Articles in this section

See more

error-type application error-tag access-denied on an interface update

Avatar
DevNet Support
Updated
Follow

 

Unable to do a 'crud.update' on an interface.

seeing   <rpc-error> <error-type>application</error-type> <error-tag>access-denied</error-tag> What needs to be done in order to run a python script and do updates on router.

 For starters, on the routers, 'show user tasks' gives me:

   Task:            interface  : READ    WRITE    EXECUTE    DEBUG

 So,trying to update the 'mtu' within an interface as seen in code:

(Tried just updating description on another test, same exact error.) 

-----------------------------------------------------

from ydk.services import CRUDService

from ydk.providers import NetconfServiceProvider

from ydk.models.cisco_ios_xr import Cisco_IOS_XR_ifmgr_cfg as xr_ifmgr_cfg

import logging 

    provider = NetconfServiceProvider(address="xyz.abc", port=830, username="me",password="password",protocol="ssh")

    ## create CRUD service

    crud = CRUDService() 

    interface_configuration = xr_ifmgr_cfg.InterfaceConfigurations.InterfaceConfiguration()

    interface_configuration.interface_name ="HundredGigE0/5/0/6" 

    # read data from NETCONF device

    interface_configuration = crud.read(provider, interface_configuration) 

    # Just print to see what I have currently before changing

    m1=''

    owner1=''

    print type(interface_configuration.mtus.mtu)

    for mtu in interface_configuration.mtus.mtu:

        print 'mtu=', mtu.mtu

        m1=mtu.mtu

        print 'owner=', mtu.owner

        owner1=mtu.owner 

    interface_configuration.mtus.mtu[0].mtu = 9200 #    mtu = interface_configuration.mtus.Mtu()

    interface_configuration.mtus.mtu[0].owner = owner1 

    interface_configurations = xr_ifmgr_cfg.InterfaceConfigurations() 

    interface_configurations.interface_configuration.append(interface_configuration) 

    print "Starting the update" 

    crud.update(provider, interface_configurations) 

    print "Finished the update"

-----------------------------------------------------

 However, getting output like this:

 <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <edit-config>

    <target>

      <candidate/>

    </target>

    <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">

      <interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">

        <interface-configuration>

          <active>act</active>

          <interface-name>HundredGigE0/5/0/6</interface-name>

          <description>Big Box to hu0/1/0/1-xyz.abc01</description>

          <ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">

            <addresses>

              <primary>

                <address>61.150.26.62</address>

                <netmask>255.255.255.252</netmask>

              </primary>

            </addresses>

          </ipv4-network>

          <ipv6-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg">

            <addresses>

              <regular-addresses>

                <regular-address>

                  <address>1111:222:3333::667</address>

                  <prefix-length>126</prefix-length>

                  <zone>0</zone>

                </regular-address>

              </regular-addresses>

            </addresses>

          </ipv6-network>

          <mtus>

            <mtu>

              <owner>HundredGigE</owner>

              <mtu>9200</mtu>

            </mtu>

          </mtus>

        </interface-configuration>

      </interface-configurations>

    </config>

  </edit-config>

</rpc>

 2017-06-28 10:00:11,721 - ydk.providers._provider_plugin - DEBUG -

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv6-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network-forwarding</error-path>

  </rpc-error>

</rpc-reply>

 2017-06-28 10:00:11,722 - ydk.services.crud_service - INFO - UPDATE operation completed

 -----------------------------------------------------------------

Clearly a permission issue on the router side. You may want to share the config on that.  A bit outside the scope of YDK, but someone may be able to help.  If possible, I'd remove permissions and incrementally add them back until the breaking point is found.

 

  • Yes, this has turned out to be just a permissions level thing with the account (my username/password) I was set up with.  The root users, who ran my script for me, with their username/password worked like a champ.

 

Comments

0 comments

Please sign in to leave a comment.