Hi, > On 18/08/2018, at 1:06 AM, Michael Still <stillwa...@gmail.com> wrote: > > Side note on apply groups and display inheritance. I've submitted a Juniper > ER for an enhancement to have the ability to have ' | display inheritance' > a 'default' cli behavior (configurable via 'set cli display-inheritance' > option that is defaulted to off). I've also asked for a login-class option > to enable this for specific user role such as front line NOC users who may > benefit from having it on by default. This is ER-077163 if you want to poke > your Juniper SE about it.
Interesting. Personally I’d probably not make use of this - part of the intention of using groups, for me, is to keep the config succinct, and make it very clear when something is done outside a group - it’s either non-standard, or it’s config that’s only relevant here (i.e. IP addressing). Perhaps it would work if it marked up the config in some way that indicated it was inherited — I.e. in a way that isn’t the 3 or so lines of `## blah` stuff, which makes the config difficult to read. What about commit-scripts, and apply-flags omit? You’d need to have those included as well. I would be interested in a way to build a command alias with `| display inheritance | display commit-scripts | display omit | exclude #` or something - `exclude #` isn’t the best either, as # is often in int description etc. Perhaps an opscript or something. `show functional-configuration` Perhaps that could be a better feature (`show configuration functional` maybe), than the one you’ve proposed? I’d support that. I’d still want a way to indicate something is from a commit script or is normally omitted or what not - perhaps first char of the line could have > or * or some other markup. > The reason I've asked for this is specifically because I've seen NOC > personnel spend many cycles investigating an issue not realizing that > particular hidden apply-group config was affecting their investigation. We have so much stuff in groups that it’s almost impossible to know it’s not there. Groups first - only local config (IPs etc.) goes outside groups. > I have a couple other semi-related (to automation / configuration > enhancement) ER's going if folks are interested and would like to chat > about those directly. Would love to hear about them, maybe we can collaborate from different view points. -- Nathan Ward _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp