02-11-2015 03:04 AM - edited 03-01-2019 07:48 AM
Hi Community
I am testing (trying) the POAP functionality in the nexus product range but seem to run into some issues. I have a N7009, DHCP, TFTP and FTP connected to a management network. I copied a quite elaborate script from the software download section on the Cisco site.
I’ve edited the script to point to the relevant IP addresses I use in my infrastructure.
The POAP process starts, gets the relevant IP and script file info from the DHCP server. The switch successfully contacts and downloads the script from the TFTP server but then fail the MD5 validation of the script. The same failure accurse even if I place an unmodified script on the TFTP server.
I really would like to get this working as I see great value the feature.
regards
Kobus
07-08-2015 07:30 PM
I have the exact same issue with 9000's and I'm sure there's something wrong with the software based on what's in the documentation.
The switch seems to check the MD5 hash of the entire file - against what!? With DHCP option 67 you can only download 1 file.
The way I assumed from the doco that it worked is that the switch excluded specific lines from the MD5 calculation - that way you can insert the MD5 checksum that you want it to use without effecting the calculated sum when you modify the file. This does not seem to be the case.
I took the original poap.py, modified it, copied it to usb and copied it to another 9000 - went to bash and ran the suggested command:
f=poap_fabric.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=\"$(md5sum $f.md5 | sed 's/ .*//')\"/" $f
... and it seemed to do what I suggested. It created a poap_fabric.py.md5 file though which was not mentioned in the doco, and did not include the original lines. It also modified the original and inserted the md5sum in it as I expected, but this was not the hash that the switch calculated when trying to use it for POAP boot! Instead the hash matched what you would get if you hashed over the entire file.
08-14-2015 10:04 AM
Hi,
I know this a little old now, but I also ran into this problem, albeit on Nexus 9000. After a little to and fro with Cisco it seems that the MD5 checksum in the poap.py file needs to have double quotes.
So when I run the sed command as defined in the poap.py on GitHub I get this:
[root@vm1 tftpboot]# f=poap.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=$(md5sum $f.md5 | sed 's/ .*//')/" $f [root@vm1 tftpboot]# head -2 poap.py #!/bin/env python #md5sum=8e0bce12a1245c8a5b40318c668ac6c5
And when the switch boots it gives the following error:
[snip] 2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_DOWNLOADED: Successfully downloaded POAP script file 2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script file size 20053, MD5 checksum aefb285f159da5587f2c4959d2579f1a 2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_STARTED_MD5_NOT_VALIDATED: POAP script execution started(MD5 not validated)
If I run a slightly different sed command to add double quotes around the checksum:
[root@vm1 tftpboot]# f=poap.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=\"$(md5sum $f.md5 | sed 's/ .*//')\"/" $f [root@vm1 tftpboot]# head -2 poap.py #!/bin/env python #md5sum="8e0bce12a1245c8a5b40318c668ac6c5"
Now when the switch boots I see the MD5 checksum now validated:
2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_DOWNLOADED: Successfully downloaded POAP script file 2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script file size 20315, MD5 checksum 8e0bce12a1245c8a5b40318c668ac6c5 2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: MD5 checksum received from the script file is 8e0bce12a1245c8a5b40318c668ac6c5 2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_STARTED_MD5_VALIDATED: POAP script execution started(MD5 validated)
Regards
08-16-2015 09:54 PM
Ah you found that too :)
My bad for not reporting back here - I discovered the same thing after doing a diff on two files, one working another not. I could swear that that script is not creating the same results every time. I wonder whether it may be omitting the quotation marks sometimes.
I can verify adding the quotes does fix the issue, and that the hash is only then calculated on the remainder of the file minus that whole line.
08-16-2015 11:09 PM
Hi chaps
I manage to sort out the md5 check.
The easiest way is to modify your script file as needed and not change the md5 in the dock. Have the nexus boot and try to load the file. It will report an error that the file could not be validated and will list the expected md5 that it calculated the value should be. Copy this from the error log and insert this in your file and try again. Remember the md5 I found is case sensitive and I had di change all the upper case characters to lower case characters.
This worked to validate the file. My scripts now fails a bit further along and I am looking into that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide