gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
1,575 views
Skip to first unread message
Peter Šuňa
Apr 19, 2021, 1:57:54 PM4/19/21
to sonicp...@googlegroups.com
Hello,
I'm trying to test gNMI functionality on SONiC device. Currently, I'm stuck, and I will be glad if someone could help me.
I have downloaded SONiC VS image
https://sonic-jenkins.westus2.cloudapp.azure.com/job/vs/job/buildimage-vs-image-202012/56/ and start it in GNS3.
1) gNMI server on port 8080 response with "authentication handshake failed".
I'm trying to reach running instance of telemetry at port 8080 from telemetry container. I can see that this port is running inside of telemetry container. Request with response I'm attaching in file "telemetry_8080.txt". I did not change password
settings, so I'm using default password "YourPaSsWoRd". Should I use some other type of authorization?
2) SONiC gNMI server is in read-only mode.
When I start inside telemetry container telemetry in binary mode:
"telemetry --port 3003 --insecure --allow_no_client_auth --logtostderr"
I'm able to sent get/subscribe/capabilities request. But when I tried to update interface mtu with "gnmi_set" client I will receive an error message:
"gnmi_set.go:190] Set failed: rpc error: code = Unimplemented desc = Telemetry is in read-only mode"
Request with response I'm attaching in file "gnmi_set.txt". Is there any option how to start telemetry without read-only state?
Thanks.
Best regards
Peter Suna
Software Developer
PANTHEON
.tech
Mlynské Nivy 56, 821 05 Bratislava
Slovakia
MAIL
/
Peter...@pantheon.tech
WEB
/
https://pantheon.tech
Eric Seifert
Apr 19, 2021, 2:23:06 PM4/19/21
to Peter Šuňa, sonicproject
1) This is not a response from the server but rather the client failing to connect via TLS. Can you verify the telemetry server is running and staying up? In your second example you use port 3003, is it possible you need to use 3003 here as well?
2) The read-only mode is set at build time, you will need to rebuild telemetry container with the build option: TELEMETRY_WRITABLE=y
--
You received this message because you are subscribed to the Google Groups "sonicproject" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonicproject...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/78756971dce54763b9ba766a554bb0cc%40pantheon.tech.
<gnmi_set.txt><telemetry_8080.txt>
Peter Šuňa
Apr 20, 2021, 11:50:54 AM4/20/21
to Eric Seifert, sonicproject
Hello Eric,
1) gNMI server on port 8080 response with "authentication handshake failed".
Yes
the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt").
I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080:
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000
I'm using port 3003 at second example because I start another telemetry server on that custom port.
2)
SONiC gNMI server is in read-only mode.
I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented
TELEMETRY_WRITABLE in file:
https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144
Then I run inside this repo:
git checkout 202012
make init
make configure PLATFORM=vs
make target/docker-sonic-telemetry.gz
Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container.
But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
Can you please point me how to do it in the correct way?
Thanks & regards
Peter
From: Eric Seifert <er...@seifert.casa>
Sent: Monday, 19 April 2021 8:23:01 PM
To: Peter Šuňa
Cc: sonicproject
Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
Sent: Monday, 19 April 2021 8:23:01 PM
To: Peter Šuňa
Cc: sonicproject
Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
Anand Kumar Subramanian
Apr 20, 2021, 4:17:35 PM4/20/21
to Peter Šuňa, Eric Seifert, sonicproject
Peter,
Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
-Anand
To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/e97e549b8f1e48a8b14bb9ad85e77544%40pantheon.tech.
This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
Anand Kumar Subramanian
Apr 26, 2021, 2:55:43 PM4/26/21
to Peter Šuňa, Seifert, Eric E, Eric Seifert, sonicproject
Eric,
Can you please help here?
