Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
156
Views
0
Helpful
3
Replies

"lock-denied" when trying to configure template on IOS-XE API

nathan-loisel
Level 1
Level 1

‎04-25-2025 01:48 AM

Hello everyone,

I'm trying to setup my switch using terraform, and I'm encountering a weird issue. When I want to edit the "source template" of several ports, the REST API request is only working for the first port, then it's returning the error:

the configuration database is locked by session 18 yang_mgmt_infra tcp (system from 127.0.0.1) on since 2025-04-24 09:38:15\n IOS-XE YANG Infrastructure

Switch: Cisco Catalyst 9407R
OS: IOS-XE 17.12.04

So to debug, I made a simple Python script to call the RESTCONF API and edit my switch's ethernet ports.
(https://pastecode.io/s/aa74z51d)

When there is no "source template" configuration involved on the ethernet port, all requests go through and no issue at all.
But when there is a "source template" configured on the port, the first request goes through and all other after return the same error:

nathanloisel_1-1745570837270.png

 

I tried googling but could not find anything online about this issue (I understand it's quite a specific one).

I tried setting a 10s delay between each python request: Works for two first requests but then same issue occurs after these,
The template I'm configuring is just a blank template with only the "description" property set.
When running the failing API calls, I tried running "show configuration lock", but the result is always the same:
Configuration mode is not locked

Do you guys have any idea why it's returning this error ?

Thanks

Labels:
0 Helpful
3 Replies 3

bigevilbeard
VIP
VIP

‎04-25-2025 04:21 AM

@nathan-loisel this goes a little beyond my knowledge, based on your information/errors the lock you see might be happening at a different level than what the CLI command checks for, ths i am guessing It could be specifically in the YANG/RESTCONF subsystem and this is related to the asynchronous nature of applying "source templates" or some internal resource contention within the devices YANG infrastructure when templates are involved.

I thought i might find something mentioned in RFC that specifies the exact internal locking algorithms or data structures a network device must use for its YANG models, but i could not these appear they are implementation details left to the device vendor.

I wonder if a longer delays might work (guessing again)?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

nathan-loisel
Level 1
Level 1

‎04-25-2025 04:57 AM

I just did some tests, and it appears that the minimum delay is between 30s and 35s. Not very convenient for me as I have to edit several hundreds of ports at once...

0 Helpful

bigevilbeard
VIP
VIP
In response to nathan-loisel

‎04-25-2025 07:17 AM

@nathan-loisel i wonder if this could be better if you used netconf? Yah not great for that sort of delay, back in the day i could have maybe done this as quick via the cli!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful
Customers Also Viewed These Support Documents