Hi,
the cdb files are present in /var/confd/cdb.
aaa_init.xml was present in /etc/confd/ and the fxs are also present in /etc/confd/. Later even if i moved to /var/confd/cdb still the same error.
To run confd i have created /var/confd/rollback /var/confd/cdb /var/confd/candidate /var/confd/log /var/confd/state /etc/confd/ssh directories.
I have shared the complete confd.conf. Let me know if you can figure out the issue with installation or configuration.
-*- nxml -*- -->
<!-- Example configuration file for confd. -->
<confdConfig xmlns="http://tail-f.com/ns/confd_cfg/1.0">
<!--
The loadPath is searched for .fxs files etc.
NOTE: if you change the loadPath, the daemon must be restarted,
or the "In-service Data Model Upgrade" procedure described in
the User Guide can be used - 'confd - -reload' is not enough.
-->
<loadPath>
<dir>/etc/confd</dir>
</loadPath>
<!--
This is where ConfD writes persistent state data. Currently the
only state files are 'running.invalid' which exists only if the
running database status is invalid, which it will be if one of
the database implementation fails during the two-phase commit
protocol, and 'global.data' which is used to store some data
that needs to be retained across reboots.
-->
<stateDir>/var/confd/state</stateDir>
<!--
A hide group cannot be unhidden unless it has been listed
here. A missing or empty password indicates that no password
needs to be given when unhiding the group.
If the group is not listed below then it cannot be unhidden
at all.
Multiple hideGroups can be specified in the file.
-->
<hideGroup>
<name>debug</name>
<password>secret</password>
</hideGroup>
<cdb>
<enabled>true</enabled>
<dbDir>/var/confd/cdb</dbDir>
<!--
During development it can be useful to set a low timeout to
catch programming errors. In a production system use
"infinity" (default) or a high timeout so as not to timeout
during high CPU load.
-->
<clientTimeout>PT30S</clientTimeout>
<!--
The operational datastore is used when operational data is to be
stored in CDB.
-->
<operational>
<enabled>true</enabled>
</operational>
</cdb>
<!--
These keys are used to encrypt values adhering to the types
tailf:des3-cbc-encrypted-string, tailf:aes-cfb-128-encrypted-string
and tailf:aes-256-cfb-128-encrypted-string as defined in the tailf-common
YANG module. These types are described in confd_types(3).
-->
<encryptedStrings>
<DES3CBC>
<key1>0123456789abcdef</key1>
<key2>0123456789abcdef</key2>
<key3>0123456789abcdef</key3>
<initVector>0123456789abcdef</initVector>
</DES3CBC>
<AESCFB128>
<key>0123456789abcdef0123456789abcdef</key>
<initVector>0123456789abcdef0123456789abcdef</initVector>
</AESCFB128>
<AES256CFB128>
<key>0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef</key>
</AES256CFB128>
</encryptedStrings>
<logs>
<!--
Shared settings for how to log to syslog.
Each log can be configured to log to file and/or syslog. If a
log is configured to log to syslog, the settings below are used.
-->
<syslogConfig>
<!-- facility can be 'daemon', 'local0' ... 'local7' or an integer -->
<facility>daemon</facility>
<!-- if udp is not enabled, messages will be sent to local syslog -->
<udp>
<enabled>false</enabled>
<host>syslogsrv.example.com</host>
<port>514</port>
</udp>
</syslogConfig>
<!--
'confdlog' is a normal daemon log. Check this log for
startup problems of confd itself.
By default, it logs directly to a local file, but it can be
configured to send to a local or remote syslog as well.
-->
<confdLog>
<enabled>true</enabled>
<file>
<enabled>true</enabled>
<name>/var/confd/log/confd.log</name>
</file>
<syslog>
<enabled>true</enabled>
</syslog>
</confdLog>
<!--
The developer logs are supposed to be used as debug logs
for troubleshooting user-written C code. Enable
and check these logs for problems with validation code, etc.
-->
<developerLog>
<enabled>true</enabled>
<file>
<enabled>true</enabled>
<name>/var/confd/log/devel.log</name>
</file>
<syslog>
<enabled>true</enabled>
</syslog>
</developerLog>
<developerLogLevel>trace</developerLogLevel>
<auditLog>
<enabled>true</enabled>
<file>
<enabled>true</enabled>
<name>/var/confd/log/audit.log</name>
</file>
<syslog>
<enabled>true</enabled>
</syslog>
</auditLog>
<!--
The netconf log can be used to troubleshoot NETCONF operations,
such as checking why e.g. a filter operation didn't return the
data requested.
-->
<netconfLog>
<enabled>true</enabled>
<file>
<enabled>true</enabled>
<name>/var/confd/log/netconf.log</name>
</file>
<syslog>
<enabled>true</enabled>
</syslog>
</netconfLog>
<jsonrpcLog>
<enabled>true</enabled>
<file>
<enabled>false</enabled>
<name>/var/confd/log/jsonrpc.log</name>
</file>
<syslog>
<enabled>false</enabled>
<facility>daemon</facility>
</syslog>
</jsonrpcLog>
<webuiAccessLog>
<enabled>false</enabled>
<dir>/var/confd/log/confd</dir>
</webuiAccessLog>
<snmpLog>
<enabled>false</enabled>
<file>
<enabled>true</enabled>
<name>/var/confd/log/snmp.log</name>
</file>
<syslog>
<enabled>false</enabled>
</syslog>
</snmpLog>
<netconfTraceLog>
<enabled>true</enabled>
<filename>/var/confd/log/netconf.trace</filename>
</netconfTraceLog>
<!--
The error log is used for internal logging from the confd
daemon. It is used for troubleshooting the confd daemon
itself, and should normally be disabled.
-->
<errorLog>
<enabled>true</enabled>
<filename>/tmp/confderr.log</filename>
<maxSize>S10M</maxSize>
</errorLog>
<!--
Progress tracing must be enabled here and then configured
according to tailf-progress.yang.
-->
<progressTrace>
<enabled>true</enabled>
<dir>/var/confd/log</dir>
</progressTrace>
</logs>
<!-- Defines which datastores confd will handle. -->
<datastores>
<!--
'startup' means that the system keeps separate running and
startup configuration databases. When the system reboots for
whatever reason, the running config database is lost, and the
startup is read.
Enable this only if your system uses a separate startup and
running database.
-->
<startup>
<enabled>false</enabled>
</startup>
<!--
The 'candidate' is a shared, named alternative configuration
database which can be modified without impacting the running
configuration. Changes in the candidate can be commit to running,
or discarded.
Enable this if you want your users to use this feature from
NETCONF, CLI or Web UI, or other agents.
-->
<candidate>
<enabled>true</enabled>
<!--
By default, confd implements the candidate configuration
without impacting the application. But if your system
already implements the candidate itself, set 'implementation' to
'external'.
-->
<implementation>confd</implementation>
<storage>auto</storage>
<filename>/var/confd/candidate/candidate.db</filename>
</candidate>
<!--
By default, the running configuration is writable. This means
that the application must be prepared to handle changes to
the configuration dynamically. If this is not the case, set
'access' to 'read-only'. If running is read-only, 'startup'
must be enabled, and 'candidate' must be disabled. This means that
the application reads the configuration at startup, and then
the box must reboot in order for the application to re-read its
configuration.
NOTE: this is not the same as the NETCONF capability
:writable-running, which merely controls which NETCONF
operations are allowed to write to the running configuration.
-->
<running>
<access>read-write</access>
</running>
<!--
This parameter controls if ConfD's attribute feature should
be enabled or not. Currently there are two attributes,
annotations and tags. These are available in northbound
interfaces (e.g. the annotate command in the CLI, and
annotation XML attribute in NETCONF), but in order to be
useful they need support from the underlying configuration
data provider. CDB supports attributes, but if an external
data provider is used for configuration data, and it does
not support the attribute callbacks, this parameter should
be set to 'false'.
-->
<enableAttributes>false</enableAttributes>
<sessionLimits>
<!--
These parameters controls the maximum number of concurrent
sessions towards ConfD. 'context' is 'cli' or 'netconf'.
-->
<maxSessions>unbounded</maxSessions>
<sessionLimit>
<context>cli</context>
<maxSessions>100</maxSessions>
</sessionLimit>
<sessionLimit>
<context>netconf</context>
<maxSessions>unbounded</maxSessions>
</sessionLimit>
</sessionLimits>
<aaa>
<sshServerKeyDir>/etc/confd/ssh</sshServerKeyDir>
<!-- See man page confd_aaa_bridge(1) for a description of this -->
<aaaBridge>
<enabled>false</enabled>
<file>/etc/confd/aaa.conf</file>
</aaaBridge>
<pam>
<!--
If pam is enabled and we want to use pam for login
confd must typically run as root. This depends on how
pam is configured locally. However the default "system-auth"
will typically require root since the pam libs then read
/etc/shadow
-->
<enabled>true</enabled>
<service>system-auth</service>
</pam>
<localAuthentication>
<enabled>true</enabled>
</localAuthentication>
</aaa>
<rollback>
<!--
To enable rollback file creation set enabled to true.
You also have to configure a directory for the rollback files.
A rollback file (rollback0-rollback<historySize>) will be
created whenever a new configuration is committed
-->
<enabled>true</enabled>
<directory>/var/confd/rollback</directory>
<historySize>50</historySize>
<!-- If "full" is specified, then a full configuration dump is
stored in each rollback file. Rollback file 0 will always
contain the running configuration. If "delta" is used, then
only the changes are stored in the rollback file. Rollback
file 0 will contain the changes from the last configuration.
Using deltas is more space and time efficient for large
configurations. Full rollback files are more robust when
multiple external databases are used. If the external
databases becomes inconsistent a previous configuration can
always be restored using a full rollback file.
-->
<type>delta</type>
</rollback>
<cli>
<!-- If a table is too wide to fit in the terminal it will
instead be shown as a path - value list. When table
overflow is allowed it will be displayed as a table
even when the table is to wide to fit on the screen
-->
<allowTableOverflow>false</allowTableOverflow>
<allowTableCellWrap>false</allowTableCellWrap>
<!-- If showAllNs is true then all elem names will be prefixed
with the namespace prefix in the CLI. This is visible
when setting values and when showing the configuratin
-->
<showAllNs>false</showAllNs>
<!-- To log all CLI activity use 'all', to only log
attempts to execute unauthorized commands, use denied,
for only logging actually executed commands use allowed,
and for no logging use 'none'
-->
<!-- Controls if transactions should be used in the CLI or not.
Old style Cisco IOS does not use transactions, Juniper and
Cisco XR does. The commit command is disabled if transactions
are disabled. All modifications are applied immediately.
NOTE: this requires that you have default values for ALL
settings and no complex validation rules.
-->
<transactions>true</transactions>
<auditLogMode>denied</auditLogMode>
<completionShowMax>100</completionShowMax>
<withDefaults>false</withDefaults>
<defaultPrefix></defaultPrefix>
<showDefaults>false</showDefaults>
<docWrap>true</docWrap>
<infoOnTab>true</infoOnTab>
<infoOnSpace>true</infoOnSpace>
<newLogout>true</newLogout>
<!-- Prompt1 is used in operational mode and prompt2 in
configuration mode. The string may contain a number of
backslash-escaped special characters that are decoded
as follows:
\d the date in YYYY-MM-DD format (e.g., "2006-01-18")
\h the hostname up to the first `.'
\H the hostname
\t the current time in 24-hour HH:MM:SS format
\T the current time in 12-hour HH:MM:SS format
\@ the current time in 12-hour am/pm format
\A the current time in 24-hour HH:MM format
\u the username of the current user
\m mode name in the Cisco-style CLI
\M mode name inside parenthesis if set
-->
<prompt1>\u@\h\M \t> </prompt1>
<prompt2>\u@\h\M \t% </prompt2>
<cPrompt1>\h\M# </cPrompt1>
<cPrompt2>\h(\m)# </cPrompt2>
<idleTimeout>PT30M</idleTimeout>
<commandTimeout>infinity</commandTimeout>
<spaceCompletion>
<enabled>true</enabled>
</spaceCompletion>
<autoWizard>
<enabled>true</enabled>
</autoWizard>
<ssh>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<port>2024</port>
</ssh>
<showEmptyContainers>false</showEmptyContainers>
<cTab>false</cTab>
<cHelp>true</cHelp>
<!-- Mode name style is only used by the Cisco style CLIs.
It controls how to calculate the mode name when entering
a submode. If set to 'full' then the entire path will be
used in the mode name, if set to 'short' then only the
last element + dynamic key will be used. If 'two' then
the two last modes will be displayed.
-->
<modeNameStyle>short</modeNameStyle>
<messageMaxSize>10000</messageMaxSize>
<historyMaxSize>1000</historyMaxSize>
<historyRemoveDuplicates>false</historyRemoveDuplicates>
<compactShow>false</compactShow>
<compactStatsShow>false</compactStatsShow>
<reconfirmHidden>false</reconfirmHidden>
<enumKeyInfo>false</enumKeyInfo>
<columnStats>false</columnStats>
<allowAbbrevKeys>true</allowAbbrevKeys>
<allowAbbrevParamNames>false</allowAbbrevParamNames>
<allowAbbrevEnums>true</allowAbbrevEnums>
<allowCaseInsensitiveEnums>true</allowCaseInsensitiveEnums>
<enableDisplayLevel>true</enableDisplayLevel>
<enableLoadMerge>true</enableLoadMerge>
<defaultDisplayLevel>99999999</defaultDisplayLevel>
<unifiedHistory>false</unifiedHistory>
<modeInfoInAAA>false</modeInfoInAAA>
<quoteStyle>backslash</quoteStyle>
<caseInsensitive>false</caseInsensitive>
<ignoreLeadingWhitespace>false</ignoreLeadingWhitespace>
<explicitSetCreate>false</explicitSetCreate>
<mapActions>both</mapActions>
</cli>
<webui>
<enabled>false</enabled>
<docroot>/var/confd/webui/docroot</docroot>
<transport>
<tcp>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<port>8008</port>
</tcp>
<ssl>
<enabled>false</enabled>
<ip>0.0.0.0</ip>
<port>8888</port>
<keyFile>/var/confd/webui/cert/host.key</keyFile>
<certFile>/var/confd/webui/cert/host.cert</certFile>
</ssl>
</transport>
true
<transport>
<ssh>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<!-- Note that the standard port for NETCONF over SSH is 830 -->
<port>2022</port>
</ssh>
<!--
NETCONF over TCP is not standardized, but it can be useful
during development in order to use e.g. netcat for scripting.
