DotW: Autolock

by ‎12-06-2017 05:15 AM - edited ‎12-06-2017 08:26 AM (12,700 Views)

In a team where multiple admins are responsible for the same systems, one always needs to coordinate config changes to prevent someone from pushing out or committing a change while someone else is still making changes, potentially committing an invalid or horribly wrong configuration.

 

To help prevent these kinds of conflicts, two kinds of locks are available to administrators: Commit Locks and Config Locks

 

As the name implies, a Commit Lock will prevent other admins from committing anything to the firewall until the lock has been released. This lock can be configured to be automatically acquired as soon as one administrator makes a change:

 

commit lock config.pngAutomatically Acquire Commit Lock when something is changedIf one administrator makes a change and a second admin logs on and changes something, then tries to commit, they will see this error message:

commit locked.pngCommit Lock

The lock will now first need to be cleared by the first administrator committing his configuration or relinquishing his lock to the second admin.

 

A lock can also be set manually, by clicking the little lock icon in the upper right-hand corner and selecting the type of lock:

 

commit lock.gifManually taking a Commit Lock

While the Commit Lock prevents other administrators from committing their changes, but still allows them to edit the configuration, a Config Lock prevents  all other administrators from making changes to the Candidate Config. You can also add a short description of what you are doing to notify other administrators of your activities:

config lock.gifTaking a Config Lock and adding a description

Anyone trying to change the configuration will be greeted by this error message:

error.gifOperation Failed: Configuration is Locked

When needed, a lock can be removed by the administrator who acquired the lock, or a superuser.

 

removing the locks.gifRemoving the Config and Commit Locks

 

This blurb is based on a discussiojn I had with @jprovine the other day where the recommendation had been made to enable automatic Commit Lock, but the functionality had not been explained. I hope this blog post helps other admins make their life a little easier and safe from stepping on each others' toes :) 

 

The original discussion can be followed here: autolock

 

Reaper out!

Comments
by jprovine
on ‎12-13-2017 06:26 AM

Thanks reaper very helpfull

by freshcalendar
on ‎12-15-2017 08:27 PM

thanks man ! It's so helpful. 55531-200.png

by bhudgens
on ‎12-20-2017 07:12 PM

Nice touch with the animated GIFs. Keep up the great work!!

Ask Questions Get Answers Join the Live Community