06-04-2018 10:05 PM - edited 03-01-2019 04:10 AM
Hi,
I'm trying to use the Pioneer package in order to build a netconf package for a csp2100 device.
I'm following the instructions on the readme.md file in github, but still facing some issues.
I've compiled and loaded the Pioneer package, and then added the device to NSO and fetched ssh keys.
When I ask NSO to connect to the device, I can see a list of capabilities in the logs:
admin@ncs# devices device csp2100 pioneer log print-netconf-trace
<<<< 2018-06-05 00:58:24
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:xpath:1.0</capability>
<capability>urn:ietf:params:netconf:capability:url:1.0?scheme=ftp,sftp,file</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability>
<capability>http://tail-f.com/ns/netconf/extensions</capability>
<capability>urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all-tagged</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?revision=2011-06-01&module=ietf-netconf-with-defaults</capability>
<capability>urn:ietf:params:netconf:capability:yang-library:1.0?revision=2016-04-09&module-set-id=fd9dad4f452a0d89532b60543d4c18df</capability>
<capability>http://tail-f.com/ns/aaa/1.1?module=tailf-aaa&revision=2015-06-16</capability>
<capability>http://tail-f.com/ns/kicker?module=tailf-kicker&revision=2016-05-03</capability>
<capability>http://tail-f.com/ns/webui?module=tailf-webui&revision=2013-03-07</capability>
<capability>http://tail-f.com/yang/acm?module=tailf-acm&revision=2013-03-07</capability>
<capability>http://tail-f.com/yang/common-monitoring?module=tailf-common-monitoring&revision=2013-06-14</capability>
<capability>http://tail-f.com/yang/confd-monitoring?module=tailf-confd-monitoring&revision=2013-06-14</capability>
<capability>http://tail-f.com/yang/netconf-monitoring?module=tailf-netconf-monitoring&revision=2014-11-13</capability>
<capability>http://www.cisco.com/ns/test/banner?module=banner&revision=2016-01-07</capability>
<capability>http://www.cisco.com/ns/test/clock?module=clock&revision=2017-03-04</capability>
<capability>http://www.cisco.com/ns/test/cluster?module=cluster&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/csp_user?module=csp_user&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/mgmt_stats?module=mgmt_stats&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/netsnmp?module=netsnmp</capability>
<capability>http://www.cisco.com/ns/test/ntp?module=ntp&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/pnic?module=pnic&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/question_xml?module=question_xml&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/resource?module=resource&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/save_load?module=save_load&revision=2015-05-04</capability>
<capability>http://www.cisco.com/ns/test/security?module=security&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/service?module=vsb&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/show?module=show&revision=2017-10-30</capability>
<capability>http://www.cisco.com/ns/test/showtech?module=show_tech_utils&revision=2015-05-20</capability>
<capability>http://www.cisco.com/ns/test/snmp?module=snmp</capability>
<capability>http://www.cisco.com/ns/test/system_setting?module=system_setting&revision=2018-01-02</capability>
<capability>http://www.cisco.com/ns/test/utils?module=system&revision=2015-05-04</capability>
<capability>http://www.cisco.com/ns/test/version?module=version&revision=2015-04-30</capability>
<capability>http://www.cisco.com/ns/test/vnic_stats?module=vnic_stats&revision=2015-04-30</capability>
<capability>urn:ietf:params:xml:ns:yang:iana-crypt-hash?module=iana-crypt-hash&revision=2014-04-04&features=crypt-hash-sha-512,crypt-hash-sha-256,crypt-hash-md5</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-acm?module=ietf-netconf-acm&revision=2012-02-22</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-notifications?module=ietf-netconf-notifications&revision=2012-02-06</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-yang-library?module=ietf-yang-library&revision=2016-04-09</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2013-07-15</capability>
</capabilities>
<session-id>1120</session-id></hello>
>>>> 2018-06-05 00:58:24
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<close-session/></rpc>
success 2 entries matched
However, for any further step, I seem to get only errors:
admin@ncs# devices device csp2100 pioneer netconf hello |
error Operation failed
admin@ncs# devices device csp2100 pioneer netconf get |
error Operation failed
admin@ncs# devices device csp2100 pioneer log print-netconf-trace
success 0 entries matched
admin@ncs# devices device csp2100 pioneer netconf get-config |
error Operation failed
admin@ncs# devices device csp2100 pioneer log print-netconf-trace
success 0 entries matched
Same goes for any yang operations.
Any thoughts of something I might be missing?
Thanks,
Yftach
Solved! Go to Solution.
06-04-2018 11:39 PM
The most common reason when this happens are some missing components listed under Dependencies in the Pioneer README. Did you check that all prerequisites are installed?
If they're all in place and you see "All Fine", you should enable python logging, retry the operation and have a look in the logs. Send the log to me if whatever you find doesn't make immediate sense to you.
config
python-vm logging log-level level-debug
commit
The log file to look for then is logs/ncs-python-vm-pioneer.log
06-04-2018 11:39 PM
The most common reason when this happens are some missing components listed under Dependencies in the Pioneer README. Did you check that all prerequisites are installed?
If they're all in place and you see "All Fine", you should enable python logging, retry the operation and have a look in the logs. Send the log to me if whatever you find doesn't make immediate sense to you.
config
python-vm logging log-level level-debug
commit
The log file to look for then is logs/ncs-python-vm-pioneer.log
06-05-2018 12:54 AM
Hi Jan,
You were spot-on!
Seems as I was missing Paramiko.
Once I had it installed, I was able to fetch the list of modules from the device.
However, trying to download them, only 8 out of 42 were downloaded successfully.
admin@ncs# devices device csp2100 pioneer yang download
Downloading 42 modules to /tmp/download/csp2100
1/42 Downloading module ietf-netconf-monitoring -- failed, not found
2/42 Downloading module tailf-netconf-monitoring -- failed, not found
3/42 Downloading module tailf-webui -- failed, not found
4/42 Downloading module system_setting -- failed, not found
5/42 Downloading module question_xml -- failed, not found
6/42 Downloading module tailf-acm -- failed, not found
7/42 Downloading module iana-crypt-hash -- failed, not found
8/42 Downloading module vnic_stats -- failed, not found
9/42 Downloading module HCNUM-TC -- succeeded
10/42 Downloading module cluster -- failed, not found
11/42 Downloading module vsb -- failed, not found
12/42 Downloading module tailf-aaa -- failed, not found
13/42 Downloading module clock -- failed, not found
14/42 Downloading module show -- failed, not found
15/42 Downloading module snmp -- failed, not found
16/42 Downloading module system -- failed, not found
17/42 Downloading module ietf-inet-types -- failed, not found
18/42 Downloading module tailf-common-monitoring -- failed, not found
19/42 Downloading module version -- failed, not found
20/42 Downloading module ietf-yang-library -- failed, not found
21/42 Downloading module ietf-yang-types -- failed, not found
22/42 Downloading module show_tech_utils -- failed, not found
23/42 Downloading module tailf-kicker -- failed, not found
24/42 Downloading module ENTITY-MIB -- succeeded
25/42 Downloading module ntp -- failed, not found
26/42 Downloading module csp_user -- failed, not found
27/42 Downloading module mgmt_stats -- failed, not found
28/42 Downloading module CISCO-PROCESS-MIB -- succeeded
29/42 Downloading module IF-MIB -- succeeded
30/42 Downloading module banner -- failed, not found
31/42 Downloading module tailf-confd-monitoring -- failed, not found
32/42 Downloading module pnic -- failed, not found
33/42 Downloading module save_load -- failed, not found
34/42 Downloading module resource -- failed, not found
35/42 Downloading module ietf-netconf-notifications -- failed, not found
36/42 Downloading module CISCO-ENTITY-EXT-MIB -- succeeded
37/42 Downloading module netsnmp -- failed, not found
38/42 Downloading module ietf-netconf-acm -- failed, not found
39/42 Downloading module CISCO-TC -- succeeded
40/42 Downloading module IANAifType-MIB -- succeeded
41/42 Downloading module CISCO-SMI -- succeeded
42/42 Downloading module security -- failed, not found
message Downloaded 8 modules, failed 34, skipped 0:
Failed ietf-netconf-monitoring rpc error
Failed tailf-netconf-monitoring rpc error
Failed tailf-webui rpc error
Failed system_setting rpc error
Failed question_xml rpc error
Failed tailf-acm rpc error
Failed iana-crypt-hash rpc error
Failed vnic_stats rpc error
Downloaded HCNUM-TC