-->
<tcp>
<enabled>true</enabled>
<ip>0.0.0.0</ip>
<port>2023</port>
</tcp>
</transport>
<capabilities>
<!-- enable only if /confdConfig/datastores/startup is enabled -->
<startup>
<enabled>false</enabled>
</startup>
<!-- enable only if /confdConfig/datastores/candidate is enabled -->
<candidate>
<enabled>true</enabled>
</candidate>
<confirmed-commit>
<enabled>true</enabled>
</confirmed-commit>
<!--
enable only if /confdConfig/datastores/running is read-write
-->
<writable-running>
<enabled>true</enabled>
</writable-running>
<rollback-on-error>
<enabled>true</enabled>
</rollback-on-error>
<!-- Turn on the URL capability options you want to support -->
<url>
<enabled>true</enabled>
<file>
<enabled>true</enabled>
<rootDir>/var/confd/state</rootDir>
</file>
<ftp>
<enabled>true</enabled>
</ftp>
</url>
<xpath>
<enabled>true</enabled>
</xpath>
<!--
Enable this to turn on NETCONF Notifications support.
-->
<notification>
<enabled>true</enabled>
<!--
Enable this to make the agent handle RPCs while sending
notifications.
-->
<interleave>
<enabled>true</enabled>
</interleave>
</notification>
</capabilities>
<!--
If extendedSessions are enabled, all ConfD sessions can be
terminated using <kill-session>, i.e. not only can other
NETCONF session be terminated, but also CLI sessions, WebUI
sessions etc. If such a session holds a lock, its session
id will be returned in the <lock-denied>, instead of "0".
Strictly speaking, this extension is not covered by the
NETCONF specification; therefore it's false by default.
-->
<extendedSessions>false</extendedSessions>
</netconf>
<notifications>
<eventStreams>
<stream>
<name>NETCONF</name>
<description>Example notifications</description>
<replaySupport>true</replaySupport>
<builtinReplayStore>
<!-- enableBuiltinReplayStore -->
<enabled>true</enabled>
<dir>/tmp</dir>
<maxSize>S1M</maxSize>
<maxFiles>5</maxFiles>
</builtinReplayStore>
</stream>
</eventStreams>
</notifications>
<snmpAgent>
<!-- Enable only if snmp agent should be started -->
<enabled>false</enabled>
<!--
Configure the IP address and port that the SNMP Agent
should listen to
-->
<ip>0.0.0.0</ip>
<port>4000</port>
<!-- Differentiated Services Code Point, 6 bits -->
<dscp>0</dscp>
<!--
List mibs that should be loaded into the SNMP Agent
at startup.
With no mibs loaded, the SNMP agent will start with the built-in
standard mibs only. See the User's Guide for details.
-->
<mibs>
<!--
<file>/root/confd-install/etc/confd/mibs/EXAMPLE-MIB.bin</file>
-->
</mibs>
<!--
The SNMP Engine ID is a hexList and can be constructed
in many ways. See the SNMP-FRAMEWORK-MIB for more
information about this.
The MaxMessageSize can be set, but should normally not be
modified.
-->
<snmpEngine>
<snmpEngineID>80:00:61:81:05:01</snmpEngineID>
</snmpEngine>
<system>
<sysDescr>Tail-f ConfD agent</sysDescr>
<sysObjectID>1.3.6.1.4.1.24961</sysObjectID>
<sysServices>72</sysServices>
<!-- The sysORTable stores capabilities that this agent supports -->
<sysORTable>
<!--
Example of a capability:
<sysOREntry>
<sysORIndex>1</sysORIndex>
<sysORID>1.3.6.1.4.1.24961.1</sysORID>
<sysORDescr>Example capability</sysORDescr>
</sysOREntry>
-->
</sysORTable>
</system>
</snmpAgent>
</confdConfig>
Regards,
Biswajit