2 * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.topology.singleton.impl;
10 import static com.google.common.base.Preconditions.checkState;
11 import static java.util.Objects.requireNonNull;
13 import com.google.common.annotations.VisibleForTesting;
14 import com.google.common.util.concurrent.FutureCallback;
15 import com.google.common.util.concurrent.Futures;
16 import com.google.common.util.concurrent.ListenableFuture;
17 import com.google.common.util.concurrent.MoreExecutors;
18 import java.math.BigDecimal;
19 import java.net.InetSocketAddress;
21 import java.util.ArrayList;
22 import java.util.List;
24 import org.eclipse.jdt.annotation.Nullable;
25 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
26 import org.opendaylight.netconf.client.NetconfClientSessionListener;
27 import org.opendaylight.netconf.client.conf.NetconfClientConfiguration;
28 import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
29 import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
30 import org.opendaylight.netconf.nettyutil.ReconnectStrategyFactory;
31 import org.opendaylight.netconf.nettyutil.TimedReconnectStrategyFactory;
32 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
33 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
34 import org.opendaylight.netconf.sal.connect.api.DeviceActionFactory;
35 import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
36 import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
37 import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
38 import org.opendaylight.netconf.sal.connect.netconf.NetconfDevice;
39 import org.opendaylight.netconf.sal.connect.netconf.NetconfDeviceBuilder;
40 import org.opendaylight.netconf.sal.connect.netconf.SchemalessNetconfDevice;
41 import org.opendaylight.netconf.sal.connect.netconf.auth.DatastoreBackedPublicKeyAuth;
42 import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCommunicator;
43 import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPreferences;
44 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
45 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
46 import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
47 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
48 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
49 import org.opendaylight.netconf.sal.connect.util.SslHandlerFactoryImpl;
50 import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
51 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfTopologySetup;
52 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfTopologyUtils;
53 import org.opendaylight.netconf.topology.spi.NetconfConnectorDTO;
54 import org.opendaylight.netconf.topology.spi.NetconfNodeUtils;
55 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.OdlHelloMessageCapabilities;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.Protocol;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.status.available.capabilities.AvailableCapability.CapabilityOrigin;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.Credentials;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.KeyAuth;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPw;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPwUnencrypted;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.key.auth.KeyBased;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.LoginPassword;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
67 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
68 import org.opendaylight.yangtools.yang.common.Decimal64;
69 import org.opendaylight.yangtools.yang.common.Empty;
70 import org.opendaylight.yangtools.yang.model.repo.api.SourceIdentifier;
71 import org.opendaylight.yangtools.yang.model.repo.api.YangTextSchemaSource;
72 import org.opendaylight.yangtools.yang.model.repo.spi.PotentialSchemaSource;
73 import org.opendaylight.yangtools.yang.model.repo.spi.SchemaSourceRegistration;
74 import org.slf4j.Logger;
75 import org.slf4j.LoggerFactory;
77 public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
78 private static final Logger LOG = LoggerFactory.getLogger(RemoteDeviceConnectorImpl.class);
80 // Initializes default constant instances for the case when the default schema repository
81 // directory cache/schema is used.
83 private final NetconfTopologySetup netconfTopologyDeviceSetup;
84 private final RemoteDeviceId remoteDeviceId;
85 private final String privateKeyPath;
86 private final String privateKeyPassphrase;
87 private final AAAEncryptionService encryptionService;
88 private final NetconfKeystoreAdapter keystoreAdapter;
89 private final DeviceActionFactory deviceActionFactory;
91 // FIXME: this seems to be a builder-like transition between {start,stop}RemoteDeviceConnection. More documentation
92 // is needed, as to what the lifecycle is here.
93 private NetconfConnectorDTO deviceCommunicatorDTO;
95 public RemoteDeviceConnectorImpl(final NetconfTopologySetup netconfTopologyDeviceSetup,
96 final RemoteDeviceId remoteDeviceId, final DeviceActionFactory deviceActionFactory) {
97 this.netconfTopologyDeviceSetup = requireNonNull(netconfTopologyDeviceSetup);
98 this.remoteDeviceId = remoteDeviceId;
99 this.deviceActionFactory = requireNonNull(deviceActionFactory);
100 privateKeyPath = netconfTopologyDeviceSetup.getPrivateKeyPath();
101 privateKeyPassphrase = netconfTopologyDeviceSetup.getPrivateKeyPassphrase();
102 encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
103 keystoreAdapter = new NetconfKeystoreAdapter(netconfTopologyDeviceSetup.getDataBroker());
107 public void startRemoteDeviceConnection(final RemoteDeviceHandler deviceHandler) {
109 final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().augmentation(NetconfNode.class);
110 final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
111 requireNonNull(netconfNode.getHost());
112 requireNonNull(netconfNode.getPort());
114 deviceCommunicatorDTO = createDeviceCommunicator(nodeId, netconfNode, deviceHandler);
115 final NetconfDeviceCommunicator deviceCommunicator = deviceCommunicatorDTO.getCommunicator();
116 final NetconfClientSessionListener netconfClientSessionListener = deviceCommunicatorDTO.getSessionListener();
117 final NetconfReconnectingClientConfiguration clientConfig =
118 getClientConfig(netconfClientSessionListener, netconfNode);
119 final ListenableFuture<Empty> future = deviceCommunicator
120 .initializeRemoteConnection(netconfTopologyDeviceSetup.getNetconfClientDispatcher(), clientConfig);
122 Futures.addCallback(future, new FutureCallback<>() {
124 public void onSuccess(final Empty result) {
125 LOG.debug("{}: Connector started successfully", remoteDeviceId);
129 public void onFailure(final Throwable throwable) {
130 LOG.error("{}: Connector failed", remoteDeviceId, throwable);
132 }, MoreExecutors.directExecutor());
135 @SuppressWarnings("checkstyle:IllegalCatch")
137 public void stopRemoteDeviceConnection() {
138 if (deviceCommunicatorDTO != null) {
140 deviceCommunicatorDTO.close();
141 } catch (final Exception e) {
142 LOG.error("{}: Error at closing device communicator.", remoteDeviceId, e);
148 NetconfConnectorDTO createDeviceCommunicator(final NodeId nodeId, final NetconfNode node,
149 final RemoteDeviceHandler deviceHandler) {
150 //setup default values since default value is not supported in mdsal
151 final long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null
152 ? NetconfTopologyUtils.DEFAULT_REQUEST_TIMEOUT_MILLIS : node.getDefaultRequestTimeoutMillis().toJava();
153 final long keepaliveDelay = node.getKeepaliveDelay() == null
154 ? NetconfTopologyUtils.DEFAULT_KEEPALIVE_DELAY : node.getKeepaliveDelay().toJava();
155 final boolean reconnectOnChangedSchema = node.getReconnectOnChangedSchema() == null
156 ? NetconfTopologyUtils.DEFAULT_RECONNECT_ON_CHANGED_SCHEMA : node.getReconnectOnChangedSchema();
158 RemoteDeviceHandler salFacade = requireNonNull(deviceHandler);
159 if (keepaliveDelay > 0) {
160 LOG.info("{}: Adding keepalive facade.", remoteDeviceId);
161 salFacade = new KeepaliveSalFacade(remoteDeviceId, salFacade,
162 netconfTopologyDeviceSetup.getKeepaliveExecutor(), keepaliveDelay,
163 defaultRequestTimeoutMillis);
166 final NetconfDevice.SchemaResourcesDTO schemaResourcesDTO = netconfTopologyDeviceSetup.getSchemaResourcesDTO();
168 // pre register yang library sources as fallback schemas to schema registry
169 final List<SchemaSourceRegistration<?>> registeredYangLibSources = new ArrayList<>();
170 if (node.getYangLibrary() != null) {
171 final String yangLibURL = node.getYangLibrary().getYangLibraryUrl().getValue();
172 final String yangLibUsername = node.getYangLibrary().getUsername();
173 final String yangLigPassword = node.getYangLibrary().getPassword();
175 final LibraryModulesSchemas libraryModulesSchemas;
176 if (yangLibURL != null) {
177 if (yangLibUsername != null && yangLigPassword != null) {
178 libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL, yangLibUsername, yangLigPassword);
180 libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL);
183 for (final Map.Entry<SourceIdentifier, URL> sourceIdentifierURLEntry :
184 libraryModulesSchemas.getAvailableModels().entrySet()) {
185 registeredYangLibSources
186 .add(schemaResourcesDTO.getSchemaRegistry().registerSchemaSource(
187 new YangLibrarySchemaYangSourceProvider(remoteDeviceId,
188 libraryModulesSchemas.getAvailableModels()),
189 PotentialSchemaSource
190 .create(sourceIdentifierURLEntry.getKey(), YangTextSchemaSource.class,
191 PotentialSchemaSource.Costs.REMOTE_IO.getValue())));
196 final RemoteDevice<NetconfDeviceCommunicator> device;
197 if (node.getSchemaless()) {
198 device = new SchemalessNetconfDevice(netconfTopologyDeviceSetup.getBaseSchemas(), remoteDeviceId,
201 device = new NetconfDeviceBuilder()
202 .setReconnectOnSchemasChange(reconnectOnChangedSchema)
203 .setSchemaResourcesDTO(schemaResourcesDTO)
204 .setGlobalProcessingExecutor(netconfTopologyDeviceSetup.getProcessingExecutor())
205 .setBaseSchemas(netconfTopologyDeviceSetup.getBaseSchemas())
206 .setId(remoteDeviceId)
207 .setDeviceActionFactory(deviceActionFactory)
208 .setSalFacade(salFacade)
212 final int rpcMessageLimit = node.getConcurrentRpcLimit() == null
213 ? NetconfTopologyUtils.DEFAULT_CONCURRENT_RPC_LIMIT : node.getConcurrentRpcLimit().toJava();
215 if (rpcMessageLimit < 1) {
216 LOG.info("{}: Concurrent rpc limit is smaller than 1, no limit will be enforced.", remoteDeviceId);
219 final var userCapabilities = extractUserCapabilities(node);
220 final var netconfDeviceCommunicator = userCapabilities != null
221 ? new NetconfDeviceCommunicator(remoteDeviceId, device, new UserPreferences(userCapabilities,
222 node.getYangModuleCapabilities() == null ? false : node.getYangModuleCapabilities().getOverride(),
223 node.getNonModuleCapabilities() == null ? false : node.getNonModuleCapabilities().getOverride()),
225 : new NetconfDeviceCommunicator(remoteDeviceId, device, rpcMessageLimit);
227 if (salFacade instanceof KeepaliveSalFacade) {
228 ((KeepaliveSalFacade)salFacade).setListener(netconfDeviceCommunicator);
230 return new NetconfConnectorDTO(netconfDeviceCommunicator, salFacade, registeredYangLibSources);
233 // FIXME: reconcile with AbstractNetconfTopology
234 private static @Nullable NetconfSessionPreferences extractUserCapabilities(final NetconfNode node) {
235 final var moduleCaps = node.getYangModuleCapabilities();
236 final var nonModuleCaps = node.getNonModuleCapabilities();
238 if (moduleCaps == null && node.getNonModuleCapabilities() == null) {
242 final var capabilities = new ArrayList<String>();
243 if (moduleCaps != null) {
244 capabilities.addAll(moduleCaps.getCapability());
247 //non-module capabilities should not exist in yang module capabilities
248 final var netconfSessionPreferences = NetconfSessionPreferences.fromStrings(capabilities);
249 checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(),
250 "List yang-module-capabilities/capability should contain only module based capabilities. "
251 + "Non-module capabilities used: " + netconfSessionPreferences.getNonModuleCaps());
253 if (nonModuleCaps != null) {
254 capabilities.addAll(nonModuleCaps.getCapability());
257 return NetconfSessionPreferences.fromStrings(capabilities, CapabilityOrigin.UserDefined);
261 NetconfReconnectingClientConfiguration getClientConfig(final NetconfClientSessionListener listener,
262 final NetconfNode node) {
264 //setup default values since default value is not supported in mdsal
265 final long clientConnectionTimeoutMillis = node.getConnectionTimeoutMillis() == null
266 ? NetconfTopologyUtils.DEFAULT_CONNECTION_TIMEOUT_MILLIS : node.getConnectionTimeoutMillis().toJava();
267 final long maxConnectionAttempts = node.getMaxConnectionAttempts() == null
268 ? NetconfTopologyUtils.DEFAULT_MAX_CONNECTION_ATTEMPTS : node.getMaxConnectionAttempts().toJava();
269 final int betweenAttemptsTimeoutMillis = node.getBetweenAttemptsTimeoutMillis() == null
270 ? NetconfTopologyUtils.DEFAULT_BETWEEN_ATTEMPTS_TIMEOUT_MILLIS
271 : node.getBetweenAttemptsTimeoutMillis().toJava();
272 final boolean isTcpOnly = node.getTcpOnly() == null
273 ? NetconfTopologyUtils.DEFAULT_IS_TCP_ONLY : node.getTcpOnly();
274 final Decimal64 sleepFactor = node.getSleepFactor() == null
275 ? NetconfTopologyUtils.DEFAULT_SLEEP_FACTOR : node.getSleepFactor();
277 final InetSocketAddress socketAddress = NetconfNodeUtils.toInetSocketAddress(node);
279 final ReconnectStrategyFactory sf =
280 new TimedReconnectStrategyFactory(netconfTopologyDeviceSetup.getEventExecutor(), maxConnectionAttempts,
281 betweenAttemptsTimeoutMillis, BigDecimal.valueOf(sleepFactor.unscaledValue(), sleepFactor.scale()));
284 final NetconfReconnectingClientConfigurationBuilder reconnectingClientConfigurationBuilder;
285 final Protocol protocol = node.getProtocol();
287 reconnectingClientConfigurationBuilder = NetconfReconnectingClientConfigurationBuilder.create()
288 .withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TCP)
289 .withAuthHandler(getHandlerFromCredentials(node.getCredentials()));
290 } else if (protocol == null || protocol.getName() == Protocol.Name.SSH) {
291 reconnectingClientConfigurationBuilder = NetconfReconnectingClientConfigurationBuilder.create()
292 .withProtocol(NetconfClientConfiguration.NetconfClientProtocol.SSH)
293 .withAuthHandler(getHandlerFromCredentials(node.getCredentials()));
294 } else if (protocol.getName() == Protocol.Name.TLS) {
295 reconnectingClientConfigurationBuilder = NetconfReconnectingClientConfigurationBuilder.create()
296 .withSslHandlerFactory(new SslHandlerFactoryImpl(keystoreAdapter, protocol.getSpecification()))
297 .withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TLS);
299 throw new IllegalStateException("Unsupported protocol type: " + protocol.getName());
302 final List<Uri> odlHelloCapabilities = getOdlHelloCapabilities(node);
303 if (odlHelloCapabilities != null) {
304 reconnectingClientConfigurationBuilder.withOdlHelloCapabilities(odlHelloCapabilities);
307 return reconnectingClientConfigurationBuilder
308 .withAddress(socketAddress)
309 .withConnectionTimeoutMillis(clientConnectionTimeoutMillis)
310 .withReconnectStrategy(sf.createReconnectStrategy())
311 .withConnectStrategyFactory(sf)
312 .withSessionListener(listener)
316 private static List<Uri> getOdlHelloCapabilities(final NetconfNode node) {
317 final OdlHelloMessageCapabilities helloCapabilities = node.getOdlHelloMessageCapabilities();
318 return helloCapabilities != null ? List.copyOf(helloCapabilities.getCapability()) : null;
321 private AuthenticationHandler getHandlerFromCredentials(final Credentials credentials) {
323 instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
324 .credentials.credentials.LoginPassword loginPassword) {
325 return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
327 if (credentials instanceof LoginPwUnencrypted) {
328 final LoginPasswordUnencrypted loginPassword =
329 ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
330 return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
332 if (credentials instanceof LoginPw) {
333 final LoginPassword loginPassword = ((LoginPw) credentials).getLoginPassword();
334 return new LoginPasswordHandler(loginPassword.getUsername(),
335 encryptionService.decrypt(loginPassword.getPassword()));
337 if (credentials instanceof KeyAuth) {
338 final KeyBased keyPair = ((KeyAuth) credentials).getKeyBased();
339 return new DatastoreBackedPublicKeyAuth(keyPair.getUsername(), keyPair.getKeyId(),
340 keystoreAdapter, encryptionService);
342 throw new IllegalStateException("Unsupported credential type: " + credentials.getClass());