Posted on May 3, 2020 2:03 pm
 |  Asked by Aleksandr Klimenko
 |  100 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hello!

I’ve just read an article https://eos.arista.com/arista-robot-testing/ about network validation and started building demo using Arista Robot Framework and network_validation-1.0.1.tar.gz package.

I started with a simple topology of 2 switches based on cEOS-lab 4.23.2F. For external connectivity I exposed 443 and 80 ports like this “127.0.0.1:9001->80/tcp, 127.0.0.1:8001->443/tcp”.

Using python I can get access to eAPI:

eapi_param = pyeapi.client.connect(
transport=’http’,
host=’localhost’,
username=’admin’,
password=’admin’,
port=9000,
)
eapi = pyeapi.client.Node(eapi_param)

version_info = eapi.run_commands([‘show version’,])
print(version_info)

[{‘memTotal’: 65931188, ‘cEosToolsVersion’: ‘1.1’, ‘uptime’: 30838457.12, ‘modelName’: ‘cEOSLab’, ‘internalVersion’: ‘4.23.2F-15405360.4232F’, ‘mfgName’: ”, ‘serialNumber’: ”, ‘systemMacAddress’: ’00:02:53:70:03:df’, ‘bootupTimestamp’: 1557660755.0, ‘memFree’: 20228108, ‘version’: ‘4.23.2F’, ‘architecture’: ‘i686’, ‘isIntlVersion’: False, ‘internalBuildId’: ‘4cde5c53-3642-4934-8bcc-05691ffd79b3’, ‘hardwareRevision’: ”}]

But with Robot framework I see this error:

ConnectionError: Unauthorized. Unable to authenticate user: Bad username/password combination

I did some checks but couldn’t find any reason for that. I printed out routines (suites) to check login and password:

[‘USERNAME:admin’,
‘ENABLEPWD:’,
‘PASSWORD:admin’,
‘TRANSPORT:http’,
‘VLA-1_HOST:localhost’,
‘VLA-1_PORT:9000’,
‘VLA-2_HOST:localhost’,
‘VLA-2_PORT:9001’]

Then I checked tcpdump on a container:

09:50:13.896700 02:42:37:cd:af:b1 > 02:42:ac:19:00:02, ethertype IPv4 (0x0800), length 431: (tos 0x0, ttl 64, id 13351, offset 0, flags [DF], proto TCP (6), length 417)
    172.25.0.1.53118 > 172.25.0.2.80: Flags [P.], seq 1:366, ack 1, win 6, options [nop,nop,TS val 306871198 ecr 1120023093], length 365: HTTP, length: 365
POST /command-api HTTP/1.1
Host: localhost:9000
Accept-Encoding: identity
Content-type: application/json-rpc
Content-length: 170
Authorization: Basic YWRtaW4gcGFzc3dvcmQ9YWRtaW46YWRtaW4=

{“params”: {“format”: “json”, “version”: 1, “cmds”: [{“input”: “None”, “cmd”: “enable”}, “show version”]}, “jsonrpc”: “2.0”, “method”: “runCmds”, “id”: “139734330299856”}[!http]
09:50:13.896742 02:42:ac:19:00:02 > 02:42:37:cd:af:b1, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 6088, offset 0, flags [DF], proto TCP (6), length 52)
    172.25.0.2.80 > 172.25.0.1.53118: Flags [.], seq 1, ack 366, win 6, options [nop,nop,TS val 1120023093 ecr 306871198], length 0
09:50:16.351801 02:42:ac:19:00:02 > 02:42:37:cd:af:b1, ethertype IPv4 (0x0800), length 512: (tos 0x0, ttl 64, id 6089, offset 0, flags [DF], proto TCP (6), length 498)
    172.25.0.2.80 > 172.25.0.1.53118: Flags [P.], seq 1:447, ack 366, win 6, options [nop,nop,TS val 1120025548 ecr 306871198], length 446: HTTP, length: 446
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sun, 03 May 2020 09:50:16 GMT
Content-Type: text/plain
Content-Length: 62
Connection: keep-alive
Cache-control: no-store
Cache-control: no-cache
Cache-control: must-revalidate
Cache-control: max-age=0
Cache-control: pre-check=0
Cache-control: post-check=0
Pragma: no-cache
WWW-Authenticate: Basic realm=”COMMAND_API_AUTH”

Unable to authenticate user: Bad username/password combination[!http]

I tried to delete username and password and played with “enable password” but haven’t succeeded. And here is my current configuration:
username admin privilege 15 role network-admin secret sha512 $6$TYGrn/EhJqeTwMFq$5dqCAtffguC.wUbzXA8D6wm9X0Q07KiCeOYYMpOiVtPWQcd8ZdVHQkFYCAS1uNTGXyUB4I2ne5FFMpLMV8Jcq/
management api http-commands
protocol http
protocol http localhost port 80
protocol unix-socket
log-level debug
no shutdown

vla-1#sh management api http-commands
Enabled: Yes
HTTPS server: running, set to use port 443
HTTP server: running, set to use port 80
Local HTTP server: running, no authentication, set to use port 80
Unix Socket server: running, no authentication
VRFs: default
Hits: 2
Last hit: 412 seconds ago
Bytes in: 288
Bytes out: 682
Requests: 1
Commands: 2
Duration: 0.169 seconds
SSL Profile: none
FIPS Mode: No
QoS DSCP: 0
Log Level: debug
CSP Frame Ancestor: None
TLS Protocols: 1.0 1.1 1.2
User Requests Bytes in Bytes out Last hit
———– ————– ————– ————— —————
admin 1 288 682 412 seconds ago

URLs
———————————————
Ethernet1 : https://12.12.12.1:443
Ethernet1 : http://12.12.12.1:80
Management0 : https://172.25.0.2:443
Management0 : http://172.25.0.2:80
Unix Socket : unix:/var/run/command-api.sock
Local : http://localhost:80/command-api

Highly appreciate your comments on what could be the problem here.
Thank you!
Alex.

0
Posted by Kevin Grozis
Answered on May 4, 2020 1:32 pm

Hi Alex,

Are you able to share your network_validation.yml file so I can review your test parameters?  Also can you run network validation with debug: validate_network.py --debug and share this?

Thanks!

Kevin

0
Posted by Aleksandr Klimenko
Answered on May 6, 2020 5:58 pm

Hi Kevin!

Thank you for help, I've attached three files: yml description, robot list of checks, and results with debug. I also commented in robot config some local defined variables in *** Variables *** section.

Thank you!

Alex.

 

0
Posted by Leonid Ermilov
Answered on May 7, 2020 7:30 am

Hi Alexander,

I tried your files in the lab. Indeed, I also faced same issue with "Bad username/password combination".

Further, I did diff file between your robot test file and the one which works for me. I noticed that between username=${} and password=${} there is only one space character which is incorrectly parsed by RF. You need to use indents between variables within Keywords section.

I attached screenshot to highlight typo.

0
Posted by Aleksandr Klimenko
Answered on May 7, 2020 10:04 am

Thank you Leonid!

I made indentation changes and everything is working now as expected.

Post your Answer

You must be logged in to post an answer.