06-28-2017 07:43 AM
Hey, I've searched through the questions for help and am not finding the answer to this one.
Please help me!! I think there may be a permissions issue? Or yang's permissions??? dunno??
I am unable to do a 'crud.update' on an interface.
I'm seeing <rpc-error> <error-type>application</error-type> <error-tag>access-denied</error-tag>
What do I need to do in order to run my python script and do updates on my router???
For starters, on the routers, 'show user tasks' gives me:
Task: interface : READ WRITE EXECUTE DEBUG
So, I'm trying to update the 'mtu' within an interface as seen in code:
(I tried just updating description on another test, same exact error.)
-----------------------------------------------------
from ydk.services import CRUDService
from ydk.providers import NetconfServiceProvider
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_ifmgr_cfg as xr_ifmgr_cfg
import logging
provider = NetconfServiceProvider(address="xyz.abc", port=830, username="me",password="password",protocol="ssh")
## create CRUD service
crud = CRUDService()
interface_configuration = xr_ifmgr_cfg.InterfaceConfigurations.InterfaceConfiguration()
interface_configuration.interface_name ="HundredGigE0/5/0/6"
# read data from NETCONF device
interface_configuration = crud.read(provider, interface_configuration)
# Just print to see what I have currently before changing
m1=''
owner1=''
print type(interface_configuration.mtus.mtu)
for mtu in interface_configuration.mtus.mtu:
print 'mtu=', mtu.mtu
m1=mtu.mtu
print 'owner=', mtu.owner
owner1=mtu.owner
interface_configuration.mtus.mtu[0].mtu = 9200 # mtu = interface_configuration.mtus.Mtu()
interface_configuration.mtus.mtu[0].owner = owner1
interface_configurations = xr_ifmgr_cfg.InterfaceConfigurations()
interface_configurations.interface_configuration.append(interface_configuration)
print "Starting the update"
crud.update(provider, interface_configurations)
print "Finished the update"
-----------------------------------------------------
However, I am getting output like this:
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">
<edit-config>
<target>
<candidate/>
</target>
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">
<interface-configuration>
<active>act</active>
<interface-name>HundredGigE0/5/0/6</interface-name>
<description>Big Box to hu0/1/0/1-xyz.abc01</description>
<ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">
<addresses>
<primary>
<address>61.150.26.62</address>
<netmask>255.255.255.252</netmask>
</primary>
</addresses>
</ipv4-network>
<ipv6-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg">
<addresses>
<regular-addresses>
<regular-address>
<address>1111:222:3333::667</address>
<prefix-length>126</prefix-length>
<zone>0</zone>
</regular-address>
</regular-addresses>
</addresses>
</ipv6-network>
<mtus>
<mtu>
<owner>HundredGigE</owner>
<mtu>9200</mtu>
</mtu>
</mtus>
</interface-configuration>
</interface-configurations>
</config>
</edit-config>
</rpc>
2017-06-28 10:00:11,721 - ydk.providers._provider_plugin - DEBUG -
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">
<rpc-error>
<error-type>application</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
<error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network</error-path>
</rpc-error>
<rpc-error>
<error-type>application</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
<error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv6-network</error-path>
</rpc-error>
<rpc-error>
<error-type>application</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
<error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network-forwarding</error-path>
</rpc-error>
</rpc-reply>
2017-06-28 10:00:11,722 - ydk.services.crud_service - INFO - UPDATE operation completed
-----------------------------------------------------------------
Solved! Go to Solution.
06-28-2017 08:43 AM
Clearly a permission issue on the router side. You may want to share the config on that. A bit outside the scope of YDK, but someone may be able to help. If possible, I'd remove permissions and incrementally add them back until the breaking point is found.
06-28-2017 08:43 AM
Clearly a permission issue on the router side. You may want to share the config on that. A bit outside the scope of YDK, but someone may be able to help. If possible, I'd remove permissions and incrementally add them back until the breaking point is found.
06-28-2017 08:55 AM
To add to this scenario...
I am able to do interface changes manually. However, programmatically, I am blocked. I do run my python script as myself, and have my provider username/password as myself.
Will see if I can post configuration in a bit...
06-28-2017 10:33 AM
Yes, this has turned out to be just a permissions level thing with the account (my username/password) I was set up with. The root users, who ran my script for me, with their username/password worked like a champ.
Thanks for your prompt response saalvare
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: