# FAQ

Uniconfig uses a custom in memory database which is part of MD-SAL and it is a very fast storage for YANG modeled data. UniConfig uses datastore only for caching data in the scope of a single transaction. For persistence purposes, UniConfig uses PostgreSQL database.

Only the „outputs“ of a service are stored and managed by UniConfig (e.g. service generates bgp config for 10 devices, which is pushed into UniConfig). The services themselves are responsible for managing their configuration/operational state and rely on the same database to store configuration or operational data.

OpenConfig models are compiled as part of the UniConfig and because of this reason it is possible to change these models only before compilation. On the other side, NETCONF models can be dynamically loaded from device and also manually updated using dedicated RPC:

https://docs.frinx.io/frinx-uniconfig/UniConfig/user-guide/network-management-protocols/uniconfig_netconf/netconf-intro.html#registration-or-refreshing-of-netconf-cache-repository-using-rpc

Yes, all onboarded devices have full rollback implemented. But it is also possible to disable auto-rollback in UniConfig, so that successfully configured devices will keep their configuration. This can be done with setting up the 'do-rollback' flag to False in input of Commit RPC.

Yes, it is possible. To achieve this follow these steps:

• 1. sync (update operational)
• 2. show diff
• 3. drop the changes from device by replacing operational with config

You can either use the native device models (via UniConfig native) or use the existing translation units between OpenConfig and vendor models.

UniConfig has a DataBroker interface and a concept of InstanceIdentifier. Those are the model driven APIs for data access. More info:

https://wiki.opendaylight.org/view/OpenDaylight_Controller:MD-SAL:Concepts

A: Just to demonstrate API, in this example InterfaceConfigurations is read from CONF DS and put back to CONF DS.

ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
InstanceIdentifier`<InterfaceConfigurations>` iid = InstanceIdentifier.create(InterfaceConfigurations.class);
InterfaceConfigurations ifcConfig = xrNodeReadTx.read(LogicalDatastoreType.CONFIGURATION, iid).checkedGet();
rwTx.put(LogicalDatastoreType.CONFIGURATION, iid, ifcConfig);
rwTx.submit();

B: In this example InterfaceConfigurations is read from OPER DS.

ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
InstanceIdentifier`<InterfaceConfigurations>` iid = InstanceIdentifier.create(InterfaceConfigurations.class);
InterfaceConfigurations ifcConfig = xrNodeReadTx.read(LogicalDatastoreType.OPERATIONAL, iid).checkedGet();

UniConfig supports build-and-commit model using which it is possible to configure devices in the isolated transactions and commit them in parallel. If there are some conflicts between configured sets of devices, then the second transaction that is committed, will fail (however, it cannot happen on disjunct sets of devices).

FRINX UniConfig supports local authentification, password authentification, public key authentification Token authentification, RADIUS based authentification and subtree based authentification via AAA Shiro project.

If a device can not be reached during a UniConfig transaction (after trying reestablishing the connection) a timeout will occur and the cause for the transaction failure will be reported. UniConfig also uses keepalive messages for continuous verification of connection to devices (both using NETCONF and CLI management protocols).

UniConfig stores all committed configuration of devices, templates, and snapshots in the PostgreSQL database. We suggest to use existing techniques for backup that are also provided by PostgreSQL.

All customer specific validations and policy enforcements can be implemented in layers above UniConfig

UniConfig is written in JAVA and Kotlin which can use data objects generated from YANG. RESTful API (RESTCONF) can be used with language that implements REST client (for example, Python).

UniConfig instance is stateless - it doesn’t persist any configuration in its datastore (PostgreSQL is used for persistence) and it doesn’t keep permanent connections (connections to devices are created on-demand in the transaction). Because of the stateless architecture, UniConfig instances in the ‘cluster’ don’t have to communicate with each other and they don’t require any coordination. You must only keep in mind that requests that belong to the same transaction must be forwarded to the same UniConfig backend - for this purpose you can use any HA component that supports sticky sessions based on cookies (such as HA-proxy or Traefik).

FRINX UniConfig can propagate NETCONF notifications and internal UniConfig notifications or data-change-events from web sockets on Northbound API.

Yes it is. Each component writes logs at different verbosity levels of logging (ERROR, WARN, INFO, DEBUG, TRACE). We are using the logback framework for logging of messages - logging can be adjusted by modification of config/logback.xml file in the standard way. This file can be updated also on runtime. The second approach for adjusting of logging of some specific components is using logging controller: https://docs.frinx.io/frinx-uniconfig/UniConfig/user-guide/operational-procedures/logging/logging.html

installing/uninstalling process is done automatically - device is installed when UniConfig must read/write some data from/to device and device is automatically uninstalled at the end of the transaction if no other transaction is using the same installpoint. Users should not care about the installing process since it is transparent - it is useful only for debugging purposes. To get status of the installing process for all devices in the system, issue following request (it will show status as well as last connect attempt cause):

CLI devices:

curl --location --reQuestionuest GET 'http://localhost:8181/rests/data/network-topology:network-topology/topology=cli?content=nonconfig' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json'

NETCONF devices:

curl --location --reQuestionuest GET 'http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf?content=nonconfig' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json'

installing of device:

• 1. Opening IO session to device (TCP session with SSH and/or NETCONF on top of SSH session).
• 2. Exposing installpoint that can be used from internal API and RESTCONF API for interaction with device.

Installation of device contains internally also code for installing of device:

• 1. Opening internal transaction
• 2. installing of device with input parameters (CLI / NETCONF)
• 3. Syncing configuration from device
• 4. Writing configuration and install information into database
• 5. Uninstalling device
• 6. Committing transaction

If installing Junos devices is not possible and UniConfig gives response :

2020-03-23 03:26:07,174 ERROR [default-pool-5-2] (org.opendaylight.netconf.sal.connect.netconf.NetconfDevice) - RemoteDevice{junos}: Initialization in sal failed, disconnecting from device
java.lang.IllegalStateException: Cannot build Netconf device schema context.
at org.opendaylight.netconf.cache.impl.utils.NetconfSchemaContextFactory.buildSchemaContext(NetconfSchemaContextFactory.javanswer:64)
at org.opendaylight.netconf.cache.model.SchemaRepositoryRefs.buildSchemaContext(SchemaRepositoryRefs.javanswer:68)
at org.opendaylight.netconf.sal.connect.netconf.NetconfDevice$SchemaSetup.run(NetconfDevice.javanswer:515)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.javanswer:511)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.javanswer:125)
at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.javanswer:57)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.javanswer:78)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.javanswer:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.javanswer:624)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.javanswer:30)
at java.lang.Thread.run(Thread.javanswer:748)
Caused by: java.lang.IllegalStateException: There are not any sources left for building of schema context.
at org.opendaylight.netconf.cache.impl.utils.NetconfSchemaContextFactory.setUpSchema(NetconfSchemaContextFactory.javanswer:114)
at org.opendaylight.netconf.cache.impl.utils.NetconfSchemaContextFactory.buildSchemaContext(NetconfSchemaContextFactory.javanswer:61)
... 10 more

It is necessary to set up on Junos device netconf session compliant to RFC and Yang schemas (rfc-compliant, yang-compliant)

> configure
# set system services netconf rfc-compliant
# set system services netconf yang-compliant
# commit