Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Info returned by Palo Alto 5 devices is partly missing

See original GitHub issue

To be honest, I’m quite puzzled with this issue.
Some commands seem to run but do not produce any output. While executing others, netmiko seems to never return and waits for output indefinitely.
I’ve been trying to pin down the problem in the handling classes but can’t seem to pin it down exactly. I’ve got a PA-2050 with PanOS 5 for testing netmiko with it.

Here is the script I’m using to test it:

from netmiko import ConnectHandler

panos = {
    'device_type': 'paloalto_panos',
    'ip':          'x.x.x.x',
    'username':    'xxx',
    'password':    'xxx',
}

config_commands = [
    'show system info',
    #'show system resources', # next command after this will hang
    'show system services',
    #'show system software status', # next command after this will hang
    'show system state' 
]

net_connect = ConnectHandler(**panos)
out = ""
for cmd in config_commands:
    print("Executing %s" % cmd)
    out += "-------------"
    out += net_connect.send_command(cmd)

print(out)

net_connect.disconnect()

If I uncomment either the resource or the software status command, the script will never return from it’s call.
Regarding the other three commands: info and state return empty outputs with only one word (“show”), services returns the correct output:

$> python panos.py
show

show

HTTP       : Disabled
HTTPS      : Enabled
Telnet     : Disabled
SSH        : Enabled
Ping       : Enabled
SNMP       : Disabled
show

What these commands should be putting out:

admin@PA-2050> show system info

hostname: PA-2050
ip-address: x.x.x.x
netmask: x.x.x.x
default-gateway: x.x.x.x
(...)

(show system services omitted as it works)

admin@PA-2050> show system state

local.info: { 'cpu_clock': 500000000, 'family': 2000, 'model': PA-2050, 'name': xx, 'processor_id': 0, 'role': xx, 'slot': x, }
cfg.agent.max-buckets: xxx
cfg.agent.max-entries: xxx
(...)

I have the feeling that something might be off with either the command stripping and/or the prompt detection.
I boiled down the example a bit as I’ve tested this with more commands - I can provide the full output if that is of any help to you.
I’m more than willing to look into the issue but I could need some pointers where to start / what to test.
For now, have a nice weekend and thanks in advance!

Issue Analytics

State:
Created 6 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

Maddosauruscommented, Apr 24, 2019

Hi @carlniger!
We (kind of) mitigated the issue by switching over to using the PaloAlto API.
I would propose to close this issue for now as I’m bound up with other tasks right now.
If you’re interested, I can still attach a PoC/Log output to the closed ticket as soon as I have the time at hand to test this 😃

1reaction

Maddosauruscommented, Apr 16, 2018

Update from today: As a workaround using send_command_timing() works and the script runs as intended, without hanging commands or missing output (although the first part of a sent command is included in the parsed response). So my hypothesis is that there is something wrong with the prompt detection.
Any help on how to fix this would be greatly appreciated!