matt852 / netconfig Goto Github PK

@v1tal3 Hi V1tal3,
I encountered an issue that cannot delete cisco WLC after added it, it get bellow error. but I cant delete cisco switch or router or firewall, could you pls help to check this issue, thanks in advance.

I would like to add Python3 support in NetConfig, and eventually phase out Python2 support.

When clicking on an interface on a Cisco ASR router running IOS-XE, no info is displayed.

Due to the way the python library Netmiko handles sending commands and retrieving the output, it isn't possible to change a device's hostname in the iShell module. This is because Netmiko is expecting the original hostname in the output to know when the command has completed, so instead it just hangs.

I'd like to add in a toggle-able option for each interface, which will dropdown a box with additional interface info and stats (speed, duplex, POE status, traffic, etc)

If you switch to config mode in iShell, then refresh the page prior to exiting config mode, the interface table displays an error. Also for similar reasons, if in config mode in iShell, and you select an interface to view the config/stats about it, it spins but never loads.

These are both because the SSH session being used on the backend is still in config mode, so when the non-config commands are run on page refresh to repopulate the interface table, the commands error out.

I need to add support on page refresh to detect if the session is currently in config mode, and either fall back to privileged mode or add support to pull interface info while maintaining config mode.

Side note: If maintaining config mode, I'll need to verify that the iShell checkbox for 'Config mode' remains checked and active.

Currently you can only delete devices stored in the local database one at a time. I'd like to add support to delete multiple devices at a time.

In my Environment, I must turn off HTTP which breaks a few links.

Initial Login redirect, Using Home and Network -> View Devices links go to http://my.int.ip.addr/db/viewhosts/ most of the other links appear to work correctly.

Close Active SSH Sessions also appears go to http://my.int.ip.addr/index

I'm currently running 1.2.3 beta, but this problem has existed since the first release.

It may also be desirable to run on a non-standard HTTPS port, which most of the pages does work with.

Thanks for the great software and hard work.

AFAICT, ciscoconfparse should not be a dependency; it's only used in requirements.txt.

$ git clone https://github.com/v1tal3/netconfig
$ cd netconfig
$ pss ciscoconfparse
./requirements.txt
2:ciscoconfparse==1.2.55

pss is a python app that searches python code iteratively for a string in a source tree.

The commands entered when editing an interface are passed in the URL, but certain characters are manually converted before and after passing them as parameters. These need to be cleaned up and be properly encoded/decoded at each end instead.

Currently, there's a lot of config stored in app/init.py. This should be moved into it's own netconfig.py file.

This will help with deployability for setuptools (#65), and likely help with #40.

I'd like to add a button to edit multiple interfaces at once, in a similar fashion to the existing buttons for enabling/disabling multiple interfaces at once.

I need to add a loading animation to the 'Save Running-Config' modal on a device. Currently I have no way of knowing if the config is actively being saved, or if the modal encountered an error and is stuck, until the save operation completes.

Dear @v1tal3

Thank you for the remarkable tool that you and the project contributors made.

Recently, when I try to edit the configuration for a switch, e.g. changing the VLAN I get the following error.

The URL that I getting the error from is http://192.168.122.141/results/resultsinterfaceedit/16/251/0/?int=GigabitEthernet0/3

To re-create this issue

• Select the switch that you will like to modify
• Click on the icon to edit the desired port
• Update the access, voice or other information
• Hit submit
  Instead of Interface was successfully edited you will get error page 404.

Bug when editing an interface and using an underscore in the description. The underscore gets replaced with a single '/'

When importing multiple devices from CSV list, the import stops at the first time a hostname or IP address is duplicated and does not continue to other devices in the list.

Error appears:
Import Devices - Result
Error with import - Error during import of devices into database

But no indication of where it stopped in the list.

If there is a '#' in the Secret Key variable, then it does not appear at all on the settings page. It should appear but only display an asterisk.

