gnmi not initiating connection???

Hello, I'm trying to run a few simple gnmi tests (get request) and can't seem to get started. If I use a command line client of gnmi called "gnmic" (https://gnmic.kmrd.dev/), everything works fine to my device. The problem here is it appears a connection is never attempted?? It gets stuck on this grpc.channel_ready_future(channel).result(timeout=10)

and says failed to connect. I ran a tcpdump on the interface to see what is happening but no traffic ever leaves the interface when I run the script??? I tried doing some logging but nothing is written the log file... Not sure how to troubleshoot here??

Here is the simple script:

import grpc
import sys
import re
from bin.gnmi_pb2_grpc import gNMIStub
from bin.gnmi_pb2 import (GetRequest, GetResponse, Path,
                                    PathElem, CapabilityRequest,
                                    Encoding, SetRequest, Update, TypedValue)
import logging
logging.basicConfig(filemode="w", filename="gnmi_app.log",
                    format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
                    datefmt='%H:%M:%S',level=logging.DEBUG,)
logging.getLogger("gnmi_app")

host = "10.191.252.157"
port = "50051" 
metadata=[('username', "xxxx"), ('password', "xxx")]

#####################
# Path builder
#####################
#def gnmi_path_generator(path_in_question):
## Removed code here as the script does not even get this far

try:
    channel = grpc.insecure_channel(':'.join([host, port]), metadata) # create an insecure channel
    grpc.channel_ready_future(channel).result(timeout=10) # specify timeout as 10s and provide the channel
    gnmi_stub = gNMIStub(channel) # creating the stub object and providing the channel
    path_string = "/drivenets-top/protocols/rsvp/config-items"
    get_path = gnmi_path_generator(path_string)
    get_message = GetRequest(path=[get_path], type=1, encoding=4) # paths are passed as a List.
    print(gnmi_stub.Get(get_message, metadata=metadata)) # printing the raw response
except grpc.FutureTimeoutError as e: # always check for TimeoutError
    print(e)
    print("Failed to connect")

Thx Al Silverstein

gNMI per specification uses TLS and I suspect this is the issue. The --insecure flag on gnmic is probably the same as that on gnmi_cli under this project in that it uses TLS but does not verify the certificates. The grpc.insecure_channel is not encrypting the session and thus would be incompatible with an SSL session used by the server. You probably need https://grpc.github.io/grpc/python/grpc.html#grpc.ssl_channel_credentials without setting any of the certificate fields.

On Mon, Oct 12, 2020 at 7:02 PM allan-silverstein notifications@github.com wrote:

Hello, I'm trying to run a few simple gnmi tests (get request) and can't seem to get started. If I use a command line client of gnmi called "gnmic" ( https://gnmic.kmrd.dev/), everything works fine to my device. The problem here is it appears a connection is never attempted?? It gets stuck on this grpc.channel_ready_future(channel).result(timeout=10)

and says failed to connect. I ran a tcpdump on the interface to see what is happening but no traffic ever leaves the interface when I run the script??? I tried doing some logging but nothing is written the log file... Not sure how to troubleshoot here??

Here is the simple script:

import grpc import sys import re from bin.gnmi_pb2_grpc import gNMIStub from bin.gnmi_pb2 import (GetRequest, GetResponse, Path, PathElem, CapabilityRequest, Encoding, SetRequest, Update, TypedValue) import logging logging.basicConfig(filemode="w", filename="gnmi_app.log", format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s', datefmt='%H:%M:%S',level=logging.DEBUG,) logging.getLogger("gnmi_app")

host = "10.191.252.157" port = "50051" metadata=[('username', "xxxx"), ('password', "xxx")]

#####################

Path builder

#####################

def gnmi_path_generator(path_in_question):

Removed code here as the script does not even get this far

try: channel = grpc.insecure_channel(':'.join([host, port]), metadata) # create an insecure channel grpc.channel_ready_future(channel).result(timeout=10) # specify timeout as 10s and provide the channel gnmi_stub = gNMIStub(channel) # creating the stub object and providing the channel path_string = "/drivenets-top/protocols/rsvp/config-items" get_path = gnmi_path_generator(path_string) get_message = GetRequest(path=[get_path], type=1, encoding=4) # paths are passed as a List. print(gnmi_stub.Get(get_message, metadata=metadata)) # printing the raw response except grpc.FutureTimeoutError as e: # always check for TimeoutError print(e) print("Failed to connect")

Thx Al Silverstein

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/openconfig/gnmi/issues/82, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEL4QL4S6X5ENJ25AYA3TKDSKODI3ANCNFSM4SNTRUOQ .

