Re: junos config commit question
Sure, but the post I replied to originally was someone stating that commit confirm is problematic when you forget the second commit. I was explaining the easy way to recover from that scenario and it then got taken out of context… Twice now. Owen > On Feb 16, 2022, at 19:54 , Paschal Masha > wrote: > > edit > rollback 0 > commit > > "rollback 0" discards all your recent changes to the candidate configuration, > include "delete interfaces". If you "rollback 0" then run "show | compare" no > output will be displayed, meaning your changes have been discarded. Don't run > "commit confirm x" when the change is "delete interfaces" > > Regards > Paschal Masha | Engineering > Skype ID: paschal.masha > > -Original Message- > From: "Owen DeLong via NANOG" > To: "Jay Hennigan" > Cc: nanog@nanog.org > Sent: Thursday, February 17, 2022 01:14:08 AM > Subject: Re: junos config commit question > > Then you didn’t use “commit confirm” as in the post this replied to. > > Owen > >> On Feb 16, 2022, at 12:23, Jay Hennigan wrote: >> >> On 2/16/22 09:56, Owen DeLong via NANOG wrote: >> >>> You can also do: >>> config >>> >>> commit >>> rollback 1 >>> commit >> >> Unless you're remote and breaks your ability to reach >> the box. Then you're hosed after the first "commit". >> >> -- >> Jay Hennigan - j...@west.net >> Network Engineering - CCIE #7880 >> 503 897-8550 - WB6RDV > >
Re: junos config commit question
On 2/16/22 9:56 AM, Owen DeLong via NANOG wrote: You can also do: config commit rollback 1 commit And still get back to where you were before It is exactly this feature of the junos cli, over and above everything else, that really solidified junos for me as my new preferred platform over IOS. In my case, a central pain point had been the 'immediate punishment' of cli commands taking effect, the inability to 'test' before commit, and the inability to rollback if error. I have made some fat finger mistakes that required dispatching to hours away locations to regain administrative control for example, and while rare, these are now a thing of the past (as long as you are using "commit confirmed"). Mike-
Re: junos config commit question
edit rollback 0 commit "rollback 0" discards all your recent changes to the candidate configuration, include "delete interfaces". If you "rollback 0" then run "show | compare" no output will be displayed, meaning your changes have been discarded. Don't run "commit confirm x" when the change is "delete interfaces" Regards Paschal Masha | Engineering Skype ID: paschal.masha -Original Message- From: "Owen DeLong via NANOG" To: "Jay Hennigan" Cc: nanog@nanog.org Sent: Thursday, February 17, 2022 01:14:08 AM Subject: Re: junos config commit question Then you didn’t use “commit confirm” as in the post this replied to. Owen > On Feb 16, 2022, at 12:23, Jay Hennigan wrote: > > On 2/16/22 09:56, Owen DeLong via NANOG wrote: > >> You can also do: >> config >> >> commit >> rollback 1 >> commit > > Unless you're remote and breaks your ability to reach > the box. Then you're hosed after the first "commit". > > -- > Jay Hennigan - j...@west.net > Network Engineering - CCIE #7880 > 503 897-8550 - WB6RDV
Re: junos config commit question
Then you didn’t use “commit confirm” as in the post this replied to. Owen > On Feb 16, 2022, at 12:23, Jay Hennigan wrote: > > On 2/16/22 09:56, Owen DeLong via NANOG wrote: > >> You can also do: >> config >> >> commit >> rollback 1 >> commit > > Unless you're remote and breaks your ability to reach > the box. Then you're hosed after the first "commit". > > -- > Jay Hennigan - j...@west.net > Network Engineering - CCIE #7880 > 503 897-8550 - WB6RDV
Re: junos config commit question
that's what the "commit confirm xxx" command is for. :) Andrew On 2/16/22 3:23 PM, Jay Hennigan wrote: On 2/16/22 09:56, Owen DeLong via NANOG wrote: You can also do: config commit rollback 1 commit Unless you're remote and breaks your ability to reach the box. Then you're hosed after the first "commit". -- Andrew Fried andrew.fr...@gmail.com
Re: junos config commit question
On 2/16/22 09:56, Owen DeLong via NANOG wrote: You can also do: config commit rollback 1 commit Unless you're remote and breaks your ability to reach the box. Then you're hosed after the first "commit". -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Re: junos config commit question
Owen DeLong writes: > top > rollback I am *sure* I tried exactly that but it wasn't working as I expected. But maybe I was just imagining things. And somehow I completely missed the 'rollback 0' variant while plowing through the documentation. Thanks everyone for assisting the blind ;-) --lyndon
