Equivalent to "configure private" for automating changes to SRX cluster.
514 views
Skip to first unread message
daryl....@gmail.com
Sep 23, 2015, 8:46:54 AM9/23/15
to Junos Python EZ
Hi All,
I'm trying to automate some changes on a SRX HE Cluster. I sometimes run into issues when my script runs whilst someone is on the CLI in configure mode at the same time. When the SRXs are in cluster mode we cant use a shared candidate.
The error is:
private edits in use. Try 'configure private' or 'configure exclusive'
I've figured out how to do 'configure exclusive' by using the cfg.lock() method which works around part of the issue. This would effectively make my firewall configuration script block for the duration of the time its processing the single request. All other requests would have to be queued which would make my script and the frontend more complex.
Is there a way to obtain a private candidate config using PyEZ? It looks like this is possible using netconf
https://www.juniper.net/documentation/en_US/junos13.3/topics/reference/tag-summary/netconf-junos-xml-protocol-open-configuration.html
This way i would be able to process any inbound requests as they're received without worrying about a queueing system (although i would have to find a way of limiting simulataneous connections).
Thanks,
Daryl.
I'm trying to automate some changes on a SRX HE Cluster. I sometimes run into issues when my script runs whilst someone is on the CLI in configure mode at the same time. When the SRXs are in cluster mode we cant use a shared candidate.
The error is:
private edits in use. Try 'configure private' or 'configure exclusive'
I've figured out how to do 'configure exclusive' by using the cfg.lock() method which works around part of the issue. This would effectively make my firewall configuration script block for the duration of the time its processing the single request. All other requests would have to be queued which would make my script and the frontend more complex.
Is there a way to obtain a private candidate config using PyEZ? It looks like this is possible using netconf
https://www.juniper.net/documentation/en_US/junos13.3/topics/reference/tag-summary/netconf-junos-xml-protocol-open-configuration.html
This way i would be able to process any inbound requests as they're received without worrying about a queueing system (although i would have to find a way of limiting simulataneous connections).
Thanks,
Daryl.
Stacy W. Smith
Sep 23, 2015, 11:24:25 AM9/23/15
to daryl....@gmail.com, Junos Python EZ
Hi Daryl,
There's not currently a single method, but you can do something like this:
device.bind(cu=Config)
device.rpc.open_configuration(private=True,normalize=True)
device.cu.load("set system host-name r0")
device.cu.commit()
device.rpc.close_configuration()
Of course, you'll want to make that more robust with some error handling...
--Stacy
--
You received this message because you are subscribed to the Google Groups "Junos Python EZ" group.
To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-...@googlegroups.com.
Visit this group at http://groups.google.com/group/junos-python-ez.
To view this discussion on the web visit https://groups.google.com/d/msgid/junos-python-ez/0c7e5260-1185-43bd-ad5b-e46ad6941528%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
daryl....@gmail.com
Sep 28, 2015, 7:29:38 AM9/28/15
to Junos Python EZ, daryl....@gmail.com
Hi Stacy,
Sorry for not coming back sooner. Wanted to confirm the direct RPC solution works great, although normalize didnt work as an option (is this required?). I also had to put a try..except around it so it didnt raise an exception for the warning it gives regarding private config.
Here is the snippet:
srx.bind(cfg=Config)
try:
srx.rpc.open_configuration(private=True)
except jnpr.junos.exception.RpcError as e:
if 'severity: warning' in str(e):
pass
else:
raise
srx.cfg.load(template_path=template, template_vars=customer)
Thanks,
Daryl.
Sorry for not coming back sooner. Wanted to confirm the direct RPC solution works great, although normalize didnt work as an option (is this required?). I also had to put a try..except around it so it didnt raise an exception for the warning it gives regarding private config.
Here is the snippet:
srx.bind(cfg=Config)
try:
srx.rpc.open_configuration(private=True)
except jnpr.junos.exception.RpcError as e:
if 'severity: warning' in str(e):
pass
else:
raise
srx.cfg.load(template_path=template, template_vars=customer)
Thanks,
Daryl.
Stacy W. Smith
Sep 28, 2015, 3:26:49 PM9/28/15
to daryl....@gmail.com, Junos Python EZ
On Sep 28, 2015, at 5:29 AM, daryl....@gmail.com wrote:
Wanted to confirm the direct RPC solution works great, although normalize didnt work as an option (is this required?).
Daryl,
Glad this worked for you.
No, the normalize parameter is not required. If present, it normalizes the response from the open_configuration RPC.
See info on normalization here:
--Stacy
Reply all
Reply to author
Forward
0 new messages