Hi all;

I’m facing a situation where NSO (4.3.1) is showing commit complete even when the real juniper device is refusing the configuration.

Any previous experience with this?

Note:

At the end of this email is the netconf trace file piece for the NSO commit below.

It contains the reply with the error, NSO appears not to handle it correctly.

Trying this demo configuration in the real device: cfwj-lab1-6014a# set logical-systems TEST security address-book global address-set g_TEST address n_TEST

{primary:node0}[edit]

43@cfwj-lab1-6014a# commit

[edit logical-systems TEST security address-book global address-set g_TEST address]

  'n_TEST'

    referenced address must be defined under address-book

[edit logical-systems TEST security address-book global address-set g_TEST address]

  'n_TEST'

    referenced address must be defined under address-book

error: commit failed: (statements constraint check failed)

{primary:node0}[edit]

43@cfwj-lab1-6014a#

Now… trying the same configuration from NSO, connected to the same device:

admin@ncs# devices device cfwj-lab1-6014 sync-from

result true

admin@ncs#

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

% No entries found.

admin@ncs#

admin@ncs(config)# devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book global address-set g_test address n_test

admin@ncs(config-address-n_test)#top

admin@ncs(config)# commit dry-run

cli {

    local-node {

data  devices {

                  device cfwj-lab1-6014 {

config {

junos:configuration {

logical-systems TEST {

security {

+ # first

+ address-book global {

+ address-set g_test {

+ address n_test;

+ }

+ }

}

}

}

}

}

}

    }

}

admin@ncs(config)#

admin@ncs(config)# commit

Commit complete.

admin@ncs(config)# exit

admin@ncs# devices device cfwj-lab1-6014 check-sync

result in-sync

admin@ncs#

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

devices device cfwj-lab1-6014

config

  junos:configuration logical-systems TEST

   security address-book global

    address-set g_test

     address n_test

     !

    !

   !

  !

!

!

admin@ncs#

========= at this moment I can see that =========

-      NSO contains this configuration and device is in sync.

-      Real device does not have the configuration.

If I do a sync-from, the above configuration is removed.

admin@ncs# devices device cfwj-lab1-6014 sync-from

result true

admin@ncs# show running-config devices device cfwj-lab1-6014 config junos:configuration logical-systems TEST security address-book

% No entries found.

admin@ncs#

Generated in logs for NSO commit:

(…)

<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.3X48/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">

<<<<in 24-Mar-2017::07:15:59.101 device=cfwj-lab1-6014 session-id=50224

<commit-results>

<<<<in 24-Mar-2017::07:15:59.819 device=cfwj-lab1-6014 session-id=50224

<rpc-error>

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

<error-severity>error</error-severity>

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

<error-path>[edit logical-systems TEST security address-book global address-set g_test address]</error-path>

<<<<in 24-Mar-2017::07:15:59.820 device=cfwj-lab1-6014 session-id=50224

<error-info>

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

<bad-element>n_test</bad-element>

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

</error-info>

<<<<in 24-Mar-2017::07:15:59.821 device=cfwj-lab1-6014 session-id=50224

<error-message>mgd: referenced address must be defined under address-book</error-message>

<<<<in 24-Mar-2017::07:15:59.822 device=cfwj-lab1-6014 session-id=50224

</rpc-error>

(…)