search

akarneliuk / pygnmi

The pure Python implementation of the gNMI client.
https://training.karneliuk.com
BSD 3-Clause "New" or "Revised" License
127 stars 44 forks source link

pygnmi doesn't send anything over the wire #57

Open svautour opened 2 years ago

svautour commented 2 years ago

Test code:

from pygnmi.client import gNMIclient if name == 'main': host = ("172.16.18.9", "57400") paths = ['openconfig-interfaces:interfaces', 'openconfig-network-instance:network-instances'] with gNMIclient(target=host, username="xxxx", password="xxxxxxx", insecure=True) as gc: response = gc.capabilities() print (response)

When I run:

(virtual3.9) root@squad3_1:~/virtual3.9# python pygnmitest.py Traceback (most recent call last): File "/root/virtual3.9/pygnmitest.py", line 7, in with gNMIclient(target=host, username="xxxx", password="xxxxxxx", insecure=True) as gc: File "/root/virtual3.9/lib/python3.9/site-packages/pygnmi/client.py", line 94, in enter return self.connect() File "/root/virtual3.9/lib/python3.9/site-packages/pygnmi/client.py", line 146, in connect self.wait_for_connect(timeout) File "/root/virtual3.9/lib/python3.9/site-packages/pygnmi/client.py", line 156, in wait_for_connect grpc.channel_ready_future(self.__channel).result(timeout=timeout) File "/root/virtual3.9/lib/python3.9/site-packages/grpc/_utilities.py", line 139, in result self._block(timeout) File "/root/virtual3.9/lib/python3.9/site-packages/grpc/_utilities.py", line 85, in _block raise grpc.FutureTimeoutError() grpc.FutureTimeoutError

I have tried this in a python 3.8 and 3.9 venv on 2 different Ubuntu VMs. Same result.

If I tcpdump the NIC, I see no traffic to the host on port 57400.

Thanks, Serge

akarneliuk commented 2 years ago

Hello @svautour ,

sorry for the delay, I somehow overlooked your request. I'm afraid you don't provide any details of your setup. Please, provide the configuration of your network device you try to manage with pygnmi.

also, this part is not accurate: 

if name == 'main':

It shall be:

if __name__ == "__main__":

Join our Zero-to-Hero Network Automation Training to learn more about Python for network automation

Best, Anton

akarneliuk commented 2 years ago

Hey @svautour ,

Please, re-open if needed.

Best, Anton

svautour commented 2 years ago

Re-opening. Sorry for the delay, I was on vacation.

My code does have the underscore. It didn't come across correctly as I didn't paste it as a code block.

What information do you require that I did not include? What command outputs would you like?

The config on the router that I am trying to manage is irrelevant here as when I tcpdump the NIC on the server where I run the code, I see no outbound packets to my device on port 57400.

Thanks for creating and sharing. I am looking forward to a gnmi client for python. I will help if I can.

Serge

akarneliuk commented 2 years ago

Hey @svautour ,

if pygnmi doesn't send anything to a wire, it may be something with your environment. Could you please suggest what is:

Best, Anton

svautour commented 2 years ago

Using a venv:

(virtual3.8) root@xxxxxx-ubuntu:~/TrainingExamples# python3 -V Python 3.8.0

(virtual3.8) root@xxxxxx-ubuntu:~/TrainingExamples# python3 pygnmitest.py Traceback (most recent call last): File "pygnmitest.py", line 7, in with gNMIclient(target=host, username="svautour", password="xxxxxxx", insecure=True) as gc: File "/root/TrainingExamples/virtual3.8/lib/python3.8/site-packages/pygnmi/client.py", line 94, in enter return self.connect() File "/root/TrainingExamples/virtual3.8/lib/python3.8/site-packages/pygnmi/client.py", line 146, in connect self.wait_for_connect(timeout) File "/root/TrainingExamples/virtual3.8/lib/python3.8/site-packages/pygnmi/client.py", line 156, in wait_for_connect grpc.channel_ready_future(self.__channel).result(timeout=timeout) File "/root/TrainingExamples/virtual3.8/lib/python3.8/site-packages/grpc/_utilities.py", line 139, in result self._block(timeout) File "/root/TrainingExamples/virtual3.8/lib/python3.8/site-packages/grpc/_utilities.py", line 85, in _block raise grpc.FutureTimeoutError() grpc.FutureTimeoutError

