search

networktocode / ntc-netbox-plugin-onboarding

A plugin for NetBox to easily onboard new devices.
Other
245 stars 46 forks source link

Integrate NAPALM-ASA Driver #129

Closed Dapsy2000 closed 3 years ago

Dapsy2000 commented 3 years ago

Hello together,

Is it possible to integrate the NAPALM-ASA driver from this repository (https://github.com/napalm-automation-community/napalm-asa) to use it with the onboarding plugin?

After some changes I was able to use the NAPALM-ASA driver with iPython from the Netbox venv but with the plugin I was not.

What I did:

Install NAPALM ASA via Pip

(venv) root@netbox:/opt/netbox/netbox# pip install git+https://github.com/napalm-automation-community/napalm-asa.git@develop

Changed asa.py to use with Python 3

(venv) root@netbox:/opt/netbox/netbox# nano /opt/netbox-2.10.4/venv/lib/python3.8/site-packages/napalm_asa/asa.py
Changes can be found here: https://github.com/napalm-automation-community/napalm-asa/pull/31/commits/8942fd6f7ecdb5b8f71425bdb70d86fa6c895d55

Changed asa.py again to use it with Python 3.8

Python 3.8 raised the following errors: 

/opt/netbox-2.10.4/venv/lib/python3.8/site-packages/napalm_asa/asa.py:58: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if token_request.status_code is 204 and 'X-Auth-Token' in token_request.headers.keys():

/opt/netbox-2.10.4/venv/lib/python3.8/site-packages/napalm_asa/asa.py:74: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if token_delete_request.status_code is 204:

So I replaced "is" with "==".

After changing I was able to query the ASA Rest API:

(venv) root@netbox2:/opt/netbox/netbox# ipython
Python 3.8.6 (default, Sep 25 2020, 09:36:53)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.20.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: from napalm import get_network_driver
   ...:
   ...: driver = get_network_driver("asa")

In [2]: device = driver(hostname='172.16.105.209', username='testuser', password='secret')

In [3]: device.open()
Out[3]: True

In [4]: facts = device.get_facts()
   ...: device.close()
Out[4]: True

In [5]: facts
Out[5]:
{'uptime': 183600,
 'vendor': 'Cisco Systems',
 'os_version': '9.12(4)10',
 'serial_number': 'ABCDEFGH',
 'model': 'ASA5512',
 'hostname': 'ciscoasa',
 'fqdn': 'ciscoasa',
 'interface_list': ['Management0/0',
  'GigabitEthernet0/0',
  'GigabitEthernet0/1',
  'GigabitEthernet0/2',
  'GigabitEthernet0/3',
  'GigabitEthernet0/4',
  'GigabitEthernet0/5']}

In [6]:

Test via onboarding plugin The first attempt via the onboarding plugin showed me that no NAPALM driver was available.

  | 1 | 2021-02-06 | 172.16.105.209 | Site-A| — | — | failed | fail-general | OnboardException: fail-general: Onboarding for Platform cisco_asa not supported, as it has no specified NAPALM driver

So I created a new one under Platforms.

Name | Manufacturer | Devices | VMs | NAPALM driver | Description |  
cisco_asa | — | 0 | 0 | asa | —

The second attempt showed me the following error.

2 | 2021-02-06 | 172.16.105.209 | Site-A| — | — | failed | fail-login | HTTPSConnectionPool(host='172.16.105.209',  port=22): Max retries exceeded with url: /api/tokenservices (Caused by  SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number  (_ssl.c:1124)')))
itdependsnetworks commented 3 years ago

In transparency, I updated comment for readability reasons, e.g. added code blocks.

itdependsnetworks commented 3 years ago

I see no mention of onboarding_extensions_map as documented on the readme.

Dapsy2000 commented 3 years ago

I see no mention of onboarding_extensions_map as documented on the readme.

Thanks for the quick reply. What I found in the documentation

onboarding_extensions_map (dictionary), mapping of a NAPALM driver name to the loadable Python module used as an onboarding extension. The dictionary should be in the format:

{
  <Napalm Driver Name>: <Loadable Python Module>
}

If I understood this right, the loadable Python Module is napalm-asa, right? But what is the driver name? Is it cisco_asa or just asa?

Could you post the right configuration in my case?

# Enable installed plugins. Add the name of each plugin to the list.
PLUGINS = ["netbox_onboarding"]

PLUGINS_CONFIG = {
   "netbox_onboarding": {
     ADD YOUR SETTINGS HERE
   }
}
(venv) root@netbox2:/opt/netbox/netbox/netbox# pip freeze |fgrep napalm
napalm==3.2.0
napalm-asa @ git+https://github.com/napalm-automation-community/napalm-asa.git@fc20f0c15f2a9c72f912bfeab55d9ab033a90c02
Dapsy2000 commented 3 years ago

I've solved the issue.

The only thing I had to do was specify the correct port (443 instead of 22) and platform (cisco_asa) when onboarding.

I'm not sure why netmiko, napalm and the onboarding plugin are not able to auto detect the napalm driver? Am I doing anything wrong?

mzbroch commented 3 years ago

Autodetection mechanism uses a selected port to open a Netmiko/SSH session and detect the onboarded device type. This will not work for the NAPALM drivers using other protocols (like HTTPS/443). Autodection is skipped when platform is already assumed and specified as an input.