Knowledge Search


×
 

[CSO] Unable to deploy LAN segments

  [KB35088] Show Article Properties


Summary:

This KB article explains a specific issue in CSO 4.1.1 with respect to adding LAN segments.

Symptoms:

CSO tries to push stale LAN entry (which does not exists in CSO anymore):

Task: add-department
Sep 9, 2019, 1:54:12 PMStage 2 config start, task_id = add-department ...
Sep 9, 2019, 1:54:13 PMStart stage-2-config stage 1: resolve profile add-department success
Sep 9, 2019, 1:54:13 PMStart stage-2-config stage 2: create abstract configs success: {'JDM': [], 'JUNOS': [[u'default-domain', u'DOMAIN', u'Site', u'JUNOS/srx-add-department-config']], 'JCP': [], 'GWR': []}
Sep 9, 2019, 1:54:13 PMConfigs to be deployed include {'JUNOS': [[u'default-domain', u'DOMAIN', u'Site', u'JUNOS/srx-add-department-config']]}
Sep 9, 2019, 1:54:13 PMAbout to publish and deploy JUNOS configs [[u'default-domain', u'DOMAIN', u'Site', u'JUNOS/srx-add-department-config']]
Sep 9, 2019, 1:57:01 PMStart 2 config for JUNOS: [[u'default-domain', u'DOMAIN', u'Site', u'JUNOS/srx-add-department-config']] deployed failed, reason: {"status": "FAILURE", "hapi_remote_host": "csp.csp-dms-cms-inv-central-core-2909752705-46jr9", "description": "{\"error_data\": {\"status_code\": \"500\", \"error_tag\": \"Command Execution Error\", \"error_message\": \"requestid: UI_f7c13421-4703-533a-e644-58d35cb01153,qUNw,XjRo,lUpD,nnUP.ae1c9508-d34c-11e9-9aea-0242ac10151a deviceid: b715277c-4d6b-442e-a905-bfbecdec9aba commit comment \\\"CSO_Rcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\bQ_ID:UI_f7c13421-47cspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b3-533a-e644-58d35cbcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b1153,qUNw,XjRo,lUpDcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\bnnUP\\\" \\n[edit security zones security-zone IOT]\\n 'interfaces ge-0/0/5.100'\\n Interface ge-0/0/5.100 must be configured under interfaces\\nerror: configuration check-out failed\\n\\n[edit]\\ncspuser@XXXXXXXXXXXX.Site.DOMAIN# \", \"error_diag\": \"This error is propagated from DCS. It occurs during device command execution. \"}}", "hapi_user_client_ip": "X.X.X.X", "hapi_request_id": "UI_f7c13421-4703-533a-e644-58d35cb01153,qUNw,XjRo,lUpD", "details": {"5741e2ec-c561-42cf-b588-29a1ad623876": {"status": "FAILURE", "abstract_config_uuid": "5741e2ec-c561-42cf-b588-29a1ad623876", "description": "{\"error_data\": {\"status_code\": \"500\", \"error_tag\": \"Command Execution Error\", \"error_message\": \"requestid: UI_f7c13421-4703-533a-e644-58d35cb01153,qUNw,XjRo,lUpD,nnUP.ae1c9508-d34c-11e9-9aea-0242ac10151a deviceid: b715277c-4d6b-442e-a905-bfbecdec9aba commit comment \\\"CSO_Rcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\bQ_ID:UI_f7c13421-47cspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b3-533a-e644-58d35cbcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b1153,qUNw,XjRo,lUpDcspuser@XXXXXXXXXXXX.Site.DOMAIN# ... \\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\b\\bnnUP\\\" \\n[edit security zones security-zone IOT]\\n 'interfaces ge-0/0/5.100'\\n Interface ge-0/0/5.100 must be configured under interfaces\\nerror: configuration check-out failed\\n\\n

Cause:

This issue arises due to a wrong combination of tagged and untagged lan-segments using same LAN port. This wrong combination leads the site to a bad state as no more lan-segments can be added after this state.

Solution:

Steps to trigger this issue:

CSO version 4.1.1

  1. Deploy site with one tagged LAN segments
  2. Click on the site and configure another untagged LAN segment
  3. Deployment of untagged LAN segment fails: Subsequent publish will fail with this LAN segment error
  4. If user attempts to delete untagged LAN and create tagged VLAN, it fails
  5. All the subsequent deployment job fails unless manually abstract config is cleared via any rest API
OR
  1. Deploy site with one untagged LAN segments
  2. Click on the site and configure another tagged LAN segment
  3. Deployment of tagged LAN segment fail: Subsequent publish will fail with this LAN segment error
  4. If user attempts to delete tagged LAN and create untagged VLAN, it fails
  5. All the subsequent deployment job fails unless manually abstract config is cleared via any rest API

If you are facing this issue, please contact your JTAC representative to resolve this issue. This workaround must be applied by JTAC to avoid any data inconsistencies.

The workaround is to delete ems-central/abstract-config object corresponding to srx-add-department-config. After this, it starts working until a wrong combination is tried again.

Fix: There is validation in place in CSO version 5.0.1/5.0.2 which prevents users to enter a wrong combination.
Related Links: