Two-stage Configuration Commit

This chapter describes how to enable two-stage configuration commit mode on the Cisco NX-OS device.

This chapter includes the following sections:

About Two-stage Configuration Commit

In an interactive session, when you run a command, it’s executed and it changes the running configuration. This behaviour is known as one-stage configuration commit. In the confirm-commit or the two-stage configuration commit, changes in configurations are stored in a staging database. These changes don’t affect the running configuration until you run the commit command. This two-stage process creates a target configuration session, where you can make, edit, and verify configuration changes before committing them to the running state of the switch. You can also commit the changes for a time period you specify before you commit them permanently. After the specified time period, the switch reverts to the previous configuration if you don’t run the commit command. When a commit is successful, you can view the commit information that includes the commit ID, username, and timestamp.

The following figure shows the two-stage configuration commit process.

Figure 1. Two-Stage Configuration Commit Process

Guidelines and Limitations

Two-stage configuration commit has the following configuration guidelines and limitations:

  • This feature is supported only for a CLI interface in a user-interactive session.

  • Before you run any feature-related configuration commands, enable the feature using the feature command and commit it using the commit command.

  • Two-stage configuration commit mode doesn’t support other modes like maintenance mode, scheduler mode, or virtual mode.

  • When you’re in the two-stage configuration commit mode, avoid editing configurations in one-stage configuration commit mode from different sessions at the same time.

  • Review the configurations using the show configuration command before committing the changes.

  • If the verification fails, edit and retry the commit.

  • If the commit fails, the configuration rolls back to the previous configuration.

  • Configurations that you don’t commit aren’t saved after you reload the switch.

  • This feature doesn’t support commits with NX-API, EEM, and PPM.

  • You can have only one active two-stage configuration commit session at a given time.

Configuring in Two-Stage Configuration Commit Mode

To enable a feature in the two-stage configuration commit mode, perform the following steps:


Note


In this procedure, the BGP feature is enabled as an example.


Procedure

  Command or Action Purpose

Step 1

configure dual-stage

Example:

switch# configure dual-stage
switch(config-dual-stage)#

Creates a new target configuration session.

Note

 

The target configuration isn’t a copy of the running configuration. It has only the configuration commands entered during the target configuration session.

Step 2

feature feature_name

Example:

switch(config-dual-stage)# feature bgp
switch(config-dual-stage)#

Enables the feature.

Note

 
  • You can enable the feature even before entering the two-stage configuration commit mode.

  • You can’t combine feature-related commands in a commit if the feature isn’t already enabled.

Step 3

commit [confirmedseconds]

Example:

switch(config-dual-stage-router)# commit confirmed 30
Verification Succeeded.
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.

Configuration committed by user 'admin' using Commit ID : 1000000001

switch(config-dual-stage)# 
switch(config-dual-stage)# commit
Confirming commit for trial session.
switch(config-dual-stage)#

Example:

switch(config-dual-stage)# hostname example-switch
switch(config-dual-stage)# commit 
Verification Succeeded.

Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Configuration committed by user 'admin' using Commit ID : 1000000002
example-switch(config-dual-stage)#

Commits changes to the running configuration.

  • confirmed : Commits the changes to the running configuration.

  • seconds : Commits the configuration in global configuration mode on a trial basis for a minimum of 30 seconds and a maximum of 65535 seconds.

Note

 

If you enter a trial period, run the commit command to confirm the configuration. If you don’t run the commit command, the switch reverts to the previous configuration after the trial period.

Step 4

Example:

switch(config-dual-stage)# router bgp 64515.46
switch(config-dual-stage-router)# 
switch(config-dual-stage-router)#   router-id 141.8.139.131
switch(config-dual-stage-router)#

Run any feature-related commands that are supported in this configuration mode.

Step 5

show configuration

Example:

switch(config-dual-stage-router)# show configuration
! Cached configuration
!
router bgp 64515.46
 router-id 141.8.139.131

Displays the target configuration.

Note

 

You can run this command only in the dual-stage configuration mode.

Step 6

commit [confirmed seconds ]

Example:

switch(config-dual-stage-router)# commit 
Verification Succeeded.
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Configuration committed by user 'admin' using Commit ID : 1000000003

Commits changes to the running configuration.

Step 7

(Optional) show configuration commit [changes] commit-id

Example:

switch(config-dual-stage-router)# show configuration commit changes 1000000003
*** /bootflash/.dual-stage/1000000003.tmp       Fri Mar 19 10:59:00 2021
--- /bootflash/.dual-stage/1000000003   Fri Mar 19 10:59:05 2021
***************
*** 378,383 ****
--- 378,385 ----
  line console
  line vty
  boot nxos bootflash:/nxos64.10.1.1.44.bin 
+ router bgp 64515.46
+   router-id 141.8.139.131
  xml server timeout 1200
  
  no priority-flow-control override-interface mode off

Example:

switch(config-dual-stage)# show configuration commit 1000000003 
feature bgp
router bgp 64515.46
  router-id 141.8.139.131
.
.
. 
(Optional)

Displays commit-related information.

Only the last 50 commits or the commit files stored in the reserved disk space are saved. The reserved disk space is 20 MB. All the commit sessions will be removed when you reload the switch. However, the commit IDs aren’t removed.

Use the show configuration commit changes commit-id command to view only the changes in the current session of the commit you specify.

