[j-nsp] Network automation vs. manual config

Nathan Ward juniper-nsp at daork.net
Sun Aug 19 02:11:17 EDT 2018 

Hi,

> On 18/08/2018, at 1:06 AM, Michael Still <stillwaxin at gmail.com> wrote:
> 
> Side note on apply groups and display inheritance. I've submitted a Juniper
> ER for an enhancement to have the ability to have ' | display inheritance'
> a 'default' cli behavior (configurable via 'set cli display-inheritance'
> option that is defaulted to off). I've also asked for a login-class option
> to enable this for specific user role such as front line NOC users who may
> benefit from having it on by default. This is ER-077163 if you want to poke
> your Juniper SE about it.

Interesting.

Personally I’d probably not make use of this - part of the intention of using groups, for me, is to keep the config succinct, and make it very clear when something is done outside a group - it’s either non-standard, or it’s config that’s only relevant here (i.e. IP addressing).

Perhaps it would work if it marked up the config in some way that indicated it was inherited — I.e. in a way that isn’t the 3 or so lines of `## blah` stuff, which makes the config difficult to read.

What about commit-scripts, and apply-flags omit? You’d need to have those included as well.

I would be interested in a way to build a command alias with `| display inheritance | display commit-scripts | display omit | exclude #` or something - `exclude #` isn’t the best either, as # is often in int description etc.
Perhaps an opscript or something.
`show functional-configuration`

Perhaps that could be a better feature (`show configuration functional` maybe), than the one you’ve proposed? I’d support that.
I’d still want a way to indicate something is from a commit script or is normally omitted or what not - perhaps first char of the line could have > or * or some other markup.

> The reason I've asked for this is specifically because I've seen NOC
> personnel spend many cycles investigating an issue not realizing that
> particular hidden apply-group config was affecting their investigation.

We have so much stuff in groups that it’s almost impossible to know it’s not there. Groups first - only local config (IPs etc.) goes outside groups.

> I have a couple other semi-related (to automation / configuration
> enhancement) ER's going if folks are interested and would like to chat
> about those directly.

Would love to hear about them, maybe we can collaborate from different view points.

--
Nathan Ward

More information about the juniper-nsp mailing list