GetConfig JunOS issue #73
Comments
Is a juniper thing iirc. they dont allow pty on 22. So either use 830 as you're doing or you can use the standard transport (I think)
is the issue, looks like you are passing running though so obviously that seems wrong/bad. Probably need to get logs to tell anything further. |
I have both 22/830 enabled: Shell (
How can I do it? |
Doesn't matter, we force a pty which Junos doesn't like
https://github.com/scrapli/scrapligo/blob/main/examples/network_driver/logging/main.go |
Logs2022/05/05 21:34:19 debug::10.10.30.4::22::"attempting to open netconf transport connection with the following command: [10.10.30.4 -p 22 -o ConnectTimeout=30 -o ServerAliveInterval=45 -l admin -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -F /dev/null -tt -s netconf] 2022/05/05 21:34:19 debug::10.10.30.4::22::netconf transport connection to host opened 2022/05/05 21:34:19 debug::10.10.30.4::22::attempting in channel ssh authentication 2022/05/05 21:34:19 debug::10.10.30.4::22::read: Warning: Permanently added '10.10.30.4' (ECDSA) to the list of known hosts. 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: Password: 2022/05/05 21:34:19 debug::10.10.30.4::22::found password prompt, sending password 2022/05/05 21:34:19 write::10.10.30.4::22::write: REDACTED 2022/05/05 21:34:19 write::10.10.30.4::22::write: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:netconf:base:1.0 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:netconf:capability:candidate:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.0 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:netconf:capability:validate:1.0 urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:xml:ns:netconf:base:1.0?module=ietf-netconf&revision=2011-06-01 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:xml:ns:netconf:capability:candidate:1.0 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0 2022/05/05 21:34:19 debug::10.10.30.4::22::read: urn:ietf:params:xml:ns:netconf:capability:validate:1.0 urn:ietf:params:xml:ns:netconf:capability:url:1.0?scheme=http,ftp,file urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15 urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring http://xml.juniper.net/netconf/junos/1.0 http://xml.juniper.net/dmi/system/1.0 10180 ]]>]]> 2022/05/05 21:34:19 debug::10.10.30.4::22::ssh authentication complete 2022/05/05 21:34:19 info::10.10.30.4::22::sending client capabilities: urn:ietf:params:netconf:base:1.0 ]]>]]> 2022/05/05 21:34:19 write::10.10.30.4::22::write: urn:ietf:params:netconf:base:1.0 ]]>]]> 2022/05/05 21:34:19 write::10.10.30.4::22::write: 2022/05/05 21:34:19 info::10.10.30.4::22::"sending channelInput: ]]>]]>; stripPrompt: false; eager: true 2022/05/05 21:34:19 write::10.10.30.4::22::write: ]]>]]> 2022/05/05 21:34:19 write::10.10.30.4::22::write: 2022/05/05 21:34:19 debug::10.10.30.4::22::read: 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0 master 2022/05/05 21:34:20 debug::10.10.30.4::22::read: master (default) OK 2002 MB (2048 MB installed) 44 3 0 3 0 94 1 0 2 0 96 1 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0 2 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0 96 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 1 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 2 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 94 2022/05/05 21:34:20 debug::10.10.30.4::22::read: RE-VMX 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 2022-05-05 17:32:49 UTC 1 hour, 1 minute, 33 seconds Router rebooted after a normal shutdown. 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0.49 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0.57 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 0.49 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 2022/05/05 21:34:20 debug::10.10.30.4::22::read: 2022/05/05 21:34:20 debug::10.10.30.4::22::read: ]]>]]> 2022/05/05 21:34:20 debug::10.10.30.4::22::found prompt match 2022/05/05 21:34:20 debug::10.10.30.4::22::server echo is unset, determining if server echoes inputs now 2022/05/05 21:34:20 info::10.10.30.4::22::server does *not* echo inputs, setting serverEcho to 'false' Get Config Response: 0 master master (default) OK 2002 MB (2048 MB installed) 44 3 0 3 0 94 1 0 2 0 96 1 0 2 0 96 1 0 2 0 94 RE-VMX 2022-05-05 17:32:49 UTC 1 hour, 1 minute, 33 seconds Router rebooted after a normal shutdown. 0.49 0.57 0.49 ]]>]]>2022/05/05 21:34:20 debug::10.10.30.4::22::transport connection to host closed |
|
Hmm can you try that again in a code block or something -- looks like stuff got cut out -- dont even see any rpc request going out at all |
here is what happens just before RPC error reply: |
|
