This module defines a high level interface to the low-level maapi functions.
The 'Maapi' class encapsulates a MAAPI connection which upon constructing, sets up a connection towards ConfD/NCS. An example of setting up a transaction and manipulating data:
import ncs
m = ncs.maapi.Maapi()
m.start_user_session('admin', 'test_context')
t = m.start_write_trans()
t.get_elem('/model/data{one}/str')
t.set_elem('testing', '/model/data{one}/str')
t.apply()
Another way is to use context managers, which will handle all cleanup related to transactions, user sessions and socket connections:
with ncs.maapi.Maapi() as m:
with ncs.maapi.Session(m, 'admin', 'test_context'):
with m.start_write_trans() as t:
t.get_elem('/model/data{one}/str')
t.set_elem('testing', '/model/data{one}/str')
t.apply()
Finally, a really compact way of doing this:
with ncs.maapi.single_write_trans('admin', 'test_context') as t:
t.get_elem('/model/data{one}/str')
t.set_elem('testing', '/model/data{one}/str')
t.apply()
Functions
connect
connect(ip='127.0.0.1', port=4569, path=None)
Convenience function for connecting to ConfD/NCS.
The 'ip' and 'port' arguments are ignored if path is specified.
Arguments:
ip -- ConfD/NCS instance ip address (str)
port -- ConfD/NCS instance port (int)
path -- ConfD/NCS instance location path (str)
Returns:
socket (Python socket)
retry_on_conflict
retry_on_conflict(retries=10, log=None)
Function/method decorator to retry a transaction in case of conflicts.
When executing multiple concurrent transactions against the NCS RUNNING datastore, read-write conflicts are resolved by rejecting transactions having potentially stale data with ERR_TRANSACTION_CONFLICT.
This decorator restarts a function, should it run into a conflict, giving it multiple attempts to apply. The decorated function must start its own transaction because a conflicting transaction must be thrown away entirely and a new one started.
Example usage:
@retry_on_conflict()
def do_work():
with ncs.maapi.single_write_trans('admin', 'python') as t:
root = ncs.maagic.get_root(t)
root.some_value = str(root.some_other_value)
t.apply()
Arguments:
retries -- number of times to retry (int)
log -- optional log object for logging conflict details
For argument db, flags see Maapi.start_trans(). For arguments user, context, groups, src_ip, src_port, proto, vendor, product, version and client_id see Maapi.start_user_session(). For arguments ip, port and path see connect(). For argument load_schemas see init().
Arguments:
user - username (str)
context - context for the session (str)
groups - groups (list)
db -- database (int)
ip -- ConfD/NCS instance ip address (str)
port -- ConfD/NCS instance port (int)
path -- ConfD/NCS instance location path (str)
src_ip - source ip address (str)
src_port - source port (int)
proto - protocol used by for connecting (i.e. ncs.PROTO_TCP)
vendor -- lock error information (str, optional)
product -- lock error information (str, optional)
version -- lock error information (str, optional)
client_id -- lock error information (str, optional)
For argument db, flags see Maapi.start_trans(). For arguments user, context, groups, src_ip, src_port, proto, vendor, product, version and client_id see Maapi.start_user_session(). For arguments ip, port and path see connect(). For argument load_schemas see init().
Arguments:
user - username (str)
context - context for the session (str)
groups - groups (list)
db -- database (int)
ip -- ConfD/NCS instance ip address (str)
port -- ConfD/NCS instance port (int)
path -- ConfD/NCS instance location path (str)
src_ip - source ip address (str)
src_port - source port (int)
proto - protocol used by the client for connecting (int)
vendor -- lock error information (str, optional)
product -- lock error information (str, optional)
version -- lock error information (str, optional)
client_id -- lock error information (str, optional)
load_schemas - passed on to Maapi.init()
flags -- additional transaction flags (int)
Returns:
write transaction object (maapi.Transaction)
Classes
classCommitParams
Class representing NSO commit parameters.
Start with creating an empty instance of this class and set commit parameters using helper methods.
CommitParams(result=None)
Members:
comment(...)
Method:
comment(self, comment)
Set comment.
commit_queue_async(...)
Method:
commit_queue_async(self)
Set commit queue asynchronous mode of operation.
commit_queue_atomic(...)
Method:
commit_queue_atomic(self)
Make the commit queue item atomic.
commit_queue_block_others(...)
Method:
commit_queue_block_others(self)
Make the commit queue item block other commit queue items for this device.
commit_queue_bypass(...)
Method:
commit_queue_bypass(self)
Make the commit transactional even if commit queue is configured by default.
commit_queue_error_option(...)
Method:
commit_queue_error_option(self, error_option)
Set commit queue item behaviour on error.
commit_queue_lock(...)
Method:
commit_queue_lock(self)
Make the commit queue item locked.
commit_queue_non_atomic(...)
Method:
commit_queue_non_atomic(self)
Make the commit queue item non-atomic.
commit_queue_sync(...)
Method:
commit_queue_sync(self, timeout=None)
Set commit queue synchronous mode of operation.
commit_queue_tag(...)
Method:
commit_queue_tag(self, tag)
Set commit-queue tag. Implicitly enabled commit queue commit.
This function is deprecated and will be removed in a future release. Use label() instead.
confirm_network_state(...)
Method:
confirm_network_state(self)
Check that the parts of the device configuration read and/or modified are up-to-date in CDB before pushing the configuration change to the device.
confirm_network_state_re_evaluate_policies(...)
Method:
confirm_network_state_re_evaluate_policies(self)
Check that the parts of the device configuration read and/or modified are up-to-date in CDB before pushing the configuration change to the device and re-evaluate policies of effected services.
dry_run_cli(...)
Method:
dry_run_cli(self)
Dry-run commit outformat CLI.
dry_run_cli_c(...)
Method:
dry_run_cli_c(self)
Dry-run commit outformat cli-c.
dry_run_cli_c_reverse(...)
Method:
dry_run_cli_c_reverse(self)
Dry-run commit outformat cli-c reverse.
dry_run_native(...)
Method:
dry_run_native(self)
Dry-run commit outformat native.
dry_run_native_reverse(...)
Method:
dry_run_native_reverse(self)
Dry-run commit outformat native reverse.
dry_run_xml(...)
Method:
dry_run_xml(self)
Dry-run commit outformat XML.
get_comment(...)
Method:
get_comment(self)
Get comment.
get_commit_queue_error_option(...)
Method:
get_commit_queue_error_option(self)
Get commit queue item behaviour on error.
get_commit_queue_sync_timeout(...)
Method:
get_commit_queue_sync_timeout(self)
Get commit queue synchronous mode of operation timeout.
get_commit_queue_tag(...)
Method:
get_commit_queue_tag(self)
Get commit-queue tag.
This function is deprecated and will be removed in a future release.
get_dry_run_outformat(...)
Method:
get_dry_run_outformat(self)
Get dry-run outformat
get_label(...)
Method:
get_label(self)
Get label.
get_no_overwrite_scope(...)
Method:
get_no_overwrite_scope(self)
Get no-overwrite scope
get_trace_id(...)
Method:
get_trace_id(self)
Get trace id.
is_commit_queue_async(...)
Method:
is_commit_queue_async(self)
Get commit queue asynchronous mode of operation.
is_commit_queue_atomic(...)
Method:
is_commit_queue_atomic(self)
Check if the commit queue item should be atomic.
is_commit_queue_block_others(...)
Method:
is_commit_queue_block_others(self)
Check if the the commit queue item should block other commit queue items for this device.
is_commit_queue_bypass(...)
Method:
is_commit_queue_bypass(self)
Check if the commit is transactional even if commit queue is configured by default.
is_commit_queue_lock(...)
Method:
is_commit_queue_lock(self)
Check if the commit queue item should be locked.
is_commit_queue_non_atomic(...)
Method:
is_commit_queue_non_atomic(self)
Check if the commit queue item should be non-atomic.
is_commit_queue_sync(...)
Method:
is_commit_queue_sync(self)
Get commit queue synchronous mode of operation.
is_confirm_network_state(...)
Method:
is_confirm_network_state(self)
Should a check be done that the parts of the device configuration read and/or modified are up-to-date in CDB before pushing the configuration change to the device.
Is confirm-network-state with re-evaluate-policies enabled.
is_dry_run(...)
Method:
is_dry_run(self)
Is dry-run enabled
is_dry_run_reverse(...)
Method:
is_dry_run_reverse(self)
Is dry-run reverse enabled.
is_no_deploy(...)
Method:
is_no_deploy(self)
Should service create method be invoked or not.
is_no_lsa(...)
Method:
is_no_lsa(self)
Get no-lsa commit parameter.
is_no_networking(...)
Method:
is_no_networking(self)
Check if the the configuration should only be written to CDB and not actually pushed to the device.
is_no_out_of_sync_check(...)
Method:
is_no_out_of_sync_check(self)
Do not check device sync state before pushing the configuration change.
is_no_overwrite(...)
Method:
is_no_overwrite(self)
Should a check be done that the parts of the device configuration to be modified are up-to-date in CDB before pushing the configuration change to the device.
is_no_revision_drop(...)
Method:
is_no_revision_drop(self)
Get no-revision-drop commit parameter.
is_reconcile_attach_non_service_config(...)
Method:
is_reconcile_attach_non_service_config(self)
Get reconcile commit parameter with attach-non-service-config behaviour.
is_reconcile_detach_non_service_config(...)
Method:
is_reconcile_detach_non_service_config(self)
Get reconcile commit parameter with detach-non-service-config behaviour.
is_reconcile_discard_non_service_config(...)
Method:
is_reconcile_discard_non_service_config(self)
Get reconcile commit parameter with discard-non-service-config behaviour.
is_reconcile_keep_non_service_config(...)
Method:
is_reconcile_keep_non_service_config(self)
Get reconcile commit parameter with keep-non-service-config behaviour.
is_use_lsa(...)
Method:
is_use_lsa(self)
Get use-lsa commit parameter.
label(...)
Method:
label(self, label)
Set label.
no_deploy(...)
Method:
no_deploy(self)
Do not invoke service's create method.
no_lsa(...)
Method:
no_lsa(self)
Set no-lsa commit parameter.
no_networking(...)
Method:
no_networking(self)
Only write the configuration to CDB, do not actually push it to the device.
no_out_of_sync_check(...)
Method:
no_out_of_sync_check(self)
Do not check device sync state before pushing the configuration change.
no_overwrite(...)
Method:
no_overwrite(self, scope)
Check that the parts of the device configuration to be modified are up-to-date in CDB before pushing the configuration change to the device.
no_revision_drop(...)
Method:
no_revision_drop(self)
Set no-revision-drop commit parameter.
reconcile_attach_non_service_config(...)
Method:
reconcile_attach_non_service_config(self)
Set reconcile commit parameter with attach-non-service-config behaviour.
reconcile_detach_non_service_config(...)
Method:
reconcile_detach_non_service_config(self)
Set reconcile commit parameter with detach-non-service-config behaviour.
reconcile_discard_non_service_config(...)
Method:
reconcile_discard_non_service_config(self)
Set reconcile commit parameter with discard-non-service-config behaviour.
reconcile_keep_non_service_config(...)
Method:
reconcile_keep_non_service_config(self)
Set reconcile commit parameter with keep-non-service-config behaviour.
set_dry_run_outformat(...)
Method:
set_dry_run_outformat(self, outformat)
Set dry-run outformat
trace_id(...)
Method:
trace_id(self, trace_id)
Set trace id.
use_lsa(...)
Method:
use_lsa(self)
Set use-lsa commit parameter.
classDryRunOutformat
Enumeration for dry run formats: XML = 1 CLI = 2 NATIVE = 3 CLI_C = 4
msock -- already connected MAAPI socket (socket.socket, optional) (ip, port and path ignored)
load_schemas -- whether schemas should be loaded/reloaded or not LOAD_SCHEMAS_LOAD = load schemas unless already loaded LOAD_SCHEMAS_SKIP = do not load schemas LOAD_SCHEMAS_RELOAD = force reload of schemas
The option LOAD_SCHEMAS_RELOAD can be used to force a reload of schemas, for example when connecting to a different ConfD/NSO node. Note that previously constructed maagic objects will be invalid and using them will lead to undefined behavior. Use this option with care, for example in a small script querying a list of running nodes.
'ctx_or_th' may be either a TransCtxRef or a transaction handle. The 'hashed_ns' argument is basically just there to save a call to set_namespace(). 'usid' is only used if 'ctx_or_th' is a transaction handle and if set to 0 the user session id that is the owner of the transaction will be used.
Arguments:
ctx_or_th (TransCtxRef or transaction handle)
hashed_ns (int)
usid (int)
Returns:
transaction object (maapi.Transaction)
attach_init(...)
Method:
attach_init(self)
Attach to phase0 for CDB initialization and upgrade.
authenticate(...)
Method:
authenticate(self, user, password, n, src_addr=None, src_port=None, context=None, prot=None)
Authenticate a user using the AAA configuration.
Use src_addr, src_port, context and prot to use an external authentication executable. Use the 'n' to get a list of n-1 groups that the user is a member of. Use n=1 if the function is used in a context where the group names are not needed.
Returns 1 if accepted without groups. If the authentication failed or was accepted a tuple with first element status code, 0 for rejection and 1 for accepted is returned. The second element either contains the reason for the rejection as a string OR a list groupnames.
Arguments:
user - username (str)
password - passwor d (str)
n - number of groups to return (int)
src_addr - source ip address (str)
src_port - source port (int)
context - context for the session (str)
prot - protocol used by the client for connecting (int)
If the data model uses the YANG when or tailf:display-when statement, this function can be used to determine if the item given by the path should be displayed or not.
Arguments:
th -- transaction handle
path -- path to the 'display-when' statement (str)
Returns
boolean
end_progress_span(...)
Method:
end_progress_span(self, *args)
Don't call this function.
Call instance.end() on the progress.Span instance created from start_progress_span() instead.
exists(...)
Method:
exists(self, th, path)
Check if path exists.
Arguments:
th -- transaction handle
path -- path to the node in the data tree (str)
Returns:
boolean
find_next(...)
Method:
find_next(self, mc, type, inkeys)
Find next.
Update the cursor 'mc' with the key(s) for the list entry designated by the 'type' and 'inkeys' arguments. This function may be used to start a traversal from an arbitrary entry in a list. Keys for subsequent entries may be retrieved with the get_next() function. When no more keys are found, False is returned.
The strategy to use is defined by 'type':
FIND_NEXT - The keys for the first list entry after the one
indicated by the 'inkeys' argument.
FIND_SAME_OR_NEXT - If the values in the 'inkeys' array completely
identifies an actual existing list entry, the keys for
this entry are requested. Otherwise the same logic as
for FIND_NEXT above.
get_next(...)
Method:
get_next(self, mc)
Iterate and get the keys for the next entry in a list.
When no more keys are found, False is returned
Arguments:
cursor (maapi.Cursor)
Returns:
keys (list or boolean)
get_objects(...)
Method:
get_objects(self, mc, n, nobj)
Get objects.
Read at most n values from each nobj lists starting at cursor mc. Returns a list of Value's.
Arguments:
mc (maapi.Cursor)
n -- at most n values will be read (int)
nobj -- number of nobj lists which n elements will be taken from (int)
Returns:
list of values (list)
get_running_db_status(...)
Method:
get_running_db_status(self)
Get running db status.
Gets the status of the running db. Returns True if consistent and False otherwise.
Returns:
boolean
ip
Readonly property
Return address to connect to the IPC port
load_schemas(...)
Method:
load_schemas(self, use_maapi_socket=False)
Load the schemas to Python (using shared memory if enabled).
If 'use_maapi_socket' is set to True, the schmeas are loaded through the NSO daemon via a MAAPI socket.
While spans represents a pair of data points: start and stop; info events are instead singular events, one point in time. Call progress_info() to write a progress span info event to the progress trace. The info event will have the same span-id as the start and stop events of the currently ongoing progress span in the active user session or transaction. See help for start_progress_span() for more information.
Arguments:
msg - message to report (str)
verbosity - ncs.VERBOSITY_*, VERBOSITY_NORMAL is default (optional)
attrs - user defined attributes (optional)
links - list of ncs.progress.Span or dict (optional)
path - keypath to an action/leaf/service/etc (str, optional)
query_free_result(...)
Method:
query_free_result(self, qrs)
Deallocate QueryResult memory.
Deallocated memory inside the QueryResult object 'qrs' returned from query_result(). It is not necessary to call this method as deallocation will be done when the Python library garbage collects the QueryResult object.
Used for calculation of the duration between two events. The method returns a _Progress object to be passed to report_progress_stop() once the event has finished.
The 'package' argument is only available to NCS.
This function is deprecated and will be removed in a future release. Use start_progress_span() instead.
Report transaction progress for a FASTMAP service.
Used for calculation of the duration between two events. The method returns a _Progress object to be passed to report_service_progress_stop() once the event has finished.
This function is deprecated and will be removed in a future release. Use start_progress_span() instead.
Starts a progress span. Progress spans are trace messages written to the progress trace and the developer log. A progress span consists of a start and a stop event which can be used to calculate the duration between the two. Those events can be identified with unique span-ids. Inside the span it is possible to start new spans, which will then become child spans, the parent-span-id is set to the previous spans' span-id. A child span can be used to calculate the duration of a sub task, and is started from consecutive maapi_start_progress_span() calls, and is ended with maapi_end_progress_span().
The concepts of traces, trace-id and spans are highly influenced by https://opentelemetry.io/docs/concepts/signals/traces/#spans
Call help(ncs.progress) or help(confd.progress) for examples.
Arguments:
msg - message to report (str)
verbosity - ncs.VERBOSITY_*, VERBOSITY_NORMAL is default (optional)
attrs - user defined attributes (optional)
links - list of ncs.progress.Span or dict (optional)
path - keypath to an action/leaf/service/etc (str, optional)
This function starts a new a new transaction towards the given data store.
Arguments:
rw -- Either READ or READ_WRITE flag (ncs)
db -- Either CANDIDATE, RUNNING or STARTUP flag (cdb)
usid -- user id (int)
flags -- additional transaction flags (int)
vendor -- lock error information (str, optional)
product -- lock error information (str, optional)
version -- lock error information (str, optional)
client_id -- lock error information (str, optional)
Returns:
transaction (maapi.Transaction)
Flags (maapi):
FLAG_HINT_BULK
FLAG_NO_DEFAULTS
FLAG_CONFIG_ONLY
FLAG_HIDE_INACTIVE
FLAG_DELAYED_WHEN
FLAG_NO_CONFIG_CACHE
FLAG_CONFIG_CACHE_ONLY
FLAG_HIDE_ALL_HIDEGROUPS
FLAG_SKIP_SUBSCRIBERS
start_trans_in_trans(...)
Method:
start_trans_in_trans(self, th, readwrite, usid=0)
Start a new transaction within a transaction.
This function makes it possible to start a transaction with another transaction as backend, instead of an actual data store. This can be useful if we want to make a set of related changes, and then either apply or discard them all based on some criterion, while other changes remain unaffected. The thandle identifies the backend transaction to use. If 'usid' is 0, the transaction will be started within the user session associated with the MAAPI socket, otherwise it will be started within the user session given by usid. If we call apply() on this "transaction in a transaction" object, the changes (if any) will be applied to the backend transaction. To discard the changes, call finish() without calling apply() first.
Context manager for user sessions. This class makes it easy to use a single Maapi connection and switch user session along the way. For example:
with Maapi() as m:
for user, context, device in devlist:
with Session(m, user, context):
with m.start_write_trans() as t:
# ...
# do something using the correct user session
# ...
t.apply()
When created one may access the maapi and th arguments like this:
trans = Transaction(mymaapi, th=myth)
trans.maapi # the Maapi object
trans.th # the transaction handle
An instance of this class is also a context manager:
with Transaction(mymaapi, th=myth) as trans:
# do something here...
When exiting the with statement, finish() will be called.
If 'th' is left out (or None) a new transaction is started using the 'db' and 'rw' arguments, otherwise 'db' and 'rw' are ignored.
Arguments:
maapi -- a Maapi object (maapi.Maapi)
th -- a transaction handle or None
rw -- Either READ or READ_WRITE flag (ncs)
db -- Either CANDIDATE, RUNNING or STARTUP flag (cdb)
vendor -- lock error information (optional)
product -- lock error information (optional)
version -- lock error information (optional)
client_id -- lock error information (optional)
Members:
abort(...)
Method:
abort(self)
Abort the transaction.
apply(...)
Method:
apply(self, keep_open=True, flags=0)
Apply the transaction.
Validates, prepares and eventually commits or aborts the transaction. If the validation fails and the 'keep_open' argument is set to True (default), the transaction is left open and the developer can react upon the validation errors.
Apply the transaction and return the result in form of dict().
Validates, prepares and eventually commits or aborts the transaction. If the validation fails and the 'keep_open' argument is set to True (default), the transaction is left open and the developer can react upon the validation errors.
The 'params' argument represent commit parameters. See CommitParams class for available commit parameters.
The result is a dictionary representing the result of applying transaction. If dry-run was requested, then the resulting dictionary will have 'dry-run' key set along with the actual results. If commit through commit queue was requested, then the resulting dictionary will have 'commit-queue' key set. Otherwise the dictionary will be empty.
Arguments:
keep_open -- keep transaction open (boolean)
params -- list of commit parameters (maapi.CommitParams)
Returns:
dict (see above)
Example use:
with ncs.maapi.single_write_trans('admin', 'python') as t:
root = ncs.maagic.get_root(t)
dns_list = root.devices.device['ex1'].config.sys.dns.server
dns_list.create('192.0.2.1')
params = t.get_params()
params.dry_run_native()
result = t.apply_params(True, params)
print(result['device']['ex1'])
t.apply_params(True, t.get_params())
commit(...)
Method:
commit(self)
Commit the transaction.
end_progress_span(...)
Method:
end_progress_span(self, *args)
Don't call this function.
Call instance.end() on the progress.Span instance created from start_progress_span() instead.
finish(...)
Method:
finish(self)
Finish the transaction.
This will finish the transaction. If the transaction is implemented by an external database, this will invoke the finish() callback.
get_params(...)
Method:
get_params(self)
Get the current commit parameters for the transaction.
The result is an instance of the CommitParams class.
hide_group(...)
Method:
hide_group(self, group_name)
Do hide a hide group.
Hide all nodes belonging to a hide group in a transaction that started with flag FLAG_HIDE_ALL_HIDEGROUPS.
prepare(...)
Method:
prepare(self, flags=0)
Prepare transaction.
This function must be called as first part of two-phase commit. After this function has been called, commit() or abort() must be called.
It will invoke the prepare callback in all participants in the transaction. If all participants reply with OK, the second phase of the two-phase commit procedure is commenced.
While spans represents a pair of data points: start and stop; info events are instead singular events, one point in time. Call progress_info() to write a progress span info event to the progress trace. The info event will have the same span-id as the start and stop events of the currently ongoing progress span in the active user session or transaction. See help for start_progress_span() for more information.
Arguments:
msg - message to report (str)
verbosity - ncs.VERBOSITY_*, VERBOSITY_NORMAL is default (optional)
attrs - user defined attributes (optional)
links - list of ncs.progress.Span or dict (optional)
path - keypath to an action/leaf/service/etc (str, optional)
Starts a progress span. Progress spans are trace messages written to the progress trace and the developer log. A progress span consists of a start and a stop event which can be used to calculate the duration between the two. Those events can be identified with unique span-id. Inside the span it is possible to start new spans, which will then become child spans, the parent-span-id is set to the previous spans' span-id. A child span can be used to calculate the duration of a sub task, and is started from consecutive maapi_start_progress_span() calls, and is ended with maapi_end_progress_span().
The function returns a Span object which either stops the span by invoking span.end() or by exiting a 'with' context. Messages are written to the progress trace which can be directed to a file, oper data or as notifications.
Call help(ncs.progress) or help(confd.progress) for examples.
Arguments:
msg - message to report (str)
verbosity - ncs.VERBOSITY_*, VERBOSITY_NORMAL is default (optional)
attrs - user defined attributes (optional)
links - list of ncs.progress.Span or dict (optional)
path - keypath to an action/leaf/service/etc (str, optional)
Returns:
trace span (ncs.progress.Span)
unhide_group(...)
Method:
unhide_group(self, group_name)
Do unhide a hide group.
Unhide all nodes belonging to a hide group in a transaction that started with flag FLAG_HIDE_ALL_HIDEGROUPS.
validate(...)
Method:
validate(self, unlock, forcevalidation=False)
Validate the transaction.
This function validates all data written in the transaction. This includes all data model constraints and all defined semantic validation, i.e. user programs that have registered functions under validation points.
If 'unlock' is True, the transaction is open for further editing even if validation succeeds. If 'unlock' is False and the function succeeds next function to be called MUST be prepare() or finish().
'unlock = True' can be used to implement a 'validate' command which can be given in the middle of an editing session. The first thing that happens is that a lock is set. If 'unlock' == False, the lock is released on success. The lock is always released on failure.
The 'forcevalidation' argument should normally be False. It has no effect for a transaction towards the running or startup data stores, validation is always performed. For a transaction towards the candidate data store, validation will not be done unless 'forcevalidation' is True. Avoiding this validation is preferable if we are going to commit the candidate to running, since otherwise the validation will be done twice. However if we are implementing a 'validate' command, we should give a True value for 'forcevalidation'.
