Commit error

[marekkusmirczak]

Description of Issue/Question

When committing i have this error. It looks like problem is when commiting lines with encrypted password.

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

• [X ] Yes
• [ ] No

Setup

napalm-fortios version

(Paste verbatim output from pip freeze | grep napalm-fortios between quotes below)

napalm-fortios==0.3.1

FortiOS version

(Paste verbatim output from get sys status between quotes below)

Version: FortiGate-200D v5.4.3,build1111,161220 (GA)

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

Committing ...
Traceback (most recent call last):
  File "fortigate.py", line 62, in <module>
    main(config_file)
  File "fortigate.py", line 45, in main
    device.commit_config()
  File "/usr/local/lib/python2.7/dist-packages/napalm_fortios/fortios.py", line 129, in commit_config
    raise ReplaceConfigException(e.message)
napalm_base.exceptions.ReplaceConfigException: [('-14', 'set password ENC pTMs4FnBTG+QCE9ICS06VG7a286RHWDC2qeBARPCXpIY5jbWGVyMTKV1FqwiCE4IoSkd3I0PfC8GC2dvIcKlP9mWK3G1uV41l8gN8dgyU4LE57o+jjXqzFOcL0PkU36NTWY9YNZ0WInw0mwgimB8qA/gnV5X2jmAO7FZPOzqXu3LL5rr/ys9nx/qFPeNUy0VpEIaEA=='), ('-14', 'set password ENC b40/QLbsW28Pyawet34KBM1LwhvUEuzLA6PkmK/Gfjw26pKgC6sgb28yiUNYcV7U1MCFYEgSz3m5kwQaoO5z/gGZup3yHPijPT6XQaJZ80zR7Lw+WbopmeKzgvsJaK6NmenewVb7eB1RvoI+MWLE51IjrQMtQ7ebK+i8pWugRJbs1dLmeil6xQOUFc1rOyjON76OeA=='), ('-14', 'set password ENC 08FCSkJIBx3rFZLCO06tyamTdYgn+kY2oypv8vwpTOc5wZBuLA7bybYgu/ialbA2TSUrpZsbBGFaqO53A1v0PyQ94FXlnZQa/iOL4Q8FOtIt6AH2Y1+VbnwqjIwH2I1LzvsWna5dGABJBEoNvNpwlMITU11NiRO4gyNMbOpeVmKPGFb8cqUI2UvUl0tNnEo7ArLqbg=='), ('-14', 'set password ENC Oq3Y01pnu9RXjUgREy6CG/M5qdEx0vDiVtqhY2SMiRoeDcxHqM0lmUxBoNyt2+JqRKw/bYzoAEK72a83GJ0dBeXZarxbQyDNIwmLY6qyFqmTXCRBpCnz44esf5b5sggMWJmrjBsF6TV2SeeqgBt2zdnSqTABtpZ9D8BQhNIapj7YpiMbVv0UvvzRIMMYmpuvOY+8XA=='), ('-14', 'set password ENC OuklpdLnD9NK10TVazCAxWRrsgLB23yCXjTRxZilIAFodUjUb5Bowas6wp3Hs3jy17cAD5XnFh9PBDkEnlshl4jOKRDHguCafkPRXVT8EhRO4ymvTOfNjrJ69F/eQZyjvbvm5ZNUhGOR/8HSA2s6JyW0FfN01nJRkzGUfw3ewu/iNK4Gd1zyTvCVBYabhDoznj4WHQ==')]

[dbarrosop]

Hello, this is does not seem to be a napalm issue. Your device seems to be rejecting the commands set password ENC ... and it's returning an error code -14. Are you sure those commands work if you paste them directly in the CLI?

Regards. David

[marekkusmirczak]

I'm loading configuration from the same device.

In the meantime i've tested something else:

newtonek@ansible:~$ cl_napalm_configure --user admin --password X--vendor fortios --strategy replace 10.176.1.201 global.conf Traceback (most recent call last): File "/usr/local/bin/cl_napalm_configure", line 11, in sys.exit(main()) File "/usr/local/lib/python2.7/dist-packages/napalm_base/clitools/cl_napalm_configure.py", line 59, in main args.optional_args, args.config_file, args.dry_run)) File "/usr/local/lib/python2.7/dist-packages/napalm_base/clitools/cl_napalm_configure.py", line 51, in run return diff File "/usr/local/lib/python2.7/dist-packages/napalm_base/base.py", line 60, in exit self.raise_clean_exception(exc_type, exc_value, exc_traceback) File "/usr/local/lib/python2.7/dist-packages/napalm_base/base.py", line 82, in raise_clean_exception raise exc_value napalm_base.exceptions.ReplaceConfigException: [('-14', 'set password ENC l2xUjco1cJhwjZ6od6bi+ymU4bjzzFiFfsKPwMvNL/pDbZqk4aJDvEReZrD57BBUzv48zG1S2bSxVW7uXwz3qh17IvjjLVUfhYHYjrJHeDPjmLm0NkipzxKKVyyCK1fcrJTWlMCBQO3B+kS5Dy+7GRVmtVXImX+Fwj0d9MKzkYorhChu7Iu7VIccrSELPeP/W3+aMw=='), ('-14', 'set password ENC Ew6BaMnvbbT4AmJnT6k5UEsqFNnMfmfJvfuuot5JKCK4zT3k/Sq3iCHQm0GkewJw2mSYvdRLuFTsZjlVonEiVgIBneV+Iea0XzYRk/8q2ETdDHTqYPO03odRae/z3DOiYAg4U4FSQDfuMTfNnbaYhQy2vC96QIOeKDYgU/NtnrbWY96EpVTOuyFkl7cwk90KJ5GbdQ=='), ('-14', 'set password ENC kh24s6BGJ1fMaF2wZ0uWHRLzt44IiT787Cv9kBNWDto0j5t7c9QlUaqDi1VqIbcTK8gy71WA0JO6fVY+4qNgU8HXHgsY0jHEnVj9yp/08M7PKerlhw89RIRVdNw26B2/N5Xdb1gA9Wzie8UEpFdQetWXlEyg/Mai8Uyixk5CGjoUC+WqKmoxANZpSp6A9u/PdtBqyQ=='), ('-14', 'set password ENC SB3C29PqcnhPN98Zdkguxdaq2axu60iKrzJDSm3OmdOGTLuCDSS1SHHq/XiemXHr9+JbTbnz/5BlRZ2a2l3VhizfbSr3gKbiB6gbIcvPPlFiDD02kpKYyBy2y0D3XINWSANmFu3oFcu89IYtq3/ExNpuohG911/V0bYZUI/iqX2+Ble14IAUbKvl0Kmx21qUvnN7yQ=='), ('-14', 'set password ENC h9vXI/FI/qYvny5zahGe5ntdvRAF9O0XDcTr3TbOhGgGkZhmeUNfMZyf+y+cY6JG7D+p5fHwA8jfnPicvA/nsDmkMLfjALoWVPtntXdefnn4CkB0eP8xJUoZMu+f4mkg+dJsxupr5Bv6sxqpvPSqsCBMyR4IHwjKYaeIxaUX+uVNxpDZJAJk1Ibt+swbxKgI2n52dg==')]

newtonek@ansible:~$ cl_napalm_configure --user admin --password X --vendor fortios --strategy merge 10.176.1.201 global.conf config system global set hostname "NAPALM" unset disk-usage end

Merge works...

[dbarrosop]

And replace works as well. Note that napalm is just telling you some commands threw an error -14. I'd suggest trying to copy & paste those lines into the CLI and trying to figure out why FortiOS doesn't like them.

[marekkusmirczak]

There is no such commands in conf file. It contains only:

config system global set hostname "NAPALM" end

I think this set password... comes from running-config.

[dbarrosop]

Can you execute print(device.compare_config()) before the commit and paste the results?

[marekkusmirczak]

Diff: config system global unset disk-usage end

I'm only changing hostname (system global).

[dbarrosop]

Ok, I am not sure what's going on but the problem is probably not in napalm but in pyfg. Can you try the following code and print the output? (be careful with sensitive data)

from pyFG.fortios import FortiOS, FortiConfig

hostname = "your_hostname_or_ip"
username = "your_user"
password = "your_passwd"
config_file = "/path/to/config"

device = FortiOS(hostname, username, password)
device.open()

device.candidate_config = FortiConfig('candidate')
device.running_config = FortiConfig('running')

with open(config_file) as f:
    configuration = f.read()

# Loads running config without modifying the candidate
device.load_config(empty_candidate=True)
# Loads the candidate from variable
device.load_config(in_candidate=True, config_text=configuration)

print("============== Running config:")
print(device.running_config.to_text())
print("============== Candidate config:")
print(device.candidate_config.to_text())
print("============== Diff:")
print(device.compare_config())

# Let's reload the state and print the diff
device.load_config(empty_candidate=True)
print("============== Diff:")
print(device.compare_config())

device.close()

[marekkusmirczak]

It breaks on open:

device.open() Traceback (most recent call last): File "", line 1, in File "/usr/local/lib/python2.7/dist-packages/pyFG/fortios.py", line 94, in open self.ssh.connect(**cfg) File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 622, in _auth raise SSHException('No authentication methods available') paramiko.ssh_exception.SSHException: No authentication methods available

[dbarrosop]

Did you set this variables correctly?

hostname = "your_hostname_or_ip"
username = "your_user"
password = "your_passwd"

[marekkusmirczak]

Yes.

[dbarrosop]

Are you using the same virtualenv you are using with your napalm tests? The code I just pasted is exactly what napalm is doing behind the scenes so it should work exactly in the same way (I just added a few prints for debugging)

[marekkusmirczak]

device = FortiOS(hostname, username, password, timeout=60)

It works now ;)

[dbarrosop]

Great! : )

What about the rest of the code? Is it working?

[marekkusmirczak]

Hmm, wait ;)

[marekkusmirczak]

Look here, it works: Type "help", "copyright", "credits" or "license" for more information.

from napalm import get_network_driver

driver = get_network_driver('fortios') device = driver('10.176.1.201', 'admin', 'admin123') device.open()

from pyFG.fortios import FortiOS, FortiConfig

hostname = "10.176.1.201" username = "admin" password = "admin123" config_file = "global.conf"

device = FortiOS(hostname, username, password, timeout=60) device.open() Traceback (most recent call last): File "", line 1, in File "/usr/local/lib/python2.7/dist-packages/pyFG/fortios.py", line 94, in open self.ssh.connect(**cfg) File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 622, in _auth raise SSHException('No authentication methods available') paramiko.ssh_exception.SSHException: No authentication methods available

[dbarrosop]

Mmmm, I don't quite follow. You say it works but you pasted an error :P

[marekkusmirczak]

It was by mistake. Sorry :)

[dbarrosop]

Can we close this ticket? Last couple of messages have been a bit "confusing" so I am not sure if you made it work or not.

[marekkusmirczak]

You can close it. It works :)

[dbarrosop]

Great! Did it work with both the script I sent you and napalm? Or just with one of them?

[marekkusmirczak]

It works on my script, but only like this:

from napalm import get_network_driver

driver = get_network_driver('fortios') device = driver('10.176.1.201', 'admin', 'admin123') device.open()

It's working only in merge mode. I don't have time to analyze it more. Problem exists when I try to replace configuration - I think it's fortios problem, not napalm.

[dbarrosop]

Ok, let's close it for the time being and feel free to reopen it later when you have the time.