You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-nexus/concepts-commit-workflow-v2.md
+48-16Lines changed: 48 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,13 +19,21 @@ With this update, users can lock configuration states, preview device-level chan
19
19
20
20
Commit Workflow v2 is built around a structured change management flow. The following core features are available:
21
21
22
-
-**Explicit configuration locking:** Users must explicitly lock the configuration of a Network Fabric resource after making changes. This process ensures updates are applied in a predictable and controlled manner.
22
+
-**Explicit configuration locking:**
23
+
Users must explicitly lock the configuration of a Network Fabric resource after making changes. This process ensures updates are applied in a predictable and controlled manner.
23
24
24
-
-**Full device configuration preview:** Enables visibility into the exact configuration that is applied to each device before the commit. This helps validate intent and catch issues early.
25
+
-**Full device configuration preview:**
26
+
Enables visibility into the exact configuration that is applied to each device before the commit. This helps validate intent and catch issues early.
25
27
26
-
-**Commit configuration to devices**
28
+
-**Commit configuration to devices:**
27
29
Once validated, changes can be committed to the devices. This final step applies the locked configuration updates across the fabric.
28
30
31
+
-**Discard Batch Updates:**
32
+
Allows rollback of all uncommitted resource changes to their last known state.
33
+
34
+
-**Enhanced Constraints:**
35
+
Enforces strict update rules during lock/maintenance/upgrade phases for stability.
36
+
29
37
## Prerequisites
30
38
31
39
Before using Commit Workflow v2, ensure the following environment requirements are met:
@@ -52,33 +60,57 @@ Before using Commit Workflow v2, ensure the following environment requirements a
52
60
53
61
Commit Workflow v2 introduces new operational expectations and constraints to ensure consistency and safety in configuration management:
54
62
55
-
-**Availability & Irreversibility**
63
+
### Availability & locking rules
64
+
65
+
- Available only on Runtime Version 5.0.1+. Downgrade to v1 isn't supported.
66
+
67
+
- Locking is allowed only when:
68
+
69
+
- No commit is in progress.
70
+
71
+
- Fabric isn't under maintenance or upgrade.
72
+
73
+
- Fabric is in an administrative enabled state.
74
+
75
+
### Unsupported during maintenance or upgrade
76
+
77
+
`Lock`, `ViewDeviceConfiguration`, and `related post-actions` aren't allowed during maintenance or upgrade windows.
78
+
79
+
### Commit Finality
80
+
81
+
Once committed, changes **can't be rolled back**. Any further edits require a new lock-validate-commit cycle.
82
+
83
+
### Discard Batch Behavior
84
+
85
+
- The `discard-commit-batch` operation:
86
+
87
+
- Reverts all ARM resource changes to their last known good state.
56
88
57
-
Commit Workflow v2 is only available after upgrading to Runtime Version 5.0.1. Once upgraded, reverting to Commit Workflow v1 is n't supported.
89
+
- Updates admin/config states (for example, external/internal networks become disabled and rejected).
58
90
59
-
-**Configuration lock requirements**
91
+
- Doesn't delete resources; users must delete them manually if desired.
60
92
61
-
Locking is only possible when:
93
+
- Enables further patching to reapply changes.
62
94
63
-
-There's no ongoing commit operation.
95
+
-When the discard batch action is performed:
64
96
65
-
- The fabric isn't in maintenance or upgrade mode.
97
+
- The administrative state of internal/external network resources moves to disabled and their configuration state to rejected; however, the resources aren't deleted automatically. A separate delete operation is required for removal.
66
98
67
-
- The fabric is in an administrative enabled state.
99
+
- Enabled Network Monitor resources attached to a fabric can't be attached to another fabric unless first detached and committed.
68
100
69
-
-**Unsupported during maintenance or upgrade**
101
+
- For Network Monitor resources in administrative state disabled (in commit queue), discard batch moves the config state to rejected. Users can reapply updates (PUT/patch) and commit again to enable.
70
102
71
-
Configuration Lock and View Device Configuration aren't allowed during maintenance or upgrade windows.
103
+
### Resource update restrictions
72
104
73
-
-**Commit is final**
105
+
**Post-lock**, only a limited set of `Create`/`Update`/`Delete` (CUD) actions are supported (for example, unattached ACLs, TAP rules).
74
106
75
-
Once a configuration is committed, it can't be rolled back. Future changes must go through another lock-commit cycle.
107
+
Device-impacting resources (like Network-to-Network Interconnect (NNI), Isolation Domain (ISD), Route Policy, or ACLs attached to parent resources) are blocked during configuration lock.
