06-23-2020 03:18 PM
I am trying to run a test case on XE sandbox. When I try to access documented Restconf port, I am getting that the port is used for HTTPS. But YDK does not support HTTPS protocol (known limitation). Is there a port assigned for unsecured HTTP protocol?
My script to connect:
from ydk.providers import RestconfServiceProvider
from ydk.types import EncodingFormat
from ydk.path import Repository
from ydk.models import openconfig as oc
repo = Repository(oc.__path__[0]+'/_yang')
provider = RestconfServiceProvider(
repo,
'ios-xe-mgmt.cisco.com',
'developer',
'C1sco12345',
9443,
EncodingFormat.JSON)
I am getting this error:
(venv) Yans-Air:ydk-gen ygorelik$ python scripts/community/xe_restconf_interface.py
2020-06-23 14:57:03,847 - ydk - INFO - Unable to retrieve restconf root. Assuming '/restconf' as the root
2020-06-23 14:57:03,847 - ydk - INFO - Ready to communicate with http://ios-xe-mgmt.cisco.com:9443/restconf using http
2020-06-23 14:57:05,918 - ydk - ERROR - Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
Traceback (most recent call last):
File "scripts/community/xe_restconf_interface.py", line 41, in <module>
EncodingFormat.JSON)
RuntimeError: YServiceProviderError: Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
Please share your experience of using Restconf with Cisco sandboxes .
06-30-2020 09:23 AM - edited 06-30-2020 11:16 AM
Hi Yan,
I can see that WebUI over HTTP just works but when it comes to restconf it doesn't. From documentation it seems to me that:
conf t
ip http server no ip http secure-server
restconf end
should do the trick and you could use port 80 to connect via restconf. However I had no luck and that's why I was asking to the community a couple of weeks ago. I found a workaround to that, it's not nice but it works. I used a local instance of NGINX working as a HTTPS reverse-proxy, configuration is like this:
events { } http { server { listen 80; listen [::]:80; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { proxy_pass https://<my_target_ip_address>:443; } } }
Hope this helps!
If you manage to get HTTP direct connectivity please post a message here. I would be very interested into it!
Val
08-24-2020 11:10 PM
Hi Yan,
Can you use NETCONF instead of RESTCONF when YDK talking to Sandbox ?
Sandbox
08-25-2020 11:00 PM
Hi Jacky
The root cause of the issue was protocol HTTPS, which was not supported by YDK-0.8.4 (see issue #917). As of 0.8.5 that issue has been partially resolved (permanently disabled peer and host name verification). I have used the sandbox to debug and test newly developed code.
Thank you.
08-26-2020 03:28 PM
Hi Yan,
Now I got your point.
I am glad to see your testing is successful now.
BR
Jacky
09-11-2020 01:27 AM - edited 09-11-2020 01:43 AM
Hello Yan,
I'm trying this with python but I'm getting this error when I instantiate the RestconfServiceProvider:
RuntimeError: YClientError: Peer certificate cannot be authenticated with given CA certificates
My understanding is that certificate validation on client should be skipped.
I can see here https://github.com/CiscoDevNet/ydk-gen/blob/11fe46d83358b6c55a2907d19695aa192ab4e5d9/sdk/cpp/core/src/restconf_client.cpp#L150 that I could probably hit:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
Possibly because we don't pass ssl_options here: https://github.com/CiscoDevNet/ydk-gen/blob/1020e483853de9195375a8f5be2a203f050c3a7e/sdk/cpp/core/src/restconf_session.cpp#L65
Is there a way to totally skip certificate validation?
Thanks,
Val
09-11-2020 03:13 AM
Ok forget about this, apparently it was still running with 0.8.4
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: