Can not create ACL with YDK on IOS-XE

vaniat · ‎01-18-2023

Hello,

I am trying to configure Standard ACL using ydk generated kit and I get following error:

ydk.errors.YModelError:  Failed to resolve feature "Cisco-IOS-XE-features:fqdn-acl". Path:

Here is how I create access list:

native_config = Cisco_IOS_XE_native.Native()
sequence = 10
snmpro_list = native_config.ip.access_list.Standard()
snmpro_list.name = 'snmpro-access'

for item in snmpro_access:
  ip_net = item.split('/')[0]
  log.debug(ip_net)
  hostmask = str(IPv4Network(item).hostmask)
  log.debug(hostmask)
  globals()["%s" % ip_net] = native_config.Ip.AccessList.Standard.AccessListSeqRule()
  globals()["%s" % ip_net].sequence = sequence
  globals()["%s" % ip_net].permit.std_ace.ipv4_address_prefix = ip_net
  globals()["%s" % ip_net].permit.std_ace.mask = hostmask
  snmpro_list.access_list_seq_rule.append(globals()["%s" % ip_net])
  sequence += 10
native_config.ip.access_list.standard.append(snmpro_list

ygorelik · ‎01-18-2023

I am not sure if this is related to the error message (most likely the error appeared due to model and device releases incompatibility), but the building of the model objects has multiple issues. The wrong lines are:

snmpro_list = native_config.ip.access_list.Standard()

globals()["%s" % ip_net] = native_config.Ip.AccessList.Standard.AccessListSeqRule()

You should remember 2 major rules when building model objects:

1. All the container and list objects are created/initialized when the top level container is initialized (first line in the script).

2. The list element objects must be initialized and appended explicitly to the YList objects, which comes initialized.

Please learn how the model objects are created in the YDK documentation Developer Guide.

vaniat · ‎01-18-2023

Thank you for your help. I went through the developer guide many many times but it seems I did not understand it well :(. Maybe you could give me direct example with above code?

Could you explain me more about "most likely the error appeared due to model and device releases incompatibility". I have collected models from cisco device and used ydk-gen to create python package (17.6.4). Those should be compatible? What I am worried about is YDK package that I installed as requirement, which came from ydk-py repository, which might be indeed on lower cisco version (16.9)

ygorelik · ‎01-18-2023

The ydk-py is holding release 0.8.3. It is not supported any more. You need to switch to release 0.8.5.2 (pyang 1.7) or 0.8.6.3 (pyang 2.5).

Regarding building model object. I've looked at the Cisco-IOS-XE-acl.yang for release 17.7.1 (the 17.6.4 is yet to be published) and have to admit that I was wrong. The model object building looks OK, although the code could be more efficient and python user friendly. That brings us to the very first post. Why do we have an error? I guess that YANG module Cisco-IOS-XE-features.yang is not in the model repository, therefore the code cannot import it and resolve the reference to particular feature. Make sure it is in the device capabilities and you can get it. Also, try to include it to the model bundle.

vaniat · ‎01-19-2023

Thank you for your help!

I checked my ydk is on 0.8.6.3

ydk==0.8.6.3

17.06.04 seems to be recommended release:

Here are the errors I see:

[DEBUG   ] [libyang] Resolving augment target "/Cisco-IOS-XE-native:native/Cisco-IOS-XE-native:ipv6/Cisco-IOS-XE-native:access-list" failed, it will be attempted later.
[DEBUG   ] [libyang] Resolving "Cisco-IOS-XE-acl" unresolved schema nodes and their constraints...
[ERROR   ] Data is invalid according to the yang model. Libyang error: No resolvents found for type "tcp-port-type".
[ERROR   ] Data is invalid according to the yang model. Libyang error: No resolvents found for type "udp-port-type".
[ERROR   ] Data is invalid according to the yang model. Libyang error: No resolvents found for type "tcp-port-type".
[ERROR   ] Data is invalid according to the yang model. Libyang error: Failed to resolve feature "Cisco-IOS-XE-features:fqdn-acl".
[DEBUG   ] An exception occurred in this state:  Failed to resolve feature "Cisco-IOS-XE-features:fqdn-acl". Path:

When generating bundle, I included following models:

Cisco-IOS-XE-aaa.yang               Cisco-IOS-XE-install-rpc.yang       Cisco-IOS-XE-object-group.yang
Cisco-IOS-XE-acl.yang               Cisco-IOS-XE-interface-common.yang  Cisco-IOS-XE-parser.yang
Cisco-IOS-XE-arp.yang               Cisco-IOS-XE-interfaces.yang        Cisco-IOS-XE-platform.yang
Cisco-IOS-XE-cdp.yang               Cisco-IOS-XE-ipv6.yang              Cisco-IOS-XE-pppoe.yang
Cisco-IOS-XE-device-tracking.yang   Cisco-IOS-XE-ip.yang                Cisco-IOS-XE-snmp.yang
Cisco-IOS-XE-diagnostics.yang       Cisco-IOS-XE-license.yang           Cisco-IOS-XE-spanning-tree.yang
Cisco-IOS-XE-ethernet-cfm-efp.yang  Cisco-IOS-XE-line.yang              Cisco-IOS-XE-stackwise-virtual.yang
Cisco-IOS-XE-ethernet-oam.yang      Cisco-IOS-XE-lldp.yang              Cisco-IOS-XE-switch.yang
Cisco-IOS-XE-ethernet.yang          Cisco-IOS-XE-logging.yang           Cisco-IOS-XE-types.yang
Cisco-IOS-XE-features.yang          Cisco-IOS-XE-multicast.yang         Cisco-IOS-XE-vtp.yang
Cisco-IOS-XE-fqdn.yang              Cisco-IOS-XE-native.yang            cisco-semver.yang
Cisco-IOS-XE-http.yang              Cisco-IOS-XE-nd.yang
Cisco-IOS-XE-igmp.yang              Cisco-IOS-XE-ntp.yang

Generating kit finishes successfully. I do see this:

Processing 10 of 37 /home/vbhadmin/ydk-gen/gen-api/.cache/models/Cisco_IOS_XE_VBH_native@0.1.0/Cisco-IOS-XE-features.yang
    Skipping module, because it does not contain top level containers