(virtual3.8) root@xxxxxx-ubuntu:~/TrainingExamples# uname -a Linux xxxxxx-ubuntu 4.15.0-167-generic #175-Ubuntu SMP Wed Jan 5 01:56:07 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

(virtual3.8) root@xxxxxx-ubuntu:~/TrainingExamples# more /etc/os-release NAME="Ubuntu" VERSION="18.04.5 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic

(virtual3.8) root@COVEP23tools-ubuntu:~/TrainingExamples# pip3 freeze cffi==1.15.0 cryptography==36.0.2 dictdiffer==0.9.0 grpcio==1.44.0 grpcio-tools==1.44.0 kthread==0.2.3 protobuf==3.20.0 pycparser==2.21 pygnmi==0.6.9 six==1.16.0

(virtual3.8) root@COVEP23tools-ubuntu:~/TrainingExamples# pip freeze cffi==1.15.0 cryptography==36.0.2 dictdiffer==0.9.0 grpcio==1.44.0 grpcio-tools==1.44.0 kthread==0.2.3 protobuf==3.20.0 pycparser==2.21 pygnmi==0.6.9 six==1.16.0

Thanks, Serge

akarneliuk commented 2 years ago

Hey @svautour ,

Try to build a new VM and see how it would work. I've just tested this:

if __name__ == "__main__":
    with gNMIclient(target=(ENV_HOSTNAME, ENV_PORT),
                    username=ENV_USERNAME,
                    password=ENV_PASSWORD,
                    insecure=True) as gconn:
        gconn.capabilities()

        result = gconn.get(path=["/"])
        print(result)

and got:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:52:46.668450 IP 192.168.1.115.60630 > ***.***.***.***.57400: Flags [S], seq 2497241027, win 64240, options [mss 1460,sackOK,TS val 867433530 ecr 0,nop,wscale 7], length 0
16:52:46.672539 IP ***.***.***.***.57400 > 192.168.1.115.60630: Flags [S.], seq 1098571442, ack 2497241028, win 65160, options [mss 1460,sackOK,TS val 2456298786 ecr 867433530,nop,wscale 7], length 0
16:52:46.672583 IP 192.168.1.115.60630 > ***.***.***.***.57400: Flags [.], ack 1, win 502, options [nop,nop,TS val 867433534 ecr 2456298786], length 0

So it doesn't seem to be an issue with pygnmi, sir.

Best, Anton

svautour commented 1 year ago

Hello,

I thought I would try this again. Some time has passed and a new version is out.

I did a fresh python venv install with python 3.9.12. I also tried pygnmicli instead of pygnmi. I discovered something:

  (pygnmi-test) ***@***.***_1:~/pygnmi-test# pygnmicli -u test -p test

-t 172.16.18.8:57400 -i

tcpdump shows no packets sent. However if I remove -i:

(pygnmi-test) @.***_1:~/pygnmi-test# pygnmicli -u test -p test -t 172.16.18.8:57400 The SSL certificate cannot be retrieved from ('172.16.18.8', 57400) Traceback (most recent call last): File "/root/pygnmi-test/lib/python3.9/site-packages/pygnmi/client.py", line 145, in connect ssl_cert = ssl.get_server_certificate((self.target[0], self.target[1])).encode("utf-8") File "/usr/lib/python3.9/ssl.py", line 1484, in get_server_certificate with context.wrap_socket(sock) as sslsock: File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.9/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/root/pygnmi-test/bin/pygnmicli", line 165, in main() File "/root/pygnmi-test/bin/pygnmicli", line 39, in main with gNMIclient( File "/root/pygnmi-test/lib/python3.9/site-packages/pygnmi/client.py", line 103, in enter return self.connect() File "/root/pygnmi-test/lib/python3.9/site-packages/pygnmi/client.py", line 149, in connect raise gNMIException(f'The SSL certificate cannot be retrieved from {self.__target}', e) pygnmi.client.gNMIException: The SSL certificate cannot be retrieved from ('172.16.18.8', 57400)

and tcpdump shows:

@.***_1:~# tcpdump -i ens3 port 57400 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 19:38:10.539810 IP 192.168.132.72.49678 > 172.16.18.8.57400: Flags [S], seq 4267049268, win 64240, options [mss 1460,sackOK,TS val 2625562153 ecr 0,nop,wscale 7], length 0 19:38:10.543588 IP 172.16.18.8.57400 > 192.168.132.72.49678: Flags [S.], seq 2140161584, ack 4267049269, win 43440, options [mss 1460,sackOK,TS val 923558734 ecr 2625562153,nop,wscale 11], length 0 19:38:10.543647 IP 192.168.132.72.49678 > 172.16.18.8.57400: Flags [.], ack 1, win 502, options [nop,nop,TS val 2625562156 ecr 923558734], length 0 19:38:10.544100 IP 192.168.132.72.49678 > 172.16.18.8.57400: Flags [P.], seq 1:518, ack 1, win 502, options [nop,nop,TS val 2625562157 ecr 923558734], length 517 19:38:10.547564 IP 172.16.18.8.57400 > 192.168.132.72.49678: Flags [.], ack 518, win 22, options [nop,nop,TS val 923558736 ecr 2625562157], length 0 19:38:10.547590 IP 172.16.18.8.57400 > 192.168.132.72.49678: Flags [P.], seq 1:16, ack 518, win 22, options [nop,nop,TS val 923558736 ecr 2625562157], length 15 19:38:10.547600 IP 192.168.132.72.49678 > 172.16.18.8.57400: Flags [.], ack 16, win 502, options [nop,nop,TS val 2625562160 ecr 923558736], length 0 19:38:10.547617 IP 172.16.18.8.57400 > 192.168.132.72.49678: Flags [R.], seq 16, ack 518, win 22, options [nop,nop,TS val 923558736 ecr 2625562157], length 0 19:38:10.551564 IP 172.16.18.8.57400 > 192.168.132.72.49678: Flags [R], seq 2140161600, win 0, length 0

So whatever part of pygnmi isn't working for me has to do with no TLS "-i" flag.

Any suggestions?

Thanks, Serge

On Sat, Jul 23, 2022 at 2:08 PM Anton Karneliuk @.***> wrote:

Hey @svautour https://github.com/svautour ,

Try to build a new VM and see how it would work. I've just tested this:

if name == "main": with gNMIclient(target=(ENV_HOSTNAME, ENV_PORT), username=ENV_USERNAME, password=ENV_PASSWORD, insecure=True) as gconn: gconn.capabilities()

    result = gconn.get(path=["/"])
    print(result)

and got:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 16:52:46.668450 IP 192.168.1.115.60630 > ....57400: Flags [S], seq 2497241027, win 64240, options [mss 1460,sackOK,TS val 867433530 ecr 0,nop,wscale 7], length 0 16:52:46.672539 IP ....57400 > 192.168.1.115.60630: Flags [S.], seq 1098571442, ack 2497241028, win 65160, options [mss 1460,sackOK,TS val 2456298786 ecr 867433530,nop,wscale 7], length 0 16:52:46.672583 IP 192.168.1.115.60630 > ....57400: Flags [.], ack 1, win 502, options [nop,nop,TS val 867433534 ecr 2456298786], length 0

So it doesn't seem to be an issue with pygnmi, sir.

Best, Anton

— Reply to this email directly, view it on GitHub https://github.com/akarneliuk/pygnmi/issues/57#issuecomment-1193157038, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADLZ2VMNCCXVFWME7KFYKRTVVQRINANCNFSM5UL7ADDQ . You are receiving this because you were mentioned.Message ID: @.***>

jbemmel commented 1 year ago

If this is against SR Linux (or perhaps some other device with security by default), try insecure=False