Code Review / netconf.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Slave mount point registration hardening/resiliency"
[netconf.git] / netconf / netconf-topology-singleton / src / main / java / org / opendaylight / netconf / topology / singleton / impl / RemoteDeviceConnectorImpl.java
1 /*
2  * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.netconf.topology.singleton.impl;
10
11 import akka.actor.ActorRef;
12 import akka.util.Timeout;
13 import com.google.common.annotations.VisibleForTesting;
14 import com.google.common.base.Preconditions;
15 import com.google.common.collect.Lists;
16 import com.google.common.util.concurrent.FutureCallback;
17 import com.google.common.util.concurrent.Futures;
18 import com.google.common.util.concurrent.ListenableFuture;
19 import com.google.common.util.concurrent.MoreExecutors;
20 import io.netty.util.concurrent.EventExecutor;
21 import java.math.BigDecimal;
22 import java.net.InetSocketAddress;
23 import java.net.URL;
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.Map;
27 import java.util.Objects;
28 import java.util.Optional;
29 import javax.annotation.Nullable;
30 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
31 import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
32 import org.opendaylight.netconf.api.NetconfMessage;
33 import org.opendaylight.netconf.client.NetconfClientSessionListener;
34 import org.opendaylight.netconf.client.conf.NetconfClientConfiguration;
35 import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
36 import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
37 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
38 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
39 import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
40 import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
41 import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
42 import org.opendaylight.netconf.sal.connect.netconf.NetconfDevice;
43 import org.opendaylight.netconf.sal.connect.netconf.NetconfDeviceBuilder;
44 import org.opendaylight.netconf.sal.connect.netconf.SchemalessNetconfDevice;
45 import org.opendaylight.netconf.sal.connect.netconf.auth.DatastoreBackedPublicKeyAuth;
46 import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCapabilities;
47 import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCommunicator;
48 import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPreferences;
49 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
50 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
51 import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
52 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
53 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
54 import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
55 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO;
56 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfTopologySetup;
57 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfTopologyUtils;
58 import org.opendaylight.protocol.framework.ReconnectStrategy;
59 import org.opendaylight.protocol.framework.ReconnectStrategyFactory;
60 import org.opendaylight.protocol.framework.TimedReconnectStrategy;
61 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
62 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
63 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.OdlHelloMessageCapabilities;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.status.available.capabilities.AvailableCapability.CapabilityOrigin;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.Credentials;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.KeyAuth;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPw;
70 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPwUnencrypted;
71 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.key.auth.KeyBased;
72 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.LoginPassword;
73 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
74 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
75 import org.opendaylight.yangtools.yang.model.repo.api.SourceIdentifier;
76 import org.opendaylight.yangtools.yang.model.repo.api.YangTextSchemaSource;
77 import org.opendaylight.yangtools.yang.model.repo.spi.PotentialSchemaSource;
78 import org.opendaylight.yangtools.yang.model.repo.spi.SchemaSourceRegistration;
79 import org.slf4j.Logger;
80 import org.slf4j.LoggerFactory;
81
82 public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
83
84     private static final Logger LOG = LoggerFactory.getLogger(RemoteDeviceConnectorImpl.class);
85
86     // Initializes default constant instances for the case when the default schema repository
87     // directory cache/schema is used.
88
89     private final NetconfTopologySetup netconfTopologyDeviceSetup;
90     private final RemoteDeviceId remoteDeviceId;
91     private final DOMMountPointService mountService;
92     private final Timeout actorResponseWaitTime;
93     private final String privateKeyPath;
94     private final String privateKeyPassphrase;
95     private final AAAEncryptionService encryptionService;
96     private NetconfConnectorDTO deviceCommunicatorDTO;
97     private final NetconfKeystoreAdapter keystoreAdapter;
98
99     public RemoteDeviceConnectorImpl(final NetconfTopologySetup netconfTopologyDeviceSetup,
100                                      final RemoteDeviceId remoteDeviceId, final Timeout actorResponseWaitTime,
