cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Nexus 9000v using NETCONF issue ncclient in python

162
Views
5
Helpful
3
Comments
Participant

Hi Everybody!

 

I am trying to get the configuration from a nexus 9000v virtualized in my home lab, I am always getting this error.

 

Exception has occurred: RPCError
Namespace="http://openconfig.net/yang/interfaces"
  File "C:\4_4 Modernizing_Network_infra_NETCONF\get_config.py", line 58, in main
    resp = conn.get_config(source="running", filter=("subtree", nc_filter))
  File "C:\4_4 Modernizing_Network_infra_NETCONF\get_config.py", line 92, in <module>
    main()

This is the complete code, it is one of the lab exercises in Pluralsight site and it is public.

 

#!/usr/bin/env python

"""
Author: Nick Russo
Purpose: Using NETCONF with Openconfig YANG models to collect switchport
configs on a Cisco NX-OS switch via the always-on Cisco DevNet sandbox.
"""


import xmltodict
from ncclient import manager


def main():
    """
    Execution begins here.
    """

    # Dictionary containing keyword arguments (kwargs) for connecting
    # via NETCONF. Because SSH is the underlying transport, there are
    # several minor options to set up.
    connect_params = {
        "host": "192.168.50.253",
        "port": 830,
        "username": "admin",
        "password": "*",
        "hostkey_verify": False,
        "allow_agent": False,
        "look_for_keys": False,
        "device_params": {"name": "nexus"},
    }

    # Unpack the connect_params dict and use them to connect inside
    # of a "with" context manager. The variable "conn" represents the
    # NETCONF connection to the device.
    with manager.connect(**connect_params) as conn:
        print("NETCONF session connected")

        # To save time, only capture 3 switchports. Less specific filters
        # will return more information, but take longer to process/transport.
        # Note: In this sandbox, it can take ~30 seconds to get all interfaces
        # and several minutes to get the whole config, so be aware!
        nc_filter = """
            <interfaces xmlns="http://openconfig.net/yang/interfaces">
                <interface>
                    <name>eth1/2</name>
                </interface>
                <interface>
                    <name>eth1/3</name>
                </interface>
                <interface>
                    <name>eth1/4</name>
                </interface>
            </interfaces>
        """

        # Execute a "get-config" RPC using the filter defined above
        resp = conn.get_config(source="running", filter=("subtree", nc_filter))

        # Uncomment line below to see raw RPC XML reply; great for learning
        # print(resp.xml)

        # Parse the XML text into a Python dictionary
        jresp = xmltodict.parse(resp.xml)

        # Uncomment line below to see parsed JSON RPC; great for learning
        # import json; print(json.dumps(jresp, indent=2))

        # Iterate over all the interfaces returned by helper function
        for intf in jresp["rpc-reply"]["data"]["interfaces"]["interface"]:

            # Declare a few local variables to make accessing data deep
            # within the JSON structure a little easier
            config = intf["ethernet"]["switched-vlan"]["config"]
            mode = config["interface-mode"].lower()

            # Print common switchport data
            print(f"Name: {intf['name']:<7}  Type: {mode:<6}", end="  ")

            # Print additional data depending on access vs trunk ports
            if mode == "access":
                print(f"Access VLAN: {config['access-vlan']}")
            elif mode == "trunk":
                print(f"Native VLAN: {config['native-vlan']}")
            else:
                print("(no additional data)")

    print("NETCONF session disconnected")


if __name__ == "__main__":
    main()

The issue is that, it works perfectly in the DevNet Sandbox. Of course, the connection parameters are different of course.

 

    # Dictionary containing keyword arguments (kwargs) for connecting
    # via NETCONF. Because SSH is the underlying transport, there are
    # several minor options to set up.
    connect_params = {
        "host": "sbx-nxos-mgmt.cisco.com",
        "port": 10000,
        "username": "admin",
        "password": "*",
        "hostkey_verify": False,
        "allow_agent": False,
        "look_for_keys": False,
        "device_params": {"name": "nexus"},
    }

This is the image I am testing with Nexus in my home lab.

Nexus 9000v is a demo version of the Nexus Operating System

Software
  BIOS: version
  NXOS: version 7.0(3)I7(3)
  BIOS compile time:
  NXOS image file is: bootflash:///nxos.7.0.3.I7.3.bin
  NXOS compile time:  2/12/2018 13:00:00 [02/12/2018 19:13:48]


Hardware
  cisco Nexus9000 9000v Chassis

 

This is the Nexus image that Cisco has public access in DevNet sandbox.

Nexus 9000v is a demo version of the Nexus Operating System

Software
  BIOS: version
 NXOS: version 9.3(3)
  BIOS compile time:
  NXOS image file is: bootflash:///nxos.9.3.3.bin
  NXOS compile time:  12/22/2019 2:00:00 [12/22/2019 14:00:37]


Hardware
  cisco Nexus9000 C9300v Chassis

I have enabled netconf already

 

NX1# show run | sec netconf|username
feature netconf
username admin password 5 $5$BOPMCF$
 role network-admin

Could you please help me what is going on?

 

 

3 Comments
Collaborator
Collaborator

Hi

Namespace="http://openconfig.net/yang/interfaces"

is not installed by default.

Follow this whitepaper to load the openconfig YANG model - 

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-741518.html#_Toc528621687

and then give it a go again .. 