Re: junos config commit question
> > > If I skip the egg timer, then I *will* forget, and it will automatically roll > back. One of my largest annoyances with the Juniper CLI (other than the fact > that it won't format large numbers into a human readable format in things > like 'monitor interface traffic') is that it beeps the terminal *after* it > times out the commit. > > Gee, thanks for letting me know you just blew away all of my changes... > couldn't you have done that 1 minute before automatically reverting?!!! At least you can get them back easily… configure rollback 1 commit It turns out that when Juniper does a rollback from a commit confirm, it treats both the commit confirm and the rollback as full configuration commits. Owen
Re: junos config commit question
> On Feb 11, 2022, at 14:18 , Lyndon Nerenberg (VE7TFX/VE6BBM) > wrote: > > On an EX4300 switch running JunOS 14.1 let's imagine I typed > > config > delete interfaces > > before coming to my senses. How am I supposed to back out of that > mess? top rollback > For the life of me, after a week of reading the 3000 page > reference manual, and endless DuckDuckGoing, I cannot see a simple > way of just abandoning the commit. I've got to be missing something > stunningly obvious here because it's unthinkable that this functionality > doesn't exist. Help?!? You can also do: config commit rollback 1 commit And still get back to where you were before > The only way out I can see is to drop into the shell, make an > uncompressed copy of juniper.conf.gz, then pop back into the config > editor and load that over top of the editor's config view. Surely > there's a saner way of dealing with this. Much. Owen
Re: junos config commit question
You're correct.
This the lab setup and rstp was set to the default, so I only got the commit
check to pass only when I deleted [protocols rstp].
On Fri, Feb 11, 2022, at 8:09 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> Nick Suan via NANOG writes:
>> I was actually interested to see if the EX series would let me do this, and i
>> t turns out that if STP is enabled on any of the switch interfaces, it won't:
>> tevruden@core-02# commit check
>> [edit protocols rstp]
>> 'interface'
>> XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching
>> error: configuration check-out failed
>
> Do you have any rstp-specific overrides in your config? E.g. we
> have things like this in some of ours:
>
> rstp {
> interface ge-0/0/45 {
> cost 1000;
> mode point-to-point;
> }
> interface ge-1/0/45 {
> cost 1000;
> mode point-to-point;
> }
> interface ae4;
> bpdu-block-on-edge;
> }
>
> With the interfaces gone I would expect the commit check to fail.
>
> --lyndon
Re: junos config commit question
Not long enough to have drive to the DC in the middle of the night :) Even "commit confirmed x" is a shield, a better one. Regards Paschal Masha | Engineering Skype ID: paschal.masha From: "Dale Shaw" To: "Mark Tinka" Cc: "nanog" Sent: Saturday, February 12, 2022 12:39:28 PM Subject: Re: junos config commit question Hey Mark, On Sat, 12 Feb 2022 at 8:25 pm, Mark Tinka wrote: I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-). That’s definitely a practice guaranteed to result in needing to drive to the DC. I wonder if it creeps into some folks’ MO because the control plane on many platforms is soo slow to commit. Many don’t know that a “commit check” is sufficient to confirm a commit, but even that can take a long time. Cheers, Dale
Re: junos config commit question
Hey Mark, On Sat, 12 Feb 2022 at 8:25 pm, Mark Tinka wrote: > > I have often found it interesting how many folk have muscle memory for > "commit and-quit", including Juniper's own staff when I've had the > pleasure of being with them on a PoC. It's almost as if I missed an > entire period of Junos where that was deemed to be good practice :-). That’s definitely a practice guaranteed to result in needing to drive to the DC. I wonder if it creeps into some folks’ MO because the control plane on many platforms is soo slow to commit. Many don’t know that a “commit check” is sufficient to confirm a commit, but even that can take a long time. Cheers, Dale
Re: junos config commit question
On 2/12/22 00:54, Jon Lewis wrote: Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config. i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit. That is always my habit, with plenty of muscle memory... "show | compare". I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-). Mark.
