Hi Jan,

You were spot-on!

Seems as I was missing Paramiko.

Once I had it installed, I was able to fetch the list of modules from the device.

However, trying to download them, only 8 out of 42 were downloaded successfully.

admin@ncs# devices device csp2100 pioneer yang download

Downloading 42 modules to /tmp/download/csp2100

1/42 Downloading module ietf-netconf-monitoring  -- failed, not found

2/42 Downloading module tailf-netconf-monitoring  -- failed, not found

3/42 Downloading module tailf-webui  -- failed, not found

4/42 Downloading module system_setting  -- failed, not found

5/42 Downloading module question_xml  -- failed, not found

6/42 Downloading module tailf-acm  -- failed, not found

7/42 Downloading module iana-crypt-hash  -- failed, not found

8/42 Downloading module vnic_stats  -- failed, not found

9/42 Downloading module HCNUM-TC  -- succeeded

10/42 Downloading module cluster  -- failed, not found

11/42 Downloading module vsb  -- failed, not found

12/42 Downloading module tailf-aaa  -- failed, not found

13/42 Downloading module clock  -- failed, not found

14/42 Downloading module show  -- failed, not found

15/42 Downloading module snmp  -- failed, not found

16/42 Downloading module system  -- failed, not found

17/42 Downloading module ietf-inet-types  -- failed, not found

18/42 Downloading module tailf-common-monitoring  -- failed, not found

19/42 Downloading module version  -- failed, not found

20/42 Downloading module ietf-yang-library  -- failed, not found

21/42 Downloading module ietf-yang-types  -- failed, not found

22/42 Downloading module show_tech_utils  -- failed, not found

23/42 Downloading module tailf-kicker  -- failed, not found

24/42 Downloading module ENTITY-MIB  -- succeeded

25/42 Downloading module ntp  -- failed, not found

26/42 Downloading module csp_user  -- failed, not found

27/42 Downloading module mgmt_stats  -- failed, not found

28/42 Downloading module CISCO-PROCESS-MIB  -- succeeded

29/42 Downloading module IF-MIB  -- succeeded

30/42 Downloading module banner  -- failed, not found

31/42 Downloading module tailf-confd-monitoring  -- failed, not found

32/42 Downloading module pnic  -- failed, not found

33/42 Downloading module save_load  -- failed, not found

34/42 Downloading module resource  -- failed, not found

35/42 Downloading module ietf-netconf-notifications  -- failed, not found

36/42 Downloading module CISCO-ENTITY-EXT-MIB  -- succeeded

37/42 Downloading module netsnmp  -- failed, not found

38/42 Downloading module ietf-netconf-acm  -- failed, not found

39/42 Downloading module CISCO-TC  -- succeeded

40/42 Downloading module IANAifType-MIB  -- succeeded

41/42 Downloading module CISCO-SMI  -- succeeded

42/42 Downloading module security  -- failed, not found

message Downloaded 8 modules, failed 34, skipped 0:

Failed ietf-netconf-monitoring rpc error

Failed tailf-netconf-monitoring rpc error

Failed tailf-webui rpc error

Failed system_setting rpc error

Failed question_xml rpc error

Failed tailf-acm rpc error

Failed iana-crypt-hash rpc error

Failed vnic_stats rpc error

Downloaded HCNUM-TC

Failed cluster rpc error

Failed vsb rpc error

Failed tailf-aaa rpc error

Failed clock rpc error

Failed show rpc error

Failed snmp rpc error

Failed system rpc error

Failed ietf-inet-types rpc error

Failed tailf-common-monitoring rpc error

Failed version rpc error

Failed ietf-yang-library rpc error

Failed ietf-yang-types rpc error

Failed show_tech_utils rpc error

Failed tailf-kicker rpc error

Downloaded ENTITY-MIB

Failed ntp rpc error

Failed csp_user rpc error

Failed mgmt_stats rpc error

Downloaded CISCO-PROCESS-MIB

Downloaded IF-MIB

Failed banner rpc error

Failed tailf-confd-monitoring rpc error

Failed pnic rpc error

Failed save_load rpc error

Failed resource rpc error

Failed ietf-netconf-notifications rpc error

Downloaded CISCO-ENTITY-EXT-MIB

Failed netsnmp rpc error

Failed ietf-netconf-acm rpc error

Downloaded CISCO-TC

Downloaded IANAifType-MIB

Downloaded CISCO-SMI

Failed security rpc error

yang-directory /tmp/download/csp2100

One example of such failure from the logs:

<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - FQFN /tmp/download/csp2100/clock.yang

<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - Downloading module clock

<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - 12/34 Downloading module clock

<DEBUG> 05-Jun-2018::03:15:39.599 pioneer Thread-5: - Device addr=10.81.127.54, port=2022, netconf=True

<DEBUG> 05-Jun-2018::03:15:39.600 pioneer Thread-5: - Credentials user=admin, pass=$8$9bM2h4rco9FRUkWT27RsE1CnXRfD3Ynz3Bs4+aiO4V0=

<DEBUG> 05-Jun-2018::03:15:39.601 pioneer Thread-5: - Calling netconf_console ['--get-schema', 'clock', '--host=10.81.127.54', '--port=2022', '--user=admin', '--password=****']

<DEBUG> 05-Jun-2018::03:15:39.601 pioneer Thread-5: - NC: args ['--get-schema', 'clock', '--host=10.81.127.54', '--port=2022', '--user=admin', '--password=***']

<DEBUG> 05-Jun-2018::03:15:39.602 pioneer Thread-5: - NC: about to connect

<DEBUG> 05-Jun-2018::03:15:39.602 paramiko.transport Thread-294: - starting thread (client mode): 0x48067890L

<DEBUG> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Local version/idstring: SSH-2.0-paramiko_2.4.1

<DEBUG> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Remote version/idstring: SSH-2.0-ConfD-6.2

<INFO> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Connected (version 2.0, client ConfD-6.2)

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client

encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-cbc', u'aes256-cbc', u'3des-cbc'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-cbc', u'aes256-cbc', u'3des-cbc'] client mac:[u'hmac-md5', u'hmac-sha1', u'hmac-sha2-256', u'hmac

-sha2-512', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib'] server compress:[u'none', u'zlib'] client lang:[u''] server lang:[u''] kex f

ollows?False

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Kex agreed: diffie-hellman-group-exchange-sha256

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - HostKey agreed: ssh-rsa

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Cipher agreed: aes128-ctr

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - MAC agreed: hmac-sha2-256

<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Compression agreed: none

<DEBUG> 05-Jun-2018::03:15:39.605 paramiko.transport Thread-294: - Got server p (2048 bits)

<DEBUG> 05-Jun-2018::03:15:39.678 paramiko.transport Thread-294: - kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>

<DEBUG> 05-Jun-2018::03:15:39.679 paramiko.transport Thread-294: - Switch to new keys ...

<DEBUG> 05-Jun-2018::03:15:39.679 paramiko.transport Thread-5: - Attempting password auth...

<DEBUG> 05-Jun-2018::03:15:39.718 paramiko.transport Thread-294: - userauth is OK

<INFO> 05-Jun-2018::03:15:39.763 paramiko.transport Thread-294: - Authentication (password) successful!

<DEBUG> 05-Jun-2018::03:15:39.780 paramiko.transport Thread-5: - [chan 0] Max packet in: 32768 bytes

<DEBUG> 05-Jun-2018::03:15:39.781 paramiko.transport Thread-294: - [chan 0] Max packet out: 32768 bytes

<DEBUG> 05-Jun-2018::03:15:39.781 paramiko.transport Thread-294: - Secsh channel 0 opened.

