Cisco IOS: can 'configure replace' be made to support automatic rollback for invalid config about napalm HOT 9 CLOSED

Okay, I added support for this.

ktbyers@e520822

I added an optional_arg named 'auto_rollback_on_error' that defaults to True. This will allow people to choose to ignore errors if necessary.

This is needed as Cisco IOS can have issues with the self-signed certificate and 'revert trigger error' wasn't added in IOS until 12.4(20)T.
I need to update the IOS unit tests to test this.

from napalm.

Notes, on behavior:

Working:

#configure replace flash:rollback_config.txt force
Total number of passes: 1
Rollback Done

Failed (invalid configuration command in the config):

#configure replace flash:candidate_config.txt force 
The rollback configlet from the last pass is listed below:
********
!List of Rollback Commands:
adfjasdfadfa
end
********
Rollback aborted after 5 passes
The following commands are failed to apply to the IOS image.
********
adfjasdfadfa
********

from napalm.

Behavior when doing automatic rollback at IOS level.

#configure replace flash:candidate_config.txt force revert trigger error 
Failed to apply command adfjasdfadfa
Aborting Rollback.
Rollback failed.Reverting back to the original configuration: flash:pynet-rtr1-cfgJan--6-12-49-44.412-PST-0 ...
Total number of passes: 1
Rollback Done
The original configuration has been successfully restored.
pynet-rtr1#show run | inc logging
logging buffered 10000
no logging console

So it did rollback the change to the original config (the original logging buffered was 10000; the candidate_config.txt changes it to 20000).

from napalm.

Here is what 'revert trigger error' looks like when it works:

#configure replace flash:rollback_config.txt force revert trigger error 
Total number of passes: 1
Rollback Done

from napalm.

So revert trigger error seems the way to go, right?

from napalm.

@dbarrosop Yes it looks like it would probably work:

Key issues:

1. Does IOS give you many false positives.
2. Related to item 1, the 'crypto pki certificate chain TP-self-signed-' frequently generates an error. I believe this is due to the 'quit' line at the end which consists of ' \tquit\n' (i.e. two spaces and then a tab) so when you copy this manually the tab gets converted to a space.
3. Do you need 'archive' configured-enabled for this to work (will need to test).

from napalm.

Just one comment, any prerequisites to make this work is just a matter to document them. So don't bother that much if the archive feature has to be enabled, if there is a reason for that people should do it. Dealing with IOS is already complex enough to not use that feature if it's available : )

from napalm.

@ktbyers Hi Kirk. Do you know if the issue with the quit command within the self-signed cert ever was resolved, or is there a workaround? I am having issues with ansible-napalm applying a Jinja2 template. When attempting the "configure replace" command manually on cli, I get the below error. Any guidance you can provide on this?

blah#configure replace flash:candidate_config.txt force revert trigger error
Failed to apply command no quit
Aborting Rollback.

Rollback failed.Reverting back to the original configuration: flash:archive-Sep--3-15-07-57.543-11 ..

from napalm.

@dbench Yep, looks like your configuration file (particularly your SSL certificate) is not valid (as per our other discussion in the separate GitHub thread).

Regards, Kirk

from napalm.