search

akarneliuk / pygnmi

The pure Python implementation of the gNMI client.
https://training.karneliuk.com
BSD 3-Clause "New" or "Revised" License
129 stars 44 forks source link

--insecure vs --skip-verify and options inside gNMIclient #29

Closed soap1337 closed 3 years ago

soap1337 commented 3 years ago

greetings! I am trying to use pygnmi for connecting to a cisco Nexus 9000 series switch. and with the gnmic tool for command line i can get my commands to work as long as i use "--skip-verify" in my command string. I am trying to accomplish the same thing in a python script and am running into errors. In the client in the library, there doesn't appear to be an equivalent to "--skip-verify" as an arg in the client function.

and that brings me to my question. in the case of this. Does "insecure=True" act the same as "--skip-verify" in the gnmic tool?

i guess what i am really looking for is how, in the python client, do i also do untrusted TLS command as an arg?

i.e. working command for cisco 9k switch: gnmic -a 192.168.1.100:6030 -u admin -p admin --skip-verify get --path /lldp/state/enabled

i.e. NOT working command for cisco 9k switch: gnmic -a 192.168.1.100:6030 -u admin -p admin --insecure get --path /lldp/state/enabled

and here is my python snippet:

with gNMIclient(target=host, username='admin', password='admin',insecure=True, gnmi_timeout=2) as gc:

also this library is truly amazing, it was a no brainer to start using this as my automation go to for my growing presence of grpc stuff

keep up the great work!!!

soap1337 commented 3 years ago

this helped a lot https://karneliuk.com/2021/03/pygnmi-8-securing-the-gnmi-connectivity-with-self-signed-certificates/

akarneliuk commented 3 years ago

Hello @soap1337 ,

thanks for a kind feedback. Has the blogpost answered your question? Is there anything else needed?

Best, Anton

soap1337 commented 3 years ago

Yep, basically I need to test cert based auth. I'll post here with some examples when I get it done. My environment has totally different vendors+hardware than you test this library on in the video examples. Thanks for responding!

soap1337 commented 3 years ago

just figured i would update this for anyone who might come across this. I ran this tooling against cisco and arista.

for the cisco 9k appliances, each device needs a specific cert with the whole chain the the CA.

took me a few days to really get this detail worked out.

also @akarneliuk if you ever circle to OpenConfig+pygnmi on the Cisco nexus 9k platform. i can post the information i have gathered on it. CIsco documentation is not easily searchable or deciphered.