SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  [solved] How to debug incorrect configuration in user_data for vSRX installation on Openstack?

    Posted 07-04-2018 04:15

    Hi,
    I am not too familiar with Junos and Openstack, but I want to install vSRX in Openstack in an automated way (with the help of heat) (for testing (CI) purposes).
    I found https://www.juniper.net/documentation/en_US/vsrx/topics/task/configuration/security-vsrx-cloud-init-support.html and at step 13 it says "If the configuration is not supported or cannot be applied to the vSRX instance, the vSRX will boot using the default Junos OS configuration.", which happens in my case (I can go to Instance's console in Openstack dashboard and in the cli "show configuration" seems to show the default configuration). However, unfortunately it does not mention how to debug the situation in such a case.

    See my HOT template attached. In the same direcrtory I have vsrx-config.txt (Very similar to the default config. I have replaced even the encrypted password in it.).
    heat can find the vsrx-config.txt from this relative path.
    Also, the expression '{get_attr: [node_server_port, fixed_ips, 0, ip_address]}' works, I verified the name in the instance details.

    I use the HOT template from my Linux laptop as (executed in its directory):
    heat stack-create vsrx_stack --template-file vsrx-hot-template.yaml
    (I installed heat client by 'sudo pip2 install --upgrade python-heatclient')

    So how to debug this?
    Is there some log I can check in the vSRX, e.g. 'show log some_log_file'?
    Which is the appropriate log file?
    Update I had trouble attaching files here so the pastebin links are:
    https://pastebin.com/hmMCi1Q0
    https://pastebin.com/rJ1s5w1z


    #vsrxuser_datadebug


  • 2.  RE: [solved] How to debug incorrect configuration in user_data for vSRX installation on Openstack?
    Best Answer

    Posted 07-04-2018 09:21

    The problem was that the configuration drive was not enabled. In the HOT template under OS::Nova::Server properties I needed to add 'config_drive: true'. See https://docs.openstack.org/heat/latest/template_guide/openstack.html#OS::Nova::Server-hot and https://docs.openstack.org/heat/latest/template_guide/openstack.html#OS::Nova::Server-prop-config_drive .

    For the record the following lines appeared in the console in case of successful configuration:

    Configuring from config-drive ...
    String #junos-config is missing
    Checking user-data-file ...
    User-data file found, vSRX will attempt to replace default configuration!
    Configuration file type should be MIME type text/plain
    User Data configuration is committed successfully!
    < a few more line follows till the login: prompt here>

    In case I did not use the configuration drive, then in the console it complains about /config/config_mnt/openstack/latest/meta_data.json etc.

    Finally a tip, how I verified that the parameter substitutions working in the user data (unfortunately I did not know a better way than copying the whole str_replace section):

    outputs:
      instance_ip:
        description: The IP address of the deployed compute instance
        value: { get_attr: [my_instance, first_address] }
      user_data:
        description: user_data
        value:
          str_replace:
            params:
              $fxp0_ip: {get_attr: [node_server_port, fixed_ips, 0, ip_address]}
            template:
              get_file: file:vsrx-config.txt