ktbyers / netmiko Goto Github PK
View Code? Open in Web Editor NEWMulti-vendor library to simplify Paramiko SSH connections to network devices
License: MIT License
Multi-vendor library to simplify Paramiko SSH connections to network devices
License: MIT License
The following question will occur when you end the config mode at IOS XR without commit:
RP/0/0/CPU0:ios-xrv(config)#end
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Invest in static analysis tools which will help improve code readability, maintainability, and extensibility.
As an example, here's the final output of pylint
against Netmiko's (current) master branch:
Global evaluation
-----------------
Your code has been rated at 6.08/10 (previous run: 6.08/10, +0.00)
Besides the CLI tool pylint
, other tools that integrate with GitHub include:
There are many other tools, but those are ones I've used. They do things like:
Juniper's CLI supports multiple configuration modes. The more common ones:
The config_mode()
method should incorporate these three common modes. I can work on this later, but an (untested) example is below.
def config_mode(self, mode=''):
'''
First check whether currently already in configuration mode.
Enter config mode (if necessary), specifying the appropriate mode. `mode` is blank
by default (global config mode).
'''
supported_modes = ("", "private", "exclusive")
if mode not in supported_modes:
raise ValueError("Unsupported mode: {0}".format(mode))
output = self.send_command('\n', strip_prompt=False, strip_command=False)
if not '[edit' in output:
command = "configure " + mode + "\n"
output += self.send_command(command, strip_prompt=False, strip_command=False)
if 'unknown command' in output:
raise ValueError("Failed to enter configuration mode")
if not '[edit' in output:
raise ValueError("Failed to enter configuration mode")
return output
Potentially use ')#' as a solution.
Look at what HP ProCurve does in config mode and wider sample of what Cisco does.
These tests need improved
Need unit tests for Comware (located in the netmiko/tests directory).
I am currently returning strings instead of booleans for some functions like enable(), config_mode() would returning booleans be more logical?
Might also exist in other contexts as well.
This is used for HP ProCurve switches.
If ~ssh/id_rsa.pub or ~ssh/id_dsa.pub Paramiko will try to use these and will not use the username/password that you specify.
establish_connection method in BaseSSHConnection prints "SSH connection established to {0}:{1}" even if the device the session is attempting to connect to is not a valid host on the network. Perhaps this message should be moved down right before line 96:
self.remote_conn = self.remote_conn_pre.invoke_shell()
Should improve to all for regular expression patterns.
This changed because of changing find_prompt() behavior and now the unit tests need corrected.
I added some tests into the test_cisco_ios.py, but the tests should be more robust (for example, cover alternate search_patterns than the router prompt; verify that exceptions are actually generated correctly for failure).
Use this instead so not a config command change:
terminal pager 0
Currently, tests require a module that's not part of the repository (for security reasons). However, there's no documentation (other than a note in an issue) as to how to supply the necessary information. Additionally, the tests have hard-set expectations for prompts (and possibly other items). See excerpt below.
module.EXPECTED_RESPONSES = {
'base_prompt' : 'pynet-rtr1',
'user_exec_prompt' : 'pynet-rtr1>',
'enable_prompt' : 'pynet-rtr1#',
'interface_ip' : '10.220.88.20',
'config_mode' : '(config)',
}
This means that if a user contributing code (and new tests) wants to actually test his/her changes, he/she must have a device setup precisely this way. Being able to parse a YAML file (in .gitignore
) with credentials, expected prompts, IPs, etc. would significantly increase the flexibility and accessibility of these tests.
IOS-XR case
NX-OS case
HP ProCurve case
This issue will be the design spec for Junos and IOS-XR on commit/confirm/rollback
What needs to be included here (please add items I am missing):
What does it do, when does it get updated, is it named properly.
Placeholder as I am concerned how I am currently using this is going to cause problems/confusion.
There are Juniper prompts that are currently not stripped from output. See below.
❯ ssh 10.10.1.1
--- JUNOS 12.1X44-D25.5 built 2013-10-24 20:59:21 UTC
No alarms currently active
{primary:node0}
[email protected]> start shell
% rlogin -T node1
�
--- JUNOS 12.1X44-D25.5 built 2013-10-24 20:59:21 UTC
No alarms currently active
{secondary:node1}
[email protected]>
The method strip_context_items()
does not currently strip these from output. I will submit a PR for this.
Key-based SSH authentication can be highly desirable, particularly for automation. In #1, though, it was explicitly and statically disabled.
I propose that this be parameterized with a sane default of disabling SSH keys. I will be working on an implementation as I require this functionality for an upcoming project. It will probably be poorly considered as it is strictly for demonstrative purposes, but I may submit a PR with that change within the next week.
What about adding checkpoint device_type. I can test on :
1.CP 1100
2.Edge UTM-1
3. VSX
Also probably a commit confirm time
Both Junos and IOS XR support the Commit Confirm feature. This may be a feature worth implementing it as it can save you from a lot of things. One use case is a commit confirm with a sufficient timeout to run automated tests, at which point the automated tests (or scripts or whatever) can commit the configuration permanently. This can save you from committing a bad change that kills connectivity to the box.
Cleaner to do it this way.
Pip is generally the default ecosystem for installing Python modules. Putting NetMiko in pip could make it easier/more familiar to install and update NetMiko for end users.
setup.py fails to install hp package, leading to ImportError exception when importing netmiko.
Fixed by adding 'netmiko/hp' to packages list in setup.py
Traceback (most recent call last):
File "setup.py", line 3, in
import netmiko
File "/home/c102/c1021058/devel/netmiko/netmiko/init.py", line 1, in
from ssh_dispatcher import ssh_dispatcher
ImportError: No module named 'ssh_dispatcher'
The Juniper methods do not implement check_config_mode()
. This causes unexpected behavior and unnecessary duplication of code when trying to implement other features. The current config_mode()
method in the Juniper file, for example, could be eliminated and a config_mode(config_command="configure")
(from ssh_connection.py) could be used instead. I can work on this later, but here are a few notes.
The existing check_config_mode()
method should be usable like this: check_config_mode(check_string='[edit')
. That should enable certain methods to be written like this:
def config_mode(self):
'''
First check whether currently already in configuration mode.
Enter config mode (if necessary)
'''
if not self.check_config_mode(check_string='[edit'):
output += self.send_command('configure\n', strip_prompt=False, strip_command=False)
if 'unknown command' in output:
raise ValueError("Failed to enter configuration mode")
if not '[edit' in output:
raise ValueError("Failed to enter configuration mode")
return output
Other methods could be written as well to take advantage of the check_config_mode()
method, such as exit_config_mode()
. commit()
could probably be rewritten to use check_config_mode()
as well as it doesn't make much sense to check to see if you're in config mode, then enter config mode if you're not, then commit the config. That's typically not a valid workflow, and there typically isn't a use case for committing nothing. Maybe there's one I haven't considered, though.
Just wondering what the delay_factor in send_command() is for?
It seems to me it is a delay to wait for output from the device, before receiving it.
My issue lays with grabbing running configuration from Cisco gear - as it seems with a small delay factor all that is received is "Building configuration...\n". Some of the older Sup 720's etc with large configurations can take 40 seconds + to display the running configuration.
Is there no way to wait till a command is processed, instead of a delay factor?
Not a secure way to do this. Should allow for a secure way for this to be accomplished.
This is not what this test does anymore and should be renamed.
send_command_expect() should stop at the expect_string() and return only up to the end of the expect_string.
strip_prompt parameter should be renamed to give you the option of stripping the expect_string which is normally the prompt.
It currently stops on the expect_string, but catches all the data in the output buffer including after the expect_string.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.