101                                      final DOMMountPointService mountService) {
102
103         this.netconfTopologyDeviceSetup = Preconditions.checkNotNull(netconfTopologyDeviceSetup);
104         this.remoteDeviceId = remoteDeviceId;
105         this.actorResponseWaitTime = actorResponseWaitTime;
106         this.mountService = mountService;
107         this.privateKeyPath = netconfTopologyDeviceSetup.getPrivateKeyPath();
108         this.privateKeyPassphrase = netconfTopologyDeviceSetup.getPrivateKeyPassphrase();
109         this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
110         keystoreAdapter = new NetconfKeystoreAdapter(netconfTopologyDeviceSetup.getDataBroker());
111     }
112
113     @Override
114     public void startRemoteDeviceConnection(final ActorRef deviceContextActorRef) {
115
116         final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class);
117         final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
118         Preconditions.checkNotNull(netconfNode.getHost());
119         Preconditions.checkNotNull(netconfNode.getPort());
120         Preconditions.checkNotNull(netconfNode.isTcpOnly());
121
122         this.deviceCommunicatorDTO = createDeviceCommunicator(nodeId, netconfNode, deviceContextActorRef);
123         final NetconfDeviceCommunicator deviceCommunicator = deviceCommunicatorDTO.getCommunicator();
124         final NetconfClientSessionListener netconfClientSessionListener = deviceCommunicatorDTO.getSessionListener();
125         final NetconfReconnectingClientConfiguration clientConfig =
126                 getClientConfig(netconfClientSessionListener, netconfNode);
127         final ListenableFuture<NetconfDeviceCapabilities> future = deviceCommunicator
128                 .initializeRemoteConnection(netconfTopologyDeviceSetup.getNetconfClientDispatcher(), clientConfig);
129
130         Futures.addCallback(future, new FutureCallback<NetconfDeviceCapabilities>() {
131             @Override
132             public void onSuccess(final NetconfDeviceCapabilities result) {
133                 LOG.debug("{}: Connector started successfully", remoteDeviceId);
134             }
135
136             @Override
137             public void onFailure(@Nullable final Throwable throwable) {
138                 LOG.error("{}: Connector failed, {}", remoteDeviceId, throwable);
139             }
140         }, MoreExecutors.directExecutor());
141     }
142
143     @SuppressWarnings("checkstyle:IllegalCatch")
144     @Override
145     public void stopRemoteDeviceConnection() {
146         Preconditions.checkNotNull(deviceCommunicatorDTO, remoteDeviceId + ": Device communicator was not created.");
147         try {
148             deviceCommunicatorDTO.close();
149         } catch (final Exception e) {
150             LOG.error("{}: Error at closing device communicator.", remoteDeviceId, e);
151         }
152     }
153
154     @VisibleForTesting
155     NetconfConnectorDTO createDeviceCommunicator(final NodeId nodeId, final NetconfNode node,
156                                                  final ActorRef deviceContextActorRef) {
157         //setup default values since default value is not supported in mdsal
158         final long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null
159                 ? NetconfTopologyUtils.DEFAULT_REQUEST_TIMEOUT_MILLIS : node.getDefaultRequestTimeoutMillis();
160         final long keepaliveDelay = node.getKeepaliveDelay() == null
161                 ? NetconfTopologyUtils.DEFAULT_KEEPALIVE_DELAY : node.getKeepaliveDelay();
162         final boolean reconnectOnChangedSchema = node.isReconnectOnChangedSchema() == null
163                 ? NetconfTopologyUtils.DEFAULT_RECONNECT_ON_CHANGED_SCHEMA : node.isReconnectOnChangedSchema();
164
165         RemoteDeviceHandler<NetconfSessionPreferences> salFacade = new MasterSalFacade(remoteDeviceId,
166                 netconfTopologyDeviceSetup.getActorSystem(), deviceContextActorRef, actorResponseWaitTime,
167                 mountService, netconfTopologyDeviceSetup.getDataBroker());
168         if (keepaliveDelay > 0) {
169             LOG.info("{}: Adding keepalive facade.", remoteDeviceId);
170             salFacade = new KeepaliveSalFacade(remoteDeviceId, salFacade,
171                     netconfTopologyDeviceSetup.getKeepaliveExecutor().getExecutor(), keepaliveDelay,
172                     defaultRequestTimeoutMillis);
173         }
174
175         final NetconfDevice.SchemaResourcesDTO schemaResourcesDTO = netconfTopologyDeviceSetup.getSchemaResourcesDTO();
176
177
178         // pre register yang library sources as fallback schemas to schema registry
179         final List<SchemaSourceRegistration<YangTextSchemaSource>> registeredYangLibSources = Lists.newArrayList();
180         if (node.getYangLibrary() != null) {
181             final String yangLibURL = node.getYangLibrary().getYangLibraryUrl().getValue();
182             final String yangLibUsername = node.getYangLibrary().getUsername();
183             final String yangLigPassword = node.getYangLibrary().getPassword();
184
185             final LibraryModulesSchemas libraryModulesSchemas;
186             if (yangLibURL != null) {
187                 if (yangLibUsername != null && yangLigPassword != null) {
188                     libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL, yangLibUsername, yangLigPassword);
189                 } else {
190                     libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL);
191                 }
192
193                 for (final Map.Entry<SourceIdentifier, URL> sourceIdentifierURLEntry :
194                         libraryModulesSchemas.getAvailableModels().entrySet()) {
195                     registeredYangLibSources
196                             .add(schemaResourcesDTO.getSchemaRegistry().registerSchemaSource(
197                                     new YangLibrarySchemaYangSourceProvider(remoteDeviceId,
198                                             libraryModulesSchemas.getAvailableModels()),
199                                     PotentialSchemaSource
200                                             .create(sourceIdentifierURLEntry.getKey(), YangTextSchemaSource.class,
201                                                     PotentialSchemaSource.Costs.REMOTE_IO.getValue())));
202                 }
203             }
204         }
205
206         final RemoteDevice<NetconfSessionPreferences, NetconfMessage, NetconfDeviceCommunicator> device;
207         if (node.isSchemaless()) {
208             device = new SchemalessNetconfDevice(remoteDeviceId, salFacade);
209         } else {
210             device = new NetconfDeviceBuilder()
211                     .setReconnectOnSchemasChange(reconnectOnChangedSchema)
212                     .setSchemaResourcesDTO(schemaResourcesDTO)
213                     .setGlobalProcessingExecutor(netconfTopologyDeviceSetup.getProcessingExecutor().getExecutor())
214                     .setId(remoteDeviceId)
215                     .setSalFacade(salFacade)
216                     .build();
217         }
218
219         final Optional<NetconfSessionPreferences> userCapabilities = getUserCapabilities(node);
220         final int rpcMessageLimit =
221                 node.getConcurrentRpcLimit() == null
222                         ? NetconfTopologyUtils.DEFAULT_CONCURRENT_RPC_LIMIT : node.getConcurrentRpcLimit();
223
224         if (rpcMessageLimit < 1) {
225             LOG.info("{}: Concurrent rpc limit is smaller than 1, no limit will be enforced.", remoteDeviceId);
226         }
227
228         return new NetconfConnectorDTO(
229                 userCapabilities.isPresent() ? new NetconfDeviceCommunicator(remoteDeviceId, device,
230                         new UserPreferences(userCapabilities.get(),
231                                 Objects.isNull(node.getYangModuleCapabilities())
232                                         ? false : node.getYangModuleCapabilities().isOverride(),
233                                 Objects.isNull(node.getNonModuleCapabilities())
234                                         ? false : node.getNonModuleCapabilities().isOverride()), rpcMessageLimit)
235                         : new NetconfDeviceCommunicator(remoteDeviceId, device, rpcMessageLimit), salFacade);
236     }
237
238     private Optional<NetconfSessionPreferences> getUserCapabilities(final NetconfNode node) {
239         if (node.getYangModuleCapabilities() == null && node.getNonModuleCapabilities() == null) {
240             return Optional.empty();
241         }
242         final List<String> capabilities = new ArrayList<>();
243
244         if (node.getYangModuleCapabilities() != null) {
245             capabilities.addAll(node.getYangModuleCapabilities().getCapability());
246         }
247
248         //non-module capabilities should not exist in yang module capabilities
249         final NetconfSessionPreferences netconfSessionPreferences = NetconfSessionPreferences.fromStrings(capabilities);
250         Preconditions.checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(),
251                 "List yang-module-capabilities/capability should contain only module based capabilities. "
252                         + "Non-module capabilities used: " + netconfSessionPreferences.getNonModuleCaps());
253
254         if (node.getNonModuleCapabilities() != null) {
255             capabilities.addAll(node.getNonModuleCapabilities().getCapability());
256         }
257
258         return Optional.of(NetconfSessionPreferences.fromStrings(capabilities, CapabilityOrigin.UserDefined));
259     }
260
261     //TODO: duplicate code
262     private InetSocketAddress getSocketAddress(final Host host, final int port) {
263         if (host.getDomainName() != null) {
264             return new InetSocketAddress(host.getDomainName().getValue(), port);
265         } else {
266             final IpAddress ipAddress = host.getIpAddress();
267             final String ip = ipAddress.getIpv4Address() != null ? ipAddress.getIpv4Address().getValue() :
268                     ipAddress.getIpv6Address().getValue();
269             return new InetSocketAddress(ip, port);
270         }
271     }
272
273     @VisibleForTesting
274     NetconfReconnectingClientConfiguration getClientConfig(final NetconfClientSessionListener listener,
275                                                            final NetconfNode node) {
276
277         //setup default values since default value is not supported in mdsal
278         final long clientConnectionTimeoutMillis = node.getConnectionTimeoutMillis() == null
279                 ? NetconfTopologyUtils.DEFAULT_CONNECTION_TIMEOUT_MILLIS : node.getConnectionTimeoutMillis();
