search

CESNET / libnetconf2

C NETCONF library
BSD 3-Clause "New" or "Revised" License
203 stars 147 forks source link

How can I increase libnetconf2 response timeout? #206

Closed igortern closed 4 years ago

igortern commented 4 years ago

Hi, When debugging sysrepo client with all debugs on, it sometimes takes more that 1s to finish edit-config transaction. It appears that there is some timeout in libnetconf2/netopeer2 - the max time it waits for all callbacks to finish before sending RPC response. It gives up with error message [ERR]: LN: Session 1: failed to write reply. Could you advice what constant controls this timeout? Is it possible to increase it programmatically to avoid patching the sources? Regards, Igor

michalvasko commented 4 years ago

Hi, do you maybe have some more output? It should be printed what timeout elapses. Also, I have noticed one return check was not updated and it could have caused an invalid message to be printed, so please update libnetconf2 (devel) and try again.

Regards, Michal

igortern commented 4 years ago

Hi Michal, I updated everything from devel and still can reproduce the problem. What debug level should I enable to give more information? I tried with -c SYSREPO and with -v3 There is nothing suspicious before the error.. [INF]: LY: There is no instance of "/ietf-netconf-server:netconf-server/listen/endpoint[name='default-ssh']/ssh/ssh-server-parameters/client-authentication/users", but it is not required. [INF]: LY: There is no instance of "/ietf-netconf-server:netconf-server/listen/idle-timeout", but it is not required. [INF]: LY: There is no instance of "/ietf-interfaces:interfaces", but it is not required. [INF]: LY: All data nodes and constraints resolved. [INF]: SR: Processing "notif" "ietf-netconf-notifications" event with ID 1. [INF]: SR: Finished processing "notif" event with ID 1 priority 0 (remaining 0 subscribers). [INF]: SR: Finished processing "rpc" event with ID 1 priority 0 (remaining 0 subscribers). [INF]: SR: Event "rpc" with ID 1 priority 0 succeeded. [ERR]: LN: Session 1: failed to write reply.

Regards, Igor

michalvasko commented 4 years ago

Hi Igor, could you please try again? I have improved the messages a bit so you should at least see whether it really time-outed. But the only relevant timeout I found is in netopeer2 and is set to 0 so I am a bit confused.

Regards, Michal

igortern commented 4 years ago

Hi Michal, After taking today's snapshots I can get to the point this timeout happens. Now it fails earlier with NACM authorization error (below). It is a new behaviour. Do I need to add some configuration to get past this error?

Thanks, Igor

[INF]: LY: All data nodes and constraints resolved. [INF]: SR: Published event "rpc" with ID 1 priority 0 for 1 subscribers. [INF]: SR: Processing "/ietf-netconf:copy-config" "rpc" event with ID 1 priority 0 (remaining 1 subscribers). [ERR]: SR: Access to the data model "ietf-netconf-server" is denied because "igort" NACM authorization failed. [INF]: SR: Finished processing "rpc" event (callback fail) with ID 1 priority 0 (remaining 1 subscribers). [ERR]: SR: User callback failed [WRN]: SR: Event "rpc" with ID 1 priority 0 failed (User callback failed). [ERR]: NP: Failed to send an RPC (User callback failed). [INF]: NP: Session 1: thread 1 event new RPC. [INF]: NP: Session 1: thread 1 event reply error.

michalvasko commented 4 years ago

Hi, I have just implemented a bugfix for copy-config. Just to make sure, what datastores are you using, copying configuration from which datastore to what datastore?

Regards, Michal

igortern commented 4 years ago

Hi Michal,

copy-config target is "running". The source is configuration in RPC message.

Thanks, Igor

On Wed, Feb 12, 2020 at 6:55 PM Michal Vasko notifications@github.com wrote:

Hi, I have just implemented a bugfix for copy-config. Just to make sure, what datastores are you using, copying configuration from which datastore to what datastore?

Regards, Michal

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/CESNET/libnetconf2/issues/206?email_source=notifications&email_token=AEX4KW5Z4EVRES7XWIOX2HTRCOTQHA5CNFSM4KRKBWSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELPZJ2A#issuecomment-585077992, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEX4KW5SRO2BJG6JG745ULTRCOTQHANCNFSM4KRKBWSA .

michalvasko commented 4 years ago

Hi Igor, then it will probably be a result of some older changes. Most importantly, is the error correct? Are there any ietf-netconf-server data in the configuration you got from the RPC?

Regards, Michal

igortern commented 4 years ago

Hi Michal,

network manager issues the following RPC in order to reset the relevant tables. Note that it doesn't touch ietf-netconf-server, but does reset ietf-netconf-acm. The error reply is still present as of today (see netopeer2-server log after copy-config). Generally speaking, is it possible to disable nacm in netopeer2-server? I don't need it for the PoC I'm doing.

Thanks, Igor

**

netopeer2-server log. Note that at this point netopeer2-server is the only sysrepo client.

[INF]: SR: Processing "/ietf-netconf:copy-config" "rpc" event with ID 1 priority 0 (remaining 1 subscribers). [ERR]: SR: Access to the data model "ietf-netconf-server" is denied because "igort" NACM authorization failed. [INF]: SR: Finished processing "rpc" event (callback fail) with ID 1 priority 0 (remaining 1 subscribers). [ERR]: SR: User callback failed [WRN]: SR: Event "rpc" with ID 1 priority 0 failed (User callback failed). [ERR]: NP: Failed to send an RPC (User callback failed). [INF]: NP: Session 1: thread 4 event new RPC. [INF]: NP: Session 1: thread 4 event reply error.

On Wed, Feb 12, 2020 at 7:46 PM Michal Vasko notifications@github.com wrote:

Hi Igor, then it will probably be a result of some older changes. Most importantly, is the error correct? Are there any ietf-netconf-server data in the configuration you got from the RPC?

Regards, Michal

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/CESNET/libnetconf2/issues/206?email_source=notifications&email_token=AEX4KW45ZZ5VYOM5YZVU32DRCOZM3A5CNFSM4KRKBWSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELP5T3A#issuecomment-585095660, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEX4KW6VZ66KNS76U3RRCE3RCOZM3ANCNFSM4KRKBWSA .

michalvasko commented 4 years ago

Hi, it is correct then, you are effectively deleting all ietf-netconf-server configuration, which you do not have access to. And you can disable NACM but you must do so before this copy-config if it is to succeed (although I am not sure you really want to delete all ietf-netconf-server data, you will then not be able to connect by SSH). You just need to have

<nacm:nacm xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
   <nacm:enable-nacm>false</nacm:enable-nacm>
</nacm:nacm>

in the config to disable NACM.

Regards, Michal

igortern commented 4 years ago

Thank you Michal

On Thu, Feb 13, 2020 at 6:39 PM Michal Vasko notifications@github.com wrote:

Hi, it is correct then, you are effectively deleting all ietf-netconf-server configuration, which you do not have access to. And you can disable NACM but you must do so before this copy-config if it is to succeed (although I am not sure you really want to delete all ietf-netconf-server data, you will then not be able to connect by SSH). You just need to have

false in the config to disable NACM. Regards, Michal — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or unsubscribe .