Re: junos config commit question
On Fri, Feb 11, 2022 at 5:58 PM Jon Lewis wrote:
> On Fri, 11 Feb 2022, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
>
> > On an EX4300 switch running JunOS 14.1 let's imagine I typed
> >
> > config
> > delete interfaces
> >
> > before coming to my senses. How am I supposed to back out of that
> > mess? For the life of me, after a week of reading the 3000 page
> > reference manual, and endless DuckDuckGoing, I cannot see a simple
> > way of just abandoning the commit. I've got to be missing something
> > stunningly obvious here because it's unthinkable that this functionality
> > doesn't exist. Help?!?
>
> What would you say if I told you a coworker once did exactly that, and did
> commit and-quit...and it had to be fixed by another coworker getting to it
> via OOB console and doing the rollback? :)
>
> top [not necessary in your case, if you never left top]
> rollback 0
> quit
>
> Also, get into the habit of never doing a commit without first doing
> top
> show | compare
> so you can see what your change is actually doing to the whole config.
My muscle memory includes:
{ some changes }
top
show | compare
commit confirmed 5
{flip over the little electronic egg timer thingie that lives next to my
keyboard, so that it beeps after 3 minutes...wait... wait... press enter a
few times to make sure I haven't screwed myself...}
commit
If I skip the egg timer, then I *will* forget, and it will automatically
roll back. One of my largest annoyances with the Juniper CLI (other than
the fact that it won't format large numbers into a human readable format in
things like 'monitor interface traffic') is that it beeps the terminal
*after* it times out the commit.
Gee, thanks for letting me know you just blew away all of my changes...
couldn't you have done that 1 minute before automatically reverting?!!!
W
> i.e. if you did a show | compare at the top of the config and saw the
> entire interfaces section of the config was "removed" in the resulting
> config diff, you probably wouldn't commit.
>
> --
> Jon Lewis, MCP :) | I route
> StackPath, Sr. Neteng | therefore you are
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
>
--
Perhaps they really do strive for incomprehensibility in their specs.
After all, when the liturgy was in Latin, the laity knew their place.
-- Michael Padlipsky
Re: junos config commit question
My first question is how are you running 14 code on that hardware??
On Fri, Feb 11, 2022 at 20:12 Lyndon Nerenberg (VE7TFX/VE6BBM) <
lyn...@orthanc.ca> wrote:
> Nick Suan via NANOG writes:
> > I was actually interested to see if the EX series would let me do this,
> and i
> > t turns out that if STP is enabled on any of the switch interfaces, it
> won't:
> > tevruden@core-02# commit check
> > [edit protocols rstp]
> > 'interface'
> > XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching
> > error: configuration check-out failed
>
> Do you have any rstp-specific overrides in your config? E.g. we
> have things like this in some of ours:
>
> rstp {
> interface ge-0/0/45 {
> cost 1000;
> mode point-to-point;
> }
> interface ge-1/0/45 {
> cost 1000;
> mode point-to-point;
> }
> interface ae4;
> bpdu-block-on-edge;
> }
>
> With the interfaces gone I would expect the commit check to fail.
>
> --lyndon
>
--
Jason
Re: junos config commit question
Nick Suan via NANOG writes:
> I was actually interested to see if the EX series would let me do this, and i
> t turns out that if STP is enabled on any of the switch interfaces, it won't:
> tevruden@core-02# commit check
> [edit protocols rstp]
> 'interface'
> XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching
> error: configuration check-out failed
Do you have any rstp-specific overrides in your config? E.g. we
have things like this in some of ours:
rstp {
interface ge-0/0/45 {
cost 1000;
mode point-to-point;
}
interface ge-1/0/45 {
cost 1000;
mode point-to-point;
}
interface ae4;
bpdu-block-on-edge;
}
With the interfaces gone I would expect the commit check to fail.
