topic Re: Clish config-state check from expert mode? in API / CLI Discussion

Clish config-state check from expert mode?

Danny — Fri, 05 Sep 2025 12:22:25 GMT

In Gaia expert mode, is it possible to check if a Clish configuration is unsaved without running clish -c?
This is to avoid any possible config lock errors. I'd prefer something like a quick grep check, if possible.

Current command:
[Expert@firewall:0]# clish -c "show config-state"
Output:
CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock. 1_01: unsaved

Re: Clish config-state check from expert mode?

Bob_Zimmerman — Thu, 04 Sep 2025 20:09:02 GMT

I'm not aware of a good way to check this outside of clish. This is the best I've been able to do:

[Expert@DallasSC]# clish -c "show config-state" | egrep -v "^(CLINFR0771|$)" saved [Expert@DallasSC]# clish -c "set ntp active off" [Expert@DallasSC]# clish -c "show config-state" | egrep -v "^(CLINFR0771|$)" unsaved

I started another SSH session and went into clish after making the NTP change and before running the second 'show config-state', so the database was locked by that session.

Fairly ugly. The egrep filters out the "Config lock is owned by ..." line and the blank line it prints. Easy enough to turn into a boolean value by piping it to 'grep -q "unsaved"'. Exit code 0 for unsaved, 1 for saved. 'grep -qv "unsaved"' flips the logic: 1 for unsaved, 0 for saved. Here's an example. In each output block, the first is from a bare 'clish -c "show config-state"', the second is from the command above, and the third uses the 'grep -dv "unsaved"' to demonstrate turning it into something you can use directly with test.

[Expert@DallasSC]# echo "----------";clish -c "show config-state";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)" | grep -qv unsaved;echo $? ---------- saved ---------- saved ---------- 0 [Expert@DallasSC]# clish -c "set ntp active off" [Expert@DallasSC]# echo "----------";clish -c "show config-state";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)" | grep -qv unsaved;echo $? ---------- unsaved ---------- unsaved ---------- 1 [Expert@DallasSC]# echo "----------";clish -c "show config-state";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)";echo "----------";clish -c "show config-state" | egrep -v "^(CLINFR0771|$)" | grep -qv unsaved;echo $? ---------- CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock. unsaved ---------- unsaved ---------- 1

Re: Clish config-state check from expert mode?

Danny — Fri, 05 Sep 2025 12:38:19 GMT

Thank you for your efforts, even though you weren't able to avoid clish -c either. Clish writes changes to the main memory only it seems, which can be read out via dbget. I haven't yet found a way to check whether the latest Clish changes have already been written to /config/db without using clish -c as this command is also quite slow, especially when my script consecutively runs multiple clish -c calls 😀. I decided not to grep for "save config" in /home/admin/.clish_history as this file is not written in realtime.