Re: RESTConf Install error - Page 2

swDev · ‎06-02-2022

Hi, I'm trying to use RESTConf to test IOS upgrades, but I'm getting a malformed message error.

I'm on Cisco IOS XE Software, Version 17.02.01r trying to upgrade to 17.03.04a

I'm doing a post to

https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install

with this in the body:

{
    "Cisco-IOS-XE-install-rpc:input": {
        "uuid": "test",
        "one-shot": true,
	"path": "bootflash:isr4400-universalk9.17.03.04a.SPA.bin",
         reloadfast": true
    }
}

but I receive a 400 Bad request error:

{
	"errors": {
		"error": [
			{
				"error-message": "application error",
				"error-path": "/Cisco-IOS-XE-install-rpc:install",
				"error-tag": "malformed-message",
				"error-type": "application"
			}
		]
	}
}

Does anyone know what the issue is? Other RestConf operations like reload work fine

swDev · ‎06-04-2022

There is a root user with privilege level 15. I'm using basic auth in Insomnia to pass the user name and password with the the install request. If I don't include basic auth with the request I get a "401 Unauthorized" response. Is the uuid supposed to be associated to the user? From the description it sounds like it could be any string.

   description:
        "The UUID (universally unique identifier) is a string and is textual representation of a UUID. UUID is used to uniquely identify the install action invoked via RPC and it is replayed back in the install progress notifications to correlate them back to the original install operation.";

Georg Pauwen · ‎06-04-2022

Hello,

can you post the debug output with a successful post ?

swDev · ‎06-04-2022

ROuter000001#show log profile restconf
Displaying logs from the last 0 days, 0 hours, 10 minutes, 0 seconds
executing cmd on chassis local ...

2022/06/04 23:09:28.300531 {dmiauthd_R0-0}{1}: [errmsg] [13816]: (note): %DMI-5-AUTH_PASSED: User 'root' authenticated successfully fromIP_ADDRESS:0 and was authorized for rest over http. External groups: PRIV15
2022/06/04 23:09:28.330489 {nginx_R0-0}{1}: [ngx_core] [15990]: (note): [15995] [access_log]IP_ADDRESS - root [04/Jun/2022:23:09:28 +0000] "POST /restconf/operations/Cisco-IOS-XE-rpc:reload HTTP/1.1" 200 89 "-" "insomnia/2022.3.0"

I'm not sure why it's logged as a [errmsg] but then passes authentication

Georg Pauwen · ‎06-05-2022

Hello,

not sure why it throws the error code either...

I looked at the RFC for RESTCONF. Since nothing else works, I guess we have to look at some 'weird' stuff. What if you try HTTP/2 in the post (instead of the default HTTP/1.1. Or actually, try both:

https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install HTTP/1.1

https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install HTTP/2

Also, since I think you said you are using SSH, can you post the output of:

show ip ssh

from the device ? Which router model do you have ?

swDev · ‎06-05-2022

Hi,

I'm currently using a 4451. I set my Insoshmnia preferences to HTTP/2, but it looks like all the request to RESTConf fall back to HTTP/1.1.

Here is the output of "show ip ssh"

SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Hostkey Algorithms:x509v3-ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512
KEX Algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-617534083
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoZmvS02jyMYBO/8d3RlVieUkODSWv6/P2NRCym6ab
eh9TQt6GpvFd0vESY417llLcC0COwA+VLP25unQggRZy5kbzW1ZBICjgPgM2m1TShakw9ksXDOeDdeVN
8dSSB4uRE8WDDynRouFn/MUWtybyXA1vCWVA5JHHBYEoMEM6EPxsyuxIlk/tP2xob5Sr56/glRut4rdg
s/YI3Eht+1pswsWodpAApVXJWEQ8P3ibJ7GPOw7KCBC1L6PvtB5Im3bvr404VwToYE5/SMNNlFxCNffs
7p9IIvp8VFoXkJ5lE5cmBo7oBO5m9+84uNsTun5y1EpKWWB2Bpvhxfb64XAh

Georg Pauwen · ‎06-06-2022

Hello,

I don't know if the SSH version used by your router matters. It currently supports only version 2. You could try and change that with the global config command 'no ip ssh version 2', which should result in the output of 'sh ip shh' displaying version 1.99 (which means it supports both v1 and v2).

Also, can you post a screenshot of the Insomnia Dashboard ?

You could obviously try and set the Preferences to HTTP 1.1 in Insomnia...

swDev · ‎06-07-2022

Hi,

Is this what you want to see?

I set the presences to both 1.1 and 2.0. Cisco always logs the request as 1.1 either way.

Georg Pauwen · ‎06-07-2022

Hello,

can you try the below:

4451(config)#no ip http secure-server

4451(config)#no restconf

4451(config)#end

4451#conf t

4451(config)#ip http secure-server

4451(config)#restconf

4451(config)#end

So you basically remove and reinstall the restconfg part of the configuration...

After re-enabling restconf, try the install again...

swDev · ‎06-07-2022

Hi,

I tried disabling and re-enabling restconf. I still get the same error:

To rule out any Insomnia specific weirdness, I tried Postman and got the same result:

Georg Pauwen · ‎06-07-2022

Hello,

do you have another router that you can test this on ? I wonder if this is a router-specific problem...

swDev · ‎06-08-2022

We do have other routers, but none that would be super convenient to test this on. Do you think it's a high probability that this issue is with this specific router ?