Resolve commit issues due to configuration lock on SRX clusters managed by JUNOS Space.
On SRX clusters that are managed using JUNOS Space, users may encounter an issue where any configuration changes fail at commit with an error similar to the following:
user@fw01# commit node0: node1: error: configuration database locked by: root terminal (pid 2144) on since 2014-07-23 09:56:23 EST exclusive Users currently editing the configuration: root (pid 2144) on since 2014-07-23 09:56:23 EST exclusive node0: error: remote lock-configuration failed on node1 note: consider using 'commit synchronize force' to terminate remote edit sessions and force the commit
Even after attempting a “commit synchronize force”, the commit fails. The user is unable to rollback any changes either.
An SRX cluster acts like one virtual chassis with 2 REs (Routing-Engines). At any given time, one RE is primary and the other RE is standby.
When Junos Space is used to manage such a cluster, it views the SRX cluster exactly as intended and automatically configures the statement ‘set system commit synchronize’ so that any configuration changes can be synchronized between the 2 REs. However, this command is not supported on the SRX Series (either High-End or Branch). Therefore, in any subsequent configuration changes, the SRX tries to synchronize the configuration between the RE on node0 and the RE on node1 but fails. Due to this, the user is unable to commit any new configuration changes or delete the command ‘set system commit synchronize’ either.
This was not an issue in JUNOS OS versions 11.4 and earlier since the SRX ignored the configuration statement. However, a change was made and the SRX tries to take action on the configured statement, causing the issue.
See related KB articles that discuss other causes:
- KB27800 – [SRX] How to resolve “error: remote lock-configuration failed on node” in SRX chassis cluster.
- KB30517 – Commit fails after adding CRM on SRX3400 and SRX3600
Fix
This issue was fixed under PR1134072. The fix is available in Junos versions 12.1X46-D50, 12.1X47-D40, 12.3X48-D30, 15.1X49-D40 and later.
Workaround
Since the user is unable to make any further configuration changes, the least disruptive workaround involves Junos configuration files.
To manually resolve the issue:
1.Save the current configuration to a file:
user@fw01> edit user@fw01# save config_1234 (config_1234 is an example. You may use any name) The file config_1234 will be saved in the current user directory.
2.FTP the file config_1234 to a PC.
3.Using a text editor, open file config_1234 and delete “commit synchronize” from under the system hierarchy. Then save the file.
4.FTP the modified file config_1234 back to the SRX.
5.From the shell mode, gzip the file config_1234:
user@fw01> start shell user root Password: root@fw01% gzip config_1234
6.Copy the configuration archive to the JUNOS configuration file:
root@fw01% cp config_1234.gzip juniper.conf.gz
7.Re-initialize the management daemon:
root@fw01% mgd -I
The active configuration on the SRX now should be the modified configuration and the user will be able to make configuration changes and commit.