We use ncclient to do edit-config after the device boots up, this failed. On further analysis we saw the following error below (very rare case). Looks like the capability exchange timed out and did not happen. Thus edit-config did not happen. We are wondering how this can happen and also how to avoid this issue from happening. Please advice.
May> 17 14:22:15 orion confd[686]: audit user: vsm/0 logged in over ssh from 127.0.0.1 with authmeth:password
May 17 14:22:15 orion confd[686]: netconf id=13 new ssh session for user “vsm” from 127.0.0.1
May 17 14:22:15 orion confd[686]: audit user: vsm/13 assigned to groups: admin
May 17 14:22:16 orion ntpd[1059]: Deleting interface #5 fm1-mac1, fe80::52cd:22ff:feb9:8290#123, interface stats: received=0, sent=0, dropped=0,active_time=2 secs
May 17 14:22:16 orion ntpd[1059]: peers refreshed
…
May 17 14:23:15 orion confd[686]: audit user: vsm/0 Logged out ssh user
May 17 14:23:15 orion confd[686]: netconf id=13 ssh transport closed
May 17 14:23:16 orion vsm.py[817]:> “/usr/bin/vsm.py:753 type <class
… Netconf initial negotiation didn’t seem to happen …hang, timeout.
Thanks
Did you enable the ConfD’s NETCONF trace log (netconfTraceLog) to analyze the NETCONF messages being sent to ConfD by ncclient?
I have worked with ncclient in the past and ran into an issue in which I’ve had to modifyhttp://schmizz.net/ncclient/0.2a/docs/transport.html#ncclient.transport.ssh.default_unknown_host_cb to always return true.
waitai
May 19, 2016, 12:43am
3
Here’s how the very basic ncclient program for getting the NETCONF capabilities from a NETCONF server such as ConfD looks like:
$ cat nc01.py
#! /usr/bin/env python2.6
#
# Connect to the NETCONF server passed on the command line and
# display their capabilities.
#
# $ python nc01.py localhost admin admin
import sys, os, warnings
warnings.simplefilter("ignore", DeprecationWarning)
from ncclient import manager
def default_unknown_host_cb(host, key):
return True
def demo(host, user, pw):
with manager.connect(host=host, port=2022, username=user, password=pw,
unknown_host_cb=default_unknown_host_cb, look_for_keys=False,
allow_agent=False) as m:
for c in m.server_capabilities:
print c
if __name__ == '__main__':
demo(sys.argv[1], sys.argv[2], sys.argv[3])
$ python nc01-confd.py localhost admin admin
http://tail-f.com/ns/netconf/extensions
urn:ietf:params:xml:ns:yang:ietf-netconf-acm?module=ietf-netconf-acm&revision=2012-02-22
http://tail-f.com/yang/acm?module=tailf-acm&revision=2013-03-07
http://tail-f.com/yang/netconf-monitoring?module=tailf-netconf-monitoring&revision=2014-11-13
http://tail-f.com/ns/webui?module=tailf-webui&revision=2013-03-07
urn:ietf:params:netconf:capability:rollback-on-error:1.0
http://tail-f.com/yang/common-monitoring?module=tailf-common-monitoring&revision=2013-06-14
http://tail-f.com/ns/netconf/actions/1.0
urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?revision=2011-06-01&module=ietf-netconf-with-defaults
urn:ietf:params:xml:ns:yang:iana-crypt-hash?module=iana-crypt-hash&revision=2014-04-04&features=crypt-hash-sha-512,crypt-hash-sha-256,crypt-hash-md5
urn:ietf:params:xml:ns:yang:ietf-netconf-notifications?module=ietf-netconf-notifications&revision=2012-02-06
urn:ietf:params:netconf:capability:confirmed-commit:1.1
urn:ietf:params:netconf:capability:confirmed-commit:1.0
http://tail-f.com/yang/confd-monitoring?module=tailf-confd-monitoring&revision=2013-06-14
http://tail-f.com/ns/aaa/1.1?module=tailf-aaa&revision=2015-06-16
urn:ietf:params:netconf:capability:candidate:1.0
http://tail-f.com/ns/example/hst?module=hst
urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15
urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2013-07-15
urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all-tagged
urn:ietf:params:netconf:capability:validate:1.0
urn:ietf:params:netconf:capability:validate:1.1
urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:base:1.1
urn:ietf:params:netconf:capability:xpath:1.0