We've got this great script we've been using that transitively disables any unconfigured interface. While I think its excelent to admin up interfaces by default, most NMS's assume there is a problem with an interface in up/down status, so in order to avoid alarms, we've been using this script:
/*
* This script transiently disables all unconfigured ge interfaces.
*/
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
/* Get the current interface list */
var $interfaces = jcs:invoke( "get-interface-information" );
/* Only ge and xe interfaces */
var $ge-interfaces = $interfaces/physical-interface[starts-with(name, "ge-") or starts-with(name, "xe-")];
var $interface-hierarchy = interfaces;
/* Go through each ge interface, if it isn't within the configuration than transiently disable it */
for-each( $ge-interfaces ) {
if( jcs:empty( $interface-hierarchy/interface[name == current()/name ] ) ) {
<transient-change> {
<interfaces> {
<interface> {
<name> name;
<disable>;
}
}
}
}
}
}
This works really well, with one exception. After a power failure, the transient change is lost, and all unconfigured interfaces are in up/down status until someone logs in and does a commit.
What I'm interested in doing is changing the script so it is not transient (instead it actually changes the config and saves it) Below is the config I'm trying to apply (I use the group so during configuration later, all child units are also disabled, which has more to do with our internal processes than anything technical)
interfaces {
<*> {
disable;
unit <*> {
disable;
}
}
}
interfaces {
ge-0/0/0 {
apply-groups DISABLEIF;
}
}
Here is the script I've tried to use. I don't get any errors or anything, but config does not get generated for the previously unconfigured interfaces as I'd expect.
/*
* This script transiently disables all unconfigured ge interfaces.
*/
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
/* Get the current interface list */
var $interfaces = jcs:invoke( "get-interface-information" );
/* Only ge and xe interfaces */
var $ge-interfaces = $interfaces/physical-interface[starts-with(name, "ge-") or starts-with(name, "xe-")];
var $interface-hierarchy = interfaces;
/* Go through each ge interface, if it isn't within the configuration than apply-group DISABLEIF */
for-each( $ge-interfaces ) {
if( jcs:empty( $interface-hierarchy/interface[name == current()/name ] ) ) {
var $message = "Disabling unconfigured interface: " _ interface;
<interfaces> {
<interface> {
<name> name;
<apply-groups> DISABLEIF;
}
}
}
}
}
What am I missing here? I'd expect this to work. I'm FAR from familiar with Junoscript (either flavor), and am just beginning to learn about it.
I'd appreciate any direction from someone with some experience w/this,
-Josh
#JUNOS#Slax#interfaces#junoscript#disable