 

Thank you very much, it worked perfectly.

 

NETCONF session connected
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="urn:uuid:5c7a48e3-53a4-4d42-b691" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
    <data>
        <interfaces xmlns="http://openconfig.net/yang/interfaces">
            <interface>
                <name>eth1/2</name>
                <config>
                    <enabled>true</enabled>
                    <mtu>1500</mtu>
                    <name>eth1/2</name>
                    <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
                </config>
                <hold-time>
                    <config>
                        <down>100</down>
                    </config>
                </hold-time>
                <subinterfaces>
                    <subinterface>
                        <config>
                            <index>0</index>
                        </config>
                        <index>0</index>
                    </subinterface>
                </subinterfaces>
                <ethernet xmlns="http://openconfig.net/yang/interfaces/ethernet">
                    <config>
                        <auto-negotiate>true</auto-negotiate>
                    </config>
                    <switched-vlan xmlns="http://openconfig.net/yang/vlan">
                        <config>
                            <access-vlan>1</access-vlan>
                            <interface-mode>ACCESS</interface-mode>
                            <native-vlan>1</native-vlan>
                        </config>
                    </switched-vlan>
                </ethernet>
            </interface>
            <interface>
                <name>eth1/3</name>
                <config>
                    <enabled>true</enabled>
                    <mtu>1500</mtu>
                    <name>eth1/3</name>
                    <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
                </config>
                <hold-time>
                    <config>
                        <down>100</down>
                    </config>
                </hold-time>
                <subinterfaces>
                    <subinterface>
                        <config>
                            <index>0</index>
                        </config>
                        <index>0</index>
                    </subinterface>
                </subinterfaces>
                <ethernet xmlns="http://openconfig.net/yang/interfaces/ethernet">
                    <config>
                        <auto-negotiate>true</auto-negotiate>
                    </config>
                    <switched-vlan xmlns="http://openconfig.net/yang/vlan">
                        <config>
                            <access-vlan>1</access-vlan>
                            <interface-mode>ACCESS</interface-mode>
                            <native-vlan>1</native-vlan>
                        </config>
                    </switched-vlan>
                </ethernet>
            </interface>
            <interface>
                <name>eth1/4</name>
                <config>
                    <enabled>true</enabled>
                    <mtu>1500</mtu>
                    <name>eth1/4</name>
                    <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
                </config>
                <hold-time>
                    <config>
                        <down>100</down>
                    </config>
                </hold-time>
                <subinterfaces>
                    <subinterface>
                        <config>
                            <index>0</index>
                        </config>
                        <index>0</index>
                    </subinterface>
                </subinterfaces>
                <ethernet xmlns="http://openconfig.net/yang/interfaces/ethernet">
                    <config>
                        <auto-negotiate>true</auto-negotiate>
                    </config>
                    <switched-vlan xmlns="http://openconfig.net/yang/vlan">
                        <config>
                            <access-vlan>1</access-vlan>
                            <interface-mode>ACCESS</interface-mode>
                            <native-vlan>1</native-vlan>
                        </config>
                    </switched-vlan>
                </ethernet>
            </interface>
        </interfaces>
    </data>
</rpc-reply>

Name: eth1/2   Type: access  Access VLAN: 1
Name: eth1/3   Type: access  Access VLAN: 1
Name: eth1/4   Type: access  Access VLAN: 1
NETCONF session disconnected

At the begging I was having issues installing it like it worked with the command "install add bootflash:file.rpm activate.

I also had to update the OS from version 7 to version "NXOS: version 9.2(2)"

 

switch# run bash sudo su --- This worked at the beggining, but later the swtich did not accept the same command.
            ^
% Invalid command at '^' marker.
switch# run guestshell sudo su
Error: Guest shell is currently being enabled.
switch# run guestshell sudo su
[root@guestshell admin]#
[root@guestshell bootflash]# ls -lsa
25868 -rw-r--r--  1 root  root            26455883 May 30 20:19 mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm
[root@guestshell bootflash]#
n9000.rpmstshell bootflash]# yum install mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n
Loaded plugins: fastestmirror
Examining mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm: mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000
Cannot add package mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm to transaction. Not a compatible architecture: lib32_n9000
Error: Nothing to do
[root@guestshell bootflash]# exit
NX2# install add bootflash:mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm activate
Adding the patch (/mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm)
[####################] 100%
Install operation 1 completed successfully at Sat May 30 20:55:45 2020

Activating the patch (/mtx-openconfig-all-1.0.0.0-9.2.1.lib32_n9000.rpm)

Install operation 2 failed because package not compatible with running image at Sat May 30 20:55:50 2020
NX2# install add bootflash:mtx-openconfig-all-1.0.0.0-9.2.2.lib32_n9000.rpm activate
Adding the patch (/mtx-openconfig-all-1.0.0.0-9.2.2.lib32_n9000.rpm)
[####################] 100%
Install operation 3 completed successfully at Sat May 30 21:12:14 2020


Collaborator
Collaborator

Hi

The install for 9.2.1 failed and you had you update the version because you downloaded 9.2.1 package. 

You can remove the last part in the URL or up a directory level by click ../ and browse to all the packages you can download for previous versions as well.

https://devhub.cisco.com/artifactory/open-nxos-agents/

This widget could not be displayed.