06-23-2020 03:18 PM
I am trying to run a test case on XE sandbox. When I try to access documented Restconf port, I am getting that the port is used for HTTPS. But YDK does not support HTTPS protocol (known limitation). Is there a port assigned for unsecured HTTP protocol?
My script to connect:
from ydk.providers import RestconfServiceProvider
from ydk.types import EncodingFormat
from ydk.path import Repository
from ydk.models import openconfig as oc
repo = Repository(oc.__path__[0]+'/_yang')
provider = RestconfServiceProvider(
repo,
'ios-xe-mgmt.cisco.com',
'developer',
'C1sco12345',
9443,
EncodingFormat.JSON)
I am getting this error:
(venv) Yans-Air:ydk-gen ygorelik$ python scripts/community/xe_restconf_interface.py
2020-06-23 14:57:03,847 - ydk - INFO - Unable to retrieve restconf root. Assuming '/restconf' as the root
2020-06-23 14:57:03,847 - ydk - INFO - Ready to communicate with http://ios-xe-mgmt.cisco.com:9443/restconf using http
2020-06-23 14:57:05,918 - ydk - ERROR - Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
Traceback (most recent call last):
File "scripts/community/xe_restconf_interface.py", line 41, in <module>
EncodingFormat.JSON)
RuntimeError: YServiceProviderError: Operation did not succeed. Got response: 400 : <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
Please share your experience of using Restconf with Cisco sandboxes .
06-30-2020 09:23 AM - edited 06-30-2020 11:16 AM
Hi Yan,
I can see that WebUI over HTTP just works but when it comes to restconf it doesn't. From documentation it seems to me that:
conf t
ip http server no ip http secure-server
restconf end
should do the trick and you could use port 80 to connect via restconf. However I had no luck and that's why I was asking to the community a couple of weeks ago. I found a workaround to that, it's not nice but it works. I used a local instance of NGINX working as a HTTPS reverse-proxy, configuration is like this:
events { } http { server { listen 80; listen [::]:80; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { proxy_pass https://<my_target_ip_address>:443; } } }
Hope this helps!
If you manage to get HTTP direct connectivity please post a message here. I would be very interested into it!
Val
08-24-2020 11:10 PM
Hi Yan,
Can you use NETCONF instead of RESTCONF when YDK talking to Sandbox ?
Sandbox
08-25-2020 11:00 PM
Hi Jacky
The root cause of the issue was protocol HTTPS, which was not supported by YDK-0.8.4 (see issue #917). As of 0.8.5 that issue has been partially resolved (permanently disabled peer and host name verification). I have used the sandbox to debug and test newly developed code.
Thank you.
08-26-2020 03:28 PM
Hi Yan,
Now I got your point.
I am glad to see your testing is successful now.
BR
Jacky
09-11-2020 01:27 AM - edited 09-11-2020 01:43 AM
Hello Yan,
I'm trying this with python but I'm getting this error when I instantiate the RestconfServiceProvider:
RuntimeError: YClientError: Peer certificate cannot be authenticated with given CA certificates
My understanding is that certificate validation on client should be skipped.
I can see here https://github.com/CiscoDevNet/ydk-gen/blob/11fe46d83358b6c55a2907d19695aa192ab4e5d9/sdk/cpp/core/src/restconf_client.cpp#L150 that I could probably hit:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
Possibly because we don't pass ssl_options here: https://github.com/CiscoDevNet/ydk-gen/blob/1020e483853de9195375a8f5be2a203f050c3a7e/sdk/cpp/core/src/restconf_session.cpp#L65
Is there a way to totally skip certificate validation?
Thanks,
Val
09-11-2020 03:13 AM
Ok forget about this, apparently it was still running with 0.8.4
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide