Defining and Enforcing Configuration Rules with Commit Scripts

Being able to restrict network configurations in accordance with custom configuration rules can reduce human error and improve network uptime and reliability. Commit scripts allow you to enforce custom configuration rules.

This section contains the following topics:

Commit Script Overview
Enabling Commit Scripts
Disabling Commit Scripts

Commit Script Overview

Commit scripts run each time a new candidate configuration is committed and inspect the configuration. If a candidate configuration does not adhere to your design rules, a commit script can instruct the services router to perform various actions, including the following:

Generate custom warning messages, system log messages, or error messages.
If error messages are generated, the commit operation fails and the candidate configuration remains unchanged.
Change the configuration in accordance with your rules and then proceed with the commit operation.

Consider the following examples of actions you can perform with commit scripts:

Run a basic sanity test. Ensure that the [edit interfaces] and [edit protocols] hierarchies have not been accidentally deleted.
Check configuration consistency. Ensure that every T1 interface configured at the [edit interfaces] hierarchy level is also configured at the [edit protocols rip] hierarchy level.
Enforce network design rules. For example, suppose your network design requires every interface on which the International Organization for Standardization (ISO) family of protocols is enabled to also have Multiprotocol Label Switching (MPLS) enabled. At commit time, a commit script inspects the configuration and issues an error if this requirement is not met. This error causes the commit operation to fail and forces the user to update the configuration to comply.
Instead of an error, the commit script can issue a warning about the configuration problem and then automatically correct it, by changing the configuration to enable MPLS on all interfaces. A system log message can also be generated indicating that corrective action was taken.

The scripting language you use for writing commit scripts is Extensible Stylesheet Language Transformations (XSLT). XSLT commit scripts are based on Junos XML protocol Extensible Markup Language (XML).

Enabling Commit Scripts

To enable commit scripts:

Write a commit script.
For information about writing commit scripts, see the Junos Configuration and Operations Automation Guide.
Copy the script to the /var/db/scripts/commit directory.
Only users with superuser privileges can access and edit files in the /var/db/scripts/commit directory.
Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Perform the configuration tasks described in Table 47.
If you are finished configuring the network, commit the configuration.

Table 47: Enabling Commit Scripts

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the Commit level in the configuration hierarchy.	In the J-Web interface, select CLI Tools>Point and Click CLI. Next to System, click Configure or Edit. Next to Scripts, click Configure or Edit. Next to Commit, click Configure or Edit.	From the [edit] hierarchy level, enter edit system scripts commit
Enable the commit script file—for example, commit-script.xsl.	Next to File, click Add new entry. In the File name box, type commit-script.xsl. Click OK.	Set the script file name: set file commit-script.xsl

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Commit level in the configuration hierarchy.

In the J-Web interface, select CLI Tools>Point and Click CLI.
Next to System, click Configure or Edit.
Next to Scripts, click Configure or Edit.
Next to Commit, click Configure or Edit.

From the [edit] hierarchy level, enter

edit system scripts commit

Enable the commit script file—for example, commit-script.xsl.

Next to File, click Add new entry.
In the File name box, type commit-script.xsl.
Click OK.

Set the script file name:

set file commit-script.xsl

Disabling Commit Scripts

If you do not want a commit script to run, you can disable it by deleting or deactivating it in the configuration. Deleting a commit script permanently removes it from the configuration. To run the script later, you must reenable the script as described in Enabling Commit Scripts. Deactivating a commit script disables the script until you activate it later.

To delete a commit script:

From configuration mode in the CLI, enter the following command:

user@host# delete system scripts commit filename.xsl
Commit the configuration:
user@host# commit
```
commit complete
```

To deactivate a commit script:

From configuration mode in the CLI, enter the following command:

user@host# deactivate system scripts commit filename.xsl
Commit the configuration:
user@host# commit
```
commit complete
```
Note: You can later reactivate the commit script using the activate system scripts commit filename.xsl command.