Automation

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  Pyez and Ansible error with Junos: 20.4R3.8

    Posted 09-14-2022 06:39
    I got some issue with Junos 20.4R3.8 on automation. Neither Pyez nor ansible ansible is working. 
    My codes are working well with my other Juniper devices running Junos lower than version 20.
    Below is Pyez error message - 
    msg: Unexpected session close
    IN_BUFFER: `b'\nerror: unknown command: xml-mode\n\nerror: permission denied: netconf\n'`)
    Ansible error output is as below- 
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",

    I use ansible 2.9.9 with ncclient 0.6.13
    junos-eznc 2.6.5

    Any idea?

    ------------------------------
    Tayzar Lwin
    ------------------------------


  • 2.  RE: Pyez and Ansible error with Junos: 20.4R3.8

     
    Posted 09-16-2022 09:58
    Are you attempting to make a connection to the device via console?   I can see that there is an attempt to launch "xml-mode netconf... " which is the approach to open up a netconf session when connecting via console, which is typical of a new out of box environment when no IP address is available etc., and netconf over ssh isn't possible.

    If you access the device you are using via console or IP using the same credentials, start a shell, and then try the following command from the shell:

    ( echo "<rpc><get-system-information/></rpc><rpc><close-session/></rpc>" && cat ) | xml-mode netconf need-trailer​


    You'll need to hit [Enter] to return to the shell once the RPC session is closed.   This should just return the output from the RPC get-system-information e.g.

    % ( echo "<rpc><get-system-information/></rpc><rpc><close-session/></rpc>" && cat ) | xml-mode netconf need-trailer
    <!-- No zombies were killed during the creation of this user interface -->
    <!-- user paragon, class j-super-user -->
    <nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
       <nc:capabilities>
        <nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability>
        <nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability>
        <nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability>
        <nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability>
        <nc:capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:netconf:base:1.0?module=ietf-netconf&amp;revision=2011-06-01</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?scheme=http,ftp,file</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&amp;revision=2013-07-15</nc:capability>
        <nc:capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</nc:capability>
        <nc:capability>http://xml.juniper.net/netconf/junos/1.0</nc:capability>
        <nc:capability>http://xml.juniper.net/dmi/system/1.0</nc:capability>
      </nc:capabilities>
      <nc:session-id>3909</nc:session-id>
    </nc:hello>
    ]]>]]>
    <nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/21.2R0/junos">
    <system-information>
    <hardware-model>mx960</hardware-model>
    <os-name>junos</os-name>
    <os-version>21.2R0</os-version>
    <serial-number>xxxxxxxxxxx</serial-number>
    <host-name>MX960</host-name>
    </system-information>
    </nc:rpc-reply>
    ]]>]]>
    <nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/21.2R0/junos">
    <nc:ok/>
    </nc:rpc-reply>
    ]]>]]>
    <!-- session end at 2022-09-16 13:49:12 GMT -->
    


    Does this work?  Or are you getting a permission denied error?  Try with a super-user account and see if you encounter the same issue. 

    Regards,
    Andy



    ------------------------------
    Andy Sharp
    ------------------------------



  • 3.  RE: Pyez and Ansible error with Junos: 20.4R3.8

    Posted 09-17-2022 05:48
    No, I am not connecting via console. I am connecting via IP. 
    I can successfully execute your command via shell and got below . 

    "
    root@JCR101-KTBG-LAB:~ # ( echo "<rpc><get-system-information/></rpc><rpc><close-session/></rpc>" && cat ) | xml-mode netconf need-trailer
    <!-- No zombies were killed during the creation of this user interface -->
    <!-- user root, class super-user -->
    <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
      <capabilities>
        <capability>urn:ietf:params:netconf:base:1.0</capability>
        <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
        <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
        <capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
        <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
        <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
        <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
        <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
        <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
        <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
        <capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
        <capability>http://xml.juniper.net/netconf/junos/1.0</capability>
        <capability>http://xml.juniper.net/dmi/system/1.0</capability>
      </capabilities>
      <session-id>10133</session-id>
    </hello>
    ]]>]]>
    <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/20.4R0/junos">
    <system-information>
    <hardware-model>mx480</hardware-model>
    <os-name>junos</os-name>
    <os-version>20.4R3.8</os-version>
    <serial-number>JN126FD30AFB</serial-number>
    <host-name>JCR101-KTBG-LAB</host-name>
    </system-information>
    </rpc-reply>
    ]]>]]>
    <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/20.4R0/junos">
    <ok/>
    </rpc-reply>
    ]]>]]>
    <!-- session end at 2022-09-17 08:15:30 MMT -->
    "

    If I tried with root accout+key authentication, I didn't get any issue and succefully run both Pyez script and ansible playbooks. 
    But we are not allowed to use root account in production network. This is not right. 
    The accounts I used in Pyez script and ansible playbook are both super-user class. 

    Regards,

    Tayzar Lwin
    Associate Principal Engineer 
    Network Planning
    FRONTiiR Co., Ltd.
    www.frontiir.com






  • 4.  RE: Pyez and Ansible error with Junos: 20.4R3.8

     
    Posted 09-17-2022 06:30

    Thanks, with super-user access not root that should be fine. 

    could you try the following:

    ssh <user>@<ip> -s netconf
    
    Once you enter your credentials for the account you need to run the test with, enter the following (you may not see the text being entered), but you should still get the reply displayed.
    
    <rpc><get-system-information/></rpc>
    <rpc><close-session/></rpc>
    
    If that works, could you paste your ansible playbook, I'm interested to see how you are making the connection.
    
    Thanks


    ------------------------------
    Andy Sharp
    ------------------------------



  • 5.  RE: Pyez and Ansible error with Junos: 20.4R3.8

    Posted 09-17-2022 08:01
    I tried and got the same issue with below message. 

    " error: unknown command: xml-mode

    error: permission denied: netconf" 

    Regards,

    Tayzar Lwin