02-04-2019 09:17 AM
After applying my service (shown below), I only get a backpointer to the service for one of the several lines of configuration NSO pushed to the device. I thought each line should have a backpointer to the service that configured it.
admin@Mothership-6(config)# services ssh test-ssh device-name csr
admin@Mothership-6(config)# commit dry-run outformat native
native {
device {
name csr
data ip ssh time-out 60
ip ssh authentication-retries 3
ip ssh rsa keypair-name SSH
ip scp server enable
}
}
admin@Mothership-6(config)# commit
Commit complete.
admin@Mothership-6(config)# show full-configuration devices device csr | display xml | include test-ssh
<enable refcounter="1" backpointer="[ /ncs:services/ssh:ssh[ssh:name='test-ssh'] ]" />
admin@Mothership-6(config)# show full-configuration devices device csr | display xml
...
<ssh>
<time-out refcounter="1" >60</time-out>
<authentication-retries refcounter="1" >3</authentication-retries>
<source-interface>
<GigabitEthernet>1</GigabitEthernet>
</source-interface>
<rsa>
<keypair-name refcounter="2" original-value="somevalue">SSH</keypair-name>
</rsa>
</ssh>
<scp>
<server>
<enable refcounter="1" backpointer="[ /ncs:services/ssh:ssh[ssh:name='test-ssh'] ]" />
</server>
</scp>
...
In the above, every line with a refcounter should have a backpointer from my understanding, however only the scp server enable does. Is there a reason that time-out, authentication-retries, and rsa keypair-name do not have backpointers to the service that put that configuration there?
Solved! Go to Solution.
11-10-2021 11:11 AM
It is not correct to expect a backpointer for every leaf with a refcount. NSO does not add a backpointer on leafs and leaflists but only on lists and containers. The "enable" node was probably a container with presence.
02-04-2019 02:32 PM
Have you tried using different values to see if the behavior is consistent?
02-05-2019 06:25 AM
I have tried different values for those above which do not have backpointers, I got the same thing, where there was a refcount, but no backpointer.
02-05-2019 01:08 PM
02-06-2019 05:00 AM
You can see that the below config was not previous on the device prior, and the backpointer does not show up after the configuration is applied to the device.
admin@ncs(config)# show full-configuration devices device v-csr0 config ios:ip ssh | display xml
...
<ssh>
<pubkey-chain>
<username>
<name>vagrant</name>
<key-hash>
<key-type>ssh-rsa</key-type>
<key-name>DD3BB82E850406E9ABFFA80AC0046ED6</key-name>
</key-hash>
</username>
</pubkey-chain>
</ssh>
...
admin@ncs(config)# services ssh test device-name v-csr0
admin@ncs(config-ssh-test)# commit dry-run
cli {
local-node {
data devices {
device v-csr0 {
config {
ios:ip {
ssh {
+ time-out 120;
+ authentication-retries 3;
rsa {
+ keypair-name SSH;
}
}
scp {
server {
+ enable;
}
}
}
}
}
}
services {
ssh test {
+ device-name [ v-csr0 ];
}
}
}
}
admin@ncs(config)# show full-configuration devices device v-csr0 config ios:ip ssh | display xml
...
<ssh>
<time-out refcounter="1" >120</time-out>
<authentication-retries refcounter="1" >3</authentication-retries>
<rsa>
<keypair-name refcounter="1" >SSH</keypair-name>
</rsa>
<pubkey-chain>
<username>
<name>vagrant</name>
<key-hash>
<key-type>ssh-rsa</key-type>
<key-name>DD3BB82E850406E9ABFFA80AC0046ED6</key-name>
</key-hash>
</username>
</pubkey-chain>
</ssh>
...
02-05-2019 04:56 PM
Can you post your service template?
-Dan
02-06-2019 05:04 AM
<config-template xmlns="http://tail-f.com/ns/config/1.0">
<devices xmlns="http://tail-f.com/ns/ncs">
<?foreach {/device-name}?>
<device>
<name>{.}</name>
<config>
<ip xmlns="urn:ios">
<ssh>
<time-out>120</time-out>
<authentication-retries>3</authentication-retries>
<rsa>
<keypair-name>SSH</keypair-name>
</rsa>
</ssh>
<scp>
<server>
<enable/>
</server>
</scp>
</ip>
</config>
</device>
<?end?>
</devices>
</config-template>
10-20-2021 12:06 PM
Hello,
Did you find the reason of such behaviour ? I am facing the exact same issue.
Thank you in adavance.
11-10-2021 11:11 AM
It is not correct to expect a backpointer for every leaf with a refcount. NSO does not add a backpointer on leafs and leaflists but only on lists and containers. The "enable" node was probably a container with presence.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide