Automation

Recently I have started playing around with the PHP library for NETCONF (https://github.com/Juniper/netconf-php). So far I have been able to get configurations from my routers, BGP peer configurations to be precise. The next challenge remains configuring my routers with this library. Unfortunatey the logs keep showing these messages:

Nov 27 14:34:48  router.nl sshd[78164]: subsystem request for netconf by user userNov 27 14:34:48  router.nl mgd[78168]: UI_CMDLINE_READ_LINE: User 'x', command 'xml-mode netconf need-trailer '
Nov 27 14:34:48  router.nl file[78167]: UI_LOGIN_EVENT: User 'x' login, class 'j-super-user' [78167], ssh-connection 'x.x.x.x 46796 x.x.x.x 22', client-mode 'netconf'
Nov 27 14:34:48  router.nl file[78167]: UI_NETCONF_CMD: User 'x' used NETCONF client to run command 'lock cannot reconstruct arguments'
Nov 27 14:34:48  router.nl file[78167]: UI_NETCONF_CMD: User 'x' used NETCONF client to run command 'edit-config cannot reconstruct arguments default-operation=merge cannot reconstruct arguments'
Nov 27 14:34:48  router.nl file[78167]: UI_NETCONF_CMD: User 'x' used NETCONF client to run command 'unlock cannot reconstruct arguments'
Nov 27 14:34:48  router.nl file[78167]: UI_NETCONF_CMD: User 'x' used NETCONF client to run command 'close-session'

This is the script I wrote:

require_once '../app/include/netconf/Device.php';
    $deviceParams = [
        'hostname'  => 'x.x.x.x',
        'username'  => 'x',
        'password'  => 'password',
        'port'      => 22
    ];

    $this->device = new Device($deviceParams);

    $this->connectRouter();

    $islocked = $this->device->lock_config();

    $command = '<system><services><ftp/></services></system>';

    if($islocked) {              
        $this->device->load_xml_configuration($command, 'merge');
    }

    $this->device->unlock_config();

    $this->device->close();

 According to a github example (https://github.com/Juniper/netconf-php/blob/master/examples/test_config.php) the XML is correct. Any idea what is going wrong?

I have tried searching on the messages I get but it seems that not many have tried using this library 😞

Thought posting netconf traceoptions might help solving this issue, allthough everything seems to be alright.

Nov 30 10:35:43 [18521] Incoming: <rpc><close-session/></rpc>]]>]]>

Nov 30 10:35:43 [18521] Outgoing: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.3R8/junos">

Nov 30 10:35:43 [18521] Outgoing: <ok/>

Nov 30 10:35:43 [18521] Outgoing: </rpc-reply>

Nov 30 10:35:43 [18521] Outgoing: ]]>]]>

Nov 30 10:35:43 [18521] Outgoing: <!-- session end at 2015-11-30 10:35:43 UTC -->

Nov 30 10:35:51 Started tracing session: 18526

Nov 30 10:35:51 [18526] Incoming: <hello>

<capabilities>

<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>

<capability>urn:ietf:params:xml:ns:netconf:base:1.0#candidate</capability>

<capability>urn:ietf:params:xml:ns:netconf:base:1.0#confirmed-commit</capability>

<capability>urn:ietf:params:xml:ns:netconf:base:1.0#validate</capability>

<capability>urn:ietf:params:xml:ns:netconf:base:1.0#url?protocol=http,ftp,file</capability>

</capabilities>

</hello>

]]>]]>

Nov 30 10:35:51 [18526] Incoming:

<rpc><edit-config><target><candidate/></target><default-operation>merge</default-operation><config><configuration><system><services><ftp></ftp></services></system></configuration></config></edit-config></rpc>]]>]]>

Nov 30 10:35:51 [18526] Outgoing: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.3R8/junos">

Nov 30 10:35:51 [18526] Outgoing: <ok/>

Nov 30 10:35:51 [18526] Outgoing: </rpc-reply>

Nov 30 10:35:51 [18526] Outgoing: ]]>]]>

Nov 30 10:35:51 [18526] Incoming: <rpc><close-session/></rpc>]]>]]>

Nov 30 10:35:51 [18526] Outgoing: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.3R8/junos">

Nov 30 10:35:51 [18526] Outgoing: <ok/>

Nov 30 10:35:51 [18526] Outgoing: </rpc-reply>

Nov 30 10:35:51 [18526] Outgoing: ]]>]]>

Nov 30 10:35:51 [18526] Outgoing: <!-- session end at 2015-11-30 10:35:51 UTC -->

The first logs I have shown in my OP do not say anything but telling me that something went wrong. The traceoptions however, did tell me important information after I tried locking/unlocking the configuration:

Nov 30 12:06:43 [86767] Outgoing: <rpc-error>
Nov 30 12:06:43 [86767] Outgoing: <error-type>protocol</error-type>
Nov 30 12:06:43 [86767] Outgoing: <error-tag>operation-failed</error-tag>
Nov 30 12:06:43 [86767] Outgoing: <error-severity>error</error-severity>
Nov 30 12:06:43 [86767] Outgoing: <error-message>
Nov 30 12:06:43 [86767] Outgoing: configuration database modifiedNov 30 12:06:43 [86767] Outgoing: </error-message>
Nov 30 12:06:43 [86767] Outgoing: </rpc-error>
Nov 30 12:06:43 [86767] Outgoing: </rpc-reply>
Nov 30 12:06:43 [86767] Outgoing: ]]>]]>

A quick search on 'configuration database modified' implies that there were still some uncommitted changes ( http://www.juniper.net/documentation/en_US/junos13.3/topics/topic-map/junos-script-automation-service-template-automation.html , bottom page 😞

Problem

You see the following message when creating, updating, or deleting a service on a device through a NETCONF session:

<output>
    configuration database modified
</output>

The configuration has previously uncommitted changes, and the service script cannot commit the service configuration changes.

Simply typing 'commit' in the configuration mode made the error go away. I hope I have helped / will help others in the future.