Troubleshoot Ansible Errors When Configuring Junos Devices
The following sections outline errors that you might encounter when using the
config
module in the juniper.device
collection or
the juniper_junos_config
module in the Juniper.junos
role to configure Junos devices. These sections also present potential causes and
solutions for each error.
Troubleshoot Configuration Timeout Errors
Problem
Description
The module generates a TimeoutExpiredError
error message and
fails to update the device configuration.
ncclient.operations.errors.TimeoutExpiredError: ncclient timed out while waiting for an rpc reply
Cause
The default time for a NETCONF RPC to time out is 30 seconds. Large configuration changes might exceed this value causing the operation to time out before the configuration can be uploaded and committed.
Solution
To accommodate configuration changes that might require a commit time that is
longer than the default RPC timeout interval, set the module’s
timeout
argument to an appropriate value and re-run the
playbook.
Troubleshoot Configuration Lock Errors
Problem
Description
The module generates an error message indicating that the configuration database cannot be locked. For example:
FAILED! => {"changed": false, "msg": "Unable to open the configuration in exclusive mode: LockError(severity: error, bad_element: None, message: configuration database modified)"}
or
FAILED! => {"changed": false, "msg": "Unable to open the configuration in exclusive mode: LockError(severity: error, bad_element: lock-configuration, message: permission denied)"}
Cause
A configuration lock error can occur for the following reasons:
-
Another user has an exclusive lock on the configuration.
-
Another user made changes to the configuration database but has not yet committed the changes.
-
The user executing the Ansible module does not have permissions to configure the device.
Solution
The LockError
message string usually indicates the root cause of
the issue. If another user has an exclusive lock on the configuration or has
modified the configuration, wait until the lock is released or the changes are
committed, and execute the playbook again. If the cause of the issue is that the
user does not have permissions to configure the device, either execute the
playbook with a user who has the necessary permissions, or if appropriate,
configure the Junos device to give the current user the necessary permissions to
make the changes.
Troubleshoot Configuration Load Errors
Problem
Description
The module generates a ConfigLoadError
error message
indicating that the configuration cannot be modified, because permission is
denied.
FAILED! => {"changed": false, "msg": "Failure loading the configuraton: ConfigLoadError(severity: error, bad_element: scripts, message: error: permission denied)"}
Cause
This error message is generated when the user executing the Ansible module has permission to modify the configuration but does not have permission to alter the requested section of the configuration.
Solution
To solve this issue, either execute the playbook with a user who has the necessary permissions, or if appropriate, configure the Junos device to give the current user the necessary permissions to make the changes.
Troubleshoot Commit Errors
Problem
Description
The module generates a CommitError
error message indicating
that the commit operation failed due to a configuration lock error.
FAILED! => {"changed": false, "msg": "Unable to commit configuration: CommitError(edit_path: None, bad_element: None, message: error: remote lock-configuration failed on re0\n\nnote: consider using 'commit synchronize force' to\nterminate remote edit sessions and force the commit)"}
Cause
A configuration lock error can occur for the reasons described in Troubleshoot Configuration Lock Errors. However, a
configuration lock failed message might be generated as part of a
CommitError
instead of a LockError
in the
event that the task requests a commit check and a commit operation, and the
device initiates the commit operation before the commit check operation releases
the configuration lock.
Solution
To enable sufficient time for the device to complete the commit check operation
and release the configuration lock before initiating the commit operation, set
the module’s check_commit_wait
parameter to an appropriate
value and re-run the playbook. The check_commit_wait
value is
the number of seconds to wait between the commit check and commit operations.
The following sample task waits five seconds between the commit check and commit operations:
- name: "Load configuration. Wait 5 seconds between check and commit" juniper.device.config: load: "merge" format: "text" src: "build_conf/{{ inventory_hostname }}/junos.conf" check_commit_wait: 5 comment: "updated using Ansible"