search

miaow2 / netbox-config-diff

Find diff and push rendered device configurations from NetBox to devices and apply them.
https://miaow2.github.io/netbox-config-diff/
Apache License 2.0
74 stars 4 forks source link

Problem with old switch #28

Closed RenatoPereira91 closed 11 months ago

RenatoPereira91 commented 11 months ago

NetBox version What version of NetBox are you currently running? 3.6.2

Describe the bug After run the script I get this message:

Traceback (most recent call last): File "/opt/netbox/venv/lib/python3.10/site-packages/netbox_config_diff/compliance/models.py", line 65, in get_actual_config async with AsyncScrapli(**self.to_scrapli()) as conn: File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/driver/base/async_driver.py", line 42, in aenter await self.open() File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/driver/base/async_driver.py", line 84, in open await self.transport.open() File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/transport/plugins/asyncssh/transport.py", line 194, in open self.session = await asyncio.wait_for( File "/usr/lib/python3.10/asyncio/tasks.py", line 445, in wait_for return fut.result() File "/usr/lib/python3.10/asyncio/tasks.py", line 650, in _wrap_awaitable return (yield from awaitable.await()) File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 8093, in connect return await asyncio.wait_for( File "/usr/lib/python3.10/asyncio/tasks.py", line 408, in wait_for return await fut File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 440, in _connect await options.waiter File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1275, in data_received while self._inpbuf and self._recv_handler(): File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1522, in _recv_packet processed = handler.process_packet(pkttype, seq, packet) File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/packet.py", line 237, in process_packet self._packet_handlers[pkttype](self, pkttype, pktid, packet) File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 2168, in _process_kexinit self._enc_alg_cs = self._choose_alg('encryption', self._enc_algs, File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1349, in _choose_alg raise KeyExchangeFailed( asyncssh.misc.KeyExchangeFailed: No matching encryption algorithm found, sent chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr and received aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

My switch is old, I can't changer the algorithm, I tried use telnet but I cant found the correct drive.

miaow2 commented 11 months ago

Hi @RenatoPereira91, thanks for opening the issue what are the switch models and os version?

RenatoPereira91 commented 11 months ago

Hi @miaow2,

The models is WS-C2960-8TC-L. It's with the IOS 15.

miaow2 commented 11 months ago

Unfortunately, I do not have such a device, if I post here a simple script that tries to open a connection with old algorithms, can you run it and post if it is successful or not?

RenatoPereira91 commented 11 months ago

@miaow2 yes sure.

I created the a simple script using the scraps library, and I get the connection with the parameters:

connection = { "host": device, "auth_username": "cisco", "auth_password": "cisco", "auth_strict_key": False, "transport": "paramiko", }

I tried found this in your script, but without success kkkk (I dont have most knowledge about dev kk )

If you think better, I can send one email to you.

miaow2 commented 11 months ago

there is a dictionary for scrapli connection https://github.com/miaow2/netbox-config-diff/blob/develop/netbox_config_diff/compliance/models.py#L32

but paramiko does not support async and can not be used in the plugin

RenatoPereira91 commented 11 months ago

I understood, send me the script that you would like test.

miaow2 commented 11 months ago

the script is below, it only gets "show version" from the device, define host, auth_username and auth_password in the variable DEVICE before running install scrapli pip install scrapli[asyncssh] and please test script on devices with newer os versions

import asyncio

from scrapli import AsyncScrapli

DEVICE = {
    "host": "",
    "auth_username": "",
    "auth_password": "",
    "platform": "cisco_iosxe",
    "auth_strict_key": False,
    "transport": "asyncssh",
    "transport_options": {
        "asyncssh": {
            "kex_algs": [
                "curve25519-sha256",
                "curve25519-sha256@libssh.org",
                "curve448-sha512",
                "ecdh-sha2-nistp521",
                "ecdh-sha2-nistp384",
                "ecdh-sha2-nistp256",
                "ecdh-sha2-1.3.132.0.10",
                "diffie-hellman-group-exchange-sha256",
                "diffie-hellman-group14-sha256",
                "diffie-hellman-group15-sha512",
                "diffie-hellman-group16-sha512",
                "diffie-hellman-group17-sha512",
                "diffie-hellman-group18-sha512",
                "diffie-hellman-group14-sha256@ssh.com",
                "diffie-hellman-group14-sha1",
                "rsa2048-sha256",
                "diffie-hellman-group1-sha1",
                "diffie-hellman-group-exchange-sha1",
                "diffie-hellman-group-exchange-sha256",
            ],
            "encryption_algs": [
                "aes256-cbc",
                "aes192-cbc",
                "aes128-cbc",
                "3des-cbc",
                "aes256-ctr",
                "aes192-ctr",
                "aes128-ctr",
                "aes128-gcm@openssh.com",
                "chacha20-poly1305@openssh.com",
            ],
        },
    },
}

async def main():
    async with AsyncScrapli(**DEVICE) as conn:
        result = await conn.send_command("show version")
        print(result.result)

if __name__ == "__main__":
    asyncio.run(main())
RenatoPereira91 commented 11 months ago

@miaow2 this code worked

miaow2 commented 11 months ago

ok, then I will create a new release with this fix

RenatoPereira91 commented 11 months ago

@miaow2 Thank you,

I have more one question, I fixed this code in my lab. I tried test if SNMP is correct, but if I use the "show running-config" it show me failed, with correctly SNMP config, If I use "show running-config | include snmp" work fine.

I tried used the Regex(I used "^((?!snmp).)*$") , but doesn't work because the signal "+" is showed:

image

miaow2 commented 11 months ago

you tried regex with "show running-config" output?

RenatoPereira91 commented 11 months ago

Yes, below I send the screenshot:

image

miaow2 commented 11 months ago

I will check at my local setup why this is happening

RenatoPereira91 commented 11 months ago

Ok, if you need any help let me know.

miaow2 commented 11 months ago

ohhh, i understand, in exclude regex you should define regexp that will delete config lines that are not in rendered config and are in the actual configuration, so actual configuration starts looking like rendered you should write regexps that match all lines from actual config except SNMP configuration then it will work

RenatoPereira91 commented 11 months ago

If I set the regex with "^snmp.*" the code deleted all line started with snmp and get failed.

I understood that regex is to exclude line that match that rule.

Is more easy create the regex to match line to compliance, but if I create regex to exclude all line match is hard because I need knowledge the configuration all devices.

If you have any example about this, I can test.

miaow2 commented 11 months ago

I am sorry, I read your regexp incorrectly, I fixed connection to old os versions and many empty lines when using negative regexp in release 1.2.2

RenatoPereira91 commented 11 months ago

Nice, I will update here. Thank you so much

RenatoPereira91 commented 11 months ago

Nice, the problems fixed