cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
241
Views
0
Helpful
4
Replies
Cisco Employee

NSO not receiving failure in commit from juniper devices

 

Hi all;

 

 

I’m facing a situation where NSO (4.3.1) is showing commit complete even when the real juniper device is refusing the configuration.

 

Any previous experience with this?

 

 

Note:

 

At the end of this email is the netconf trace file piece for the NSO commit below.

 

It contains the reply with the error, NSO appears not to handle it correctly.

 

 

 

 

Trying this demo configuration in the real device:
cfwj-lab1-6014a# set logical-systems TEST security address-book global address-set g_TEST address n_TEST

 

 

{primary:node0}[edit]

 

43@cfwj-lab1-6014a# commit

 

[edit logical-systems TEST security address-book global address-set g_TEST address]

 

  'n_TEST'

 

    referenced address must be defined under address-book

 

[edit logical-systems TEST security address-book global address-set g_TEST address]

 

  'n_TEST'

 

    referenced address must be defined under address-book

 

error: commit failed: (statements constraint check failed)

 

 

{primary:node0}[edit]

 

43@cfwj-lab1-6014a#

 

 

 

 

 

 

Now… trying the same configuration from NSO, connected to the same device:

 

admin@ncs# devices device cfwj-lab1-6014 sync-from

 

result true

 

admin@ncs#

 

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

 

% No entries found.

 

admin@ncs#

 

admin@ncs(config)# devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book global address-set g_test address n_test

 

admin@ncs(config-address-n_test)#top

 

admin@ncs(config)# commit dry-run

 

cli {

 

    local-node {

 

data  devices {

 

                  device cfwj-lab1-6014 {

 

config {

 

junos:configuration {

 

logical-systems TEST {

 

security {

 

+ # first

 

+ address-book global {

 

+ address-set g_test {

 

+ address n_test;

 

+ }

 

+ }

 

}

 

}

 

}

 

}

 

}

 

}

 

    }

 

}

 

admin@ncs(config)#

 

admin@ncs(config)# commit

 

Commit complete.

 

admin@ncs(config)# exit

 

admin@ncs# devices device cfwj-lab1-6014 check-sync

 

result in-sync

 

admin@ncs#

 

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

 

devices device cfwj-lab1-6014

 

config

 

  junos:configuration logical-systems TEST

 

   security address-book global

 

    address-set g_test

 

     address n_test

 

     !

 

    !

 

   !

 

  !

 

!

 

!

 

admin@ncs#

 

========= at this moment I can see that =========

 

-      NSO contains this configuration and device is in sync.

 

-      Real device does not have the configuration.

 

If I do a sync-from, the above configuration is removed.

 

 

admin@ncs# devices device cfwj-lab1-6014 sync-from

 

result true

 

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

 

% No entries found.

 

admin@ncs#

 

 

 

Generated in logs for NSO commit:

 

 

(…)

 

<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.3X48/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">

 

<<<<in 24-Mar-2017::07:15:59.101 device=cfwj-lab1-6014 session-id=50224

 

<commit-results>

 

<<<<in 24-Mar-2017::07:15:59.819 device=cfwj-lab1-6014 session-id=50224

 

<rpc-error>

 

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

 

<error-severity>error</error-severity>

 

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

 

<error-path>[edit logical-systems TEST security address-book global address-set g_test address]</error-path>

 

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

 

<error-info>

 

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

 

<bad-element>n_test</bad-element>

 

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

 

</error-info>

 

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

 

<error-message>mgd: referenced address must be defined under address-book</error-message>

 

<<<<in 24-Mar-2017::07:15:59.822 device=cfwj-lab1-6014 session-id=50224

 

</rpc-error>

 

(…)

 

 

 

Best Regards Paulo Oliveira

 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NSO not receiving failure in commit from juniper devices

 

Sorry… all clear!

 

   “An error was introduced in NSO 4.3 where RPC errors from Juniper  devices was ignored. This has now been fixed.”

 

4 REPLIES 4
Cisco Employee

Re: NSO not receiving failure in commit from juniper devices

 

Are you using transactional mode or commit queues?

 

 

-Dan

 

Cisco Employee

Re: NSO not receiving failure in commit from juniper devices

 

Try NSO 4.4.

 

 

There was a bug introduced in 4.3 and fixed in 4.4.

 

 

-Don

 

Highlighted
Cisco Employee

Re: NSO not receiving failure in commit from juniper devices

 

Hi Don and Dan;

 


The release notes for 4.4 mention that this affects commit queue’s.

 

I’m using the transactional (default) mode.

 

“When using commit queues from JSON RPC and specifying sync the RPC

 

    would not wait until the transaction was done. This has been fixed.

 

    Also, if there were any errors when communicating with some devices

 

    they would not be reported, nor would they be displayed in the CLI when

 

    executing 'commit commit‐queue sync'. This has been fixed.”

 

 

(I will try 4.4)

 


Best Regards
Paulo Oliveira

 

Cisco Employee

Re: NSO not receiving failure in commit from juniper devices

 

Sorry… all clear!

 

   “An error was introduced in NSO 4.3 where RPC errors from Juniper  devices was ignored. This has now been fixed.”

 

Content for Community-Ad
August's Community Spotlight Awards