View Only
last person joined: 4 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  netconf rpc request in secondary node ?

    Posted 04-07-2022 18:31
    Hi all,

    We want to close user idle sessions in an automatic way,
    the netconf rpc request is easy, "request-logout-user", and works fine for the primary node, ...

    ... but the rpc is ignored for the secondary/standby node.  I got an ok:

     {'logout-user': [{'logout-user-message': [{'data': 'logout-user: done'}]}]}

    but the idle session is still there:

    root@SRX1500-3-4> show system users                  



    3:58PM  up 31 days,  2:10, 1 users, load averages: 0.15, 0.24, 0.27

    USER     TTY      FROM                              LOGIN@  IDLE WHAT

    root     u0       -                                22Mar22 16days cli           



    3:58PM  up 31 days,  2:31, 1 users, load averages: 0.95, 0.87, 0.82

    USER     TTY      FROM                              LOGIN@  IDLE WHAT

    root     pts/0                       2:51PM      - cli           



    Same happens  if I executed by cli, it's ignored too, I need to login to node0 to terminate that session.

    So my question is, can I execute an rpc request in the secondary node ?

    Thanks in advance


  • 2.  RE: netconf rpc request in secondary node ?

    Posted 05-05-2022 15:05
    Hi Jose,

    If you are connecting via an in-band connection to the SRX cluster, then as far as I am aware there isn't an RPC that would allow a command to be executed on the secondary node.

    Of course, if you have out-of-band management access to each of the SRX nodes, then I would have expected it to be possible just by connecting to each of the cluster nodes and issuing the command.

    If OOB isn't an option, then the approach that I have used in the past to connect to the secondary node is to jump via the primary node, this however is by using a Python script.  

    For example, using PyEz, you could use StartShell() to open a shell connection to the primary node.  Then run an "rlogin -T ..." command to open a connection to the secondary node, and then execute the command that is needed there.

    This approach is something that I've used in the past to perform commands on SRX clusters where there is only in-band access to the cluster and no direct path to the secondary node.

    If you need more information, just say and I'll dig out some examples that I've used for this before.


    Andy Sharp

  • 3.  RE: netconf rpc request in secondary node ?

    Posted 06-27-2022 12:42
    Hi Andy,

    Thanks for your answer.
    The final solution I implemented was to send the commands via CLI, not netconf. So python script opens a shell console and sends same commands as cli.

    It's not nice, but works.

    Thanks for you answer anyway.