Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4188
Views
6
Helpful
6
Replies

Compatible APIC versions?

Go to solution
tigephillips
Level 4
Level 4

‎12-08-2014 09:43 PM

Is there a list of compatible APIC versions?  I upgraded to apic-1.0(2j) today and the standard session login fails now.  I also cloned the latest version and tried the tests.  They produced 10 errors.  Shown below.

Code:

    session = ACI.Session(url, login, password)

    response = session.login()

Produces the following when executing session.login():

Traceback (most recent call last):

  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk/Tkinter.py", line 1470, in __call__

    return self.func(*args)

  File "./gui_test_9.py", line 149, in login

    response = session.login()

  File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acisession.py", line 227, in login

    resp = self._send_login()

  File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acisession.py", line 207, in _send_login

    ret = self.session.post(login_url, data=jcred, verify=self.verify_ssl)

  File "/Library/Python/2.7/site-packages/requests-1.2.3-py2.7.egg/requests/sessions.py", line 377, in post

    return self.request('POST', url, data=data, **kwargs)

  File "/Library/Python/2.7/site-packages/requests-1.2.3-py2.7.egg/requests/sessions.py", line 335, in request

    resp = self.send(prep, **send_kwargs)

  File "/Library/Python/2.7/site-packages/requests-1.2.3-py2.7.egg/requests/sessions.py", line 438, in send

    r = adapter.send(request, **kwargs)

  File "/Library/Python/2.7/site-packages/requests-1.2.3-py2.7.egg/requests/adapters.py", line 327, in send

    raise ConnectionError(e)

ConnectionError: HTTPSConnectionPool(host='10.93.130.125', port=443): Max retries exceeded with url: //api/aaaLogin.json (Caused by <class 'socket.error'>: [Errno 54] Connection reset by peer)

(I'm only included the first error)

Command:  python aciphysobject_test.py

.....E...EEEEEEEEE....................

======================================================================

ERROR: test_find (__main__.TestFind)

----------------------------------------------------------------------

Traceback (most recent call last):

  File "aciphysobject_test.py", line 628, in test_find

    self.assertIn(interface2, results)

  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/unittest/case.py", line 802, in assertIn

    if member not in container:

  File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acitoolkit.py", line 1647, in __eq__

    if (self.interface_type == other.interface_type and

AttributeError: 'Node' object has no attribute 'interface_type'

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Zach Seils
Level 7
Level 7

‎12-09-2014 07:29 AM

I suspect this is due to bug CSCur62241. The APIC web server no longer accepts SSL3.0/TLS1.0 connections, which causes you to get errors like you’ve described. You can install python on OS X using homebrew and compile it against openssl 1.0.1* to get TLS1.1 and TLS1.2.

Alternatively, you can temporarily force all APIC communication to be via HTTP instead of HTTPS, so your script can execute successfully. To do this:

- On the menu bar, FABRIC -> Fabric Policies -> Pod Policies -> Policies -> Communication

- Under Communication, click the default policy

- In the Work pane, enable HTTP and disable HTTPS

Regards,

Zach

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Zach Seils
Level 7
Level 7

‎12-09-2014 07:29 AM

I suspect this is due to bug CSCur62241. The APIC web server no longer accepts SSL3.0/TLS1.0 connections, which causes you to get errors like you’ve described. You can install python on OS X using homebrew and compile it against openssl 1.0.1* to get TLS1.1 and TLS1.2.

Alternatively, you can temporarily force all APIC communication to be via HTTP instead of HTTPS, so your script can execute successfully. To do this:

- On the menu bar, FABRIC -> Fabric Policies -> Pod Policies -> Policies -> Communication

- Under Communication, click the default policy

- In the Work pane, enable HTTP and disable HTTPS

Regards,

Zach

0 Helpful

Go to solution
tigephillips
Level 4
Level 4
In response to Zach Seils

‎12-09-2014 08:31 AM

Thanks Zach! I'll give it a go.

-Tige

0 Helpful

Go to solution
tigephillips
Level 4
Level 4
In response to Zach Seils

‎12-14-2014 11:19 AM

Zach,

Looks like I fixed the SSL issue, but now it looks like the websocket library is having an issue.. To test things I used an old script I wrote that uses 'requests' rather than websocket. You can see below that the requests module still works after the upgrade, but the websocket fails with both SSL and HTTP.

Thanks for any help. I can send the scripts if requested.

-Tige

TIPHILLI-M-20VC:cisco_aci tigelane$ ./aci_login-requests.py

About to use Requests

URL: https://10.93.130.125/api/aaaLogin.json?gui-token-request=yes

User: apiuser

Press Enter to continue or "q" to exit

Login completed. We're done!

TIPHILLI-M-20VC:cisco_aci tigelane$ ./aci_login-websocket.py

About to use native aci toolkit

URL: https://10.93.130.125:443/

User: apiuser

Press Enter to continue or "q" to exit

About to execute: response = session.login()

Traceback (most recent call last):

File "./aci_login-websocket.py", line 83, in

main()

File "./aci_login-websocket.py", line 79, in main

create_login()

File "./aci_login-websocket.py", line 58, in create_login

response = session.login()

File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acisession.py", line 227, in login

File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acisession.py", line 211, in sendlogin

File "build/bdist.macosx-10.9-intel/egg/acitoolkit/acisession.py", line 99, in openweb_socket

File "/usr/local/lib/python2.7/site-packages/websocket/_core.py", line 266, in create_connection

websock.connect(url, **options)

File "/usr/local/lib/python2.7/site-packages/websocket/_core.py", line 524, in connect

self._handshake(hostname, port, resource, **options)

File "/usr/local/lib/python2.7/site-packages/websocket/_core.py", line 596, in _handshake

resp_headers = self._get_resp_headers()

File "/usr/local/lib/python2.7/site-packages/websocket/_core.py", line 549, in getresp_headers

raise WebSocketException("Handshake status %d" % status)

websocket._exceptions.WebSocketException: Handshake status 404

TIPHILLI-M-20VC:cisco_aci tigelane$

Tige Phillips - Vertical Solutions Architect - US Public Sector: SLED Western Operation

Audio: 408.894.3312 - Email & Video & IM: tiphilli@cisco.com<mailto:tiphilli@cisco.com> - Cisco Systems

Proudly “Serving those who Protect, Serve and Educate"

0 Helpful

Go to solution
mjovanov
Cisco Employee
Cisco Employee
In response to tigephillips

‎01-05-2015 05:21 AM

Hi Tige,

Try editing credentials.py - remove trailing '/' or ':80/'

Example:

From

URL = 'http://' + IPADDR + ':80/'

To

URL = 'https://' + IPADDR

and try again.

Kind regards,

Mio

Go to solution
tigephillips
Level 4
Level 4
In response to mjovanov

‎01-05-2015 10:12 AM

Yep, that fixed it. This is the default setup on github. Should probably be changed if it's a real issue and not something I've done somewhere else in the python module.

Thank you Mio!

-Tige

Tige Phillips

408.894.3312

tiphilli@cisco.com<mailto:tiphilli@cisco.com>

Proudly “Serving those who Protect, Serve and Educate"

0 Helpful

Go to solution
mjovanov
Cisco Employee
Cisco Employee
In response to tigephillips

‎01-05-2015 11:03 AM

Glad to hear that!

Thanks for bringing this up, we'll fix it on github.

Kind regards,
Mio

0 Helpful
Customers Also Viewed These Support Documents