Closed tiago-amado closed 6 months ago
Can you add the --debug
flag and share the log output in the failed case ?
This is due to a change in go-grpc v1.60 https://github.com/grpc/grpc-go/pull/6776 that enforces this section of RFC7540. go-grpc started filtering out forbidden cipher suites set in the TLS profile. The remaining ones don't overlap with the ones supported by SROS => auth handshake fails.
I will set the cipher suites manually so that go-grpc doesn't filter them out. Thanks for reporting this.
@tiago-amado v0.35.2 should advertise the same cipher suites as before go-grpc v1.60, please give it a try and let me know
Hi @karimra , I've tested and its still failing.
[root@AF6 CLAB_CA]# gnmic version
version : 0.34.3
commit : d461fa9
date : 2023-11-14T02:13:11Z
gitURL : https://github.com/openconfig/gnmic
docs : https://gnmic.openconfig.net
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# gnmic -a clab-cert01-sr -u admin -p admin --tls-ca ca.pem capabilities
gNMI version: 0.8.0
supported models:
- nokia-conf, Nokia, 23.10.R2
- nokia-state, Nokia, 23.10.R2
- nokia-li-state, Nokia, 23.10.R2
supported encodings:
- JSON
- BYTES
- PROTO
- JSON_IETF
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# bash -c "$(curl -sL https://get-gnmic.openconfig.net/)" -- -v 0.35.2
gnmic 0.35.2 is available. Changing from version 0.34.3.
Downloading https://github.com/openconfig/gnmic/releases/download/v0.35.2/gnmic_0.35.2_linux_x86_64.tar.gz
Preparing to install gnmic 0.35.2 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
version : 0.35.2
commit : bd70a53
date : 2024-02-06T00:46:16Z
gitURL : https://github.com/openconfig/gnmic
docs : https://gnmic.openconfig.net
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# gnmic -a clab-cert01-sr -u admin -p admin --tls-ca ca.pem capabilities
target "clab-cert01-sr", capabilities request failed: failed to create a gRPC client for target "clab-cert01-sr" : clab-cert01-sr:57400: context deadline exceeded
Error: one or more requests failed
[root@AF6 CLAB_CA]#
[root@AF6 ~]# cd /home/tiago/clab_projects/CLAB_CA/
[root@AF6 CLAB_CA]# bash -c "$(curl -sL https://get-gnmic.openconfig.net/)" -- -v 0.33.0
gnmic 0.33.0 is available. Changing from version 0.35.2.
Downloading https://github.com/openconfig/gnmic/releases/download/v0.33.0/gnmic_0.33.0_linux_x86_64.tar.gz
Preparing to install gnmic 0.33.0 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
version : 0.33.0
commit : d8f931e
date : 2023-10-08T17:08:01Z
gitURL : https://github.com/openconfig/gnmic
docs : https://gnmic.openconfig.net
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# gnmic -a clab-cert01-sr -u admin -p admin --tls-ca ca.pem capabilities
gNMI version: 0.8.0
supported models:
- nokia-conf, Nokia, 23.10.R2
- nokia-state, Nokia, 23.10.R2
- nokia-li-state, Nokia, 23.10.R2
supported encodings:
- JSON
- BYTES
- PROTO
- JSON_IETF
[root@AF6 CLAB_CA]#
Can you share which cipher suites are configured on your SROS?
This one: tls-rsa-with3des-ede-cbc-sha Attached the SROS config: gnmic_v0.35.2_SR-config.txt
Hi @karimra. I've tested with the latest 0.36.2 and its working now! many thanks!
after upgrade its working
[root@AF6 CLAB_CA]# bash -c "$(curl -sL https://get-gnmic.openconfig.net/)"
gnmic 0.36.2 is available. Changing from version 0.35.2.
Downloading https://github.com/openconfig/gnmic/releases/download/v0.36.2/gnmic_0.36.2_linux_x86_64.tar.gz
Preparing to install gnmic 0.36.2 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
version : 0.36.2
commit : a7844a6d
date : 2024-03-05T20:10:26Z
gitURL : https://github.com/openconfig/gnmic
docs : https://gnmic.openconfig.net
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# gnmic -a 172.20.20.4:57400 -u admin -p admin --tls-ca ca.pem capabilities
gNMI version: 0.8.0
supported models:
- nokia-conf, Nokia, 23.10.R2
- nokia-state, Nokia, 23.10.R2
- nokia-li-state, Nokia, 23.10.R2
supported encodings:
- JSON
- BYTES
- PROTO
- JSON_IETF
[root@AF6 CLAB_CA]#
I've downgrade to v0.35.2 to retest and it is still failing. I've added more ciphers on SROS and did not solve.
[root@AF6 CLAB_CA]# bash -c "$(curl -sL https://get-gnmic.openconfig.net/)" -- -v 0.35.2
gnmic 0.35.2 is available. Changing from version 0.36.2.
Downloading https://github.com/openconfig/gnmic/releases/download/v0.35.2/gnmic_0.35.2_linux_x86_64.tar.gz
Preparing to install gnmic 0.35.2 into /usr/local/bin
gnmic installed into /usr/local/bin/gnmic
version : 0.35.2
commit : bd70a53
date : 2024-02-06T00:46:16Z
gitURL : https://github.com/openconfig/gnmic
docs : https://gnmic.openconfig.net
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]# gnmic -a 172.20.20.4:57400 -u admin -p admin --tls-ca ca.pem capabilities
target "172.20.20.4:57400", capabilities request failed: failed to create a gRPC client for target "172.20.20.4:57400" : 172.20.20.4:57400: context deadline exceeded
Error: one or more requests failed
[root@AF6 CLAB_CA]#
Thanks, I think I messed up some imports in v0.35.2.
Description
Outputs
[root@AF6 CLAB_CA]#
[root@AF6 CLAB_CA]#