Adding comments to config for versioning?

‎02-01-2019 10:04 AM

Hello all --

I manage a network of 350 branch SRX firewalls.  For the most part these are cookie-cutter-configured from a template.  However, due to the nature and scale of our business, there are times where we are piloting certain changes in certain areas.


I am looking for a creative way to version these template / config files so I can easily check which version of configuration is in a particular location.  We have our template file stored in source control.  Any time a change is made it flows through source control.  

However, once a change is made, it isn't necessarily deployed everywhere.  There is a certain "bake in" time.  In addition, we may have 3 separate projects occuring concurrently - thus creating 3 separate changes to the standard default template.


I was thinking it would make sense if I could add a comment with a version number - something like the date and time "201902011303".  Doesn't have to be the date - it just seemed logical.


I see that there is an annotate command so I could run a statement like:

annotate system 201902011303

But I don't know of a good way to check this - either manually or programmatically?  


Anyone else out there deal with this problem and come up with a solution?





Re: Adding comments to config for versioning?

‎02-01-2019 02:29 PM

annotation seems like a good idea.


Using a backup system oxidized to collect all the configurations in a git repository have made them available for search checks to see what is in the configs.  You could do the same looking for the annotated version to find who has what in place.




Or do the same in any other backup system.


Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)

Re: Adding comments to config for versioning?

‎02-02-2019 08:07 AM

 Hi ssc,


If its for Junos 16.1 or later, you might also want to check this cool feature: 



labroot@HostA> show system commit revision detail
Revision: re0-1549111428-288 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Config revision
User : labroot
Client : cli
Time : 2019-02-02 12:43:50 UTC
Log : test



And of course you might be aware of the config versions available on the box itself.  That might be less intrusive for your requirement.  But just to recollect:


To view a particular revision:
labroot@HostA> show system rollback x

where x is the revision you want to view

To compare a revision to the current revision:

labroot@HostA# show | compare rollback x

These could be used to keep copies of the config files off the Junos router/switch as well.

JUNOS keeps a copy of running config and an archive of 50 previous configurations by default. Following will help view the same:

labroot@HostA> file list /var/db/config/ recursive


labroot@HostA> file list /config/ recursive


Hope this helps.



If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.



Re: Adding comments to config for versioning?

‎03-15-2019 01:10 PM

Another way, when you commit, add a comment:


clay@home-srx# commit comment "template version 3"

commit complete


Then it is easily available programatically:


clay@home-srx> show system commit | display xml

<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">






            <date-time junos:seconds="1552680222">2019-03-15 15:03:42 CDT</date-time>

            <log>template version 3</log>


      ####### output removed for brevity #######


If you want it in the config file as part of the config, the annotate command is probably the best bet.  


Hope this helps,



Re: Adding comments to config for versioning?

‎03-15-2019 07:40 PM

Hi there,


if you use the annotate system command it will display here:


root@jtac-EX4300-48P-r037# show
## Last changed: 2019-03-15 19:34:24 PDT
version 17.3R3-S3.3;
/* hello world */ <------------------ I did annotate system "hello world"
system {
login {
user XXXX {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$nVvtoi2M$7jQSdGGPeN.BcWuBUicYI."; ## SECRET-DATA


also when you save the config it displays it right before system:

# run file show /var/tmp/CONF

## Last changed: 2019-03-15 19:34:24 PDT
version 17.3R3-S3.3;
/* hello world */ <------------------ I did annotate system "hello world"
system {
login {



I help you, you help me... please share a Kudos or accepted solution whenever you feel I have helped with your problem! Smiley Happy