Currently when using the local database, there is no error checking or detection for duplicate devices with the same IP address and/or hostname.

I'd like to add a select all checkbox to the main page when using a local database, for use when wanting to delete multiple/all devices

NetConfig should have the ability to be put into a Docker container for easy updating and deployment.

Add a new menu drop down for configuring NetConfig settings, instead of needing to manually edit the settings.py file stored on the server.

It's more natural to have two packages: one for interacting with cisco devices in python, and one for a web-application that utilizes this interface.

For example, one can use the cisco-client for developing another web app, with features like user and access management. Or the cisco-client can be used in CLI or automation applications.

There's a bug where if you access https://netconfig.domain.com/logout directly, an HTML 500 error page is shown. This needs to be automatically redirected back to the login page instead.

Currently under the user menu, it displays the number of active sessions. This should be expanded to show what they are connected to, and quickly be able to switch between them or disconnect from them.

Add an automatic check on the home page to notify user when an update is available on GitHub

There's a bug where I can select multiple interfaces on multiple pages, and enable them, but not disable them. I've already found a fix and plan to implement this soon, so this is purely for tracking purposes.

When editing a device saved in the local db and setting the "Use Local Credentials" setting to True/Yes, then clicking on the green button labeled "Go to [hostname]", a 500 error page appears in the Loading modal.

It currently places it at the beginning of the line.

iShell commands with an underscore in them do not work. This is most likely due to how the interface parameter is passed between pages, and needs to be reworked completely.

I'd like to add a button to import devices on the main pages when using the local db

Would be great to add Role Based access, example:
20 devices, 4 admins 1 super admin
super admin has access to all devices (maintains database)
4 admins have access to 5 devices each (cannot view/change each other devices)

Would it be possible to add the port description to the View Host Interfaces page?

NetConfig currently pulls the files for DataTables from CDN. However most enterprise management systems have limited/no access to the internet. I need to move these DataTables files to being stored locally, and reference them there instead.

There's a bug when adding a new device but setting the Use Local Credentials checkbox to True/Checked. When set, the host isn't added to the database. However I am able to add the host with it unchecked, then edit it after and set the Use Local Credentials setting to True, and it saves correctly.

Leverage the existing Netbox platform data instead of custom field defining platform type.

Instead of creating a custom field in net box defining platform data that Netconfig us, I recommend you leverage the platform data already associated to each device. Before this can happen, you would need some way to pull platform types and associate to Netconfig names platform.

I have upgraded to 1.3.1.
When logging in or clicking on View Devices, it shows Error 500 page.
Can't view any devices?
I'm sure its a local thing?

Currently when adding a new device with a duplicate hostname or IP address, it fails but doesn't provide any prompt or information pertaining to why. I'd like to add an error message stating that a specific field must be unique if it isn't already, or other more descriptive error messages.

Investigate using Python setuptools for bundling Flask apps.

See http://flask.pocoo.org/docs/0.12/patterns/distribute/. Also, this could play nicely with deploying the flask app package to a Python repository and interacting with #64 for Docker deployment.

The MAC address table displayed at the bottom of the Interface Info window doesn't display when pulling devices from Netbox. It does work when using the local SQLAlchemy database.

Reason:
In the file scripts_bank/pull_host_interfaces.py, in the function pullInterfaceInfo(), there is an 'if' statement that checks if the host.type == 'Switch'. This data is not stored in Netbox.

I need a better way to determine if a device in Netbox is a Switch, Router, or Firewall, as I only want this MAC address table to display for interfaces on Switches.

Hi, I am seeing a bug where if I hit the "Interface Info" button on an interface that has Status & Protocol as "up" it shows no information. If I try on a Down / Down interface then it displays all the information correctly. Any idea on what this can be? I am running V 1.3.6

There is an error when accessing IOS-XE devices retrieved from Netbox. NetConfig will throw up the 500 error page every time. However when changing the device type in Netbox to IOS, it works.