Use the show configuration commit commit-id command to view the complete configurations in the commit you specify.

Step 8

(Optional) save configuration filename

Example:

switch(config-dual-stage)# save configuration bootflash:test.cfg
(Optional)

Saves the target configurations to a separate file without committing them to the running configuration.

Note

 
  • You can load the target configuration files later, modify, or commit. The file will be saved in bootflash.

  • You can view the configuration file you saved by running the show configuration file filename command.

  • Some of the user-specific information will be masked based on the user role.

Step 9

(Optional) load filename

Example:

switch (config-dual-stage)# show configuration 
! Cached configuration
switch (config-dual-stage)# load test.cfg
switch (config-dual-stage-router)# show configuration 
! Cached configuration
!
router bgp 1
switch(config-dual-stage-router)#
(Optional)

Loads a target configuration that you saved. After loading a file, you can modify it or commit it to the running configuration. To save the changes, use the save configuration filename command.

You can load a target configuration that you saved using only the save configuration filename command.

Step 10

(Optional) clear configuration

Example:

switch(config-dual-stage)# show configuration 
! Cached configuration
!
router bgp 64515.46
router-id 141.8.139.131
switch (config-dual-stage)# clear configuration 
switch (config-dual-stage)# show configuration 
! Cached configuration
switch (config-dual-stage)#
(Optional)

Clears changes made to the target configuration without terminating the configuration session. It deletes any configuration changes that aren’t committed.

Step 11

end

Example:

switch(config-dual-stage-if)# end
Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]

Exits the global dual stage configuration mode.

If you end a configuration session without committing the configuration changes, you’ll be prompted to save changes, discard changes, or cancel the action:

  • Yes: Commits the configuration changes and exit configuration mode

  • No: Exits the configuration mode without committing the configuration changes

  • Cancel: Remains in configuration mode without committing the configuration changes

Note

 
  • If you choose to exit when a confirm commit timer is running, the same options are displayed. If you still chose to exit, the trial configuration rolls back instantly.

  • If the default session times out before the timer expires, the trial configuration rolls back before exiting the session. In this case, no warning message appears.

Aborting the Two-Stage Configuration Commit Mode

When you abort a configuration session, uncommitted changes are discarded and the configuration session ends. No warning appears before the configuration changes are deleted.

switch(config-dual-stage)# router bgp 1
switch(config-dual-stage-router)# neighbor 1.2.3.4
switch(config-dual-stage-router-neighbor)# remote-as 1
switch(config-dual-stage-router-neighbor)# show configuration 
! Cached configuration
!
router bgp 1
neighbor 1.2.3.4
remote-as 1
switch(config-dual-stage-router-neighbor)# show run bgp 

!Command: show running-config bgp
!Running configuration last done at: Wed Mar 17 16:17:40 2021
!Time: Wed Mar 17 16:17:55 2021

version 10.1(2) Bios:version 
feature bgp


switch(config-dual-stage-router-neighbor)# abort
switch# show run bgp

!Command: show running-config bgp
!Running configuration last done at: Wed Mar 17 16:18:00 2021
!Time: Wed Mar 17 16:18:04 2021

version 10.1(2) Bios:version 
feature bgp

switch#

Displaying Commit IDs

At each successful commit, the commit ID is displayed in the syslog. The total number of commit IDs saved in the system depends on the configuration size and the disk space available. However, the maximum number of commit IDs stored at any given time is 50.

Use the show configuration commit list command to view information about the last 50 commit IDs. Each entry shows the user who committed configuration changes, the connection used to execute the commit, and commit ID timestamp.
switch# show configuration commit list
SNo. Label/ID     User     Line         Client     Time Stamp
~~~~ ~~~~~~~~~~~~ ~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
1    1000000001   admin    /dev/ttyS0   CLI        Wed Jul 15 15:21:37 2020
2    1000000002   admin    /dev/ttyS0   Rollback   Wed Jul 15 15:22:15 2020
3    1000000003   admin    /dev/pts/0   CLI        Wed Jul 15 15:23:08 2020
4    1000000004   admin    /dev/pts/0   Rollback   Wed Jul 15 15:23:46 2020

Rollback Capability

You can rollback the configuration to any of the previous successful commits. Use the rollback configuration command to rollback to any of the last 50 commits.

switch# rollback configuration to ?
1000000015
1000000016
1000000017

:
:

switch#

Each commit ID acts as a checkpoint of a running configuration. You can rollback to any given commit ID. A new commit ID will be generated after you rollback. If a confirm commit session is in progress, you cannot trigger a rollback until it is completed.


switch(config-dual-stage)# rollback configuration to 1000000002
Rolling back to commitID :1000000002
ADVISORY: Rollback operation started...
Modifying running configuration from another VSH terminal in parallel
is not recommended, as this may lead to Rollback failure.

Configuration committed by rollback using Commit ID : 1000000004
switch(config-dual-stage)#

Viewing Current Session Configurations

You can view the current session configuration using the show configuration command. This command is supported only in the dual-stage mode. The session configuration is cleared if a commit fails.

switch(config-dual-stage-cmap)# show configuration
! Cached configuration
!
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
switch(config-dual-stage-cmap)#

If there is no configuration, the following message appears:

switch(config-dual-stage)# show configuration
! Cached configuration
switch(config-dual-stage)# commit
No configuration changes to commit.
switch(config-dual-stage)#