The --insecure flag in gnmic is removing the enforcement of tls certificates whatsoever.

The --skip-verify flag is the analogy of --insecure of gnmi_cli

On Tue, 13 Oct 2020, 15:22 Carl Lebsack, notifications@github.com wrote:

gNMI per specification uses TLS and I suspect this is the issue. The --insecure flag on gnmic is probably the same as that on gnmi_cli under this project in that it uses TLS but does not verify the certificates. The grpc.insecure_channel is not encrypting the session and thus would be incompatible with an SSL session used by the server. You probably need https://grpc.github.io/grpc/python/grpc.html#grpc.ssl_channel_credentials without setting any of the certificate fields.

On Mon, Oct 12, 2020 at 7:02 PM allan-silverstein < notifications@github.com> wrote:

Hello, I'm trying to run a few simple gnmi tests (get request) and can't seem to get started. If I use a command line client of gnmi called "gnmic" ( https://gnmic.kmrd.dev/), everything works fine to my device. The problem here is it appears a connection is never attempted?? It gets stuck on this grpc.channel_ready_future(channel).result(timeout=10)

and says failed to connect. I ran a tcpdump on the interface to see what is happening but no traffic ever leaves the interface when I run the script??? I tried doing some logging but nothing is written the log file... Not sure how to troubleshoot here??

Here is the simple script:

import grpc import sys import re from bin.gnmi_pb2_grpc import gNMIStub from bin.gnmi_pb2 import (GetRequest, GetResponse, Path, PathElem, CapabilityRequest, Encoding, SetRequest, Update, TypedValue) import logging logging.basicConfig(filemode="w", filename="gnmi_app.log", format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s', datefmt='%H:%M:%S',level=logging.DEBUG,) logging.getLogger("gnmi_app")

host = "10.191.252.157" port = "50051" metadata=[('username', "xxxx"), ('password', "xxx")]

#####################

Path builder

#####################

def gnmi_path_generator(path_in_question):

Removed code here as the script does not even get this far

try: channel = grpc.insecure_channel(':'.join([host, port]), metadata) # create an insecure channel grpc.channel_ready_future(channel).result(timeout=10) # specify timeout as 10s and provide the channel gnmi_stub = gNMIStub(channel) # creating the stub object and providing the channel path_string = "/drivenets-top/protocols/rsvp/config-items" get_path = gnmi_path_generator(path_string) get_message = GetRequest(path=[get_path], type=1, encoding=4) # paths are passed as a List. print(gnmi_stub.Get(get_message, metadata=metadata)) # printing the raw response except grpc.FutureTimeoutError as e: # always check for TimeoutError print(e) print("Failed to connect")

Thx Al Silverstein

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/openconfig/gnmi/issues/82, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AEL4QL4S6X5ENJ25AYA3TKDSKODI3ANCNFSM4SNTRUOQ

.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/openconfig/gnmi/issues/82#issuecomment-707734531, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLKV5MHMOFJYTRCELHSX5DSKRIC5ANCNFSM4SNTRUOQ .

I just tried it with a certificate, and the same problem (fails here: grpc.channel_ready_future(channel).result(timeout=10)) tcpdump shows a connection is not even attempted??? It just seems I'm blind at this point for troubleshooting??? Any suggestions for troubleshooting? Thx Al

############################################################
# First step to is to create a credential with certificate.
############################################################
with open("grpc_dnor.crt", "rb") as fp: 
    cert = fp.read()
credentials = grpc.ssl_channel_credentials(cert) # object type is grpc.ChannelCredentials

try:
    breakpoint()
    channel = grpc.secure_channel(':'.join([host, port]), credentials) # create the secure channel
    grpc.channel_ready_future(channel).result(timeout=10) # specify timeout as 10s and provide the channel
    gnmi_stub = gNMIStub(channel) # creating the stub object and providing the channel
    path_string = "/drivenets-top/protocols/rsvp/config-items"
    get_path = gnmi_path_generator(path_string)
    get_message = GetRequest(path=[get_path], type=1, encoding=4)
    print(gnmi_stub.Get(get_message, metadata=metadata)) # printing the raw response
except grpc.FutureTimeoutError as e: # always check for TimeoutError
    print(e)
    print("Failed to connect")

Are you troubleshooting the environment as well as the code? Where are you running the tcpdump, on the client host or the server? Can you do so for both your code and the gnmic call? What type of device are you using for a server? Does it work with the gnmi_cli? I have not used the python gRPC libraries myself and don't have the environment set up to try your code.

On Tue, Oct 13, 2020 at 11:48 AM allan-silverstein notifications@github.com wrote:

I just tried it with a certificate, and the same problem (fails here: grpc.channel_ready_future(channel).result(timeout=10)) tcpdump shows a connection is not even attempted??? It just seems I'm blind at this point for troubleshooting??? Any suggestions for troubleshooting? Thx Al

############################################################

First step to is to create a credential with certificate.

############################################################ with open("grpc_dnor.crt", "rb") as fp: cert = fp.read() credentials = grpc.ssl_channel_credentials(cert) # object type is grpc.ChannelCredentials

try: breakpoint() channel = grpc.secure_channel(':'.join([host, port]), credentials) # create the secure channel grpc.channel_ready_future(channel).result(timeout=10) # specify timeout as 10s and provide the channel gnmi_stub = gNMIStub(channel) # creating the stub object and providing the channel path_string = "/drivenets-top/protocols/rsvp/config-items" get_path = gnmi_path_generator(path_string) get_message = GetRequest(path=[get_path], type=1, encoding=4) print(gnmi_stub.Get(get_message, metadata=metadata)) # printing the raw response except grpc.FutureTimeoutError as e: # always check for TimeoutError print(e) print("Failed to connect")

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/openconfig/gnmi/issues/82#issuecomment-707834058, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEL4QL6RNH7VO573G6GZ4TTSKRZDTANCNFSM4SNTRUOQ .

I'm running on an Ubuntu server 18.04. tcpdump is being run on the Linux server (client). When I perform a tcpdump on the server and use gnmic, I see the traffic; even if the cert is wrong and it fails, I see packets initiated. Whenever I try to setup the channel with the python client (secure or insecure), I never see a single packet initiated from the server (via tcpdump). Again, I haven't tried gnmi_cli but I have tried gnmic (https://netdevops.me/2020/gnmic-gnmi-cli-client-and-collector/) from the same system and it works fine. Are there any debugging flags/logging I can set so I can see more information and possibly point to where the problem is? Thx Al

Have you tried a gRPC example client/server locally, both in Python? If you are seeing nothing, I'd try to constrain my test environment to a single machine. You could also use netcat to listen to a port on the linux machine to dump from both gnmic and your test client. Hardcode the address in the test client? If you see no packets, I suspect there's something missing in the grpc client setup for the Python library or a typo in the address or port? Sorry again for not having prior experience with the Python implementation to be able to spot the issue.

On Tue, Oct 13, 2020 at 1:12 PM allan-silverstein notifications@github.com wrote:

I'm running on an Ubuntu server 18.04. tcpdump is being run on the Linux server (client). When I perform a tcpdump on the server and use gnmic, I see the traffic; even if the cert is wrong and it fails, I see packets initiated. Whenever I try to setup the channel with the python client (secure or insecure), I never see a single packet initiated from the server (via tcpdump). Again, I haven't tried gnmi_cli but I have tried gnmic ( https://netdevops.me/2020/gnmic-gnmi-cli-client-and-collector/) from the same system and it works fine. Are there any debugging flags/logging I can set so I can see more information and possibly point to where the problem is? Thx Al

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/openconfig/gnmi/issues/82#issuecomment-707886568, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEL4QL2G2AT4AWAPVHZRCS3SKSC7LANCNFSM4SNTRUOQ .

I did do the gRPC Hello world example and it worked fine....

openconfig / gnmi

gnmi not initiating connection??? #82

Path builder

def gnmi_path_generator(path_in_question):

Removed code here as the script does not even get this far

Path builder

def gnmi_path_generator(path_in_question):

Removed code here as the script does not even get this far

First step to is to create a credential with certificate.