

without bounds. This has been fixed - the amount of memory used by

'epam' is now limited in this scenario.

(Issue tracker: #29648)

- Building: ncsc now allows a module to annotate statements defined in

the same module.

(Issue tracker: #29738)

- Building: The ietf-yang-library-ann.yang module, which annotates a

callpoint to ietf-yang-library.yang, was not included in the release.

This has been fixed.

(Issue tracker: #29856)

- C-API: The confd_ha_connect() function could in some cases write a NUL

character outside an array on the stack. This has been fixed.

(Issue tracker: #26979)

- CDB: Fix bug when setting an operational choice using MAAPI. Changing

the case value did not work as intended when using an ordinary

transaction (allowing writes to both config true and false data).

Using an operational (config false) only transaction was not affected.

- CDB: Fix a bug which might crash NSO during upgrade (in `phase0`).

Calling `cdb_get` on a non existing path could crash NSO under certain

circumstances when trying to format an error message including the non

existent path.

(Issue tracker: #29075)

- CLI: When doing package upgrading, and then "commit dry-run outformat

cli", an error was encountered in certain cases. This has been fixed.

(Issue tracker: #17605, #20971, #24538, #25131, #26103, #25639)

- CLI: Add missing <cr> for '?' when displaying completion for leaf-list

type.

(Issue tracker: #22307)

- CLI: Combining lists with tailf:cli-sequence-commands and

tailf:cli-compact-syntax the CLI could miss printing out some data

nodes. This has been fixed.

(Issue tracker: #25367)

- CLI: When using leaf-refs in the data model and trying to get info

using '?' or <TAB> in the CLI the CLI appears non-responsive. This has

been fixed.

(Issue tracker: #26727)

- CLI: When combining the clispec-options noDuplicate and auditLogHide

the CLI couldn't recognise if certain executions was or wasn't

different. Thus it would block the launcher even when it wasn't

necessary. This has been fixed.

(Issue tracker: #24086)

- Java API: Setting a leaf or leaf-list to a value containing unicode

characters could fail with internal error. This has been fixed.

(Issue tracker: #27066)

- Java API: XML namespace declarations are now taken into account when

producing ConfXMLParam array with NavuParser.

(Issue tracker: #29637)

- Java API: Fixed NavuParser in java to handle empty string value.

- JSON-RPC: The JSON-RPC method "subscribe_cdboper" could not handle

subscriptions to paths adorned when statements. This has been fixed.

(Issue tracker: #23246)

- JSON-RPC: When calling an action through the 'run_action' method and

the action was broken in such a way that it returned something other

than was specified in the yang file, the session would be terminated

and all subsequent calls on that session would fail (in the WebUI you

would be logged out). This has been fixed.

- JSON-RPC: Nodes that contained a "when" expression were always

displayed, no matter how the "when" expression evaluated. This has been

fixed.

- JSON-RPC: The webui now shows which devices are affected from a commit

dry-run.

(Issue tracker: #27708)

- JSON-RPC: get_schema on an action augmented from a different namespace

would fail. This has been corrected.

(Issue tracker: #28976)

- JSON-RPC: run_action now supports augmented input parameters. Use

prefix:tag if disambiguation of tag is required.

(Issue tracker: #29616)

- JSON-RPC: Calling get_schema with insert_values = true on a tree with

an augmented case failed if the augmented case was currently active.

This has been fixed.

- JSON-RPC: set_value incorrectly used create instead of update operation

when verifying NACM rules in most cases. This has been corrected.

(Issue tracker: #22865)

- JSON-RPC: get_schema did not include qname for case entries. This has

been corrected.

- NED: Mandatory leaves could cause 'compare-config' to show a non-empty

diff while in fact there is no diff. This has now been fixed.

- NETCONF: If a leaf with a default value in the data model was deleted,

the NETCONF server now generates a proper "netconf-config-change"

notification.

- Python API: _ncs.maapi.diff_iterate() didn't report MOP_ATTR_SET and

MOP_MOVED_AFTER correctly. This has been fixed.

- Python API: Python VM log files was not re-opened when issuing

reopen_logs command, this has been fixed.

(Issue tracker: #28777)

- Python API: When calling the function _ncs.ha.status() the Python API

could leak some memory. This has been fixed.

(Issue tracker: #29666)

- REST API: REST Query of an 'inline' empty leaf caused all config to be

returned. This has been fixed.

(Issue tracker: #28517)

- RESTCONF: Authentication failures did not return a RESTCONF error

response. This has been corrected.

(Issue tracker: #29399)

- RESTCONF: The RESTCONF example had errors in the instructions, these

are now fixed.

- RESTCONF: The YANG model 'ietf-restconf' is now available for retrieval

over REST and RESTCONF.

(Issue tracker: #29571)

- Toolchain: pyang --tailf-sanitize crached if it found some

tailf:symlinks. This bug has been fixed.

- Web Server: The default absolute timeout has now been extended to 16

hours.

- Web Server: When the docroot tag was not specified, the resulting file

system path constructed in webui_appmod_hatchery was invalid, which

caused the exception. This has been fixed.

- Web UI: Leaf lists did not check the validity of added values. This has

now been fixed.

(Issue tracker: #27077)

- Web UI: There was no way to clear some input parameters in the action

input fields. This has now been fixed with a "Reset parameters" button

that clears all input parameters

(Issue tracker: #27915)

- Web UI: The user had to reload the page to see leafs with a when

expression where the leaf and the when target were on the same page.

This has now been fixed.

(Issue tracker: #27977)

- Web UI: WebUI Prime failed to initialize if amd.less or amd.js could

not be loaded correctly. This has been fixed.

NSO 4.5

Get NSO for Free!

Collective Intelligence resolved my SSH problems with NSO on the latest macOS Mojave!

Secrets of the NSO Transaction Phases