--lyndon
Re: junos config commit question
I was actually interested to see if the EX series would let me do this, and it
turns out that if STP is enabled on any of the switch interfaces, it won't:
tevruden@core-02# delete interfaces
{master:0}[edit]
tevruden@core-02# commit check
[edit protocols rstp]
'interface'
XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching
error: configuration check-out failed
{master:0}[edit]
tevruden@core-02# rollback
load complete
{master:0}[edit]
On Fri, Feb 11, 2022, at 4:18 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> On an EX4300 switch running JunOS 14.1 let's imagine I typed
>
> config
> delete interfaces
>
> before coming to my senses. How am I supposed to back out of that
> mess? For the life of me, after a week of reading the 3000 page
> reference manual, and endless DuckDuckGoing, I cannot see a simple
> way of just abandoning the commit. I've got to be missing something
> stunningly obvious here because it's unthinkable that this functionality
> doesn't exist. Help?!?
>
> The only way out I can see is to drop into the shell, make an
> uncompressed copy of juniper.conf.gz, then pop back into the config
> editor and load that over top of the editor's config view. Surely
> there's a saner way of dealing with this.
>
> --lyndon
Re: junos config commit question
Marco Davids via NANOG writes: > rollback 0 OFFS 8-0 Thanks :-)
Re: junos config commit question
On Fri, 11 Feb 2022, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote: On an EX4300 switch running JunOS 14.1 let's imagine I typed config delete interfaces before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!? What would you say if I told you a coworker once did exactly that, and did commit and-quit...and it had to be fixed by another coworker getting to it via OOB console and doing the rollback? :) top [not necessary in your case, if you never left top] rollback 0 quit Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config. i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit. -- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: junos config commit question
On Fri, Feb 11, 2022 at 5:26 PM Ryan Hamel wrote: > If it's before committing the changes just run "top" to get back to the > root of the configuration tree, then "rollback 0" to go back to the version > before any changes were made, then just "exit" out. > > Ryan > > > On Fri, Feb 11, 2022, 2:20 PM Lyndon Nerenberg (VE7TFX/VE6BBM) < > lyn...@orthanc.ca> wrote: > >> On an EX4300 switch running JunOS 14.1 let's imagine I typed >> >> config >> delete interfaces >> >> you may ALSO be interested in the idea that you SHOULD be doing: configure exclusive fiddle fart oops! exit (safe to exit, your changes will get wiped out) note that 'configure exclusive' means other people can't ALSO change the config out from under you (and you have locked the config, so) > before coming to my senses. How am I supposed to back out of that >> mess? For the life of me, after a week of reading the 3000 page >> reference manual, and endless DuckDuckGoing, I cannot see a simple >> way of just abandoning the commit. I've got to be missing something >> stunningly obvious here because it's unthinkable that this functionality >> doesn't exist. Help?!? >> >> The only way out I can see is to drop into the shell, make an >> uncompressed copy of juniper.conf.gz, then pop back into the config >> editor and load that over top of the editor's config view. Surely >> there's a saner way of dealing with this. >> >> --lyndon >> >
Re: junos config commit question
If it's before committing the changes just run "top" to get back to the root of the configuration tree, then "rollback 0" to go back to the version before any changes were made, then just "exit" out. Ryan On Fri, Feb 11, 2022, 2:20 PM Lyndon Nerenberg (VE7TFX/VE6BBM) < lyn...@orthanc.ca> wrote: > On an EX4300 switch running JunOS 14.1 let's imagine I typed > > config > delete interfaces > > before coming to my senses. How am I supposed to back out of that > mess? For the life of me, after a week of reading the 3000 page > reference manual, and endless DuckDuckGoing, I cannot see a simple > way of just abandoning the commit. I've got to be missing something > stunningly obvious here because it's unthinkable that this functionality > doesn't exist. Help?!? > > The only way out I can see is to drop into the shell, make an > uncompressed copy of juniper.conf.gz, then pop back into the config > editor and load that over top of the editor's config view. Surely > there's a saner way of dealing with this. > > --lyndon >
Re: junos config commit question
rollback 0 Op 11-02-22 om 23:18 schreef Lyndon Nerenberg (VE7TFX/VE6BBM): On an EX4300 switch running JunOS 14.1 let's imagine I typed config delete interfaces before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!? The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this. --lyndon -- Marco Davids
