Automation

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  off-box pythong load configuration from https server

    Posted 09-26-2021 05:57
    I have the following code:
    httpscmd = 'https://x.x.x.x/junosConfig/' + UPDATEFile
    cu.load(url=httpscmd,format='set')
    ​

    I tested on three switches, one is QFX5100, the other two are vQFX.
    It works fine for QFX5100, but got error for vQFX shown in the following:

    Traceback (most recent call last):
      File "./jsw-load-config.py", line 70, in <module>
        main()
      File "./jsw-load-config.py", line 63, in main
        uwmed3.load_config(cLn[0] , UPDATEFile, rootpwd )
      File "/usr/lib/python3.6/site-packages/uwmed3.py", line 39, in load_config
        cu.load(url=httpscmd,format='set')
      File "/usr/local/lib/python3.6/site-packages/jnpr/junos/utils/config.py", line 584, in load
        return try_load(rpc_contents, rpc_xattrs, ignore_warning=ignore_warning)
      File "/usr/local/lib/python3.6/site-packages/jnpr/junos/utils/config.py", line 496, in try_load
        raise ConfigLoadError(cmd=err.cmd, rsp=err.rsp, errs=err.errs)
    jnpr.junos.exception.ConfigLoadError: ConfigLoadError(severity: error, bad_element: None, message: error: SSL support disabled
    error: fetch:
    error: https://172.21.244.25/junosConfig/testConfig: Authentication error
    

    I do not understand this.

    Any insights ?

    thanks !!



  • 2.  RE: off-box pythong load configuration from https server

    Posted 09-26-2021 12:03
    I spent hours trying to find the reasons, but very few.
    I came across the following:

    NETCONF and Shell Sessions over Outbound HTTPS

     

    Table 1: Supported Features for Sessions over Outbound HTTPS

     

    Feature/Component

    Junos OS Release 20.2

    Junos OS Release 20.3R1 or Later

    Outbound HTTPS client connections

    Support for connecting to a single outbound HTTPS client and configuring one gRPC server for that client.

    Connection details are configured as script arguments at the [edit system extensions extension-service application file nc_grpc_app.py] hierarchy level.

    Support for connecting to multiple outbound HTTPS clients and configuring one or more backup gRPC servers for each client.

    Connection details are configured at the [edit system services outbound-https] hierarchy level.

    Sessions

    Supports a single NETCONF session.

    Supports multiple, concurrent NETCONF and csh sessions for an outbound HTTPS client.

    gRPC server certificate

    Supports self-signed X.509 certificates only.

    Supports self-signed or CA-signed X.509 certificates.

    Authentication for the device running Junos OS

    Supports configuring an identifier and shared secret to authenticate the device running Junos OS to the outbound HTTPS client.


    My QFX5100 is version 20.2, but vQFX is version 18.4.  This might be the reason, I guess.

    thanks !!