-Anand
On Wed, Apr 21, 2021 at 2:02 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
Hi Anand,
here is that request. In first mail in this thread I sent in attachment (telemetry_8080.txt) similar request also with "gnmi_cli" client request. These requests were executed in a telemetry container inside SONiC device.
root@sonic:/# gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
== getRequest:
prefix: <
>
path: <
elem: <
name: "openconfig-interfaces:interfaces"
>
elem: <
name: "interface"
key: <
key: "name"
value: "Ethernet0"
>
>
elem: <
name: "config"
>
>
encoding: JSON_IETF
F0421 07:13:19.065002 69 gnmi_get.go:142] Get failed: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"
root@sonic:/#
I have noticed that default telemetry is started with parameter "--noTLS". When I start another telemetry with custom port and "--noTLS" parameter, I will have same issue. When I remove "--noTLS" and use "-insecure" or custom certificates I'm able to send a request to this custom telemetry. Except any modification at configuration, but this is related to part 2 of my first message in this thread "2) SONiC gNMI server is in read-only mode.".
root@sonic:/# ps -aux | grep telemetry
root 10 0.0 0.4 27640 18796 pts/0 S 07:06 0:00 python3 /usr/bin/supervisor-proc-exit-listener --container-name telemetry
root 19 0.4 1.4 1247940 59208 pts/0 Sl 07:06 0:12 /usr/sbin/telemetry -logtostderr --noTLS --port 8080 --allow_no_client_auth -v=2
root 130 0.0 0.0 3084 888 pts/1 S+ 07:58 0:00 grep telemetry
root@sonic:/#
Thanks & regards
Peter
From: Anand Kumar Subramanian <anand.su...@broadcom.com>
Sent: Tuesday, 20 April 2021 10:17:21 PM
To: Peter Šuňa
Cc: Eric Seifert; sonicproject
Yin, Jeff
Apr 26, 2021, 9:30:22 PM4/26/21
to Anand Kumar Subramanian, Peter Šuňa, Seifert, Eric E, Eric Seifert, sonicp...@googlegroups.com
Hi Anand, Peter,
Regarding the NoTLS setting, we came across this PR/commit:
https://github.com/Azure/sonic-buildimage/pull/6704
https://github.com/Azure/sonic-buildimage/commit/2e42ecb5e7623f13df94b637e485510534b3280b
Does anyone know pra-moh? Can they help support this?
Thanks,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/CADfq%3DU2K7LR8mDDfrQP3X0HK31Ksk2MFfgiU_pTwy-upgq8QCQ%40mail.gmail.com.
Message has been deleted
Guohan Lu
Apr 27, 2021, 2:09:02 AM4/27/21
to Yin, Jeff, anand.subramanian, Peter Šuňa, Seifert, Eric E, Pradnya Mohite, Hui Ma, eric, sonicp...@googlegroups.com
To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/BY5PR19MB3301ECE0A416D7C78CED8A6C9A419%40BY5PR19MB3301.namprd19.prod.outlook.com.
Pradnya Mohite
Apr 27, 2021, 1:47:25 PM4/27/21
to Guohan Lu, Yin, Jeff, anand.subramanian, Peter Šuňa, Seifert, Eric E, Hui Ma, eric, sonicp...@googlegroups.com
Hi Peter,
So issue is gnmi_set does not work with --insecure and --noTLS?
We dont have any plan to add support for gnmi_set in noTLs mode. For --inseure mode @Seifert, Eric E can comment?
From: Guohan Lu <gu...@microsoft.com>
Sent: Monday, April 26, 2021 11:08 PM
To: Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Pradnya Mohite <pra...@microsoft.com>; Hui Ma <hu...@microsoft.com>
Cc: eric <er...@seifert.casa>; sonicp...@googlegroups.com <sonicp...@googlegroups.com>
Subject: RE: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
Sent: Monday, April 26, 2021 11:08 PM
To: Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Pradnya Mohite <pra...@microsoft.com>; Hui Ma <hu...@microsoft.com>
Cc: eric <er...@seifert.casa>; sonicp...@googlegroups.com <sonicp...@googlegroups.com>
Subject: RE: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
Pradnya Mohite
Apr 27, 2021, 2:14:07 PM4/27/21
to eric, Guohan Lu, Yin, Jeff, anand.subramanian, Peter Šuňa, Seifert, Eric E, Hui Ma, sonicproject
In --insecure mode although certs are not verified but they are present. We have internal scenario where we cannot start with certs or make any config change to start in different mode. Hence noTLs is default. I will discuss more internally on this with team.
BTW Peter should be unblocked if gnmi_set with --insecure is working?
BTW Peter should be unblocked if gnmi_set with --insecure is working?
From: Eric Seifert <er...@seifert.casa>
Sent: Tuesday, April 27, 2021 10:51 AM
To: Pradnya Mohite <pra...@microsoft.com>
Cc: Guohan Lu <gu...@microsoft.com>; Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Hui Ma <hu...@microsoft.com>; sonicproject <sonicp...@googlegroups.com>
Subject: [EXTERNAL] Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
Sent: Tuesday, April 27, 2021 10:51 AM
To: Pradnya Mohite <pra...@microsoft.com>
Cc: Guohan Lu <gu...@microsoft.com>; Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Hui Ma <hu...@microsoft.com>; sonicproject <sonicp...@googlegroups.com>
Subject: [EXTERNAL] Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
The issue is that noTLS mode seems to be the default now when it should only be used for debugging. The default should be TLS mode with —insecure meaning that certificates are not verified
but traffic is still encrypted. Both gnmi_set and gnmi_get already support -insecure mode. Also, what sort of debugging is needed by noTLS mode anyway? I don’t think it should be needed at all.
-Eric
Heidi net
Jun 7, 2021, 10:52:28 AM6/7/21
to 'Pradnya Mohite' via sonicproject
Hello, I'm currently on leave with limited access to my email. I will reply to your email as soon as possible. Thank you.
On Apr 27, 2021, at 11:14 AM, 'Pradnya Mohite' via sonicproject <sonicp...@googlegroups.com> wrote:
> In --insecure mode although certs are not verified but they are present. We have internal scenario where we cannot start with certs or make any config change to start in different mode. Hence noTLs is default. I will discuss more internally on this with team.
>
> BTW Peter should be unblocked if gnmi_set with --insecure is working?
>
> >
>
> To unsubscribe from this group and stop receiving emails from it, send an email tosonicprojec...@googlegroups.com.
On Apr 27, 2021, at 11:14 AM, 'Pradnya Mohite' via sonicproject <sonicp...@googlegroups.com> wrote:
> In --insecure mode although certs are not verified but they are present. We have internal scenario where we cannot start with certs or make any config change to start in different mode. Hence noTLs is default. I will discuss more internally on this with team.
>
> BTW Peter should be unblocked if gnmi_set with --insecure is working?
>
> >
>
> From: Eric Seifert <er...@seifert.casa>
> Sent: Tuesday, April 27, 2021 10:51 AM
> To: Pradnya Mohite <pra...@microsoft.com>
> Cc: Guohan Lu <gu...@microsoft.com>; Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Hui Ma <hu...@microsoft.com>; sonicproject <sonicp...@googlegroups.com>
> Subject: [EXTERNAL] Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> The issue is that noTLS mode seems to be the default now when it should only be used for debugging. The default should be TLS mode with —insecure meaning that certificates are not verified but traffic is still encrypted. Both gnmi_set and gnmi_get already support -insecure mode. Also, what sort of debugging is needed by noTLS mode anyway? I don’t think it should be needed at all.
>
> -Eric
>
> On Apr 27, 2021, at 10:47 AM, Pradnya Mohite <pra...@microsoft.com> wrote:
>
> Hi Peter,
>
> So issue is gnmi_set does not work with --insecure and --noTLS?
>
> We dont have any plan to add support for gnmi_set in noTLs mode. For --inseure mode @Seifert, Eric E can comment?
>
> Sent: Tuesday, April 27, 2021 10:51 AM
> To: Pradnya Mohite <pra...@microsoft.com>
> Cc: Guohan Lu <gu...@microsoft.com>; Yin, Jeff <Jeff...@dell.com>; anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com>; Hui Ma <hu...@microsoft.com>; sonicproject <sonicp...@googlegroups.com>
> Subject: [EXTERNAL] Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> The issue is that noTLS mode seems to be the default now when it should only be used for debugging. The default should be TLS mode with —insecure meaning that certificates are not verified but traffic is still encrypted. Both gnmi_set and gnmi_get already support -insecure mode. Also, what sort of debugging is needed by noTLS mode anyway? I don’t think it should be needed at all.
>
> -Eric
>
> On Apr 27, 2021, at 10:47 AM, Pradnya Mohite <pra...@microsoft.com> wrote:
>
> Hi Peter,
>
> So issue is gnmi_set does not work with --insecure and --noTLS?
>
> We dont have any plan to add support for gnmi_set in noTLs mode. For --inseure mode @Seifert, Eric E can comment?
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/e97e549b8f1e48a8b14bb9ad85e77544%40pantheon.tech.
