On an EX4300 switch running JunOS 14.1 let's imagine I typed config delete interfaces before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!? The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this. --lyndon
rollback 0 Op 11-02-22 om 23:18 schreef Lyndon Nerenberg (VE7TFX/VE6BBM):
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this.
--lyndon
-- Marco Davids
If it's before committing the changes just run "top" to get back to the root of the configuration tree, then "rollback 0" to go back to the version before any changes were made, then just "exit" out. Ryan On Fri, Feb 11, 2022, 2:20 PM Lyndon Nerenberg (VE7TFX/VE6BBM) < lyndon@orthanc.ca> wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this.
--lyndon
On Fri, Feb 11, 2022 at 5:26 PM Ryan Hamel <ryan@rkhtech.org> wrote:
If it's before committing the changes just run "top" to get back to the root of the configuration tree, then "rollback 0" to go back to the version before any changes were made, then just "exit" out.
Ryan
On Fri, Feb 11, 2022, 2:20 PM Lyndon Nerenberg (VE7TFX/VE6BBM) < lyndon@orthanc.ca> wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
you may ALSO be interested in the idea that you SHOULD be doing: configure exclusive fiddle fart oops! exit (safe to exit, your changes will get wiped out)
note that 'configure exclusive' means other people can't ALSO change the config out from under you (and you have locked the config, so....)
before coming to my senses. How am I supposed to back out of that
mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this.
--lyndon
On Fri, 11 Feb 2022, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
What would you say if I told you a coworker once did exactly that, and did commit and-quit...and it had to be fixed by another coworker getting to it via OOB console and doing the rollback? :) top [not necessary in your case, if you never left top] rollback 0 quit Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config. i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Fri, Feb 11, 2022 at 5:58 PM Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 11 Feb 2022, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
What would you say if I told you a coworker once did exactly that, and did commit and-quit...and it had to be fixed by another coworker getting to it via OOB console and doing the rollback? :)
top [not necessary in your case, if you never left top] rollback 0 quit
Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config.
My muscle memory includes: { some changes } top show | compare commit confirmed 5 {flip over the little electronic egg timer thingie that lives next to my keyboard, so that it beeps after 3 minutes...wait... wait... press enter a few times to make sure I haven't screwed myself...} commit If I skip the egg timer, then I *will* forget, and it will automatically roll back. One of my largest annoyances with the Juniper CLI (other than the fact that it won't format large numbers into a human readable format in things like 'monitor interface traffic') is that it beeps the terminal *after* it times out the commit. Gee, thanks for letting me know you just blew away all of my changes... couldn't you have done that 1 minute before automatically reverting?!!! W
i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
-- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
If I skip the egg timer, then I *will* forget, and it will automatically roll back. One of my largest annoyances with the Juniper CLI (other than the fact that it won't format large numbers into a human readable format in things like 'monitor interface traffic') is that it beeps the terminal *after* it times out the commit.
Gee, thanks for letting me know you just blew away all of my changes... couldn't you have done that 1 minute before automatically reverting?!!!
At least you can get them back easily… configure rollback 1 commit It turns out that when Juniper does a rollback from a commit confirm, it treats both the commit confirm and the rollback as full configuration commits. Owen
On 2/12/22 00:54, Jon Lewis wrote:
Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config. i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit.
That is always my habit, with plenty of muscle memory... "show | compare". I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-). Mark.
More like driving with the hand break still engaged. Always, after changing the candidate config, run " show | compare" - loving junos. Regards Paschal Masha | Engineering Skype ID: paschal.masha From: "Mark Tinka" <mark@tinka.africa> To: "nanog" <nanog@nanog.org> Sent: Saturday, February 12, 2022 12:23:09 PM Subject: DMARC ViolationDKIM ViolationRe: junos config commit question On 2/12/22 00:54, Jon Lewis wrote:
Also, get into the habit of never doing a commit without first doing top show | compare so you can see what your change is actually doing to the whole config. i.e. if you did a show | compare at the top of the config and saw the entire interfaces section of the config was "removed" in the resulting config diff, you probably wouldn't commit.
That is always my habit, with plenty of muscle memory... "show | compare". I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-). Mark.
Hey Mark, On Sat, 12 Feb 2022 at 8:25 pm, Mark Tinka <mark@tinka.africa> wrote:
I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-).
That’s definitely a practice guaranteed to result in needing to drive to the DC. I wonder if it creeps into some folks’ MO because the control plane on many platforms is soooooo slow to commit. Many don’t know that a “commit check” is sufficient to confirm a commit, but even that can take a long time. Cheers, Dale
Not long enough to have drive to the DC in the middle of the night :) Even "commit confirmed x" is a shield, a better one. Regards Paschal Masha | Engineering Skype ID: paschal.masha From: "Dale Shaw" <dale.shaw+nanog@gmail.com> To: "Mark Tinka" <mark@tinka.africa> Cc: "nanog" <nanog@nanog.org> Sent: Saturday, February 12, 2022 12:39:28 PM Subject: Re: junos config commit question Hey Mark, On Sat, 12 Feb 2022 at 8:25 pm, Mark Tinka <mark@tinka.africa> wrote: I have often found it interesting how many folk have muscle memory for "commit and-quit", including Juniper's own staff when I've had the pleasure of being with them on a PoC. It's almost as if I missed an entire period of Junos where that was deemed to be good practice :-). That’s definitely a practice guaranteed to result in needing to drive to the DC. I wonder if it creeps into some folks’ MO because the control plane on many platforms is soooooo slow to commit. Many don’t know that a “commit check” is sufficient to confirm a commit, but even that can take a long time. Cheers, Dale
I was actually interested to see if the EX series would let me do this, and it turns out that if STP is enabled on any of the switch interfaces, it won't: tevruden@core-02# delete interfaces {master:0}[edit] tevruden@core-02# commit check [edit protocols rstp] 'interface' XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching error: configuration check-out failed {master:0}[edit] tevruden@core-02# rollback load complete {master:0}[edit] On Fri, Feb 11, 2022, at 4:18 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess? For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this.
--lyndon
Nick Suan via NANOG writes:
I was actually interested to see if the EX series would let me do this, and i t turns out that if STP is enabled on any of the switch interfaces, it won't: tevruden@core-02# commit check [edit protocols rstp] 'interface' XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching error: configuration check-out failed
Do you have any rstp-specific overrides in your config? E.g. we have things like this in some of ours: rstp { interface ge-0/0/45 { cost 1000; mode point-to-point; } interface ge-1/0/45 { cost 1000; mode point-to-point; } interface ae4; bpdu-block-on-edge; } With the interfaces gone I would expect the commit check to fail. --lyndon
My first question is how are you running 14 code on that hardware?? On Fri, Feb 11, 2022 at 20:12 Lyndon Nerenberg (VE7TFX/VE6BBM) < lyndon@orthanc.ca> wrote:
Nick Suan via NANOG writes:
I was actually interested to see if the EX series would let me do this, and i t turns out that if STP is enabled on any of the switch interfaces, it won't: tevruden@core-02# commit check [edit protocols rstp] 'interface' XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching error: configuration check-out failed
Do you have any rstp-specific overrides in your config? E.g. we have things like this in some of ours:
rstp { interface ge-0/0/45 { cost 1000; mode point-to-point; } interface ge-1/0/45 { cost 1000; mode point-to-point; } interface ae4; bpdu-block-on-edge; }
With the interfaces gone I would expect the commit check to fail.
--lyndon
-- Jason
You're correct. This the lab setup and rstp was set to the default, so I only got the commit check to pass only when I deleted [protocols rstp]. On Fri, Feb 11, 2022, at 8:09 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
Nick Suan via NANOG writes:
I was actually interested to see if the EX series would let me do this, and i t turns out that if STP is enabled on any of the switch interfaces, it won't: tevruden@core-02# commit check [edit protocols rstp] 'interface' XSTP : Interface ge-0/0/0.0 is not enabled for Ethernet Switching error: configuration check-out failed
Do you have any rstp-specific overrides in your config? E.g. we have things like this in some of ours:
rstp { interface ge-0/0/45 { cost 1000; mode point-to-point; } interface ge-1/0/45 { cost 1000; mode point-to-point; } interface ae4; bpdu-block-on-edge; }
With the interfaces gone I would expect the commit check to fail.
--lyndon
On Feb 11, 2022, at 14:18 , Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@orthanc.ca> wrote:
On an EX4300 switch running JunOS 14.1 let's imagine I typed
config delete interfaces
before coming to my senses. How am I supposed to back out of that mess?
top rollback
For the life of me, after a week of reading the 3000 page reference manual, and endless DuckDuckGoing, I cannot see a simple way of just abandoning the commit. I've got to be missing something stunningly obvious here because it's unthinkable that this functionality doesn't exist. Help?!?
You can also do: config <do something stupid> commit rollback 1 commit And still get back to where you were before <do something stupid>
The only way out I can see is to drop into the shell, make an uncompressed copy of juniper.conf.gz, then pop back into the config editor and load that over top of the editor's config view. Surely there's a saner way of dealing with this.
Much. Owen
Owen DeLong writes:
top rollback
I am *sure* I tried exactly that but it wasn't working as I expected. But maybe I was just imagining things. And somehow I completely missed the 'rollback 0' variant while plowing through the documentation. Thanks everyone for assisting the blind ;-) --lyndon
On 2/16/22 9:56 AM, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
And still get back to where you were before <do something stupid>
It is exactly this feature of the junos cli, over and above everything else, that really solidified junos for me as my new preferred platform over IOS. In my case, a central pain point had been the 'immediate punishment' of cli commands taking effect, the inability to 'test' before commit, and the inability to rollback if error. I have made some fat finger mistakes that required dispatching to hours away locations to regain administrative control for example, and while rare, these are now a thing of the past (as long as you are using "commit confirmed"). Mike-
On 2/16/22 09:56, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
Unless you're remote and <do something stupid> breaks your ability to reach the box. Then you're hosed after the first "commit". -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
that's what the "commit confirm xxx" command is for. :) Andrew On 2/16/22 3:23 PM, Jay Hennigan wrote:
On 2/16/22 09:56, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
Unless you're remote and <do something stupid> breaks your ability to reach the box. Then you're hosed after the first "commit".
-- Andrew Fried andrew.fried@gmail.com
Then you didn’t use “commit confirm” as in the post this replied to. Owen
On Feb 16, 2022, at 12:23, Jay Hennigan <jay@west.net> wrote:
On 2/16/22 09:56, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
Unless you're remote and <do something stupid> breaks your ability to reach the box. Then you're hosed after the first "commit".
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
edit rollback 0 commit "rollback 0" discards all your recent changes to the candidate configuration, include "delete interfaces". If you "rollback 0" then run "show | compare" no output will be displayed, meaning your changes have been discarded. Don't run "commit confirm x" when the change is "delete interfaces" Regards Paschal Masha | Engineering Skype ID: paschal.masha -----Original Message----- From: "Owen DeLong via NANOG" <nanog@nanog.org> To: "Jay Hennigan" <jay@west.net> Cc: nanog@nanog.org Sent: Thursday, February 17, 2022 01:14:08 AM Subject: Re: junos config commit question Then you didn’t use “commit confirm” as in the post this replied to. Owen
On Feb 16, 2022, at 12:23, Jay Hennigan <jay@west.net> wrote:
On 2/16/22 09:56, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
Unless you're remote and <do something stupid> breaks your ability to reach the box. Then you're hosed after the first "commit".
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Sure, but the post I replied to originally was someone stating that commit confirm is problematic when you forget the second commit. I was explaining the easy way to recover from that scenario and it then got taken out of context… Twice now. Owen
On Feb 16, 2022, at 19:54 , Paschal Masha <paschal.masha@ke.wananchi.com> wrote:
edit rollback 0 commit
"rollback 0" discards all your recent changes to the candidate configuration, include "delete interfaces". If you "rollback 0" then run "show | compare" no output will be displayed, meaning your changes have been discarded. Don't run "commit confirm x" when the change is "delete interfaces"
Regards Paschal Masha | Engineering Skype ID: paschal.masha
-----Original Message----- From: "Owen DeLong via NANOG" <nanog@nanog.org> To: "Jay Hennigan" <jay@west.net> Cc: nanog@nanog.org Sent: Thursday, February 17, 2022 01:14:08 AM Subject: Re: junos config commit question
Then you didn’t use “commit confirm” as in the post this replied to.
Owen
On Feb 16, 2022, at 12:23, Jay Hennigan <jay@west.net> wrote:
On 2/16/22 09:56, Owen DeLong via NANOG wrote:
You can also do: config <do something stupid> commit rollback 1 commit
Unless you're remote and <do something stupid> breaks your ability to reach the box. Then you're hosed after the first "commit".
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
participants (15)
-
Andrew Fried -
Christopher Morrow -
Dale Shaw -
Jason Biel -
Jay Hennigan -
Jon Lewis -
Lyndon Nerenberg (VE7TFX/VE6BBM) -
Marco Davids -
Mark Tinka -
mike+lists@yourtownonline.com -
Nick Suan -
Owen DeLong -
Paschal Masha -
Ryan Hamel -
Warren Kumari