Junos Automation (Scripting)
Reply
Visitor
wagnerflo
Posts: 7
Registered: ‎07-07-2011
0

Change configuration but don't commit

Hi everyone,

 

is it possible to write an op script which makes changes to the configuration, but doesn't commit them? Instead I'd like the user to be dropped to the configure part of the CLI after running the script so he can review and commit the changes himself.

Recognized Expert
ccall
Posts: 237
Registered: ‎06-18-2008

Re: Change configuration but don't commit

Yes and no. If your script loads the configuration changes using the <load-configuration> RPC and it doesn't do so within an exclusive or private configuration session then those configuration changes will remain in the candidate configuration after the script exits. This is the same behavior as if a user entered normal configuration mode, made some changes, and then exited, leaving the the changes in place.

 

But you cannot cause the user's session to enter config mode. They would have to do so manually themselves. i.e. run the script and then enter config mode to see the changes or enter config mode and then run the script and then see the changes.

 

Either way, this approach isn't a safe way to change the configuration because there is no guarantee that the script will not interfere with configuration changes being made by other users or scripts. In other words, it really is equivalent to using "configure" rather than "configure exclusive" or "configure private" on a mult-user box: definitely not a best practice.

 

A better approach would be for your script to open a connection through jcs:smileysurprised:pen() and then execute all of the following RPCs within that connection: first, lock the database via <lock-configuration>, then load the changes via <load-configuration>. Next, you can display those changes to the user through the RPC <get-configuration compare="rollback" rollback="0">, which gives the same output as "show | compare". After displaying the changes, allow the user to accept or reject them (using the jcs:get-input() function) and if they accept them then go ahead and use the <commit-configuration> RPC. Finally, whether they are accepted or rejected make sure you use <unlock-configuration> to release your lock on the configuration when you are done.

Visitor
wagnerflo
Posts: 7
Registered: ‎07-07-2011
0

Re: Change configuration but don't commit

You've perfectly anticipated my follow-up question. Thank you!

 

What I've working now is the code change and display of the differences, by doing a "expr jcs:​output(jcs:execute(...));". When adding "var $commit = jcs:get-input(...);" to ask the user if he wants to commit, the text of jcs:get-input gets mangled with the page-by-page display of the differences. The jcs:​output function doesn't seem to block until the user has left the pager used to display the output.

 

Any ideas how to fix that?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.