>
> This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
>
> This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
> --
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To unsubscribe from this group and stop receiving emails from it, send an email tosonicprojec...@googlegroups.com.
>
> This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
>
> This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
> --
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/CADfq%3DU2K7LR8mDDfrQP3X0HK31Ksk2MFfgiU_pTwy-upgq8QCQ%40mail.gmail.com.
> --
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To unsubscribe from this group and stop receiving emails from it, send an email tosonicprojec...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/BY5PR19MB3301ECE0A416D7C78CED8A6C9A419%40BY5PR19MB3301.namprd19.prod.outlook.com.
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sonicproject...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/sonicproject/MW2PR2101MB17857F7FE9A9D0A358A985FDC8419%40MW2PR2101MB1785.namprd21.prod.outlook.com.
> You received this message because you are subscribed to the Google Groups "sonicproject" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sonicproject...@googlegroups.com.
Heidi net
Jun 7, 2021, 10:52:53 AM6/7/21
to 'Pradnya Mohite' via sonicproject
Hello, I'm currently on leave with limited access to my email. I will reply to your email as soon as possible. Thank you.
On Apr 27, 2021, at 10:47 AM, 'Pradnya Mohite' via sonicproject <sonicp...@googlegroups.com> wrote:
> Hi Peter,
>
> So issue is gnmi_set does not work with --insecure and --noTLS?
>
> We dont have any plan to add support for gnmi_set in noTLs mode. For --inseure mode @Seifert, Eric E can comment?
>
> Hi Peter,
>
> So issue is gnmi_set does not work with --insecure and --noTLS?
>
> We dont have any plan to add support for gnmi_set in noTLs mode. For --inseure mode @Seifert, Eric E can comment?
>
> From: Anand Kumar Subramanian <anand.su...@broadcom.com>
> Sent: Tuesday, 20 April 2021 10:17:21 PM
> To: Peter Šuňa
> Cc: Eric Seifert; sonicproject
> Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
>
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric,
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port.
>
> 2) SONiC gNMI server is in read-only mode.
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
>
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container.
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
>
> Can you please point me how to do it in the correct way?
>
> > Thanks & regards
> Peter
>
>
>
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
>
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric,
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port.
>
> 2) SONiC gNMI server is in read-only mode.
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
>
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container.
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
>
> Can you please point me how to do it in the correct way?
>
> > Thanks & regards
> Peter
>
>
>
Heidi net
Jun 7, 2021, 10:55:23 AM6/7/21
to 'Guohan Lu' via sonicproject
Hello, I'm currently on leave with limited access to my email. I will reply to your email as soon as possible. Thank you.
On Apr 26, 2021, at 11:08 PM, 'Guohan Lu' via sonicproject <sonicp...@googlegroups.com> wrote:
> @Pradnya Mohite and @Hui Ma
>
> From: sonicp...@googlegroups.com <sonicp...@googlegroups.com> On Behalf Of Yin, Jeff > Sent: Monday, April 26, 2021 6:30 PM > To: anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com> > Cc: eric <er...@seifert.casa>; sonicp...@googlegroups.com > Subject: [EXTERNAL] RE: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Hi Anand, Peter,
>
> Regarding the NoTLS setting, we came across this PR/commit:
> https://github.com/Azure/sonic-buildimage/pull/6704
> https://github.com/Azure/sonic-buildimage/commit/2e42ecb5e7623f13df94b637e485510534b3280b
>
> Does anyone know pra-moh? Can they help support this?
>
> Thanks,
> Jeff
>
> From: 'Anand Kumar Subramanian' via sonicproject <sonicp...@googlegroups.com> > Sent: Monday, April 26, 2021 11:56 > To: Peter Šuňa; Seifert, Eric E > Cc: Eric Seifert; sonicproject > Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Eric,
>
> Can you please help here?
>
> -Anand
>
> On Wed, Apr 21, 2021 at 2:02 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hi Anand, > here is that request. In first mail in this thread I sent in attachment (telemetry_8080.txt) similar request also with "gnmi_cli" client request. These requests were executed in a telemetry container inside SONiC device.
>
> root@sonic:/# gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080 > == getRequest: > prefix: < > > > path: < > elem: < > name: "openconfig-interfaces:interfaces" > > > elem: < > name: "interface" > key: < > key: "name" > value: "Ethernet0" > > > > > elem: < > name: "config" > > > > > encoding: JSON_IETF > > F0421 07:13:19.065002 69 gnmi_get.go:142] Get failed: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake" > root@sonic:/#
>
>
> I have noticed that default telemetry is started with parameter "--noTLS". When I start another telemetry with custom port and "--noTLS" parameter, I will have same issue. When I remove "--noTLS" and use "-insecure" or custom certificates I'm able to send a request to this custom telemetry. Except any modification at configuration, but this is related to part 2 of my first message in this thread "2) SONiC gNMI server is in read-only mode.".
>
> root@sonic:/# ps -aux | grep telemetry > root 10 0.0 0.4 27640 18796 pts/0 S 07:06 0:00 python3 /usr/bin/supervisor-proc-exit-listener --container-name telemetry > root 19 0.4 1.4 1247940 59208 pts/0 Sl 07:06 0:12 /usr/sbin/telemetry -logtostderr --noTLS --port 8080 --allow_no_client_auth -v=2 > root 130 0.0 0.0 3084 888 pts/1 S+ 07:58 0:00 grep telemetry > root@sonic:/#
>
>
> Thanks & regards
> Peter
>
>
> @Pradnya Mohite and @Hui Ma
>
> From: sonicp...@googlegroups.com <sonicp...@googlegroups.com> On Behalf Of Yin, Jeff > Sent: Monday, April 26, 2021 6:30 PM > To: anand.subramanian <anand.su...@broadcom.com>; Peter Šuňa <Peter...@pantheon.tech>; Seifert, Eric E <Eric_E_...@Dell.com> > Cc: eric <er...@seifert.casa>; sonicp...@googlegroups.com > Subject: [EXTERNAL] RE: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Hi Anand, Peter,
>
> Regarding the NoTLS setting, we came across this PR/commit:
> https://github.com/Azure/sonic-buildimage/pull/6704
> https://github.com/Azure/sonic-buildimage/commit/2e42ecb5e7623f13df94b637e485510534b3280b
>
> Does anyone know pra-moh? Can they help support this?
>
> Thanks,
> Jeff
>
> From: 'Anand Kumar Subramanian' via sonicproject <sonicp...@googlegroups.com> > Sent: Monday, April 26, 2021 11:56 > To: Peter Šuňa; Seifert, Eric E > Cc: Eric Seifert; sonicproject > Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Eric,
>
> Can you please help here?
>
> -Anand
>
> On Wed, Apr 21, 2021 at 2:02 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hi Anand, > here is that request. In first mail in this thread I sent in attachment (telemetry_8080.txt) similar request also with "gnmi_cli" client request. These requests were executed in a telemetry container inside SONiC device.
>
> root@sonic:/# gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080 > == getRequest: > prefix: < > > > path: < > elem: < > name: "openconfig-interfaces:interfaces" > > > elem: < > name: "interface" > key: < > key: "name" > value: "Ethernet0" > > > > > elem: < > name: "config" > > > > > encoding: JSON_IETF > > F0421 07:13:19.065002 69 gnmi_get.go:142] Get failed: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake" > root@sonic:/#
>
>
> I have noticed that default telemetry is started with parameter "--noTLS". When I start another telemetry with custom port and "--noTLS" parameter, I will have same issue. When I remove "--noTLS" and use "-insecure" or custom certificates I'm able to send a request to this custom telemetry. Except any modification at configuration, but this is related to part 2 of my first message in this thread "2) SONiC gNMI server is in read-only mode.".
>
> root@sonic:/# ps -aux | grep telemetry > root 10 0.0 0.4 27640 18796 pts/0 S 07:06 0:00 python3 /usr/bin/supervisor-proc-exit-listener --container-name telemetry > root 19 0.4 1.4 1247940 59208 pts/0 Sl 07:06 0:12 /usr/sbin/telemetry -logtostderr --noTLS --port 8080 --allow_no_client_auth -v=2 > root 130 0.0 0.0 3084 888 pts/1 S+ 07:58 0:00 grep telemetry > root@sonic:/#
>
>
> Thanks & regards
> Peter
>
>
> From: Anand Kumar Subramanian <anand.su...@broadcom.com>
> Sent: Tuesday, 20 April 2021 10:17:21 PM
> To: Peter Šuňa
> Cc: Eric Seifert; sonicproject
> Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
>
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric,
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port.
>
> 2) SONiC gNMI server is in read-only mode.
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
>
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container.
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
>
> Can you please point me how to do it in the correct way?
>
> > Thanks & regards
> Peter
>
>
>
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
>
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric,
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port.
>
> 2) SONiC gNMI server is in read-only mode.
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
>
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container.
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
>
> Can you please point me how to do it in the correct way?
>
> > Thanks & regards
> Peter
>
>
>
Heidi net
Jun 7, 2021, 10:57:48 AM6/7/21
to 'Anand Kumar Subramanian' via sonicproject
Hello, I'm currently on leave with limited access to my email. I will reply to your email as soon as possible. Thank you.
> From: Anand Kumar Subramanian <anand.su...@broadcom.com>
> Sent: Tuesday, 20 April 2021 10:17:21 PM
> To: Peter Šuňa
> Cc: Eric Seifert; sonicproject
> Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
> >
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric, >
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port. >
> >
> 2) SONiC gNMI server is in read-only mode. >
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012 >
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
> >
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container. >
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
> >
> Can you please point me how to do it in the correct way? >
> >
> > Thanks & regards
> Peter >
>
>
>
> Sent: Tuesday, 20 April 2021 10:17:21 PM
> To: Peter Šuňa
> Cc: Eric Seifert; sonicproject
> Subject: Re: [SONiC] gNMI server on port 8080 response with "authentication handshake failed" & SONiC gNMI server is in read-only mode
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
> >
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric, >
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port. >
> >
> 2) SONiC gNMI server is in read-only mode. >
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012 >
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
> >
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container. >
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
> >
> Can you please point me how to do it in the correct way? >
> >
> > Thanks & regards
> Peter >
>
>
>
Heidi net
Jun 7, 2021, 11:26:19 AM6/7/21
to 'Anand Kumar Subramanian' via sonicproject
Hello, I'm currently on leave with limited access to my email. I will reply to your email as soon as possible. Thank you.
On Apr 20, 2021, at 1:17 PM, 'Anand Kumar Subramanian' via sonicproject <sonicp...@googlegroups.com> wrote:
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
> >
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric, >
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port. >
> >
> 2) SONiC gNMI server is in read-only mode. >
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012 >
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
> >
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container. >
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
> >
> Can you please point me how to do it in the correct way? >
> >
> > Thanks & regards
> Peter >
>
>
>
> Peter,
>
> Can you try the gNMI CLI get to ensure if the problem is in the server or in the client?
> You can use the gnmi_get binary that is there inside the switch(inside the telemetry docker) to test this out.
>
> ./gnmi_get -insecure -username admin -password broadcom -xpath /openconfig-interfaces:interfaces/interface[name=Ethernet0]/config -target_addr 127.0.0.1:8080
> >
> -Anand
>
> On Tue, Apr 20, 2021 at 8:50 AM Peter Šuňa <Peter...@pantheon.tech> wrote:
> Hello Eric, >
> 1) gNMI server on port 8080 response with "authentication handshake failed".
> Yes the telemetry server is running. I can see the running process inside the telemetry container. (attaching in file "telemetry_server.txt"). > > I tried java gnmi client, and it gave me this response when I tried to send a request on telemetry at port 8080: > Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 000006040000000000000500004000 > > I'm using port 3003 at second example because I start another telemetry server on that custom port. >
> >
> 2) SONiC gNMI server is in read-only mode. >
> I have tried to rebuild the telemetry image in sonic-buildimage repository. I have uncommented TELEMETRY_WRITABLE in file: > https://github.com/Azure/sonic-buildimage/blob/master/rules/config#L144 > Then I run inside this repo:
> git checkout 202012 >
> make init > make configure PLATFORM=vs
> make target/docker-sonic-telemetry.gz
> >
> Then I copy target/docker-sonic-telemetry.gz to running SONiC device. I have load this image and start it as telemetry container. >
> But it doesn't look like its running properly, when I start telemetry inside this container I will get errors (attaching in file "telemetry.txt").
> >
> Can you please point me how to do it in the correct way? >
> >
> > Thanks & regards
> Peter >
>
>
>
Reply all
Reply to author
Forward
0 new messages