call home ssh issue
mpet opened this issue · 11 comments
Hi,
I am doing a call home for ssh using with the following config in Netopeer2.
https://github.com/CESNET/netopeer2/blob/master/example_configuration/ssh_callhome.xml
I seems that it is setting up Netopeer2 for ssh call home.
I need help to interpret logs.
What does this mean?
2024-10-02 10:56:29,167 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Trying to connect via IPv4 to 10.147.231.10:4334.
2024-10-02 10:56:29,671 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Timed out after 500 ms (Operation now in progress).
Is Netopeer2 trying to establish a connection to 10.147.231.10:4334 and it cannot ? Not sure what "Operation now in progress "
means.
br,
//mike
More extensive if needed.
2024-10-02 10:56:29,166 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: NP: Session 1: thread 2 event new RPC.
2024-10-02 10:56:29,167 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Call Home client "default-client" endpoint "default-ssh" connecting...
2024-10-02 10:56:29,167 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Trying to connect via IPv4 to 10.147.231.10:4334.
2024-10-02 10:56:29,671 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Timed out after 500 ms (Operation now in progress).
2024-10-02 10:56:34,674 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Call Home client "default-client" timeout of 5 seconds expired, reconnecting.
2024-10-02 10:56:34,674 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Trying to connect the pending socket 52.
2024-10-02 10:56:35,178 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Timed out after 500 ms (Operation now in progress).
All the information is in the logs, it means connect(2) was called but after 500 ms failed with EINPROGRESS. Look into the man page for more details regarding what it means exactly.
Is there an URL I can access for man pages?
Just search for man connect if you do not have the pages locally.
When I run I see this in the log:
[INF]: LN: getsockopt() error (Connection refused).
It does not really give an idea what is wrong.
Which file is handling this in libnetconf2?
The error message is wrong, I will fix it. It is actually still a connect() error, so again, look into the manual pages, errno ECONNREFUSED.
Is there a way to get more detailed log on what is happening in the ssh call home?
I can now see this:
2024-10-09 14:24:10,114 (Slf4jLogConsumer.java:73) INFO : STDERR: [INF]: LN: Successfully connected to host.testcontainers.internal:4334 over IPv4.
2024-10-09 14:24:10,116 (AbstractCallHome.java:30) INFO : Call Home accepted connection on host '127.0.0.1' [4334]
2024-10-09 14:24:10,117 (CallHomeSsh.java:58) INFO : Connection received from /127.0.0.1
2024-10-09 14:24:10,148 (Slf4jLogConsumer.java:73) INFO : STDERR: [ERR]: LN: SSH key exchange error (Socket error: disconnected).
2024-10-09 14:24:10,177 (Logger.java:51) DEBUG : Receive thread: error in receiveLoop
You may if you use -c SSH as netopeer2-server parameter (instead of -v2), it should add more SSH messages. I would suggest you also look at the client output.
I run the following when I set things up.
/usr/bin/sysrepocfg --import=/opt/dev/ssh_callhome.xml --datastore running --module ietf-netconf-server
The content of ssh_callhome.xml is:
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<call-home>
<netconf-client>
<name>default-client</name>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-client-parameters>
<remote-address>localhost</remote-address>
</tcp-client-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<endpoint-reference xmlns="urn:cesnet:libnetconf2-netconf-server">default-ssh</endpoint-reference>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
<connection-type>
<persistent/>
</connection-type>
</netconf-client>
</call-home>
</netconf-server>
The error message that I get is:
"[ERR] Invalid leafref value "default-ssh" - no target instance "/ncs:netconf-server/ncs:listen/ncs:endpoints/ncs:endpoint/ncs:name" with the same value. (path "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='default-client']/endpoints/endpoint[name='default-ssh']/ssh/ssh-server-parameters/client-authentication/libnetconf2-netconf-server:endpoint-reference")
[ERR] Validation failed.
sysrepocfg error: Invalid leafref value "default-ssh" - no target instance "/ncs:netconf-server/ncs:listen/ncs:endpoints/ncs:endpoint/ncs:name" with the same value. (path "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='default-client']/endpoints/endpoint[name='default-ssh']/ssh/ssh-server-parameters/client-authentication/libnetconf2-netconf-server:endpoint-reference") (Validation failed)
For more details you may try to increase the verbosity up to "-v3".
Why is 'default-ssh' wrong?
br,
//mike
You misunderstood what endpoint-reference is meant to point to. It is supposed to reference another endpoint (not the same one) that has a certain client authentication configuration so that your endpoint does not have to have a copy of the configuration and can simply reference the other one. Especially if you have only a single endpoint, you must correctly configure the client authentication according to the YANG module, meaning configure all the users that can successfully authenticate. You can look at the examples to get the basic idea.
Hi
I am using using the files in:
https://github.com/CESNET/netopeer2/blob/master/example_configuration/
I run this first:
/usr/bin/sysrepocfg --import=/opt/dev/ssh_listen.xml --datastore running --module ietf-netconf-server
I selected interactive so my config looks like this:
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<users>
<user>
<name>netconf</name>
<keyboard-interactive xmlns="urn:cesnet:libnetconf2-netconf-server">
<use-system-auth />
</keyboard-interactive>
</user>
</users>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
</listen>
</netconf-server>
And the reference point is default-ssh.
Then I run the:
/usr/bin/sysrepocfg --import=/opt/dev/ssh_callhome.xml --datastore running --module ietf-netconf-server
The content is:
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<call-home>
<netconf-client>
<name>default-client</name>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-client-parameters>
<remote-address>localhost</remote-address>
</tcp-client-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<endpoint-reference xmlns="urn:cesnet:libnetconf2-netconf-server">default-ssh</endpoint-reference>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
<connection-type>
<persistent/>
</connection-type>
</netconf-client>
</call-home>
</netconf-server>
This is when I get the error message.
So these does not work with the current configuration?
Okay, then I suppose it will work but you must use --edit=... (which merges the configuration) instead of --import=... (which replaces the configuration removing any previous one) for ssh_callhome.xml.