search

napalm-automation / napalm-base

Apache License 2.0
32 stars 48 forks source link

Error [1002]: CLI command 31 of 59 'ip route 0.0.0.0/0 10.0.2.2' failed: invalid command [incomplete token (at token 0: 'ip')] #254

Closed krikoon73 closed 7 years ago

krikoon73 commented 7 years ago

Hi,

I'm trying to push some basic CLI file to vEOS VM. But I encounter some issue regarding key work like "ip routing" or "ip route ..."

Please find below the trace.

~/vEOS/napalm$ cl_napalm_configure --user ccompain --password arista --vendor eos -o 'port=4431' --dry-run 127.0.0.1 ./evpn/evpn-edge-1.cli Traceback (most recent call last): File "/usr/local/bin/cl_napalm_configure", line 11, in <module> sys.exit(main()) File "/usr/local/lib/python2.7/site-packages/napalm_base/clitools/cl_napalm_configure.py", line 59, in main args.optional_args, args.config_file, args.dry_run)) File "/usr/local/lib/python2.7/site-packages/napalm_base/clitools/cl_napalm_configure.py", line 51, in run return diff File "/usr/local/lib/python2.7/site-packages/napalm_base/base.py", line 60, in __exit__ self.__raise_clean_exception(exc_type, exc_value, exc_traceback) File "/usr/local/lib/python2.7/site-packages/napalm_base/base.py", line 94, in __raise_clean_exception raise exc_value napalm_base.exceptions.ReplaceConfigException: Error [1002]: CLI command 31 of 59 'ip route 0.0.0.0/0 10.0.2.2' failed: invalid command [incomplete token (at token 0: 'ip')]

Snippet extract from the CLI file : ! ip route 0.0.0.0/0 10.0.2.2 ! ip routing !

Thanks for help.

C

ktbyers commented 7 years ago

@ccompain Do you have to do 'ip routing' first?

krikoon73 commented 7 years ago

@ktbyers

I did the following :

~/vEOS/napalm$ cl_napalm_configure --user ccompain --password arista --vendor eos -o 'port=4431' --dry-run 127.0.0.1 ./evpn/evpn-edge-1.cli Traceback (most recent call last): File "/usr/local/bin/cl_napalm_configure", line 11, in sys.exit(main()) File "/usr/local/lib/python2.7/site-packages/napalm_base/clitools/cl_napalm_configure.py", line 59, in main args.optional_args, args.config_file, args.dry_run)) File "/usr/local/lib/python2.7/site-packages/napalm_base/clitools/cl_napalm_configure.py", line 51, in run return diff File "/usr/local/lib/python2.7/site-packages/napalm_base/base.py", line 60, in exit self.raise_clean_exception(exc_type, exc_value, exc_traceback) File "/usr/local/lib/python2.7/site-packages/napalm_base/base.py", line 94, in raise_clean_exception raise exc_value napalm_base.exceptions.ReplaceConfigException: Error [1002]: CLI command 31 of 59 'ip routing' failed: invalid command [incomplete token (at token 0: 'ip')]

However, if I delete in the CLI config. file the both command => no error.

ktbyers commented 7 years ago

That worked for me when I tried it on vEOS (your above command and .cli file).

What happens when you manually SSH in and do the following?

pynet-sw1#configure session testsession
pynet-sw1(config-s-testse)#!
pynet-sw1(config-s-testse)#ip route 0.0.0.0/0 10.0.2.2
pynet-sw1(config-s-testse)#!
pynet-sw1(config-s-testse)#ip routing
pynet-sw1(config-s-testse)#!
pynet-sw1(config-s-testse)#end
pynet-sw1#exit
krikoon73 commented 7 years ago

working.

ktbyers commented 7 years ago

So it works if you do it manually?

What version of vEOS is it?

krikoon73 commented 7 years ago

Correct : if I use a "session" (as you proposed previously) directly on the switch, no problem.

Let me add just some elements :

For the version, it is the last one : 4.18.2F EDGE-1#sh version Arista vEOS Hardware version: Serial number: System MAC address: 0800.27da.03fe

Software image version: 4.18.2F Architecture: i386 Internal build version: 4.18.2F-4930939.4182F Internal build ID: 5cfaf463-27aa-4f25-8ef0-478403af0157

Uptime: 1 hour and 48 minutes Total memory: 1893384 kB Free memory: 680192 kB

EDGE-1#show clock Sat May 20 01:21:26 2017 Timezone: UTC Clock source: local

and the logs when I try to push the config :

May 20 01:23:31 EDGE-1 FastCapi: %SYS-5-CONFIG_SESSION_ENTERED: User ccompain entered configuration session napalm_357899 on command-api (10.0.2.2) May 20 01:23:32 EDGE-1 FastCapi: %SYS-5-CONFIG_SESSION_EXITED: User ccompain exited configuration session napalm_357899 on command-api (10.0.2.2) May 20 01:23:32 EDGE-1 FastCapi: %SYS-5-CONFIG_SESSION_ENTERED: User ccompain entered configuration session napalm_357899 on command-api (10.0.2.2) May 20 01:23:32 EDGE-1 FastCapi: %SYS-5-CONFIG_SESSION_EXITED: User ccompain exited configuration session napalm_357899 on command-api (10.0.2.2) May 20 01:23:32 EDGE-1 FastCapi: %SYS-5-CONFIG_SESSION_ABORTED: User ccompain aborted configuration session napalm_357899 on command-api (10.0.2.2)

ktbyers commented 7 years ago

What happens if you use --strategy merge?

$ cl_napalm_configure --user pyclass --password password --vendor eos -o 'port=443' --strategy merge --dry-run 10.10.10.74 ./test.cli 
@@ -42,6 +42,7 @@
 interface Vlan1
    ip address 10.220.88.30/24
 !
+ip route 0.0.0.0/0 10.0.2.2
 ip route 0.0.0.0/0 10.220.88.1
 !
 ip routing
krikoon73 commented 7 years ago

Same behavior : napalm_base.exceptions.MergeConfigException: Error [1002]: CLI command 32 of 60 'ip route 0.0.0.0/0 10.0.2.2' failed: invalid command [incomplete token (at token 0: 'ip')]

The error message seems to tell say that the command is not valid in the CLI file ... Right ?

FYI, I use : napalm (1.2.0) napalm-base (0.24.0) napalm-eos (0.5.6)

ktbyers commented 7 years ago

@ccompain Yes, it seems to be complaining about that command arriving via the API (ip route 0.0.0.0/0...), but I am not seeing what is different between you and I.

Nor why when we do it manually via SSH we don't see an issue...

Is that your entire CLI file (i.e. can post the entire contents of ./evpn/evpn-edge-1.cli) or simplify the .cli file so it only has those 'ip' commands.

krikoon73 commented 7 years ago

Humm, I did the following test :

ktbyers commented 7 years ago

@ccompain Okay, that makes me think there is something else in that .cli file that is messing it up.

What comes right before the ip route changes in the .cli file?

krikoon73 commented 7 years ago

Here is the dump corresponding to the backup I did with the get_config : 

! device: EDGE-1 (vEOS, EOS-4.18.2F)
!
! boot system flash:/vEOS-lab-4.18.2F.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname EDGE-1
ip name-server vrf default 172.22.22.40
!
ntp server time.apple.com
!
spanning-tree mode mstp
!
no aaa root
!
username ccompain privilege 15 role network-admin secret sha512 $6$98WFPgui7RYXkNys$3qd3Lyd9SPum0.K5aQa9tEyFSYseLc.vje6VI.W/voxUKvHUVbmvLuAQm2W4SpaNnugX1s.X4qSE6JIwn90M40
!
clock timezone Europe/Paris
!
vlan 10
!
interface Ethernet1
   mtu 9214
   no switchport
   ip address 10.1.1.1/30
!
interface Ethernet2
   mtu 9214
   switchport trunk allowed vlan 10
   switchport mode trunk
   spanning-tree bpdufilter enable
!
interface Loopback0
   ip address 1.1.1.1/32
!
interface Management1
   ip address 10.0.2.11/24
!
interface Vlan10
   ip address 100.10.1.1/24
!
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan udp-port 4789
   vxlan vlan 10 vni 10000
!
ip route 0.0.0.0/0 10.0.2.2
!
ip routing
!
router bgp 65001
   router-id 1.1.1.1
   neighbor CORE peer-group
   neighbor CORE remote-as 65000
   neighbor CORE maximum-routes 12000
   neighbor CORE_EVPN peer-group
   neighbor CORE_EVPN remote-as 65000
   neighbor CORE_EVPN update-source Loopback0
   neighbor CORE_EVPN ebgp-multihop 5
   neighbor CORE_EVPN send-community extended
   neighbor CORE_EVPN maximum-routes 12000
   neighbor 3.3.3.3 peer-group CORE_EVPN
!
   vlan 10
      rd 1.1.1.1:10000
      route-target both 10000:10000
      redistribute learned
   !
   address-family evpn
      no bgp next-hop-unchanged
      neighbor CORE_EVPN activate
   !
   address-family ipv4
      no neighbor CORE_EVPN activate
      network 1.1.1.1/32
!
management api http-commands
   protocol http
   no shutdown
!
end
ktbyers commented 7 years ago

Do you see any issue if you try to manually do this? I didn't see an issue...

pynet-sw3#configure session test123
pynet-sw3(config-s-test12)#interface Vxlan1
pynet-sw3(config-s-test12-if-Vx1)#   vxlan source-interface Loopback0
pynet-sw3(config-s-test12-if-Vx1)#   vxlan udp-port 4789
pynet-sw3(config-s-test12-if-Vx1)#   vxlan vlan 10 vni 10000
pynet-sw3(config-s-test12-if-Vx1)#!
pynet-sw3(config-s-test12-if-Vx1)#ip route 0.0.0.0/0 10.0.2.2
pynet-sw3(config-s-test12)#exit
krikoon73 commented 7 years ago

No issue on my side. The CLI is Ok.

ktbyers commented 7 years ago

It works for me if I add an extra 'exit'

$ cl_napalm_configure --user pyclass --password password --vendor eos -o 'port=443' --strategy merge --dry-run 10.10.10.73 ./test.cli
@@ -42,6 +42,12 @@
 interface Vlan1
    ip address 10.220.88.29/24
 !
+interface Vxlan1
+   vxlan source-interface Loopback0
+   vxlan udp-port 4789
+   vxlan vlan 10 vni 10000
+!
+ip route 0.0.0.0/0 10.0.2.2
 ip route 0.0.0.0/0 10.220.88.1
 !
 ip routing
(napalm_yang)[gituser@ip-10-178-21-224 EP]$ cat test.cli 
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan udp-port 4789
   vxlan vlan 10 vni 10000
   exit
!
ip route 0.0.0.0/0 10.0.2.2
!
ip routing
!

I suspect the API thinks it is trying to add the 'ip route' into the Vxlan1 context (sounds like maybe an Arista bug).

krikoon73 commented 7 years ago

I added the extra exit in the interface Vxlan1 section => no more error. Well done ! @ktbyers you found the workaround !

I don't think if it should be considered as a bug because there is no exit in the bgp section for example (which is by the way much more complex).

Any idee ?

ktbyers commented 7 years ago

It is coming from Arista when using the API. We are feeding it the config and Arista's API is saying it is not valid.

krikoon73 commented 7 years ago

Verified.

I tested this thru the api explorer :

dbarrosop commented 7 years ago

@ccompain sorry for late response but the reason is that the eAPI is very strict and doesn't expand commands and doesn't changes configuration context by itself. The rule is relaxed if you are using a configuration session I think but mainly because then you can get a diff and validate changes before committing.