In my confd.conf, I have startup datastore enabled, running datastore is read-write and candidate datastore is off. My cdb database in confd-cdb directory only has aaa_init.xml, which is used to initialize the CDB and thus my AAA is in CDB and not external. This aaa_init.xml file is the same as what comes standard in confd-basic download package.
Now that my running datastore is entirely RAM based, I do want the AAA and NACM trees to be persisted whenever user changes a value in those trees - say user changes password under aaa tree.
So by persistence I mean I want the only the AAA and NACM sections of the startup datastore to be updated - so the users don’t lose their password changes after reboot.
Any ideas how to go about this? First can this be achieved via confd.conf only ? If we are going to use callback(s), and somehow force persistence, I do not want to write-out the entire running nor I want to copy the entire running to startup. I need to only persist or copy the AAA and NACM section.
You can save arbitrary XPaths with maapi_save_config() and later load the saved config with maapi_load_config(). Using confd_load, which is a command line interface to these functions, it looks like this: confd_load -f tmp -P '/aaa | /nacm'
Another option, perhaps closer to what you would like is maapi_copy_path() which allows you to copy a specific subtree between two datastores:
int maapi_copy_path( int sock,
int from_thandle,
int to_thandle,
const char *fmt,
…);
from_thandle and to_thandle is transaction handles open towards the running and startup datastores respectively.
TRACE CDB_SUBSCRIPTION_EVENT --> 19
TRACE CDB_GET_TRANS_TID --> CONFD_OK
TRACE Connected (maapi) to ConfD
TRACE MAAPI_START_USER_SESSION --> CONFD_OK
TRACE MAAPI_START_TRANS --> CONFD_OK
TRACE MAAPI_START_TRANS DEBUG item is not writable - Data store is not writable
--> CONFD_ERR
Error: start AAA copy transaction failureTRACE MAAPI_END_USER_SESSION --> CONFD_OK
TRACE CDB_SYNC_SUB CDB_DONE_PRIORITY --> CONFD_OK
I also tried the maapi_copy_running_to_startup(sock) and this is working just fine - it copied everything from running to startup - and I need to avoid “everything” - I only want to copy the “/aaa:aaa” and “/nacm:nacm” sub-trees when there is some change in there.
Question:- Am I seeing a valid error ? This is version confd-basic-5.4.
Yes - it is not possible to start a read-write transaction towards startup. It used to be in older versions, but the implementation had efficiency and other problems, and there was no real use case. Unfortunately it seems the documentation hasn’t been completely updated - e.g. the section for maapi_start_trans() says that “updating the startup data store is better done via maapi_copy_running_to_startup()”, which was certainly true already when it was written, but now copying the entire content of running is the only way to update startup.