Ah thanks, yeah much better. I am like 99.99999% sure that this is/was because when we send the source tag in the payload the go parser makes it like I found old python logs and that looks to be the case. Offhand not sure how difficult that would be to test -- I feel like I looked into this before and the standard library go xml marshaler wouldn't let m change that but I could be making that up. You could probably confirm this with me by running the same thing in scrapli netconf (python version) and checking the logs. All the payloads should look identical between the two with I think/hope only that one exception. I did a quick search and I couldn't find anything related to this so that adventure may have happened in chat somewhere or I am hallucinating and making this all up 🙃 |
|
Ah yes. (Wonderful) Python But Juniper indeed require self-closing XML nodes. It totally desests doing this: Self-closing nodes were one of my other questions regarding Go (it is so painful to transform YAML config info XML payload manually writing structs after Python T_T). |
|
Ah man, thanks for confirming... I thought I was going crazy for a bit there... 😁 Ok, I'll keep this open and maybe have a look at if we can figure that out this weekend or next weekend. Will be low priority for me since I dont do anything w/ Juniper, but eventually I'll get to it.... if you want to experiment in the mean time and open a PR/chat about that works too! Carl |
|
I would gladly after I figure out how to make these damn self-closing nodes even happen :P I was playing with one of my Python projects trying to make a Go flavour of it. And this is where I am at the moment: This |
|
Hehe, yeah I feel you... go can be "fun" :D I have been dealing w/ custom json marshallers/unmarshallers for some unrelated things, so I think I can maybe tackle it.... just wont be a priority for me so may take a while. Thanks for the help hunting this stuff down! Carl |
|
@carlmontanari is python scrapli uses self closing tags with juniper exclusively? Also here Kirk says it works on his vmx Which version exhibits this error @horseinthesky ? |
|
Yeah, I happened to be doing a bunch of NETCONF testing recently, so here is what I sent (obviously wrapped in the rpc tags): |
|
I was using ncclient (as I had that code all handy): nc_reply = m.dispatch(etree.fromstring(get_cfg2)) (Pdbr) p nc_reply
... a bunch of stuff
</services>
<host-name>vmx1</host-name>
</system>
</configuration>
</data>
</rpc-reply>This was Junos |
|
As a test, I also tested crazy old SRXs that I have and they also worked fine using: |
|
@ktbyers the version in questions is 19.2+ |
|
I don't have 19.2+. The two above are the Junos versions that I have. |
It's Junos: 19.2R1.8. And it is even older than my production VMs/Hardware boxes. So at the moment I don't have anything older than that to test if older versions we fine to accept double tags ¯_(ツ)_/¯ Anyway self-closing tags are super widely used and it is necessary to support them. I've spent a couple of days and still don't know how to do it with |
|
One thing to try out is this command |
This is always enabled: |
|
Nice. Funny, that looks like a Juniper issue to me |
|
I just checked this morning on a couple of my prod devices. Found a few with 18.3, a few with 19.4 and the most run 21.1. It kind of goes without saying that root cause of this issue is JunOS doesn't accept double tags. But it doesn't seem as an issue to me. So I would say it is the right way to do it. |
|
it is opportunistic to violate encoding standard by requiring self-closing tags IMO since you mentioned that you have tested it with 18.3 and @kbyers have tested it with 18.4R1.8 I am wondering why you have different results... |
Is there a standard saying XML must always use double tags? I've always been using self-closing tags if I had no content but only due to minimalism and clarity principle. It is not just about NETCONF but widely used everywhere: |
of course there is - https://www.w3.org/TR/xml/ from https://www.w3schools.com/xml/xml_elements.asp: An element with no content is said to be empty. In XML, you can indicate an empty element like this: You can also use a so called self-closing tag: The two forms produce identical results in XML software (Readers, Parsers, Browsers). I am not saying that using empty tags is wrong. I am saying that not using empty tags is not wrong. |
|
@carlmontanari this thread tracks the (lack of) progress on the Go side to support empty tags golang/go#21399 ADD: |
|
@ktbyers do you mind to perform the test without ncclient (to exclude lxml interaction) and do it the same way as here #73 (comment) ? ADD: because lxml automatically squashes non empty elements with empty value to empty tags - https://stackoverflow.com/questions/34111154/how-can-i-prevent-lxml-from-auto-closing-empty-elements-when-serializing-to-stri |
I don't mind and/or argue. JunOS does :D
This looks terrible but works nicely. I wonder what could be the reason for Juniper to do validation the way they do it. But what bothers me more is what would be the best solution?! |