<DEBUG> 05-Jun-2018::03:15:39.783 paramiko.transport Thread-294: - [chan 0] Sesch channel 0 request ok

<DEBUG> 05-Jun-2018::03:15:39.818 paramiko.transport Thread-294: - EOF in transport thread

<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - Returned from netconf_console

<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - Fetched:

<?xml version="1.0" encoding="UTF-8"?>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>invalid-value</error-tag>

    <error-severity>error</error-severity>

    <error-path xmlns:ncm="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">

    /nc:rpc/ncm:get-schema

  </error-path>

    <error-message xml:lang="en">/get-schema/identifier: inconsistent value</error-message>

    <error-info>

      <bad-element>get-schema</bad-element>

    </error-info>

  </rpc-error>

</rpc-reply>

<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - run '/usr/bin/xsltproc --nonet --novalid /home/cisco/nso/ncs-run/state/packages-in-use/1/pioneer/load-dir/ncs-extract-module.xsl -', input len=627

<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: - run finished, output len=5, err len=0

<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: - Parsed module:

ERROR

<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: -  -- failed, not found

I tried building the few files that were downloaded, disabling all the MIB ones (they gave me some dependency errors, because of the missing modules), and then installing the ned and reloading packages.

This all went fine (new package is installed and appears as 'up', but coming to sync-from the device, I ended up, getting this error again:

admin@ncs# devices device csp2100 sync-from

result false

info Device csp2100 does not advertise any known YANG modules

Looking at the logs for the modules that were downloaded, I think they are mostly just typedefs, so I tend to think that some of the other modules are still required.

What are the options for retrieving those?

Thank you!

Yftach

If you are automating chaining of VNFs on CSP2100 infrastructure interconnected by Nexus switching, then you want to investigate the Secure Agile Exchange (SAE) core function pack (CFP). The SAE CFP can discover your switching topology, and manage VNF lifecycle and service chains for the SAE use case, which is to create a virtual DMZ between clients (in branch offices, homes and roaming) and applications (in private and public datacenters), managing the security relationships. We are in trial with a number of large enterprises at the moment, and will release the productised function pack later in the summer. I will post more information as we get closer to release.

Great that you got pioneer running. In order to resolve the device issue you are seeing, could you tell me a little more about the csp2100. Is that a ConfD or perhaps NSO based system? Apparently it doesn't have the most of the YANGs in the load-path, and hence won't hand them out when asked. Can you modify the CSP2100, or is this a closed system to you?

The end result, that the csp2100 does not advertise any known YANG modules just means that after the failures and the MIB removals, there was nothing left with any data. So NSO has nothing to talk about with the device.

Thank you Jan!

The device is new to me as well unfortunately.

It's a software solution sold by Cisco as a box. The management is through an IOS-like cli (and netconf in theory).

I have access to one such box in CLI.

I didn't find any useful documentation, but I do have access to those YANG modules (or similar ones) through the device's download page on cisco.com.

Is it possible to get the files to NSO manually and make the pioneer package think they were downloaded from the device?

I also tried building a NED using those YANG files directly with: ncs-make-package --netconf-ned

The issue there, as I see it, is that some of those yang modules collide with existing modules in NSO, but some of the unique files have dependencies on those.

If I just build everything, I get an internal error when loading the package, and on the logs I see:

<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF

-ALARM-MIB.bin

<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/IANA-

ITU-ALARM-TC-MIB.bin

<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/ITU-A

LARM-TC-MIB.bin

<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF

-ALARM-TC-MIB.bin

<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF

-TOP-MIB.bin

This is strange, as I don't actually see anything with e.g. 'alarm' in the device's YANG files.

But anyhow, I removed all files with tail-f in the namespace, and now the NED is loading and I was able to perform sync-from.

I still get the feeling that it would have been better to use the actual files coming from the device...

Yftach

You could copy the files to /tmp/download/<devicename>/ and let pioneer work with that, but there's no particular advantage of having pioneer do that if you can do an   ncs-make-package --netconf-ned   instead. The colliding YANG modules need to be removed (deleted, or renamed to something else than *.yang, or moved out) either way.

I too often get that same feeling of not being entirely sure I got the right version when I don't get the YANG files straight from the device. If you find out a contact name with the CSP2100 team, I'd connect with them and discuss how this could be improved.

Good that you got it working.

I am facing a strange issue. I can access 5456 CSPs over CLI but not over WebGUI? what could be the reason?