<Netconify> Commit Fail message when there is a warning.

[mamathac]

Model: SRX5600 standalone
Module: junos_install_config over console port.
Precondition: Device is zeroized and in amnesiac mode

YAML Code
  - junos_install_config:
       host={{ inventory_hostname }}
       file=/usr/local/junos/config/asthra_policy.conf
       timeout=3000
       user=root
       console="--telnet=bngsquid49-7044.englab.juniper.net,7044"
        logfile=/usr/local/junos/log/config_console.log
        overwrite='yes'
      register: junos

Since the device was zeroized, the license info was lost and configuration has ldp license configuration.
On running YAML code, on the device, the new config gets applied BUT with a warning.
[edit]
regress@asthra# commit
[edit security idp]
'security-package'
warning: requires 'idp-sig' license
commit complete

rpc error:
regress@asthra> junoscript netconf need-trailer 
<!-- No zombies were killed during the creation of this user interface -->
<!-- user regress, class j-super-user -->
<hello>
  <capabilities>
    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>
    <capability>http://xml.juniper.net/dmi/system/1.0</capability>
  </capabilities>
  <session-id>1734</session-id>
</hello>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X44/junos">
<load-configuration-results>
<ok/>
</load-configuration-results>
</rpc-reply>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X44/junos">
<rpc-error>
<error-severity>warning</error-severity>
<error-path>[edit security idp]</error-path>
<error-info>
<bad-element>security-package</bad-element>
</error-info>
<error-message>mgd: requires 'idp-sig' license</error-message>
</rpc-error>
dumpon: sysctl: machdep.do_dump: Operation not permitted
<ok/>
</rpc-reply>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X44/junos">
<load-configuration-results>
<ok/>
</load-configuration-results>
</rpc-reply>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X44/junos">
<ok/>
</rpc-reply>
]]>]]>
<!-- session end at 2014-05-29 04:59:00 PDT -->
% exit
logout

Playbook returns Incorrect message although commit has gone through:

failed: [asthra] => {"failed": true}
msg: faiure to commit configuration, aborting.

FATAL: all hosts have already failed -- aborting

---

Expected Behaviour:
Warning should be handled and instead of commit failure message, commit complete and warning should be displayed, as commit went through.

[jeremyschulman]

@mamathac - the netconify code use-case was intended to configure only the bare minimum configuration on an Amnesiac device. Please limit the configurations for these scenarios to configure only the following:

• host-name
• management ip-address
• enable ssh
• enable netconf
• root password
• "admin" account using either plaintext password and/or ssh-key

In the future we may expand the netconify functionality for broader use-cases; or take a different approach for Console/Termserv based configuration options.

Hope this helps!

[mamathac]

Tried console config with a baseline config file on Popeye and worked fine.
Basic functionality of config over console met. Acceptable.
Here is the result:

2014-05-30 10:31:17,598:NETCONIFY:popeye:login:connecting to TTY:bngsquid25-7010.englab.juniper.net:7010 ...
2014-05-30 10:31:17,607:NETCONIFY:popeye:login:logging in ...
2014-05-30 10:31:19,703:NETCONIFY:popeye:login:starting NETCONF
2014-05-30 10:31:22,228:NETCONIFY:popeye:conf:loading into device ...
2014-05-30 10:31:35,208:NETCONIFY:popeye:conf:commit ... please be patient
2014-05-30 10:32:01,949:NETCONIFY:popeye:conf:commit completed.
2014-05-30 10:32:01,950:NETCONIFY:popeye:logout:logging out .

regress@vm-nomadic-ubuntu:~/ansible_junos/mydir_ansible/pb$ ansible-playbook override_config_console --limit popeye -v

PLAY [Load Config over console port] ******************************************

GATHERING FACTS ***************************************************************
ok: [popeye]

TASK: [junos_install_config host={{inventory_hostname}} file=/usr/local/junos/config/popeye_baseline.conf timeout=3000 user=root console="--telnet=bngsquid25-7010.englab.juniper.net,7010" logfile=/usr/local/junos/log/config_console.log overwrite='yes'] ***
changed: [popeye] => {"changed": true}

PLAY RECAP ********************************************************************
popeye : ok=2 changed=1 unreachable=0 failed=0

[shermdog]

This issue is present in both netconfiy and pyez. Deferring for now and will look at fixing this in concert with PyEZ.

[ojagodzinski]

problem mentioned in first post is resolved by this change -> #27
it is caused by checking only first child (look at commented line) of rpc response, in your case that is some error message tag (only informational because configuration check passes). Next function fails on finding "ok" in this tag.