cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
621
Views
0
Helpful
10
Replies
Enthusiast

NetconfServiceProvider is not able to establish ssh tunnel

Hi !
I ran out of ideas and ask for help

Could you please explain issue which was lightly mentioned in the very end of this question ?:
Pointers on how to test YDK app on some opensource router with NETCONF support ?



Details:
I use YDK 0.7.1
When I try to execute this piece of code

from ydk.providers import NetconfServiceProvider

device = {

    "address":"192.168.2.11",

    "port":830,

    "username":"ali",

    "password":"password",

    "protocol":"ssh"

}

provider = NetconfServiceProvider(

    address=device["address"],

    username=device["username"],

    password=device["password"],

    protocol=device["protocol"],

    port=device["port"]

)

I get such output :

Traceback (most recent call last):

  File "ydk/trash/3.py", line 13, in <module>

    provider = NetconfServiceProvider(address=device["address"], username=device["username"], password=device["password"], protocol=device["protocol"], port=device["port"])

RuntimeError: YClientError: Could not connect to 192.168.2.11

I tried both versions of interpretation(2.7 and 3.5), but result is the same

According to trace ssh  handshake was started, but stuck somewhere on the stage of authentication

At the same time, openssh is able to successfully establish session and receive hello message from server

I ran such command

root@host~# ssh 192.168.2.11 -l ali -p 830 -s netconf

Password:

<!-- No zombies were killed during the creation of this user interface -->

<!-- user ali, class j-super-user -->

<nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">

   <nc:capabilities>

    <nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability>

    <nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability>

    <nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability>

    <nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability>

    <nc:capability>urn:ietf:params:netconf:capability:url:1.0?protocol=http,ftp,file</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:netconf:base:1.0</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</nc:capability>

    <nc:capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</nc:capability>

    <nc:capability>http://xml.juniper.net/netconf/junos/1.0</nc:capability>

    <nc:capability>http://xml.juniper.net/dmi/system/1.0</nc:capability>

  </nc:capabilities>

  <nc:session-id>69773</nc:session-id>

</nc:hello>

]]>]]>

Question: what is the reason of issue and how to workaround it ?

Everyone's tags (2)
10 REPLIES 10
Highlighted
Cisco Employee

Re: NetconfServiceProvider is not able to establish ssh tunnel

Can you please enable and post the ydk logs:

http://ydk.cisco.com/py/docs/guides/introduction.html#logging

Highlighted
Enthusiast

Re: NetconfServiceProvider is not able to establish ssh tunnel

Thanks for your response !

Now code looks like this:

(ydk) testuser@host:~/ydk/tests$ cat 3.py

from ydk.providers import NetconfServiceProvider

import logging

log_ydk = logging.getLogger('ydk')

log_ydk.setLevel(logging.DEBUG)

handler = logging.StreamHandler()

log_ydk.addHandler(handler)

device = {"address":"192.168.2.11", "port":830, "username":"ali", "password":"gp36s8s8", "protocol":"ssh"}

provider = NetconfServiceProvider(address=device["address"], username=device["username"], password=device["password"], protocol=device["protocol"], port=device["port"])

(ydk) testuser@host:~/ydk/tests$ python3 3.py
##Then it stuck for approx 2 minutes , and output provided:

Connection error occurred: Starting the SSH session failed (Socket error: disconnected)

Trace: Error code 2.

Could not connect to 192.168.2.11

Traceback (most recent call last):

  File "3.py", line 12, in <module>

    provider = NetconfServiceProvider(address=device["address"], username=device["username"], password=device["password"], protocol=device["protocol"], port=device["port"])

RuntimeError: YClientError: Could not connect to 192.168.2.11

Highlighted
Cisco Employee

Re: NetconfServiceProvider is not able to establish ssh tunnel

Thanks. Doesn't look like the log contains much information. Is that all the output you saw?

Based on the message here:

Re: Pointers on how to test YDK app on some opensource router with NETCONF support ?

It looks like the problem is that your server expects a openssh connection whereas the default implementation of YDK is for llibssh.

Internally, YDK uses the 3rd party library libnetconf to establish netconf connections. From their docs, looks like libnetconf provides an option to disable lissh at compile time using --disable-libssh option.

This is the line in YDK CMake file where libnetconf is compiled.

CONFIGURE_COMMAND "./configure"

to

CONFIGURE_COMMAND "./configure --disable-libssh"


To make the above, follow the below steps. After changing the above line, you can regenerate and install libydk & the ydk core python package:

# First uninstall libydk

# Ubuntu
apt-get remove libydk
# Centos
rpm -q libydk

# Remove ydk python core
pip uninstall ydk

# Clone ydk-gen and checkout 0.7.1 tag

git clone https://github.com/CiscoDevNet/ydk-gen.git -b 0.7.1
cd ydk-gen
# Change the above line and save the file
vi sdk/cpp/core/CMakeLists.txt

# Generate & install libydk
./generate.py --libydk
[sudo] make -C gen-api/cpp/ydk/build install

# Generate & install ydk python core
./generate.py --core --python
pip install gen-api/python/ydk/dist/ydk-07.1*.tar.gz

Highlighted
Enthusiast

Re: NetconfServiceProvider is not able to establish ssh tunnel

Yes, unfortunately that is all log output.

after changing  line in ydk-gen/sdk/cpp/core/CMakeLists.txt


from

CONFIGURE_COMMAND "./configure"

to

CONFIGURE_COMMAND "./configure --disable-libssh"

Running of  sudo make -C gen-api/cpp/ydk/build install

Brought to such result

[  4%] Performing configure step for 'project_libnetconf'

/bin/sh: 1: ./configure --disable-libssh: not found

CMakeFiles/project_libnetconf.dir/build.make:108: recipe for target 'project_libnetconf/src/project_libnetconf-stamp/project_libnetconf-configure' failed

make[2]: *** [project_libnetconf/src/project_libnetconf-stamp/project_libnetconf-configure] Error 127

make[2]: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

CMakeFiles/Makefile2:174: recipe for target 'CMakeFiles/project_libnetconf.dir/all' failed

make[1]: *** [CMakeFiles/project_libnetconf.dir/all] Error 2

make[1]: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

Makefile:149: recipe for target 'all' failed

make: *** [all] Error 2

make: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

Then I changed line in  gen-api/cpp/ydk/build/CMakeFiles/project_libnetconf.dir/build.make


from

cd /home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build/project_libnetconf/src/project_libnetconf && "./configure --disable-libssh"

to

cd /home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build/project_libnetconf/src/project_libnetconf && ./configure --disable-libssh

And ran sudo make -C gen-api/cpp/ydk/build install again.
This time another error were returned and pretty later

CMakeFiles/ydk.dir/build.make:662: recipe for target 'CMakeFiles/ydk.dir/src/netconf_ssh_client.cpp.o' failed

make[2]: *** [CMakeFiles/ydk.dir/src/netconf_ssh_client.cpp.o] Error 1

make[2]: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

CMakeFiles/Makefile2:100: recipe for target 'CMakeFiles/ydk.dir/all' failed

make[1]: *** [CMakeFiles/ydk.dir/all] Error 2

make[1]: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

Makefile:149: recipe for target 'all' failed

make: *** [all] Error 2

make: Leaving directory '/home/alex-limonov/ydk0.7.1_py3.5/ydk-gen/gen-api/cpp/ydk/build'

(more verbse description of error in attachement)

Thanks !

Highlighted
Cisco Employee

Re: NetconfServiceProvider is not able to establish ssh tunnel

Apologies. Please remove the quotes as below:

from

CONFIGURE_COMMAND "./configure"

to

CONFIGURE_COMMAND ./configure --disable-libssh

As for the other errors, looks like there needs to be some more changes done on YDK side. We can take a look. Based on current schedule, this could take a while. But in the meanwhile, feel free to take a shot at making any code changes that can help you with this.

Highlighted
Enthusiast

Re: NetconfServiceProvider is not able to establish ssh tunnel

Understood !
Thank you for your time !
Whether I could find  a workaround  I will post here

Highlighted
Enthusiast

Re: NetconfServiceProvider is not able to establish ssh tunnel


I could make ssh connection work
To do this i have downloaded libssh sources and build it locally

## first removed all existing libssh packages from my system and then :

git clone https://git.libssh.org/projects/libssh.git libssh

cd libssh

mkdir bin

cd bin

cmake  -DCMAKE_BUILD_TYPE=RelWithDebInfo  ..

cmake .

apt install checkinstall

sudo checkinstall

After that I  followed your recommendation  to generate & install libydk and  ydk-python-core!

Thanks !

Highlighted
Cisco Employee

Re: NetconfServiceProvider is not able to establish ssh tunnel

Glad it worked!

Highlighted
Beginner

Re: NetconfServiceProvider is not able to establish ssh tunnel

Hello,

 

I have same problem, and have no luck fixing it. I am stuck in building libydk. I get same error line in aligang1988 attached output file. Maybe I am using wrong libssh version?

Highlighted
Beginner

Re: NetconfServiceProvider is not able to establish ssh tunnel

Solved, by using libssh version 0.7.7 and did not use "--disable-libssh" while building cpp core.
Seems that problem is with libssh version 0.6.4 which is default in docker image.
This widget could not be displayed.