Hello, I'm sorry for the late reply.
The Python code you initially provided didn't run, so I made some modifications and got it to run.
However, the symptom is the same: when RTM executes the Python code, it still shows "failed."
Thank you for your help.
-------------------------------------------
Original Message:
Sent: Oct 31, 2025 01:11 AM
From: shpat
Subject: HPE Comware 5940 EAA Python Roading Error
Hi,
I can see two issues here:
1. EAA/RTM runs CLI commands in a strict non-interactive session.
cmd = "system-view ; arp static %s %s %d %s ; return" % (VIP_IP, mac_cfg, VLAN_ID, iface)
cli(cmd)
2. In some Comware builds (especially HPE 5940 Comware 7.1.x), the EAA Python sandbox does not fully load platformtools for background jobs.
This triggers a silent failure before your code even reaches fix_arp() - leading to RTM_POLICY_FAILED even if try/except doesn't visibly print an error.
Try the following code if it works:
# -*- coding: utf-8 -*-
"""
EAA-safe GLBP ARP fixer for HPE Comware 5940
- Use in RTM CLI policy
- Saves an optional log to flash:/glbp_fix.log (best effort)
"""
from __future__ import print_function
import re
import time
import datetime
# Try to import comware. If not present, attempt platformtools as fallback.
try:
import comware
except Exception:
try:
import platformtools as comware # fallback API compatible wrapper some platforms provide
except Exception as e:
# Cannot import COMWARE API - fail early with a clear message
raise RuntimeError("Required comware/platformtools module unavailable: %r" % e)
# --- CONFIG --------------------------------------------------------------
VIP_IP = "192.168.10.1" # GLBP VIP
VLAN_ID = 1 # VLAN ID where GLBP runs
OUI = "0007-b400" # GLBP Virtual MAC OUI (format used in display mac-address)
SLEEP_SEC = 0.3 # small delay after applying config
LOG_PATH = "flash:/glbp_fix.log" # best-effort log file path (may vary by platform)
# ------------------------------------------------------------------------
def now():
return datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
def write_log(msg):
"""Best-effort append to LOG_PATH. If file write not allowed in this environment,
ignore errors and continue (so EAA run won't fail because of logging)."""
try:
# On many Comware systems, python can open 'flash:/...' - try that first.
# If that fails, try a relative fallback '/var/tmp' (some systems).
try:
f = open(LOG_PATH, "a")
except Exception:
f = open("/var/tmp/glbp_fix.log", "a")
with f:
f.write("[%s] %s\n" % (now(), msg))
except Exception:
# Logging must not break the execution under EAA
pass
def cli(cmd):
"""Execute a single CLI command via comware.CLI and return text output."""
try:
out = comware.CLI(cmd, False)
# comware.CLI may return list or string-like
if isinstance(out, (list, tuple)):
return "\n".join([str(x) for x in out])
return str(out)
except Exception as e:
# Return exception text for diagnostics
return "CLI_ERROR: %r" % e
def get_glbp_mac_and_port(vlan):
"""Scan 'display mac-address vlan <vlan>' for entries that match OUI pattern.
Return (mac, interface) where mac is like '0007-b400-xxxx' (dashed) and
interface is e.g. 'GigabitEthernet1/0/1' or similar.
"""
out = cli("display mac-address vlan %d" % vlan)
write_log("display mac-address vlan %d output: %s" % (vlan, out[:1000] if out else "<empty>"))
mac_pat = re.compile(r"(%s[-:.]?[0-9a-f]{4})" % re.escape(OUI), re.I)
for line in str(out).splitlines():
m = mac_pat.search(line)
if not m:
continue
raw_mac = m.group(1).lower()
# normalize mac to format '0007-b400-xxxx'
suffix = re.sub(r'[^0-9a-f]', '', raw_mac)[len(re.sub(r'[^0-9a-f]', '', OUI)):]
if not suffix:
continue
mac_norm = "%s-%s" % (OUI, suffix)
iface = None
parts = line.split()
for tok in parts:
# tokens containing a slash are usually interfaces; ignore tokens like 'VLANxxx' or 'VSI'
if "/" in tok and not tok.lower().startswith(("vlan", "vsi")):
iface = tok
break
if mac_norm and iface:
return mac_norm, iface
return None, None
def apply_static_arp(vip_ip, mac_cfg, vlan, iface):
"""Apply arp static <vip> <mac> <vlan> <interface> by entering system-view,
issuing the command, then returning to previous mode.
Execute each CLI separately (no semicolons).
"""
write_log("Applying static ARP: vip=%s mac=%s vlan=%s iface=%s" % (vip_ip, mac_cfg, vlan, iface))
# Enter config mode
r1 = cli("system-view")
write_log("system-view: %s" % r1)
# Add static ARP
cmd = "arp static %s %s %d %s" % (vip_ip, mac_cfg, vlan, iface)
r2 = cli(cmd)
write_log("%s -> %s" % (cmd, r2))
# return to user view
r3 = cli("return")
write_log("return: %s" % r3)
# Optionally save; comment out if you don't want automatic save on every run
try:
# Use save force to avoid interactive prompt; if unsupported, it's fine to ignore
r4 = cli("save force")
write_log("save force: %s" % r4)
except Exception as e:
write_log("save error: %r" % e)
# short pause to allow config to take effect
time.sleep(SLEEP_SEC)
def fix_arp():
write_log("RTM/EAA invoked glbp fixer")
try:
mac, iface = get_glbp_mac_and_port(VLAN_ID)
if not mac or not iface:
write_log("GLBP MAC/interface not found on VLAN %d (mac=%r iface=%r)" % (VLAN_ID, mac, iface))
return
# Normalize suffix and mac config string expected by arp static command
# Ensure final mac format is 0007-b400-xxxx
suffix = mac.split("-")[-1]
mac_cfg = "%s-%s" % (OUI, suffix)
apply_static_arp(VIP_IP, mac_cfg, VLAN_ID, iface)
write_log("ARP static added -> %s on %s" % (mac_cfg, iface))
except Exception as e:
write_log("Unhandled exception in fix_arp: %r" % e)
if __name__ == "__main__":
fix_arp()
Upload the script to flash:/glbp_icmp_fix10_eaa.py
Keep your RTM CLI Policy action line the same:
rtm cli-policy glbp
event track 1 state negative
action 0 cli python flash:/glbp_icmp_fix10_eaa.py
user-role network-admin
Reload RTM registration if you changed files or policies:
reset rtm policy all
display rtm policy registered
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
------------------------------
Original Message:
Sent: Oct 30, 2025 08:55 PM
From: LanDesert
Subject: HPE Comware 5940 EAA Python Roading Error
Hello, I apologize for the late response.
Below is the Python code you requested.
----------------------------------------------------------
<5940>more flash:/glbp_icmp_fix10.py
# -*- coding: utf-8 -*-
import re, time
try:
import platformtools as pt
except Exception as e:
raise RuntimeError("platformtools import failed: %r" % e)
VIP_IP = "192.168.10.1" # GLBP VIP
VLAN_ID = 1 # VLAN ID
OUI = "0007-b400" # GLBP Virtual MAC OUI
SLEEP_MS = 0.3
def cli(cmd):
obj = pt.CLI(cmd, False)
out = obj.get_output()
return "\n".join(out) if isinstance(out, list) else str(out)
def get_glbp_mac_and_port(vlan):
out = cli("display mac-address vlan %d" % vlan)
mac_pat = re.compile(r"(%s-[0-9a-f]{4})" % OUI, re.I)
for line in out.splitlines():
m = mac_pat.search(line)
if not m:
continue
mac = m.group(1).lower().replace(".", "-")
iface = None
parts = line.split()
for tok in parts:
if "/" in tok and not tok.lower().startswith(("vlan", "vsi")):
iface = tok
break
if mac and iface:
return mac, iface
return None, None
def fix_arp():
mac, iface = get_glbp_mac_and_port(VLAN_ID)
if not mac or not iface:
print("[ERROR] GLBP MAC/interface not found on VLAN %d" % VLAN_ID)
return
suffix = mac.split("-")[-1]
mac_cfg = "0007-b400-" + suffix
cmd = "system-view ; arp static %s %s %d %s ; return" % (VIP_IP, mac_cfg, VLAN_ID, iface)
print("[ACTION] %s" % cmd)
try:
cli(cmd)
time.sleep(SLEEP_MS)
print("[OK] arp static added -> %s on %s" % (mac_cfg, iface))
except Exception as e:
print("[ERROR] CLI execution failed: %r" % e)
if __name__ == "__main__":
fix_arp()
<5940>
----------------------------------------------------------
I would appreciate it if you could review it. Thank you.
Original Message:
Sent: Oct 29, 2025 01:21 AM
From: shpat
Subject: HPE Comware 5940 EAA Python Roading Error
Everything seems to be fine as how you described it.
If you don't mind, please share the Python Code, so i can give it a check.
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
Original Message:
Sent: Oct 27, 2025 09:02 PM
From: LanDesert
Subject: HPE Comware 5940 EAA Python Roading Error
Hello, thank you for your response.
I have reviewed and applied all the points you mentioned, but the issue still persists - the message "failed" continues to appear.
The user-role network-admin is already configured by default.
The path is also correctly specified. Below is the RTM action policy configuration:
rtm cli-policy glbp
event track 1 state negative
action 0 cli python flash:/glbp_icmp_fix10.py
user-role network-admin
<KT-L2>display rtm policy registered
Total number: 2
Type Event TimeRegistered PolicyName
CLI Jan 28 19:35:33 2011 admin
CLI TRACK Jan 28 19:43:52 2011 glbp
Here is the Python file name shown in the directory listing:
9 -rw- 1665 Jan 28 2011 19:02:41 glbp_icmp_fix10.py
I also tried increasing the running time, but the same symptom occurs.
It doesn't seem to be a script timeout issue - rather, when NQA detects a ping failure and triggers RTM, the failure message appears the moment RTM executes the Python script (action 0).
I tested with a much shorter script as well; manual execution works fine,
but when executed through RTM, the same "failed" message appears.
-----------------------------------------------------------------------------------
Below is the NQA configuration:
nqa entry admin glbp
type icmp-echo
destination ip 192.168.10.1
frequency 3000
history-record enable
history-record number 25
history-record keep-time 1
probe count 10
probe timeout 5000
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa schedule admin glbp start-time now lifetime forever
-----------------------------------------------------------------------------------
Just in case, I am also sharing the Python code for your reference.
NQA continuously pings 192.168.10.1, and when packet loss occurs,
track 1 nqa entry admin glbp reaction 1 triggers the RTM linkage.
RTM then executes the Python code, which references the MAC table and
manually updates the ARP entry to ensure communication is restored by matching it to the correct interface.
If you need the Python code, please reply, and I will send it to you.
Thank you for taking the time to read this long message.
I would really appreciate your help in resolving this issue. Thank you again.
Original Message:
Sent: Oct 27, 2025 07:07 AM
From: shpat
Subject: HPE Comware 5940 EAA Python Roading Error
Possible cause is that EAA (RTM) runs your Python script in a restricted context and not the same as when you run it manually. That's why %RTM_POLICY_FAILED shows up.
Initially, check the permissions and make sure the policy has user-role network-admin.
Path must be also exact: flashL/arpTest_icmp_TEST.py
Default EAA timeout is ~20s if i am not mistaken so if your script takes longer to execute, it will fail. Shorten the script or configure a longer timeout
After creating the policy, do not forget to run the commit command and also check display rtm policy registered if it's active.
Also, try a shorter script after those changes, something like:
print("Test Result is OK")
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.