Failed cluster rpc error
Failed vsb rpc error
Failed tailf-aaa rpc error
Failed clock rpc error
Failed show rpc error
Failed snmp rpc error
Failed system rpc error
Failed ietf-inet-types rpc error
Failed tailf-common-monitoring rpc error
Failed version rpc error
Failed ietf-yang-library rpc error
Failed ietf-yang-types rpc error
Failed show_tech_utils rpc error
Failed tailf-kicker rpc error
Downloaded ENTITY-MIB
Failed ntp rpc error
Failed csp_user rpc error
Failed mgmt_stats rpc error
Downloaded CISCO-PROCESS-MIB
Downloaded IF-MIB
Failed banner rpc error
Failed tailf-confd-monitoring rpc error
Failed pnic rpc error
Failed save_load rpc error
Failed resource rpc error
Failed ietf-netconf-notifications rpc error
Downloaded CISCO-ENTITY-EXT-MIB
Failed netsnmp rpc error
Failed ietf-netconf-acm rpc error
Downloaded CISCO-TC
Downloaded IANAifType-MIB
Downloaded CISCO-SMI
Failed security rpc error
yang-directory /tmp/download/csp2100
One example of such failure from the logs:
<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - FQFN /tmp/download/csp2100/clock.yang
<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - Downloading module clock
<DEBUG> 05-Jun-2018::03:15:39.597 pioneer Thread-5: - 12/34 Downloading module clock
<DEBUG> 05-Jun-2018::03:15:39.599 pioneer Thread-5: - Device addr=10.81.127.54, port=2022, netconf=True
<DEBUG> 05-Jun-2018::03:15:39.600 pioneer Thread-5: - Credentials user=admin, pass=$8$9bM2h4rco9FRUkWT27RsE1CnXRfD3Ynz3Bs4+aiO4V0=
<DEBUG> 05-Jun-2018::03:15:39.601 pioneer Thread-5: - Calling netconf_console ['--get-schema', 'clock', '--host=10.81.127.54', '--port=2022', '--user=admin', '--password=****']
<DEBUG> 05-Jun-2018::03:15:39.601 pioneer Thread-5: - NC: args ['--get-schema', 'clock', '--host=10.81.127.54', '--port=2022', '--user=admin', '--password=***']
<DEBUG> 05-Jun-2018::03:15:39.602 pioneer Thread-5: - NC: about to connect
<DEBUG> 05-Jun-2018::03:15:39.602 paramiko.transport Thread-294: - starting thread (client mode): 0x48067890L
<DEBUG> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Local version/idstring: SSH-2.0-paramiko_2.4.1
<DEBUG> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Remote version/idstring: SSH-2.0-ConfD-6.2
<INFO> 05-Jun-2018::03:15:39.603 paramiko.transport Thread-294: - Connected (version 2.0, client ConfD-6.2)
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client
encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-cbc', u'aes256-cbc', u'3des-cbc'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-cbc', u'aes256-cbc', u'3des-cbc'] client mac:[u'hmac-md5', u'hmac-sha1', u'hmac-sha2-256', u'hmac
-sha2-512', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib'] server compress:[u'none', u'zlib'] client lang:[u''] server lang:[u''] kex f
ollows?False
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Kex agreed: diffie-hellman-group-exchange-sha256
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - HostKey agreed: ssh-rsa
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Cipher agreed: aes128-ctr
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - MAC agreed: hmac-sha2-256
<DEBUG> 05-Jun-2018::03:15:39.604 paramiko.transport Thread-294: - Compression agreed: none
<DEBUG> 05-Jun-2018::03:15:39.605 paramiko.transport Thread-294: - Got server p (2048 bits)
<DEBUG> 05-Jun-2018::03:15:39.678 paramiko.transport Thread-294: - kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
<DEBUG> 05-Jun-2018::03:15:39.679 paramiko.transport Thread-294: - Switch to new keys ...
<DEBUG> 05-Jun-2018::03:15:39.679 paramiko.transport Thread-5: - Attempting password auth...
<DEBUG> 05-Jun-2018::03:15:39.718 paramiko.transport Thread-294: - userauth is OK
<INFO> 05-Jun-2018::03:15:39.763 paramiko.transport Thread-294: - Authentication (password) successful!
<DEBUG> 05-Jun-2018::03:15:39.780 paramiko.transport Thread-5: - [chan 0] Max packet in: 32768 bytes
<DEBUG> 05-Jun-2018::03:15:39.781 paramiko.transport Thread-294: - [chan 0] Max packet out: 32768 bytes
<DEBUG> 05-Jun-2018::03:15:39.781 paramiko.transport Thread-294: - Secsh channel 0 opened.