76
108
77
109
### Supported resource actions via Commit workflow v2 (when parent resources are in administrative state – Enabled)
78
110
79
111
| **Supported resource actions which require commit workflow** | **Unsupported resource actions which doesn’t require commit workflow** |
| **All resource updates impacting device configuration:**<br>• Updates to Network Fabric resource<br>• Updates to Network-to-Network Interconnect (NNI)<br>• Updates to ISD (L2 and L3)<br>• Creation and updates to Internal and External Networks of enabled L3 ISD<br>• Addition/updates/removal of Route Policy in Internal, External, ISD, and NNI resources<br>• Addition/updates/removal of IP Prefixes, IP Community, and Extended IP Community when attached to Route Policy or Fabric<br>• Addition/updates/removal of ACLs to Internal, External, ISD, and NNI resources<br>• Addition/updates/removal of Network Fabric resource in Network Monitor resource<br>• Additional description updates to Network Device properties<br>• Creation of multiple NNI | **Creation/updating of resources not impacting device configuration:**<br>• Creation of Isolation Domain (ISD) (L3 and L2)<br>• Network Fabric Controller (NFC) creation/updates<br>• Creation and updates to Network TAP rules, Network TAP, Neighbor groups<br>• Creation and updates to Network TAP rules, Network TAP, Neighbor groups<br>• Creation of new Route Policy and connected resources (IP Prefix, IP Community, IP Extended Community)<br>• Update of Route Policy and connected resources when not attached to ISD/Internal/External/NNI<br>• Creation/update of new Access Control List (ACL) which is not attached<br><br>**ARM resources updates only:**<br>• Tag updates for all supported resources<br><br>**Other administrative actions and post actions which manage lifecycle events:**<br>• Enabling/Disabling Isolation Domain (ISD), Return Material Authorization (RMA), Upgrade, and all administrative actions (enable/disable), serial number update<br>• Deletion of all Nexus Network Fabric (NNF) resources |
113
+
| **All resource updates impacting device configuration:**<br>• Updates to Network Fabric resource<br>• Updates to Network-to-Network Interconnect (NNI)<br>• Updates to ISD (L2 and L3)<br>• Creation and updates to Internal and External Networks of enabled L3 ISD<br>• Addition/updates/removal of Route Policy in Internal, External, ISD, and NNI resources<br>• Addition/updates/removal of IP Prefixes, IP Community, and Extended IP Community when attached to Route Policy or Fabric<br>• Addition/updates/removal of ACLs to Internal, External, ISD, and NNI resources<br>• Addition/updates/removal of Network Fabric resource in Network Monitor resource<br>• Additional description updates to Network Device properties<br>• Creation of multiple NNI | **Creation/updating of resources not impacting device configuration:**<br>• Creation of Isolation Domain (ISD) (L3 and L2)<br>• Network Fabric Controller (NFC) creation/updates<br>• Creation and updates to Network TAP rules, Network TAP, Neighbor groups<br>• Creation and updates to Network TAP rules, Network TAP, Neighbor groups<br>• Creation of new Route Policy and connected resources (IP Prefix, IP Community, IP Extended Community)<br>• Update of Route Policy and connected resources when not attached to ISD/Internal/External/NNI<br>• Creation/update of new Access Control List (ACL) which isn't attached<br><br>**ARM resources updates only:**<br>• Tag updates for all supported resources<br><br>**Other administrative actions and post actions which manage lifecycle events:**<br>• Enabling/Disabling Isolation Domain (ISD), Return Material Authorization (RMA), Upgrade, and all administrative actions (enable/disable), serial number update<br>• Deletion of all Nexus Network Fabric (NNF) resources |
82
114
83
115
84
116
### Allowed actions after configuration lock
@@ -87,7 +119,7 @@ Here's a clear, structured table showing **Supported actions post configuration
87
119
88
120
---
89
121
90
-
### **Supported and unsupported actions Post configuration lock**
122
+
### **Supported and unsupported actions post configuration lock**
91
123
92
124
|**Actions**|**Supported resource actions when fabric is under configuration lock**|**Unsupported resource actions when fabric is under configuration lock**|
Copy file name to clipboardExpand all lines: articles/operator-nexus/howto-use-commit-workflow-v2.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ Any `patch` operation on parent resources or `Create`/`Update`/`Delete` (CUD) op
32
32
### Step 1: Update resources
33
33
34
34
Make patch or CUD operations via Azure CLI, Portal, or ARM template.
35
-
Once these changes are made, the fabric's configuration state will change to `Accepted (Pending Commit)`.
35
+
Once these changes are made, the fabric's configuration state changes to `Accepted (Pending Commit)`.
36
36
37
37
#### Example scenarios
38
38
@@ -82,6 +82,22 @@ az networkfabric fabric view-device-configuration \
82
82
83
83
-**Post-Device Changes**: Preview of what will be applied after commit
84
84
85
+
### Step 3a: Discard commit batch (Optional)
86
+
87
+
After validating with ViewDeviceConfiguration, users may choose to discard pending configuration updates if issues are found. This operation restores the ARM resource state to its last known good configuration and resets the fabric state from Accepted & Locked to Succeeded.
88
+
89
+
90
+
```Azure CLI
91
+
az networkfabric fabric discard-commit-batch \
92
+
--resource-group "example-rg" \
93
+
--network-fabric-name "example-fabric"
94
+
```
95
+
96
+
> [!Note]
97
+
> Internal/External network resources move to Admin State: Disabled and Config State: Rejected.<br>
98
+
> Resources are not deleted, user must delete them manually if required.<br>
99
+
> Network Monitor handling includes additional constraints (disabled monitors revert to rejected state).<br>
100
+
85
101
#### Need to Make More Updates?
86
102
87
103
Unlock the configuration to make further changes, then repeat the lock/validate/commit steps.
0 commit comments