[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Working with Configuration Files in XML Format

The load merge, load override, and load replace commands let you update configuration statements in the SRC configuration from an XML file. The structure of this file must conform to the structure for an SRC configuration file. For this reason, we recommend that you copy a configuration to an XML file and modify that file.

For a merge or replace operation, you can save a copy of the configuration at any level in the configuration hierarchy, then load the updated configuration at the same level.

Use the editor of your choice to modify a saved configuration file. When you edit an XML file that is to be loaded into the SRC configuration, you can add specified attributes to XML tags to specify actions to be taken.

About XML Format for Configuration Files

The XML structure follows the same hierarchy as the CLI. For example, in configuration mode the following statements are available at the [edit system] hierarchy level:

[edit system]
user@host# set ?
Possible completions:
+ authentication-order Order in which authentication methods are invoked
+ domain-search        List of domain names to search
  host-name            Hostname for C-series platform
> ldap                 LDAP properties
> login                Login properties
+ name-server          DNS name servers
> ntp                  Configure NTP
> radius-server        RADIUS server configuration
> services             System services configuration
> syslog               System log configuration
> tacplus-server       TACACS+ server configuration
  time-zone            Time zone definition name

In an XML file, the tags within the <system> tags are the same as the statements in the [edit system] hierarchy. The tags under <system> can appear in any order.

<configuration>
    <system>
        <authentication-order> </authentication-order>
        <domain-search> </domain-search>
        <host-name> </host-name>
        <ldap> </ldap>
        <login> </login>
        <name-server> </name-server>
        <ntp> </ntp>
        <radius-server> </radius-server>
        <services> </services>
        <syslog> </syslog>
        <tacplus-server> </tacplus-server>
        <time-zone> </time-zone>
    </system>
</configuration>

The following example shows parts of a configuration file for statements in the [edit system] hierarchy:

<?xml version="1.0"?>
<configuration>
    <system>
        <time-zone>Canada/Eastern</time-zone>
        <services>
            <telnet/>
            <ssh>
                <root-login>allow</root-login>
            </ssh>
        </services>
        <host-name>myhost</host-name>
        <name-server>192.2.2.10</name-server>
        <name-server>192.2.2.20</name-server>
        <domain-search>mydomain.juniper.net</domain-search>
        <domain-search>juniper.net</domain-search>
        <ntp>
            <server> <address>192.2.2.100</address>
            </server>
            <boot-server>192.2.2.100</boot-server>
        </ntp>
        <ldap>
            <server>
                <address>10.227.2.100</address>
            </server>
            <boot-server>10.227.2.100</boot-server>
        </ldap>
        <ldap>
            <server>
                <community>
                    <primary-neighbors>neighbor1</primary-neighbors>
                    <role>primary</role>
                </community>
            </server>
        </ldap>
        <ldap>
            <client>
                <connection-manager-id>CLI_DATA_MANAGER
                </connection-manager-id>
            . . .
            </client>    
        </ldap>
        <login>
            <class>
                <name>class-cfg</name>
                <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
                <permissions>configure</permissions>
                <permissions>interface</permissions>
            </class>
            <user>
                <user-name>admin</user-name>
                <class>super-user</class>
                <full-name>admin</full-name>
                <uid>500</uid>
                <gid>100</gid>
                <authentication>
                    . . .
                </authentication>
                <level>normal</level>
                <complete-on-space>on</complete-on-space>
            </user>
        </login>
        <syslog>
            . . .
        </syslog>
    </system>
</configuration>

Using Attributes When Editing an XML Configuration File

You can add the following attributes to XML tags in a configuration file to be loaded through the load merge, load override, and load replace commands. If you do not add any attribute tags, the software merges all changes.

If you try to create a configuration object that already exists, the software does not create the new objects and generates an error message to that effect.

Do not use the replace attribute in a file to be loaded through the load merge command. If the replace attribute is in the file whose contents are merged, the command disregards the replace attribute.

You can modify a single value by inserting an attribute into one tag. For example, to delete the name server that has the IP address 192.2.2.20:

<configuration>
    <system>
        <name-server operation="delete">192.2.2.20</name-server>
    </system>
</configuration>

You can also modify a number of values within a hierarchy by adding an attribute at a higher level in the hierarchy. For example, to replace permissions for the class named class-cfg in the following configuration:

<configuration>
    <system>
            <class>
                <name>class-cfg</name>
                <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
                <permissions>configure</permissions>
                <permissions>interface</permissions>
            </class>
    </system>
</configuration>

Enter the replace attribute for the class:

<configuration>
    <system>
        <login>
            <class operation="replace">
                <name>class-cfg</name>
                <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
                <permissions>control</permissions>
                <permissions>maintenance</permissions>
            </class>
        </login>
    </system>
</configuration>


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]