cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
256
Views
0
Helpful
6
Replies
Highlighted

I'm not seeing backpointers to my service

After applying my service (shown below), I only get a backpointer to the service for one of the several lines of configuration NSO pushed to the device. I thought each line should have a backpointer to the service that configured it.

 

admin@Mothership-6(config)# services ssh test-ssh device-name csr

admin@Mothership-6(config)# commit dry-run outformat native
native {
  device {
    name csr
      data ip ssh time-out 60
              ip ssh authentication-retries 3
              ip ssh rsa keypair-name SSH
              ip scp server enable
  }
}

admin@Mothership-6(config)# commit

Commit complete.

 

admin@Mothership-6(config)# show full-configuration devices device csr | display xml | include test-ssh
<enable refcounter="1" backpointer="[ /ncs:services/ssh:ssh[ssh:name='test-ssh'] ]" />

 

admin@Mothership-6(config)# show full-configuration devices device csr | display xml

...

<ssh>
  <time-out refcounter="1" >60</time-out>
  <authentication-retries refcounter="1" >3</authentication-retries>
  <source-interface>
    <GigabitEthernet>1</GigabitEthernet>
  </source-interface>
  <rsa>
    <keypair-name refcounter="2" original-value="somevalue">SSH</keypair-name>
  </rsa>
</ssh>
<scp>
  <server>
    <enable refcounter="1" backpointer="[ /ncs:services/ssh:ssh[ssh:name='test-ssh'] ]" />
  </server>
</scp>

...

 

In the above, every line with a refcounter should have a backpointer from my understanding, however only the scp server enable does. Is there a reason that time-out, authentication-retries, and rsa keypair-name do not have backpointers to the service that put that configuration there?

Everyone's tags (3)
6 REPLIES 6
Cisco Employee

Re: I'm not seeing backpointers to my service

Have you tried using different values to see if the behavior is consistent?

Re: I'm not seeing backpointers to my service

I have tried different values for those above which do not have backpointers, I got the same thing, where there was a refcount, but no backpointer.

Cisco Employee

Re: I'm not seeing backpointers to my service

What happens when you try to remove the service?
It could because the device owned the configuration prior to the service which results in no backpointer. What the scp enable something that previously existed on the device? Could you test by configuring a feature that isn't already on the device through the service vs a feature that is already preeexisting?

My assumption is that the scp enable is owned by the service config and not the device config, which leads to the backpointer. While the other two configurations are already owned by the device, hence no backpointer.

Re: I'm not seeing backpointers to my service

You can see that the below config was not previous on the device prior, and the backpointer does not show up after the configuration is applied to the device.

 

admin@ncs(config)# show full-configuration devices device v-csr0 config ios:ip ssh | display xml
  ...
    <ssh>
      <pubkey-chain>
      <username>
        <name>vagrant</name>
        <key-hash>
          <key-type>ssh-rsa</key-type>
          <key-name>DD3BB82E850406E9ABFFA80AC0046ED6</key-name>
        </key-hash>
      </username>
    </pubkey-chain>
  </ssh>
...


admin@ncs(config)# services ssh test device-name v-csr0
admin@ncs(config-ssh-test)# commit dry-run
cli {
  local-node {
    data devices {
      device v-csr0 {
        config {
          ios:ip {
            ssh {
              + time-out 120;
              + authentication-retries 3;
            rsa {
              + keypair-name SSH;
            }
          }
          scp {
            server {
              + enable;
            }
          }
        }
      }
    }
}
services {
  ssh test {
    + device-name [ v-csr0 ];
  }
 }
}
}

admin@ncs(config)# show full-configuration devices device v-csr0 config ios:ip ssh | display xml
...
  <ssh>
    <time-out refcounter="1" >120</time-out>
    <authentication-retries refcounter="1" >3</authentication-retries>
    <rsa>
      <keypair-name refcounter="1" >SSH</keypair-name>
    </rsa>
    <pubkey-chain>
      <username>
      <name>vagrant</name>
      <key-hash>
        <key-type>ssh-rsa</key-type>
        <key-name>DD3BB82E850406E9ABFFA80AC0046ED6</key-name>
      </key-hash>
    </username>
    </pubkey-chain>
  </ssh>
...

Cisco Employee

Re: I'm not seeing backpointers to my service

Can you post your service template?

-Dan

Re: I'm not seeing backpointers to my service

<config-template xmlns="http://tail-f.com/ns/config/1.0">
  <devices xmlns="http://tail-f.com/ns/ncs">
  <?foreach {/device-name}?>
  <device>
    <name>{.}</name>
      <config>
        <ip xmlns="urn:ios">
          <ssh>
            <time-out>120</time-out>
            <authentication-retries>3</authentication-retries>
            <rsa>
              <keypair-name>SSH</keypair-name>
            </rsa>
          </ssh>
          <scp>
            <server>
              <enable/>
            </server>
          </scp>
        </ip>
      </config>
    </device>
  <?end?>
  </devices>
</config-template>