280         final long maxConnectionAttempts = node.getMaxConnectionAttempts() == null
281                 ? NetconfTopologyUtils.DEFAULT_MAX_CONNECTION_ATTEMPTS : node.getMaxConnectionAttempts();
282         final int betweenAttemptsTimeoutMillis = node.getBetweenAttemptsTimeoutMillis() == null
283                 ? NetconfTopologyUtils.DEFAULT_BETWEEN_ATTEMPTS_TIMEOUT_MILLIS : node.getBetweenAttemptsTimeoutMillis();
284         final BigDecimal sleepFactor = node.getSleepFactor() == null
285                 ? NetconfTopologyUtils.DEFAULT_SLEEP_FACTOR : node.getSleepFactor();
286
287         final InetSocketAddress socketAddress = getSocketAddress(node.getHost(), node.getPort().getValue());
288
289         final ReconnectStrategyFactory sf =
290                 new TimedReconnectStrategyFactory(netconfTopologyDeviceSetup.getEventExecutor(), maxConnectionAttempts,
291                         betweenAttemptsTimeoutMillis, sleepFactor);
292         final ReconnectStrategy strategy = sf.createReconnectStrategy();
293
294         final AuthenticationHandler authHandler = getHandlerFromCredentials(node.getCredentials());
295
296         final NetconfReconnectingClientConfigurationBuilder builder =
297                 NetconfReconnectingClientConfigurationBuilder.create()
298                         .withAddress(socketAddress)
299                         .withConnectionTimeoutMillis(clientConnectionTimeoutMillis)
300                         .withReconnectStrategy(strategy)
301                         .withAuthHandler(authHandler)
302                         .withProtocol(node.isTcpOnly()
303                                 ? NetconfClientConfiguration.NetconfClientProtocol.TCP
304                                 : NetconfClientConfiguration.NetconfClientProtocol.SSH)
305                         .withConnectStrategyFactory(sf)
306                         .withSessionListener(listener);
307
308         final List<Uri> odlHelloCapabilities = getOdlHelloCapabilities(node);
309         if (odlHelloCapabilities != null) {
310             builder.withOdlHelloCapabilities(odlHelloCapabilities);
311         }
312         return builder.build();
313     }
314
315     private List<Uri> getOdlHelloCapabilities(final NetconfNode node) {
316         final OdlHelloMessageCapabilities helloCapabilities = node.getOdlHelloMessageCapabilities();
317         if (helloCapabilities != null) {
318             return helloCapabilities.getCapability();
319         }
320         return null;
321     }
322
323     private AuthenticationHandler getHandlerFromCredentials(final Credentials credentials) {
324         if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
325                 .rev150114.netconf.node.credentials.credentials.LoginPassword) {
326             final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
327                     .rev150114.netconf.node.credentials.credentials.LoginPassword loginPassword
328                     = (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
329                     .rev150114.netconf.node.credentials.credentials.LoginPassword) credentials;
330             return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
331         }
332         if (credentials instanceof LoginPwUnencrypted) {
333             final LoginPasswordUnencrypted loginPassword =
334                     ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
335             return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
336         }
337         if (credentials instanceof LoginPw) {
338             final LoginPassword loginPassword = ((LoginPw) credentials).getLoginPassword();
339             return new LoginPasswordHandler(loginPassword.getUsername(),
340                     encryptionService.decrypt(loginPassword.getPassword()));
341         }
342         if (credentials instanceof KeyAuth) {
343             final KeyBased keyPair = ((KeyAuth) credentials).getKeyBased();
344             return new DatastoreBackedPublicKeyAuth(keyPair.getUsername(), keyPair.getKeyId(),
345                     keystoreAdapter, encryptionService);
346         }
347         throw new IllegalStateException("Unsupported credential type: " + credentials.getClass());
348     }
349
350     private static final class TimedReconnectStrategyFactory implements ReconnectStrategyFactory {
351         private final Long connectionAttempts;
352         private final EventExecutor executor;
353         private final double sleepFactor;
354         private final int minSleep;
355
356         TimedReconnectStrategyFactory(final EventExecutor executor, final Long maxConnectionAttempts,
357                                       final int minSleep, final BigDecimal sleepFactor) {
358             if (maxConnectionAttempts != null && maxConnectionAttempts > 0) {
359                 connectionAttempts = maxConnectionAttempts;
360             } else {
361                 connectionAttempts = null;
362             }
363
364             this.sleepFactor = sleepFactor.doubleValue();
365             this.executor = executor;
366             this.minSleep = minSleep;
367         }
368
369         @Override
370         public ReconnectStrategy createReconnectStrategy() {
371             return new TimedReconnectStrategy(executor, minSleep,
372                     minSleep, sleepFactor, null /*maxSleep*/, connectionAttempts, null /*deadline*/);
373         }
374     }
375 }
Netconf