Skip to content
This repository has been archived by the owner on Mar 28, 2022. It is now read-only.

"show full-configuration" and "show" commands return timeout exceptions #20

Open
tux-00 opened this issue Jun 19, 2017 · 6 comments
Open

Comments

@tux-00
Copy link

tux-00 commented Jun 19, 2017

Hardware: FortiGate 40C

This code is returning a timeout since it take a long time to retrieve all the configuration :

>>> from pyFG import FortiOS, FortiConfig
>>> d = FortiOS(hostname="10.76.0.252", username="admin", password="***********")
>>> d.open()
>>> d.execute_command('show full-configuration')
Executing commands:
 show full-configuration
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/pyFG/fortios.py", line 152, in execute_command
    for e in error_chan.read():
  File "/usr/local/lib/python2.7/dist-packages/paramiko/file.py", line 192, in read
    new_data = self._read(self._DEFAULT_BUFSIZE)
  File "/usr/local/lib/python2.7/dist-packages/paramiko/channel.py", line 1305, in _read
    return self.channel.recv_stderr(size)
  File "/usr/local/lib/python2.7/dist-packages/paramiko/channel.py", line 715, in recv_stderr
    raise socket.timeout()
socket.timeout

In my tests (local network) it takes about :

  • 7 minutes to retrieve show full-configuration command result,
  • 10/15 seconds to retrieve show command result.
@StefanLindblom
Copy link
Contributor

Hi there!
Just want to acknowledge your reported issue.

Two questions:

  1. How big is the output of show vs show full-configuration ? (amount of lines)
  2. I looked at your PR - just curious how you came to the value of 30 seconds? Was that a sweet spot?

Thanks!
/Stefan

@tux-00
Copy link
Author

tux-00 commented Jun 26, 2017

Hi!

  1. I tested with a firewall with about 3400 lines but other clients are between 3000/4000 lines for show full-configuration command. With show command I get about 3200 lines.
  2. I've seen a timeout value of 60 seconds by default when the connection request is made. I think that there is a little chance of connection lost between the connection and the first SSH command but tell me if I'm wrong.

PS: After a talk with a network engineer, I'm not on local network but inside a VPN. Maybe the 30 seconds make sense when the connection is slow.

@cluelessperson
Copy link

Yup, it seems that large configs are truncated.

The full traceback is: File "/tmp/ansible_fHSN8_/ansible_module_fortios_config.py", line 132, in main f.load_config(path=module.params['filter']) File "/backups/scripts/pyfg-0.50/pyFG/fortios.py", line 216, in load_config self.running_config.parse_config_output(config_text) File "/backups/scripts/pyfg-0.50/pyFG/forticonfig.py", line 378, in parse_config_output current_block = current_block.get_parent()

The fact that it seems to be missing a parent for me, implies it truncated/lost lines.

Possibly paramiko's default SSH recv buffer?

@bitdelivery
Copy link

I am getting the same thing on firewall with minimal config running 5.4.5.

from pyFG import FortiOS, FortiConfig
d = FortiOS(hostname="172.16.1.1", username="ansible", password="************")
d.open()
d.execute_command('show full-configuration')
Traceback (most recent call last):
File "", line 1, in
File "/home/brandon/.local/lib/python2.7/site-packages/pyFG/fortios.py", line 151, in execute_command
for e in error_chan.read():
File "/home/brandon/.local/lib/python2.7/site-packages/paramiko/file.py", line 193, in read
new_data = self._read(self._DEFAULT_BUFSIZE)
File "/home/brandon/.local/lib/python2.7/site-packages/paramiko/channel.py", line 1342, in _read
return self.channel.recv_stderr(size)
File "/home/brandon/.local/lib/python2.7/site-packages/paramiko/channel.py", line 733, in recv_stderr
raise socket.timeout()
socket.timeout

@bitdelivery
Copy link

Storing the full configuration does work but took about 8 minutes.
Make sure you have "config system console", "set output standard" set.

a.open()
a.load_config('full')

@wilamike
Copy link

wilamike commented Feb 4, 2018

Increasing the timer from 5s to 30s fixes the same error I hit when I try to run "show" on a firewall from a server on another continent. Apparently network condition (e.g. network latency) is a contributing factor.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants