akarneliuk / pygnmi

The pure Python implementation of the gNMI client.
https://training.karneliuk.com
BSD 3-Clause "New" or "Revised" License
129 stars 44 forks source link

FutureTimeoutError connecting to SR-OS over TLS #59

Closed Daxx13 closed 2 years ago

Daxx13 commented 2 years ago

Hi,

I just started working with gNMI and TLS using a SR-OS platform. The basic setup seems to be working, as gnmic returns the correct output when reaching the test device. This is also working without specifying the --tls-ca cert but with --skip-verify:

gnmic -a [hostname] -u [user] -p [passwd] get --path /state/system/platform --tls-ca certificate.ca-bundle
[
  {
    "source": "[source]",
    "timestamp": 1651586070618194298,
    "time": "2022-05-03T15:54:30.618194298+02:00",
    "updates": [
      {
        "Path": "state/system/platform",
        "values": {
          "state/system/platform": "7750 SR-7"
        }
      }
    ]
  }
]

But, using pyGNMI from the same machine, same connection data, is not working for me:

if __name__ == '__main__':
    with gNMIclient( target=host, username=username, password=password, 
        path_root=path_root_cert, 
        debug=True
        ) as gc:
Traceback (most recent call last):
  File "/gRPC_tests.py", line 37, in <module>
    with gNMIclient( target=host, username=username, password=password, 
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pygnmi/client.py", line 94, in __enter__
    return self.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pygnmi/client.py", line 146, in connect
    self.wait_for_connect(timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pygnmi/client.py", line 156, in wait_for_connect
    grpc.channel_ready_future(self.__channel).result(timeout=timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/grpc/_utilities.py", line 139, in result
    self._block(timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/grpc/_utilities.py", line 85, in _block
    raise grpc.FutureTimeoutError()

Tried in some other ways, without insecure parameter, etc. Debug flag does not give more info. I can see traffic exchange between my machine and the gNMI server.

FYI: Unencrypted connections (w/o using TLS) worked just fine.

Thanks!

akarneliuk commented 2 years ago

Hello @Daxx13 ,

thanks for raising an issue. Could you please advise a number of things?

Best, Anton

Daxx13 commented 2 years ago

Hi @akarneliuk,

Thanks!

Daxx13 commented 2 years ago

Hi,

Seems to be a ciphers thing with grpc, not directly related with this project, I made it work setting this environment variable:

os.environ["GRPC_SSL_CIPHER_SUITES"] = "HIGH"

Thanks!