Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Commit Script Overview

Understanding Commit Scripts

You can use Junos OS commit scripts to customize the validation process of your configurations in accordance with your own practices and policies and enforce custom configuration rules during the commit process. When you commit a candidate configuration, it is inspected by each active commit script. If a configuration violates your custom rules, the script can instruct Junos OS to take appropriate action. A commit script can:

  • Generate and display custom warning messages to the user.

  • Generate and log custom system log (syslog) messages.

  • Change the configuration to conform to your custom business rules.

  • Generate a commit error and halt the commit operation.

Commit scripts are based on the Junos XML management protocol and the Junos XML API. The Junos XML management protocol is an XML-based RPC mechanism, and the Junos XML API is an XML representation of Junos OS configuration statements and operational mode commands.

You can write commit scripts in Python, Extensible Stylesheet Language Transformations (XSLT), or Stylesheet Language Alternative syntaX (SLAX). The Junos XML API defines an XML equivalent for all statements in the Junos configuration hierarchy. Commit scripts use XML Path Language (XPath) to locate the configuration objects to inspect, and they use automation script constructs to specify the actions to perform on the configuration objects. The actions can generate messages or change the configuration.

Additionally, you can create macros, which enable you to use custom configuration syntax that simplifies the task of configuring Junos devices. By itself, your custom syntax has no operational impact on the device. A corresponding commit script macro uses your custom syntax as input data for generating standard Junos OS configuration statements that execute your intended operational impact.

To view the device's current configuration in XML, issue the show configuration | display xml command in CLI operational mode. To view your configuration in commit-script-style XML, issue the show configuration | display commit-scripts view command. Commit-script-style XML view displays the configuration in the format that would be input to a commit script.

Benefits of Commit Scripts

Commit scripts provide the following benefits:

  • Enable the enforcement of custom configuration rules.

  • Improve network reliability and uptime by minimizing human error.

  • Automatically correct configuration mistakes during a commit operation.

  • Abstract and simplify complex configurations.

  • Enforce scaling limits for critical settings.

Advantages of Using Commit Scripts

Reducing human error in a network configuration can significantly improve network uptime. Commit scripts enable you to control operational practices and enforce operational policy, thereby decreasing the possibility of human error. Restricting device configurations in accordance with custom design rules can vastly improve network reliability.

Consider the following examples of actions you can perform with commit scripts:

  • Basic sanity test—Ensure that the [edit interfaces] and [edit protocols] hierarchies are not accidentally deleted.

  • Consistency check—Ensure that every T1 interface configured at the [edit interfaces] hierarchy level is also configured at the [edit protocols rip] hierarchy level.

  • Dual Routing Engine configuration test—Ensure that the re0 and re1 configuration groups are set up correctly. When you use configuration groups, the inherited values can be overridden in the target configuration. A commit script can determine if an individual target configuration element is blocking proper inheritance of the configuration group settings.

  • Interface density—Ensure that a channelized interface does not have too many channels configured.

  • Link scaling—Ensure that SONET/SDH interfaces never have an MTU size less than 4 KB.

  • Import policy check—Ensure that an interior gateway protocol (IGP) does not use an import policy that imports the full routing table.

  • Cross-protocol checks—Ensure that all LDP-enabled interfaces are configured for an IGP, or ensure that all IGP-enabled interfaces are configured for LDP.

  • IGP design check—Ensure that the configuration never enables Level 1 IS-IS routers.

When a candidate configuration does not adhere to your design rules, a commit script can instruct Junos OS to generate custom warnings, record system log messages, or generate error messages that block the commit operation from succeeding. In addition, the commit script can change the configuration in accordance with your rules and then proceed with the commit operation.

Consider a network design that requires you to enable MPLS on every interface where you enable the ISO family of protocols. At commit time, a commit script inspects the configuration and issues an error if the configuration doesn't meet this requirement. This error causes the commit operation to fail and forces the user to update the configuration to comply.

Instead of an error, the commit script can issue a warning about the configuration problem and then automatically correct the configuration to enable MPLS on all interfaces. The commit script can also generate a system log message, indicating that the script took corrective action on the configuration.

Another option is to define a macro that enables ISO protocols and MPLS when you apply the macro to an interface. Configuring this macro simplifies the configuration task while ensuring that both protocols are configured together.

Finally, you can have the commit script correct the configuration using a transient change. In our example, a transient change can enable MPLS on ISO-enabled interfaces without displaying the corresponding configuration statements in the candidate configuration.

Note:

Commit scripts generate transient changes in the checkout configuration but not in the candidate configuration. The checkout configuration is the configuration database that the system checks for standard Junos OS syntax just before a configuration becomes active. This means transient changes are not saved in the configuration if you delete or deactivate the associated commit script. The show configuration | display commit-scripts command displays all the statements that are in the configuration, including statements that are generated by transient changes. For more information, see Overview of Generating Persistent or Transient Configuration Changes Using Commit Scripts.