lol, don't look too closely at scrapligo code then 🤣 I'll play around with this stuff over the weekend and see what shakes out and keep ya'll posted! |
|
Okay, I tested manually via ssh using: ssh [email protected] -s netconf And observed the same failure as @horseinthesky (i.e. it worked for That caused me to dig into more what ncclient was doing. Digging into this more, ncclient actually converted (Pdbr) print(req)
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:eaa99530-6bd3-470e-939b-02ac95ed9d6e">
<get-config>
<source>
<running/>
</source>
</get-config></nc:rpc>Where what I sent is: Digging in more to this, I see that lxml actually converts the: To an empty tag: It looks like per the netconf-1.0 yang model and per the XML spec it "should" be an empty tag, but a bit surprising Juniper doesn't allow it both ways. https://stackoverflow.com/questions/7231902/self-closing-tags-in-xml-files From the above page (which is quoting from the XML 1.0 spec): And netconf 1.0 yang model declares |
|
@ktbyers where do you see that running is declared empty? |
|
that is a YANG type, which I think has nothing to do with actual EMPTY definition XML standard talks about. For example, netconf RFC has the following line (https://datatracker.ietf.org/doc/html/rfc6241#section-6.2.4):
which kind of proves that both options are fine for a netconf server |
|
@hellt Yeah, I probably disagree on that one. YANG is the DTD/xmlschema equivalent for NETCONF and the YANG-model says it is an empty leaf node which when translated into XML probably should be as per the XML spec for something declared empty. The RFC section you referenced above is in the context of filters so I don't think I would generalize it the way you did. I also had read that earlier. Anyways there is a good chance that is why Juniper did it that way and it is a bit moot as there are thousands of field Juniper devices with this behavior. |
|
That's true. I have jinja2 XML templates describing 95% of JunOS functionality and they use self-closing tags literally everywhere. |
|
I am not buying that =) To me requiring self closing tags is a mistake of a parser. It should be accepted in an expanded mode. |
|
Well, good news re the self closing being ok or not thing -- I (and by extension scrapligo!) dont care which way is right/best/good 🤣 TL;DR here is I'll muck around with trying to make this an option in the least ugly way possible, then probably expose it as an option at driver creation that way we can leave standard xml behavior then users can enable this if they care. Probably wont work on this till next weekend but at least we know what needs doing to sort this issue. Thanks for all the work double checking all the things from everyone! Carl |
|
@hellt - what we have here can be left up to interpretation based off the angle in which you are looking at this from. The primary source of truth for the XML encoding of YANG data are the YANG 1.0/1.1 RFCs themselves. As previously pointed out, the YANG module that defines the RFC6241 RPCs for XML encoding of The reference you have above to https://datatracker.ietf.org/doc/html/rfc6241#section-6.2.4 is mostly unrelated. Now at the same time, since RFC7950 brought in the ability for leafs of yanglint for instance will validate both scenarios (and actually collapse the start/end tags post validation) as well as length checking should the start/end elements contain any content
So my opinion is both are valid, this could be relaxed but the common usage would still be to formulate a single self-closing element for nodes of |
|
thanks again everyone, closing this and following up in #76 |
|
To make this issue complete to someone else facing it, adding |
|
@carlmontanari It is probably another noob question from me but how should I correctly update the dependency? |
|
you can just do |
Yeah. I did this to test the branch version. But I don't get why it downloads not the latest version without pointing the hash? |
|
pretty sure it just gets latest release if you dont do it with hash, I didn't make a release, so thats what you're gunna get. for now you'll just need the hash. |
So since there was no new release it uses commit with the latest tag (which is 0.1.3 at the moment) as @latest. Is that correct? |
|
afaik yep |
|
FWIW: This is definitely a bug in JUNOS (PR 1668382). It's specific to the the NETCONF tag. Thanks, |
Hello.
Doing my first steps in Go while trying to implement Go agalogue of:
which works perfectly fine.
This is the code:
RPC works but GetConfig doesn't:
What am I doing wrong here?
And there is one more thing: if I change port to 830 (works great from shell or
ncclient) I get:Could you pls shed some light on how to use that?! Thank you.
The text was updated successfully, but these errors were encountered: