${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/
${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
+${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
+${netconf_keystore_url} /rests/operations/netconf-keystore
+${netconf_keystore_data_url} /rests/data/netconf-keystore:keystore
${substring1} "netconf-node-topology:connection-status":"connected"
-${substring2} "node-id":"netopeer"
+${substring2} "node-id":"netopeer2"
${substring3} "netconf-node-topology:available-capabilities"
*** Keywords ***
Check Device status
- [Arguments] ${status} ${id}=netopeer
+ [Arguments] ${status} ${id}=netopeer2
[Documentation] Checks the operational device status.
@{expectedValues} Create List "unique-id":"${id}" "callhome-status:device-status":"${status}"
Run Keyword If '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE' Remove Values From List ${expectedValues} "unique-id":"${id}"
Utils.Check For Elements At URI ${device_status} ${expectedValues}
-Get Netopeer Ready
- [Documentation] Pulls the netopeer image from the docker repository. Points ODL(CallHome Server) IP in the files used by netopeer(CallHome Client).
- ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker pull sdnhub/netopeer return_stdout=True return_stderr=True
+Apply SSH-based Call-Home configuration
+ [Documentation] Upload netopeer2 configuration files needed for SSH transport
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
+ ... configuration-files/ietf-netconf-server.xml
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
+ ... configuration-files/ietf-keystore.xml
+
+Apply TLS-based Call-Home configuration
+ [Documentation] Upload netopeer2 configuration files needed for TLS transport
+ Generate certificates for TLS configuration
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
+ ... configuration-files/ietf-keystore.xml
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
+ ... configuration-files/ietf-truststore.xml
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
+ ... configuration-files/ietf-netconf-server.xml
+
+Generate certificates for TLS configuration
+ [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client)
+ ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048
+ ${stdout} SSHLibrary.Execute Command openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048
+ ${stdout} SSHLibrary.Execute Command openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
+ ${stdout} SSHLibrary.Execute Command openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
+ ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048
+ ${stdout} SSHLibrary.Execute Command openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
+ ${stdout} SSHLibrary.Execute Command openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
+ ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs
+
+Register keys and certificates in ODL controller
+ [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
+ ${base64-client-key} ${stderr} SSHLibrary.Execute_Command openssl enc -base64 -A -in ./configuration-files/certs/client.key return_stdout=True return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ}
+ ${body} Replace String ${template} {base64-client-key} ${base64-client-key}
+ ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-keystore-entry data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+ ${client-key} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
+ ${certificate-chain} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ}
+ ${body} Replace String ${template} {client-key} ${client-key}
+ ${body} Replace String ${body} {certificate-chain} ${certificate-chain}
+ ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-private-key data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+ ${ca-certificate} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
+ ${device-certificate} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE}
+ ${body} Replace String ${template} {ca-certificate} ${ca-certificate}
+ ${body} Replace String ${body} {device-certificate} ${device-certificate}
+ ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-trusted-certificate data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Register global credentials for SSH call-home devices (APIv1)
+ [Arguments] ${username} ${password}
+ [Documentation] Set global credentials for SSH call-home devices
+ ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ}
+ ${body} Replace String ${template} {username} ${username}
+ ${body} Replace String ${body} {password} ${password}
+ ${resp} RequestsLibrary.Put Request session ${global_config_url} data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Register SSH call-home device in ODL controller (APIv1)
+ [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
+ [Documentation] Registration call-home device with SSH transport
+ Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv1)
+ ... ELSE Get create device request template (APIv1)
+ ${body} Replace String ${template} {device_name} ${device_name}
+ ${body} Replace String ${body} {username} ${username}
+ ${body} Replace String ${body} {password} ${password}
+ ${body} Replace String ${body} {hostkey} ${hostkey}
+ ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Get create device request template (APIv1)
+ ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1}
+ Set Test Variable ${template}
+
+Get create device request without credentials template (APIv1)
+ ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
+ Set Test Variable ${template}
+
+Register SSH call-home device in ODL controller (APIv2)
+ [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
+ [Documentation] Registration call-home device with SSH transport using latest models
+ Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv2)
+ ... ELSE Get create device request template (APIv2)
+ ${body} Replace String ${template} {device_name} ${device_name}
+ ${body} Replace String ${body} {username} ${username}
+ ${body} Replace String ${body} {password} ${password}
+ ${body} Replace String ${body} {hostkey} ${hostkey}
+ ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Get create device request template (APIv2)
+ ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2}
+ Set Test Variable ${template}
+
+Get create device request without credentials template (APIv2)
+ ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
+ Set Test Variable ${template}
+
+Register TLS call-home device in ODL controller (APIv2)
+ [Arguments] ${device_name} ${key_id} ${certificate_id}
+ [Documentation] Registration call-home device with TLS transport
+ ${template} OperatingSystem.Get File ${CREATE_TLS_DEVICE_REQ}
+ ${body} Replace String ${template} {device_name} ${device_name}
+ ${body} Replace String ${body} {key_id} ${key_id}
+ ${body} Replace String ${body} {certificate_id} ${certificate_id}
+ ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Pull Netopeer2 Docker Image
+ [Documentation] Pulls the netopeer image from the docker repository.
+ ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker pull sysrepo/sysrepo-netopeer2:latest return_stdout=True return_stderr=True
... return_rc=True
${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker images return_stdout=True return_stderr=True
... return_rc=True
- Reset Docker Compose Configuration
-
-Reset Docker Compose Configuration
- [Documentation] Resets the docker compose configurations.
- SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml .
- SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/datastore-server.xml .
- SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
- SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' datastore-server.xml
-
-Get Environment Ready
- [Documentation] Get the scripts ready to set credentials and control whitelist maintained by the CallHome server.
- SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/whitelist_add.sh .
- SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/credentials_set.sh .
- SSHLibrary.Execute_Command chmod +x whitelist_add.sh
- SSHLibrary.Execute_Command chmod +x credentials_set.sh
- SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' credentials_set.sh
- SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' whitelist_add.sh
Install Docker Compose on tools system
[Documentation] Install docker-compose on tools system.
${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command pip uninstall docker-compose return_stdout=True return_stderr=True
... return_rc=True
-Suite Teardown
- [Documentation] Tearing down the setup.
- Uninstall Docker Compose on tools system
- RequestsLibrary.Delete_All_Sessions
- SSHLibrary.Close_All_Connections
+Test Setup
+ [Documentation] Opens session towards ODL controller, set configuration folder, generates a new host key for the container
+ RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH}
+ SSHLibrary.Execute_Command rm -rf ./configuration-files && mkdir configuration-files
+ SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
+ ${public_key} SSHLibrary.Execute_Command cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
+ Set Test Variable ${NETOPEER_PUB_KEY} ${public_key}
Test Teardown
[Documentation] Tears down the docker running netopeer and deletes entry from the whitelist.
+ ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose logs return_stdout=True return_stderr=True
+ ... return_rc=True
+ Log ${stdout}
${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose down return_stdout=True return_stderr=True
... return_rc=True
${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker ps -a return_stdout=True return_stderr=True
... return_rc=True
+ SSHLibrary.Execute_Command rm -rf ./configuration-files
${resp} = RequestsLibrary.Delete_Request session ${whitelist}
+ ${resp} = RequestsLibrary.Delete_Request session ${netconf_keystore_data_url}
Suite Setup
[Documentation] Get the suite ready for callhome test cases.
- RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH}
Install Docker Compose on tools system
- Get Environment Ready
- Get Netopeer Ready
+ Pull Netopeer2 Docker Image
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml .
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/init_configuration.sh .
+ SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
${netconf_mount_expected_values} Create list ${substring1} ${substring2} ${substring3}
Set Suite Variable ${netconf_mount_expected_values}
+ Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
+ Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
+ Set Suite Variable ${CREATE_GLOBAL_CREDENTIALS_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
+ Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
+ Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
+ Set Suite Variable ${CREATE_TLS_DEVICE_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
+ Set Suite Variable ${ADD_KEYSTORE_ENTRY_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
+ Set Suite Variable ${ADD_PRIVATE_KEY_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
+ Set Suite Variable ${ADD_TRUSTED_CERTIFICATE} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
+
+Suite Teardown
+ [Documentation] Tearing down the setup.
+ Uninstall Docker Compose on tools system
+ RequestsLibrary.Delete_All_Sessions
+ SSHLibrary.Close_All_Connections