Re: NETCONF / OpenConfig / ncclient / edit-config / Bug

Vaclav.Pokorny4 · ‎07-20-2024

HI,

I'm trying to configure the device IP using OpenConfig model. Basically, I downloaded the config from the device using openconfig filter:

<interfaces xmlns="http://openconfig.net/yang/interfaces"/>

, modified the IPs and push that config back to the device. The config is accepted, it was commited ok, but IPs are still the same on the device.

Here is my code

from lxml import etree

new_config = etree.parse("file8.txt").getroot()

conn = manager.connect(host=host,
                port=port,
                username=user,
                password=password,
                device_params={'name': "csr"},
                timeout=30
                )

In [112]: conn.edit_config(new_config, target="candidate")
Out[112]: 
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:f322854a-1d9d-47aa-b1b0-014439fd06ec" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><ok/></rpc-reply>

In [113]: conn.commit()
Out[113]: 
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:44ef652c-5148-431d-af3e-ac2f6e18e15b" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><ok/></rpc-reply>

I wonder, if I do something wrong, or it's just a bug that I can't make this kind of change using OpenConfig model?

Out of curiosity, If someone can explain to me. Inside the OpenConfig model, there are twice <ip> tag. I wonder why ? I know that both of them has to be same, otherwise it complains, but why there are two on almost the same place ?

I also notice that once you commit a change, you can't enter config mode for few seconds after commit because it's locked by the system.

Thanks for any advice/help

V.

Tested on this:

Cat8000V#show version

Cisco IOS XE Software, Version 17.12.02

Cisco IOS Software [Dublin], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.12.2, RELEASE SOFTWARE (fc2)

bigevilbeard · ‎07-21-2024

Hey @Vaclav.Pokorny4 so three issues

The first, could be in the way that you are trying to modifying the new_config object. When you parse the XML file using etree.parse, you get an ElementTreeobject, which is not directly usable as a netconf configuration. Check that the new_configobject is a valid netconf config, with the correct namespace, XML structure.

The second one, digging into my dusty brain here. You have to scrape the OpenConfig philosophy and documentation to find this.

OpenConfig extends the base YANG model (ietf-ip) through augmentations to provide additional vendor-agnostic configurations. In this context, the <ip> tag appears twice: once from the ietf-ip module defining basic IP configurations and again from the OpenConfig interfaces module which adds OpenConfig-specific details. The values for both <ip> tags must match to ensure compatibility between the OpenConfig and IETF models.

Last one, this locking issue you experience is a common behavior netconf, as when you commit changes, your device locks the configuration db to ensure that no other changes are made while the commit is being processed.

Hope this helps a little.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Vaclav.Pokorny4 · ‎07-21-2024

Hi @bigevilbeard ,

thanks for suggestions. I looked the source code of ncclient. It accepts XML and then build it a new one where the config I pass is just one branch/node ( If I understood well the code ), but I followed your ideas.

I double-checked that XML-document match the format that is expecting and it looks ok. After that, I tried the same change using different models

- config1 works ok native cisco ( http://cisco.com/ns/yang/Cisco-IOS-XE-native )

- config2 doesn't work ( urn:ietf:params:xml:ns:yang:ietf-interfaces )

- config3 doesn't work ( http://openconfig.net/yang/interfaces )

I follow the same steps and only for cisco native model it's working fine. Configuration files attached to the posts. It's probably a bug

Thanks for help
V.

bigevilbeard · ‎07-21-2024

Configs look ok. Esp very odd, try and enable netconf debugging on the device to see the exact XML payload being sent and received, might give you more idea into what's going wrong. Only other thing I can think is, the support for these models on the device?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Vaclav.Pokorny4 · ‎07-21-2024

I tried to enable debugs but it doesn't provide any info, or almost not logging anything.

Cat8000V#show debugging 

NETCONF:
  NETCONF Errors debugging is on
  NETCONF Informational debugging is on
netconf-yang:
  netconf-yang debugging is on at level debug
  netconf-yang ssh debugging is on at level debug

I was testing changes on this cisco sandbox 8000V ( devnetsandboxiosxe.cisco.com )

V.

bigevilbeard · ‎07-21-2024

More oddness. Add a debug to you code, see if this shows anything

import logging

logging.basicConfig(
       level=logging.DEBUG,
   )

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Vaclav.Pokorny4 · ‎07-21-2024

The logs doesn't provide much. I tried to look at the operation for OpenConfig model and also for Cisco-native. In attachment are the logs if someone wants to see it, but it will pass the XML to remote device, confirm that it's ok. Commit the change and that's all what I could see there

I will just stick with cisco Native model.

V.

bigevilbeard · ‎07-22-2024

Wow, I don't see any error messages or indications of why the configuration changes might not be taking effect.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Marcel Zehnder · ‎07-22-2024

I saw the same behaviour in the past - depending on the version config just don't get applied. I would also recommend to just work with the native models when dealing with XE/NETCONF.