Scripting How-To: Correct pre-inheritance configuration

By Elevate posted 08-08-2015 05:05


Correct Pre-Inheritance Configuration for Commit Scripts


For SLAX version 1.0 and higher, at times, a commit script requires access to the pre-inheritance configuration rather than the post-inheritance configuration it receives by default.
This is typically a straightforward operation: the commit script simply invokes the <get-configuration> RPC. However, the problem is that <get-configuration> only returns the normal candidate database, and private configuration sessions use a dedicated private candidate database, making it impossible to retrieve the actual pre-inheritance database when using "configure private". 
PR 517088, which was opened to resolve this, has now been fixed, so the pre-inheritance configuration can now be retrieved whether "configure private" is used or not.
The fix is in Junos OS Release 11.4R5, 12.1R3, 12.2, and later. The enhancement consists of changes to <junos-context> as well as the <get-configuration> RPC.


First, <junos-context> now includes a <database-path> element within its <commit-context> stanza, indicating the location of the session's candidate configuration.


<database-path> in a normal configuration session


1	<junos-context>
2	    ...other elements removed...
3	    <commit-context>
4	        <database-path>/var/run/db/juniper.db</database-path>
5	    </commit-context>
6	</junos-context>

<database-path> in a private configuration session


1	<junos-context>
2	    ...other elements removed...  
3	    <commit-context>
4	        <commit-private/>
5	        <database-path>/var/run/db/private/juniper-1396.db</database-path>
6	    </commit-context>
7	</junos-context>


Second, a new attribute has been added to <get-configuration>: database-path. This attribute, an alternative to the database attribute, indicates which database file to load, whether private or not, and can simply be set to the <database-path> value provided in <junos-context>:


1	var $rpc = <get-configuration database-path=$junos-context/commit-context/database-path>

As an example, here is a small commit script that records the SNMP hierarchy from both the normal candidate configuration and the true private candidate configuration:


01	match configuration {
02	    <xsl:document href="/var/tmp/cs-output" method="xml" indent="yes"> {
03	        <database-path-configuration> {
04	            var $rpc = <get-configuration database-path=$junos-context/commit-context/database-path>;
05	            var $config = jcs:invoke( $rpc );
06	            copy-of $config/snmp;
07	        }
08	        <normal-candidate-configuration> {
09	            var $rpc = <get-configuration database="candidate">;
10	            var $config = jcs:invoke( $rpc );
11	            copy-of $config/snmp;
12	        }
13	    }
14	}


Starting configuration


1	snmp {
2	    community private {
3	        authorization read-write;
4	    }
5	    community public {
6	        authorization read-only;
7	    }
8	}

Private changes


1	jnpr@srx210> configure private
2	warning: uncommitted changes will be discarded on exit
3	Entering configuration mode
4	[edit]
5	jnpr@srx210# set snmp community example authorization read-only

Reported result


01	<database-path-configuration>
02	    <snmp xmlns:junos="*/junos">
03	        <community>
04	            <name>private</name>
05	            <authorization>read-write</authorization>
06	        </community>
07	        <community>
08	            <name>public</name>
09	            <authorization>read-only</authorization>
10	        </community>
11	        <community>
12	            <name>example</name>
13	            <authorization>read-only</authorization>
14	        </community>
15	    </snmp>
16	</database-path-configuration>
17	<normal-candidate-configuration>
18	    <snmp xmlns:junos="*/junos">
19	        <community>
20	            <name>private</name>
21	            <authorization>read-write</authorization>
22	        </community>
23	        <community>
24	            <name>public</name>
25	            <authorization>read-only</authorization>
26	        </community>
27	    </snmp>
28	</normal-candidate-configuration>


As you can see above, only the candidate configuration retrieved through the database-path attribute has a record of the configuration change that was made within the private configuration session.