Example problem, though I can replicate this on other non-4510 IOS-XE devices
Vendor: Cisco
Model: WS-C4510R+E
Version: 3.8.4E (Sup 8E)

@v1tal3, I have a few ideas on some features I'd like to go implement, but I want to run them by you first so we can be on the same page and not accidentally end up implementing similar ideas.

Here's a list of features/items I'd like to work on:

1. Rework user authentication to user Flask-Login and save in database
   a. Future work to include LDAP support
   b. This really helps with implementing route authorization rather than the frontend templating trickery that's going on
   c. Also, API integrations (point 3), role-based access control, etc.
2. Integrate a credentials store for server-side SSH
   a. I believe you may already have done something like this by dropping credentials into Redis, but I'd rather have those stored in the database and not a memory cache.
3. Rework templates and Javascript to pull from an API
   a. This would reduce the work on server template rendering and allow others to build automation/tooling around this
   b. I'm thinking this would include drastically reducing the existing templates and having most frontend rendered by some Javascript framework
4. Asynchronous server-side polling of hosts
   a. Right now when pulling up a new host, the page can take a while to generate as everything in sourced on the fly from SSH and then rendered on the templates.
   b. I'm thinking something like the server SSHs into a host and indexes it in its database every 15 minutes. When an update is made, make that change in the database, and have the server run that command asynchronously.
   b. Points 2 and 3 alleviate the transition to this.
5. Ability to upload JSON templates for new devices
   a. My thought here is that we generalize common functions most appliances would have (uptime, show interfaces, VLANs, etc.) and use system specific commands based on the type of appliance. I believe you're already doing something like this, but having the ability for end user to craft their own JSON templates allows for faster implementation of new hardware.
6. Refactor and reduce the number of functions
   a. It could be my lack of full understanding of what all is written, but I'm seeing a lot of this function call that, which calls that, which calls that, etc. I'd like to refactor and reduce making it easier to follow for other developers.
7. Python3 support
   a. We've talked about this before, and it wouldn't be too terribly difficult to do. I've played around with it before, but I run into some issues and am having trouble following the full code path to resolve the issue.

These are some high-level items I'd like to implement. Let me know your thoughts!

Thanks,
Lucas

I was following the guid : http://netconfig.readthedocs.io/en/latest/installation/ubuntu16-04.html

Following everything exactly as posted, I get an error at the point of restarting netconfig:

netconfig@UBNT-SVR-03:~/netconfig$ sudo supervisorctl restart netconfig
netconfig: stopped
netconfig: ERROR (spawn error)

Supervisor will now not start netconfig.

Investigating the logs shows

netconfig@UBNT-SVR-03:/var/log/supervisor$ cat supervisord.log
2017-12-29 11:20:29,648 CRIT Supervisor running as root (no user in config file)
2017-12-29 11:20:29,650 WARN No file matches via include "/etc/supervisor/conf.d/*.conf"
2017-12-29 11:20:29,661 INFO RPC interface 'supervisor' initialized
2017-12-29 11:20:29,661 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2017-12-29 11:20:29,661 INFO supervisord started with pid 9488
2017-12-29 11:40:07,800 INFO spawned: 'netconfig' with pid 9914
2017-12-29 11:40:08,000 INFO exited: netconfig (exit status 3; not expected)
2017-12-29 11:40:09,002 INFO spawned: 'netconfig' with pid 9921
2017-12-29 11:40:09,201 INFO exited: netconfig (exit status 3; not expected)
2017-12-29 11:40:10,355 INFO spawned: 'netconfig' with pid 9928
2017-12-29 11:40:10,542 INFO exited: netconfig (exit status 3; not expected)
2017-12-29 11:40:13,554 INFO spawned: 'netconfig' with pid 9934
2017-12-29 11:40:13,739 INFO exited: netconfig (exit status 3; not expected)
2017-12-29 11:40:14,741 INFO gave up: netconfig entered FATAL state, too many start retries too quickly