<DEBUG> 05-Jun-2018::03:15:39.783 paramiko.transport Thread-294: - [chan 0] Sesch channel 0 request ok
<DEBUG> 05-Jun-2018::03:15:39.818 paramiko.transport Thread-294: - EOF in transport thread
<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - Returned from netconf_console
<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - Fetched:
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>application</error-type>
<error-tag>invalid-value</error-tag>
<error-severity>error</error-severity>
<error-path xmlns:ncm="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
/nc:rpc/ncm:get-schema
</error-path>
<error-message xml:lang="en">/get-schema/identifier: inconsistent value</error-message>
<error-info>
<bad-element>get-schema</bad-element>
</error-info>
</rpc-error>
</rpc-reply>
<DEBUG> 05-Jun-2018::03:15:39.819 pioneer Thread-5: - run '/usr/bin/xsltproc --nonet --novalid /home/cisco/nso/ncs-run/state/packages-in-use/1/pioneer/load-dir/ncs-extract-module.xsl -', input len=627
<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: - run finished, output len=5, err len=0
<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: - Parsed module:
ERROR
<DEBUG> 05-Jun-2018::03:15:39.825 pioneer Thread-5: - -- failed, not found
I tried building the few files that were downloaded, disabling all the MIB ones (they gave me some dependency errors, because of the missing modules), and then installing the ned and reloading packages.
This all went fine (new package is installed and appears as 'up', but coming to sync-from the device, I ended up, getting this error again:
admin@ncs# devices device csp2100 sync-from
result false
info Device csp2100 does not advertise any known YANG modules
Looking at the logs for the modules that were downloaded, I think they are mostly just typedefs, so I tend to think that some of the other modules are still required.
What are the options for retrieving those?
Thank you!
Yftach
06-05-2018 01:26 AM
If you are automating chaining of VNFs on CSP2100 infrastructure interconnected by Nexus switching, then you want to investigate the Secure Agile Exchange (SAE) core function pack (CFP). The SAE CFP can discover your switching topology, and manage VNF lifecycle and service chains for the SAE use case, which is to create a virtual DMZ between clients (in branch offices, homes and roaming) and applications (in private and public datacenters), managing the security relationships. We are in trial with a number of large enterprises at the moment, and will release the productised function pack later in the summer. I will post more information as we get closer to release.
06-05-2018 01:28 AM
Great that you got pioneer running. In order to resolve the device issue you are seeing, could you tell me a little more about the csp2100. Is that a ConfD or perhaps NSO based system? Apparently it doesn't have the most of the YANGs in the load-path, and hence won't hand them out when asked. Can you modify the CSP2100, or is this a closed system to you?
The end result, that the csp2100 does not advertise any known YANG modules just means that after the failures and the MIB removals, there was nothing left with any data. So NSO has nothing to talk about with the device.
06-05-2018 03:00 AM
Thank you Jan!
The device is new to me as well unfortunately.
It's a software solution sold by Cisco as a box. The management is through an IOS-like cli (and netconf in theory).
I have access to one such box in CLI.
I didn't find any useful documentation, but I do have access to those YANG modules (or similar ones) through the device's download page on cisco.com.
Is it possible to get the files to NSO manually and make the pioneer package think they were downloaded from the device?
I also tried building a NED using those YANG files directly with: ncs-make-package --netconf-ned
The issue there, as I see it, is that some of those yang modules collide with existing modules in NSO, but some of the unique files have dependencies on those.
If I just build everything, I get an internal error when loading the package, and on the logs I see:
<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF
-ALARM-MIB.bin
<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/IANA-
ITU-ALARM-TC-MIB.bin
<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/ITU-A
LARM-TC-MIB.bin
<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF
-ALARM-TC-MIB.bin
<ERR> 5-Jun-2018::05:26:07.313 localhost ncs[4887]: devel-snmpa mib already loaded: /home/cisco/nso/nso-4.6.1.2/etc/ncs/snmp/TAILF
-TOP-MIB.bin
This is strange, as I don't actually see anything with e.g. 'alarm' in the device's YANG files.
But anyhow, I removed all files with tail-f in the namespace, and now the NED is loading and I was able to perform sync-from.
I still get the feeling that it would have been better to use the actual files coming from the device...
Yftach
06-05-2018 03:10 AM
You could copy the files to /tmp/download/<devicename>/ and let pioneer work with that, but there's no particular advantage of having pioneer do that if you can do an ncs-make-package --netconf-ned instead. The colliding YANG modules need to be removed (deleted, or renamed to something else than *.yang, or moved out) either way.
I too often get that same feeling of not being entirely sure I got the right version when I don't get the YANG files straight from the device. If you find out a contact name with the CSP2100 team, I'd connect with them and discuss how this could be improved.
Good that you got it working.
05-29-2020 09:14 AM
I am facing a strange issue. I can access 5456 CSPs over CLI but not over WebGUI? what could be the reason?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide