- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Python script times out during IOS download
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2019 02:43 AM - edited 05-04-2019 01:32 AM
Hi,
I have a Python script to download IOS file to switches but as TFTP server is not local it can take about 10 minutes to download. I have set Script-Timeout to 1800 and thought this would help but it makes no difference and script fails after 5 minutes while download is still in progress.
Script section to download the file:
if check_file_present (tftp_file_name) == 0:
easy.log_message("info", "Switch image file {} - upload starts".format(tftp_file_name))
easy.send_command("copy tftp://{srv}{path}{file} flash:\r\r".format(
srv=server,
path=tftp_file_path,
file=tftp_file_name))
Error message I can see in Process Log after 5 minutes:
File "", line 196, in
File "/mnt/host/lib/netmri_easy.py", line 88, in send_command
regex=regex
File "/usr/lib/python3.4/site-packages/infoblox_netmri/api/broker/v3_3_0/cli_connection_broker.py", line 221, in send_command
return self.api_request(self._get_method_fullname("send_command"), kwargs)
File "/usr/lib/python3.4/site-packages/infoblox_netmri/api/broker/broker.py", line 24, in api_request
params
File "/usr/lib/python3.4/site-packages/infoblox_netmri/client.py", line 227, in api_request
return self._make_request(url=url, method="post", data=data)
File "/usr/lib/python3.4/site-packages/infoblox_netmri/client.py", line 103, in _make_request
return self._send_request(url, method, data, extra_headers)
File "/usr/lib/python3.4/site-packages/infoblox_netmri/client.py", line 129, in _send_request
raise HTTPError(res.json(), response=res)
requests.exceptions.HTTPError: {'error': 'general/cli-error', 'message': 'Device command timeout or connection lost.'}
***
LPNLROT20S313#show flash: | include c2960-lanbasek9-mz.122-55.SE12.bin
LPNLROT20S313#copy tftp://10.xxx.xxx.xxx/Cisco/2960/c2960-lanbasek9-mz.122-55.SE12.bin flash:
Destination filename [c2960-lanbasek9-mz.122-55.SE12.bin]?
Accessing tftp://10.xxx.xxx.xxx/Cisco/2960/c2960-lanbasek9-mz.122-55.SE12.bin...
Loading Cisco/2960/c2960-lanbasek9-mz.122-55.SE12.bin from 10.xxx.xxx.xxx (via Vlan300): !!!!!!!!!!!!!!!!!!
Any suggestions how to fix that? I've even set exec-timeout under VTY session on the switch for 30 minutes but still makes no difference.
Thanks
Re: Python script times out during IOS download
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2019 08:59 AM
I don't have an answer to your direct question -- hopefully Sif does.
But FWIW, you can probably speed up the file transfers by switching to a TCP-based method -- HTTP(S), FTP, SCP, etc. On the IOS devices, improve the throughput by addding:
ip tcp mss 1460 !Lower if VPN or other encapsulation overhead
ip tcp selective-ack
ip tcp windows 65536
Also, "ip ssh timeout" is not a keep-alive. It only limits how long a device that is initiating a connection will wait for the SSH session to become established.
And lastly, IOS 12.2(55)SE12 is really old and has a list of vulnerabilities according to the SotwareChecker. Fixes are in 12.2(55)SE13 which is not yet available to download. But a better choice would be 15.0(2)SE12 which we still run in over 80 (EOL) 2960 switches.
Re: Python script times out during IOS download
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2019 01:32 AM - edited 05-04-2019 01:35 AM
Hi,
Yes, our switches are really old and this is just keeping them more secure till they are replaced. According to CISCO website IOS 12.2(55)SE12 is the recommended MD firmware and I can't see any bugs for our switch model.
Also, I am a bit worried to go to version 15 as not sure how much has the syntax and commands changed and we don't have a spare switch to test it on.
Also, when tried ftp as transfer method it doesn't even ask me for username and password (probably not supported in the current IOS) and I can't create anonymous account on the server.
That SSH timeout is actually an exex-timeout under VTY session (my bad for wrong facts) so this should keep session alive for 30 minutes, shouldn't it?
Re: Python script times out during IOS download
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2019 12:23 PM
Did you ever get this to work correctly?
What I didn't ask before was did you try the syntax for FTP as "copy ftp://userass@server/..."
Re: Python script times out during IOS download
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2019 01:48 AM
In the end I've solved it by using FTP which downloads the file in under 5 mins. I didn't test that on bigger files which may take longer so it may still fail but I hope that timeout value will work with FTP.
With 2960 series switches you have to set FTP username and password within the config (which is stupid) instead of defining it in FTP connection as on many other devices (thanks CISCO! )
Suggestion with TFTP from Infoblox engineer was to use async_command (see below example) which was still failing due to missing the regular expression. Found on some Python forum to put: file=tftp_file_name),720, "#") but I don't think this was the right one as it was still failing. Swapped to FTP (after finally finding a way how to work with authenticated FTP on Cisco 2960) so didn't bother trying different signs. I think it's something else than "#" to be returned after script is finished.
TFTP Async command example:
if check_file_present (tftp_file_name) == 0:
easy.log_message("info", "Switch image file {} - upload starts".format(tftp_file_name))
easy.send_async_command("copy tftp://{srv}{path}{file} flash:\r\r".format(
srv=server,
path=tftp_file_path,
file=tftp_file_name),720, "#")