[j-nsp] Getting configuration diffs via NETCONF

Ross Vandegrift ross at kallisti.us
Mon Nov 16 13:33:42 EST 2009


On Mon, Nov 16, 2009 at 12:43:47PM -0500, Phil Shafer wrote:
> Ross Vandegrift writes:
> >Is there anyway to programmatically request a diff of the candidate
> >and committed configurations?  I want the exact output of "show |
> >compare", and I want it in the form at the CLI for human documentation
> >purposes.
> 
> No, we don't have this yet, but should.  We can easily make both
> the text output and the equivalent XML (think of the content that
> will make that delta using the delete, insert, etc attributes), but
> we simply have not done it.

Damn, that'd have been a really great feature.  I need to record
deltas of automated changes for approval by a human in a change
control application.

The idea was:
1) Collect and submit the user's proposed change.
2) Collect the delta, rollback the candidate.
3) Submit delta to change control system.
4) Wait for human approval of change request.
5) Resubmit change, but commit instead of rollback.

> >I assume that JUNOS uses some XSLT/SLAX to convert XML hierarchies to
> >the form presented at the CLI.  Are those sheets available somewhere
> >for me to use?  An acceptable solution might be to fetch the candidate
> >and committed configurations, process them with the appropriate style
> >sheets, and produce the diff myself.
> 
> JUNOS does not use XSLT internally at all.  Most command output is
> generated at the source (RPD, DCD, etc) as XML and is converted to
> XML in the CLI using a proprietary formatting language called ODL
> (Output Definition Language).  But config is handled differently,
> with MGD generating text or xml (as required) from the config
> database as needed.  For normal "show configuration" output, MGD
> does the heavy lifting and the CLI just displays the lines in an
> opaque way.

Wow, that's pretty surprising.  Though I guess JUNOS's move to XML
could've happened before the prevalence of stylesheets.

It looks like I can kind of emulate what I need by piping scripts to
/usr/sbin/cli through ssh.  For the archives, something like this does
the trick for now:

-----
rvandegrift at malaclypse:~$ cat << EOF | ssh lab-4200
configure
show | compare
EOF
{master:0}
rvandegrift at lab-4200> configure 
Entering configuration mode
The configuration has been changed but not committed

{master:0}[edit]
rvandegrift at lab-4200# show | compare 
[edit interfaces ge-0/0/0]
+   description asdfasdf;

{master:0}[edit]
rvandegrift at lab-4200# 
rvandegrift at malaclypse:~$ 
-----


Ross

-- 
Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20091116/9598ad0f/attachment.bin>


More information about the juniper-nsp mailing list