Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
czinu
Contributor

VSX 80.30 getting routes via API does not work.

I am trying to get routes from vsx via API run_script and magic printf "set virtual-system 2\nshow route\nexit\n" | clish syntax mentioned in other topic.

I have several identical 80.30 VSXes and only on one of them I get failed task without any message as below.

(...)
"color" : "black",
"statusCode" : "failed",
"statusDescription" : "",
"taskNotification" : "187591fd-8e15-4710-a1ab-a19724379301",
"gatewayId" : "bc0d8a03-2f7f-469d-87b5-78f2c8b820f6",
"gatewayName" : "",
"transactionId" : 903060984,
"responseMessage" : "",
"responseError" : "",
"meta-info" : {
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1645086279249,
"iso-8601" : "2022-02-17T08:24+0000"
(...)

"set virtual-system 2\nshow route\nexit\n" | clish -d 3

I get following output:

CliDoOp(cli_db_set): buffer:
volatile:clish:admin:30173 t
CliDoOp: nothing in context->Respv

on working one I get:

CliDoOp(cli_db_set): buffer:
volatile:clish:admin:24441 t
CliDoOp: nothing in context->Respv
CliDoOp(cli_db_iterate_c): buffer:
volatile:mrma:users:user:admin:24439:role

CliDoOp: nothing in context->Respv
fw02:0> CliDoOp(cli_db_get): buffer:
xpand:auditlog
CliDoOp: context->Respv:
p
CliDoOp(cli_db_get): buffer:
xpand:auditlog
CliDoOp: context->Respv:
p
Action Handler
Context:
Name: virtual-system
Argv[] (Argc=3)
Argv[0]: set
Argv[1]: virtual-system
Argv[2]: 2
ValArr[] (ValCnt=1)
ValArr[0]: 2
TransactMode: false
CliDoOp(cli_db_get): buffer:
instance:2
CliDoOp: context->Respv:
t
CliDoOp(cli_db_iterate_c): buffer:
mrma:users:user:admin:role
CliDoOp: context->Respv:
adminRole
CliDoOp(cli_db_get): buffer:
mrma:roles:role:adminRole:vs_access:2

CliDoOp: nothing in context->Respv
CliDoOp(cli_db_get): buffer:
mrma:roles:role:adminRole:vs_access:MRMA_ALL

CliDoOp: context->Respv:
t
Context is set to vsid 2
Result:
Respv[] (Respc=0)
Nxtv[] (Nxtc=0)
CliDoOp(cli_db_iterate_c): buffer:
volatile:mrma:users:user:admin:24439:role

CliDoOp: nothing in context->Respv
fw02:2> CliDoOp(cli_db_get): buffer:
xpand:auditlog
CliDoOp: context->Respv:
p
CliDoOp(cli_db_get): buffer:
xpand:auditlog
CliDoOp: context->Respv:
p
Action Handler
Context:
Name: route
Argv[] (Argc=2)
Argv[0]: show
Argv[1]: route
ValArr[] (ValCnt=0)
TransactMode: false
(...)

from /var/log/messeges for this non-working request I get:

Feb 17 13:21:47 2022 fw01 xpand[20701]: admin localhost t +volatile:clish:admin:4304 t
Feb 17 13:21:48 2022 fw01 clish[4304]: User admin logged in with ReadWrite permission
Feb 17 13:21:48 2022 fw01 clish[4304]: failed to get the terminal settings.
Feb 17 13:21:48 2022 fw01 xpand[20701]: admin localhost t -volatile:clish:admin:4304
Feb 17 13:21:48 2022 fw01 clish[4304]: User admin logged out due to an error from CLI shell

from working one:

Feb 17 13:24:19 2022 fw02 xpand[14575]: admin localhost t +volatile:clish:admin:27639 t
Feb 17 13:24:19 2022 fw02 clish[27639]: User admin logged in with ReadWrite permission
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS0 by admin: Start executing : set virtual-system ... (cmd md5: eecddd39de35863cd473a8baacf2850b)
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS0 by admin: Processing : set virtual-system 2 (cmd md5: eecddd39de35863cd473a8baacf2850b)
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS2 by admin: Start executing : show route (cmd md5: 32edc6d9ebbb96f075ea7f0477b6285c)
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS2 by admin: Processing : show route (cmd md5: 32edc6d9ebbb96f075ea7f0477b6285c)
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS2 by admin: Start executing : sleep 2 (cmd md5: 618ae4070692cea86ce76b1ecfbb784b)
Feb 17 13:24:19 2022 fw02 clish[27639]: cmd in VS2 by admin: Start executing : exit (cmd md5: f24f62eeb789199b9b2e467df3b1876b)
Feb 17 13:24:19 2022 fw02 xpand[14575]: admin localhost t -volatile:clish:admin:27639

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

This is probably going to require a TAC case to investigate.

0 Kudos
czinu
Contributor

We have already opened one, so I will let know what is the outcome, so everyone can benefit from it : )

0 Kudos
Bob_Zimmerman
Advisor

This may be a silly question, but does the problem box have a VS 2? I could see the commands failing if there is no VS 2 to switch to.

If it has VS 2, does VS 2 have routes to show? A switch context or a bridge-mode firewall context wouldn't, so I could see the 'show route' command failing in that case.

What happens if you run the command locally on the device?

What about if you break up the contents of the printf?

0 Kudos
czinu
Contributor

Hello Bob,

first of all thanks for your interest. I have come across your excellent topic on API IRRITATIONS (ref. https://www.cpug.org/forums/showthread.php/22833-API-Irritations) which saved us some time already : )

Now back to the topic:

1. it has vs 2 : )

2. You cannot run this command locally, because it generates error that you cannot open another clish session from current one.

3. I am not sure what do you mean by the "break up". printf on its own prints commands, so that is fine. I have also tried different combinations with ; or && between "clish -c cmd", but this prints routes from the vsx itself not VS, so I assume checkpoint executes those cmds in separate sessions, not one after another.

0 Kudos
Bob_Zimmerman
Advisor

I occasionally forget some people log in to cpshell initially. Try setting your login shell to bash and running the command from there.

By "break up", I mean pulling the commands out of the printf to run one at a time. Using the printf "set virtual-system 2\nshow route\nexit\n" example, try running 'set virtual-system 2', then 'show route', then 'exit'. Do they all work exactly as the printf prints them?

0 Kudos