Troubleshoot Ansible Errors When Configuring Junos Devices
The following sections outline errors that you might encounter when using the
juniper.device.config module to configure Junos devices. These
sections also present potential causes and solutions for each error.
Troubleshoot Configuration Timeout Errors
Problem
Description
The module generates a TimeoutExpiredError error message and
fails to update the device configuration.
ncclient.operations.errors.TimeoutExpiredError: ncclient timed out while waiting for an rpc reply
Cause
The default time for a NETCONF RPC to time out is 30 seconds. Large configuration changes might exceed this value causing the operation to time out before the configuration can be uploaded and committed.
Solution
To accommodate configuration changes that might require a commit time that is
longer than the default RPC timeout interval, set the module’s
timeout argument to an appropriate value and re-run the
playbook.
Troubleshoot Configuration Lock Errors
Problem
Description
The module generates an error message indicating that the configuration database cannot be locked. For example:
FAILED! => {"changed": false, "msg": "Unable to open the configuration in exclusive mode: LockError(severity: error, bad_element: None, message: configuration database modified)"}
or
FAILED! => {"changed": false, "msg": "Unable to open the configuration in exclusive mode: LockError(severity: error, bad_element: lock-configuration, message: permission denied)"}
Cause
A configuration lock error can occur for the following reasons:
-
Another user has an exclusive lock on the configuration.
-
Another user made changes to the configuration database but has not yet committed the changes.
-
The user executing the Ansible module does not have permissions to configure the device.
Solution
The LockError message string usually indicates the root cause of
the issue. If another user has modified or has an exclusive lock on the
configuration, wait until the changes are committed or the lock is released, and
execute the playbook again. If the cause is that the user does not have
permissions to configure the device, either execute the playbook with a user who
has the necessary permissions, or if appropriate, configure the Junos device to
give the current user the necessary permissions to make the changes.
Troubleshoot Configuration Load Errors
Problem
Description
The module generates a ConfigLoadError error message
indicating that the configuration cannot be modified because permission is
denied.
FAILED! => {"changed": false, "msg": "Failure loading the configuraton: ConfigLoadError(severity: error, bad_element: scripts, message: error: permission denied)"}
Cause
The Ansible module generates this error message when the user executing the module has permission to modify the configuration but does not have permission to alter the requested section of the configuration.
Solution
To solve this issue, either execute the playbook with a user who has the necessary permissions, or if appropriate, configure the Junos device to give the current user the necessary permissions to make the changes.
Troubleshoot Commit Errors
Problem
Description
The module generates a CommitError error message indicating
that the commit operation failed due to a configuration lock error.
FAILED! => {"changed": false, "msg": "Unable to commit configuration: CommitError(edit_path: None, bad_element: None, message: error: remote lock-configuration failed on re0\n\nnote: consider using 'commit synchronize force' to\nterminate remote edit sessions and force the commit)"}Cause
A configuration lock error can occur for the reasons described in Troubleshoot Configuration Lock Errors. However, a
configuration lock failed message might be generated as part of a
CommitError instead of a LockError. This
situation can occur when a task requests a commit check and a commit operation,
and the device initiates the commit operation before the commit check operation
releases the configuration lock.
Solution
To enable sufficient time for the device to complete the commit check operation
and release the configuration lock before initiating the commit operation, set
the module’s check_commit_wait parameter to an appropriate
value and re-run the playbook. The check_commit_wait value is
the number of seconds to wait between the commit check and commit operations.
The following sample task waits five seconds between the commit check and commit operations:
- name: "Load configuration. Wait 5 seconds between check and commit"
juniper.device.config:
load: "merge"
format: "text"
src: "build_conf/{{ inventory_hostname }}/junos.conf"
check_commit_wait: 5
comment: "updated using Ansible"