cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
7
Helpful
6
Replies

What is Restconf HTTP port on XE sandbox

yangorelik
Spotlight
Spotlight

I am trying to run a test case on XE sandbox. When I try to access documented Restconf port, I am getting that the port is used for HTTPS. But YDK does not support HTTPS protocol (known limitation). Is there a port assigned for unsecured HTTP protocol?

My script to connect:

from ydk.providers import RestconfServiceProvider
from ydk.types import EncodingFormat
from ydk.path import Repository

from ydk.models import openconfig as oc

repo = Repository(oc.__path__[0]+'/_yang')
provider = RestconfServiceProvider(
repo,
'ios-xe-mgmt.cisco.com',
'developer',
'C1sco12345',
9443,
EncodingFormat.JSON)

 I am getting this error:

(venv) Yans-Air:ydk-gen ygorelik$ python scripts/community/xe_restconf_interface.py 
2020-06-23 14:57:03,847 - ydk - INFO - Unable to retrieve restconf root. Assuming '/restconf' as the root
2020-06-23 14:57:03,847 - ydk - INFO - Ready to communicate with http://ios-xe-mgmt.cisco.com:9443/restconf using http
2020-06-23 14:57:05,918 - ydk - ERROR - Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

Traceback (most recent call last):
File "scripts/community/xe_restconf_interface.py", line 41, in <module>
EncodingFormat.JSON)
RuntimeError: YServiceProviderError: Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

 Please share your experience of using Restconf with Cisco sandboxes .

Yan Gorelik
YDK Solutions
6 Replies 6

vadigreg
Cisco Employee
Cisco Employee

Hi Yan,

I can see that WebUI over HTTP just works but when it comes to restconf it doesn't. From documentation it seems to me that:

conf t
ip http server no ip http secure-server
restconf end

should do the trick and you could use port 80 to connect via restconf. However I had no luck and that's why I was asking to the community a couple of weeks ago. I found a workaround to that, it's not nice but it works. I used a local instance of NGINX working as a HTTPS reverse-proxy, configuration is like this:

events {
}
http {
    server {
        listen 80;
        listen [::]:80;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        location / {
            proxy_pass https://<my_target_ip_address>:443;
        }
    }
}

Hope this helps!

 

If you manage to get HTTP direct connectivity please post a message here. I would be very interested into it!

 

Val

Hi Yan,

 

Can you use NETCONF instead of RESTCONF when YDK talking to Sandbox ?

 

Sandbox

CSR1000V Host: ios-xe-mgmt-latest.cisco.com
SSH Port: 8181
NETCONF Port: 10000
RESTCONF Ports: 9443 (HTTPS)
Username: developer
Password: C1sco12345

Jacky Zhang
Global Telecom

Hi Jacky

The root cause of the issue was protocol HTTPS, which was not supported by YDK-0.8.4 (see issue #917). As of 0.8.5 that issue has been partially resolved (permanently disabled peer and host name verification). I have used the sandbox to debug and test newly developed code.

Thank you.

Yan Gorelik
YDK Solutions

Hi Yan,

 

Now I got your point.  

 

I am glad to see your testing is successful now.

 

BR

Jacky

Jacky Zhang
Global Telecom

Hello Yan,

I'm trying this with python but I'm getting this error when I instantiate the RestconfServiceProvider:

RuntimeError: YClientError: Peer certificate cannot be authenticated with given CA certificates

 

My understanding is that certificate validation on client should be skipped.

 

I can see here https://github.com/CiscoDevNet/ydk-gen/blob/11fe46d83358b6c55a2907d19695aa192ab4e5d9/sdk/cpp/core/src/restconf_client.cpp#L150 that I could probably hit:

 

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

 

Possibly because we don't pass ssl_options here: https://github.com/CiscoDevNet/ydk-gen/blob/1020e483853de9195375a8f5be2a203f050c3a7e/sdk/cpp/core/src/restconf_session.cpp#L65

 

Is there a way to totally skip certificate validation?

 

Thanks,

Val

Ok forget about this, apparently it was still running with 0.8.4

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: