There are certain checks we'd like to make against our Juniper gear that only work in Operational mode. For non-juniper people, that means the information is not stored in the configuration.
For instance, we want to run the following check to make sure the OS on both the primary and backup partitions is the same:
show system snapshot media internal
Which would result in this information:
fpc0:
--------------------------------------------------------------------------
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Sep 24 12:20:23 2014
JUNOS version on snapshot:
jbase : ex-12.3R6.6
jkernel-ex-2200: 12.3R6.6
jweb-ex: 12.3R6.6
jcrypto-ex: 12.3R6.6
jdocs-ex: 12.3R6.6
jswitch-ex: 12.3R6.6
jpfe-ex22x: 12.3R6.6
jroute-ex: 12.3R6.6
fips-mode-arm: 12.3R6.6
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Sep 24 16:05:53 2014
JUNOS version on snapshot:
jbase : ex-12.3R3.4
jkernel-ex-2200: 12.3R3.4
jweb-ex: 12.3R3.4
jcrypto-ex: 12.3R3.4
jdocs-ex: 12.3R3.4
jswitch-ex: 12.3R3.4
jpfe-ex22x: 12.3R3.4
jroute-ex: 12.3R3.4
fips-mode-arm: 12.3R3.4
So in this case, the primary partition has 12.3R6.6 and the backup partition has 12.3R3.4. For us, this would only be the case after an OS upgrade. We'd want to leave it in place for a period of time and then copy the primary over the backup. So we'd like to flag this as a policy violation.