After a reboot

2017-12-29 12:29:13,515 CRIT Supervisor running as root (no user in config file)
2017-12-29 12:29:13,516 INFO Included extra file "/etc/supervisor/conf.d/netconfig.conf" during parsing
2017-12-29 12:29:13,562 INFO RPC interface 'supervisor' initialized
2017-12-29 12:29:13,562 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2017-12-29 12:29:13,562 INFO supervisord started with pid 1175
2017-12-29 12:29:14,564 INFO spawned: 'netconfig' with pid 1473
2017-12-29 12:29:15,121 INFO exited: netconfig (exit status 3; not expected)

The file "/etc/supervisor/conf.d/netconfig.conf" is as expected, identical to that in the installation instructions.

Going through the .conf file, all the resources it references are correct (as far as I can see), /home/netconfig/netconfig exists and is populated, user netconfig exists and has root.

Not sure how to proceed from here.

I was setting up read only access to our 5K's for our server team with the command:

username serverteam password RandomPasswordContainingAn! role network-operator

The ! in the password stopped the command from sending to the device, remove the ! and the command sends successfully

I can't edit an interface with a command with a '/' in it.
For example, adding the command "description Test uplink to ge0/1" fails

I'm running a Cisco Catalyst 3750-E with Cisco IOS Software, C3750E Software (C3750E-IPBASEK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3).

Many functions return % Invalid input detected at '^' marker. I am not sure if this is related to issue #7 but it does have the same symptom.

What does work:

• Show CDP Neighbors
• Show Inventory
• Show Version
• Viewing host interfaces
• Viewing particular interfaces (partial, see below)

What does not work:

• Show Running Config
• Show Startup Config
• Viewing particular interfaces (partial, see below)

Attempting to view a particular interface will return a result like this

Attempting to view the run config:

I'm happy to collect logs and run further trials. Thanks!

Got this error

error: <class 'xmlrpclib.Fault'>, <Fault 92: "CANT_REREAD: File contains no section headers.\nfile: /etc/supervisor/conf.d/netconfig.conf, line: 1\n' [program:netconfig]\n'">: file: /usr/lib/python2.7/xmlrpclib.py line: 800

You need to remove the spaces before the lines of text here at the "Contents of /etc/supervisor/conf.d/netconfig.conf" section

[program:netconfig]
command = gunicorn app:app -b localhost:8000
directory = /home/netconfig/netconfig
user = netconfig

Is there a way to insert my enable secret? I can only run commands at User Exec mode.
Switch>show run ^ % Invalid input detected at '^' marker. Switch>

SQL Alchemy allows for an easy way to point to a different database source. Currently, we're using SQLite for the database.

Some comments: investigate using the database for more than just storing hosts. Build a better user framework, LDAP (as listed in #48), integrations (already such as Netbox), store device data in the database (?).

Stretch: test out using a separate machine for database hosting. Join this with #64.

Me again!
I've tried the upgrade again using the upgrade.sh.
It's showing as successful upgrade to 1.3.4a, but showing a spawn error

sudo supervisorctl start netconfig
netconfig: ERROR (spawn error)

When browsing to netconfig server I get an nginx error 502 bad gateway
nginx error log shows:

2018/02/21 15:05:17 [error] 15857#15857: *4 connect() failed (111: Connection refused) while connecting to upstream, client: 10.95.130.77, server: netconfig.sanitised.uk, request: "GET /login HTTP/1.1", upstream: "http://127.0.0.1:8000/login", host: "10.95.130.80"
2018/02/21 15:05:17 [error] 15857#15857: *4 connect() failed (111: Connection refused) while connecting to upstream, client: 10.95.130.77, server: netconfig.sanitised.uk, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8000/favicon.ico", host: "10.95.130.80", referrer: "https://10.95.130.80/login"