Automation

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  netconf rpc request in secondary node ?

    Posted 04-07-2022 18:31
    Hi all,

    We want to close user idle sessions in an automatic way,
    the netconf rpc request is easy, "request-logout-user", and works fine for the primary node, ...

    ... but the rpc is ignored for the secondary/standby node.  I got an ok:

     {'logout-user': [{'logout-user-message': [{'data': 'logout-user: done'}]}]}

    but the idle session is still there:

    root@SRX1500-3-4> show system users                  
    

    node0:

    --------------------------------------------------------------------------

    3:58PM  up 31 days,  2:10, 1 users, load averages: 0.15, 0.24, 0.27

    USER     TTY      FROM                              LOGIN@  IDLE WHAT

    root     u0       -                                22Mar22 16days cli           

    node1:

    --------------------------------------------------------------------------

    3:58PM  up 31 days,  2:31, 1 users, load averages: 0.95, 0.87, 0.82

    USER     TTY      FROM                              LOGIN@  IDLE WHAT

    root     pts/0    10.20.5.14                       2:51PM      - cli           

    {primary:node1}

    root@SRX1500-3-4>


    Same happens  if I executed by cli, it's ignored too, I need to login to node0 to terminate that session.

    So my question is, can I execute an rpc request in the secondary node ?

    Thanks in advance

    ------------------------------
    JOSE IBANEZ VELA
    ------------------------------


  • 2.  RE: netconf rpc request in secondary node ?

     
    Posted 05-05-2022 15:05
    Hi Jose,

    If you are connecting via an in-band connection to the SRX cluster, then as far as I am aware there isn't an RPC that would allow a command to be executed on the secondary node.

    Of course, if you have out-of-band management access to each of the SRX nodes, then I would have expected it to be possible just by connecting to each of the cluster nodes and issuing the command.

    If OOB isn't an option, then the approach that I have used in the past to connect to the secondary node is to jump via the primary node, this however is by using a Python script.  

    For example, using PyEz, you could use StartShell() to open a shell connection to the primary node.  Then run an "rlogin -T ..." command to open a connection to the secondary node, and then execute the command that is needed there.

    This approach is something that I've used in the past to perform commands on SRX clusters where there is only in-band access to the cluster and no direct path to the secondary node.

    If you need more information, just say and I'll dig out some examples that I've used for this before.

    Regards,
    Andy

    ------------------------------
    Andy Sharp
    ------------------------------



  • 3.  RE: netconf rpc request in secondary node ?

    Posted 2 days ago
    Hi Andy,

    Thanks for your answer.
    The final solution I implemented was to send the commands via CLI, not netconf. So python script opens a shell console and sends same commands as cli.

    It's not nice, but works.

    Thanks for you answer anyway.
    JI

    ------------------------------
    JOSE IBANEZ VELA
    ------------------------------