Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSO] "Stage-one configuration apply on device failed" ZTP failure during bootstrap

0

0

Article ID: KB36534 KB Last Updated: 01 Mar 2021Version: 1.0
Summary:

This article explains what to check for and how to resolve the issue when users encounter the "Stage-one configuration apply on device failed" error in Contrail Service Orchestration (CSO) during bootstrap.

 

Symptoms:

Note: In CSO, a site or CPE refers to an NFX device.

Users may find that the site onboarding in CSO has failed. The job logs show that the bootstrap job is reporting the following error:

<error snip from job logs in CSO UI >

 

Solution:

Perform the following steps to resolve the problem:

  1. Check whether the device has established a TCP connection over port 7804 with CSO.

root@jdm:/var/home/juniper# netstat -antp | grep 7804
tcp 0 0 <DEVICE IP>:53214  <CSO IP?:7804 ESTABLISHED

The above output shows that it is in established state.

  1. Check the /var/log/syslog directory in the device JDM.

As seen below, the Phone Home Client (PHC) has been initiated and is able to reach CSO but it is not able to log in to vJunos0 (JCP component of NFX device). This message is logged continuously.

Feb  4 09:38:37 jdm jdmd: Delete all IFDs
Feb  4 09:38:37 jdm jdmd: IFD Constructor: {'ifd_name': 'hsxe0', 'ifd_namespace': 'host'}
Feb  4 09:38:37 jdm jdmd: Delete IFD with input: {'ifd_name': 'hsxe0', 'ifd_namespace': 'host'}
Feb  4 09:38:37 jdm jdmd: setting 9200 as MTU for interface:hsxe0
Feb  4 09:38:37 jdm jdmd: IFD set for property: ifd_mtu with value 9200 success
Feb  4 09:38:37 jdm jdmd: IFD Constructor: {'ifd_name': 'eth0br', 'ifd_namespace': 'host'}
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:<rpc-reply xmlns:junos="http://xml.juniper.net/junos/18.4R3/junos">
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:    <rpc-error>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:        <error-type>application</error-type>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:        <error-tag>invalid-value</error-tag>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:        <error-message>Password expected. Cant login to vjunos0</error-message>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:        <error-severity>error</error-severity>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:    </rpc-error>
Feb  4 09:38:37 jdm mgd: UI_CHILD_STATUS: Cleanup child '/usr/sbin/push_nfv_config', PID 31605, status 0
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:    <cli>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:        <banner>{master:0}</banner>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:    </cli>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read:</rpc-reply>
Feb  4 09:38:37 jdm mgd: UI_LOGOUT_EVENT: User 'root' logout
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_to_vm: Read :</rpc-reply>
Feb  4 09:38:37 jdm phone-home: phcd_apply_config_from_phs: vnf_name:vjunos0 Config commit Failed!
  1. Check the /var/log directory in JCP (vjunos0).

As indicated by the following logs, there is an authentication error for jdm-user, which is used by CSO. Due to this error, the bootstrap configuration to the device cannot be committed.

Feb 4 09:16:23 vjunos0 sshd[37534]: Postponed keyboard-interactive for jdm-sysuser from 192.0.2.254 port 52136 ssh2
Feb 4 09:16:23 vjunos0 sshd[37533]: Postponed keyboard-interactive for jdm-sysuser from 192.0.2.254 port 52136 ssh2 [preauth]
Feb 4 09:16:23 vjunos0 sshd[37533]: error: PAM: authentication error for jdm-sysuser from 192.0.2.254
Feb 4 09:16:23 vjunos0 sshd: SSHD_LOGIN_FAILED: Login failed for user 'jdm-sysuser' from host '192.0.2.254'

Note: The jdm-user should normally be able to SSH to JCP without any password.

  1. Add the following configuration in JDM to enable SSH access without a password for the jdm-user.

request setup jdm-auto-login vjunos0

After adding the above configuration, the bootstrap configuration should succeed and the site successfully onboarded.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search